PDA

View Full Version : Spamware



egrogan1
2013-04-22, 13:37
Help needed please


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.17.2
Run by Eoin at 11:07:18 on 2013-04-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.3996.1496 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Windows\system32\mfevtps.exe
c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Eoin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Sony\VAIO Improvement\vim.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Sony\VAIO Improvement\vim.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Windows\System32\vds.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files\Sony\VAIO Care\VCAdmin.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
Q:\140066.enu\Office14\WINWORDC.EXE
C:\Windows\splwow64.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
Q:\140066.enu\Office14\OffSpon.EXE
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Eoin\AppData\Local\CrossLoop\CrossLoopService.exe
C:\Users\Eoin\AppData\Local\CrossLoop\CrossLoopConnect.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_169_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ie
uLocal Page = hxxp://www.google.ie
uWindow Title = Microsoft Internet Explorer
uDefault_Page_URL = hxxp://vaioportal.sony.eu
mStart Page = hxxp://www.google.ie
mLocal Page = hxxp://www.google.ie
mWindow Title = Microsoft Internet Explorer
mDefault_Page_URL = hxxp://www.google.ie
uProxyOverride = <local>;*.local
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: BrOwwse2Saavei: {6CCA71BB-4A17-554A-7B2B-8905AEC189DF} - C:\ProgramData\BrOwwse2Saavei\516bf6e2604b1.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121012182632.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SeaaRchh--NewTAb: {FFBF941B-B45E-56DF-E662-7141F54D7983} - C:\ProgramData\SeaaRchh--NewTAb\516bf70307b9b.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SkyDrive] "C:\Users\Eoin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [CrossLoop] "C:\Users\Eoin\AppData\Local\CrossLoop\CrossLoopConnect.exe" -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server -minimize
uRunOnce: [SpybotDeletingF9213] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\WebSearch\sprotector.dll"
uRunOnce: [SpybotDeletingF462] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\WebSearch\uninstall.exe"
uRunOnce: [SpybotDeletingF2150] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\BrowseToSave\sprotector.dll"
uRunOnce: [SpybotDeletingF156] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\BrowseToSave\uninstall.exe"
uRunOnce: [SpybotDeletingF5817] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\WebSearch\sprotector.dll"
uRunOnce: [SpybotDeletingF8588] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\WebSearch\uninstall.exe"
uRunOnce: [SpybotDeletingF5275] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\BrowseToSave\sprotector.dll"
uRunOnce: [SpybotDeletingF7711] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\BrowseToSave\uninstall.exe"
uRunOnce: [SpybotDeletingF6627] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\WebSearch\sprotector.dll_old"
uRunOnce: [SpybotDeletingF9702] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\BrowseToSave\sprotector.dll_old"
uRunOnce: [SpybotDeletingF3652] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\WebSearch\sprotector.dll_old"
uRunOnce: [SpybotDeletingF6887] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\BrowseToSave\sprotector.dll_old"
uRunOnce: [SpybotDeletingF8878] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\WebSearch\sprotector.dll_old"
uRunOnce: [SpybotDeletingF5697] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\BrowseToSave\sprotector.dll_old"
uRunOnce: [SpybotDeletingF3281] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\WebSearch\sprotector.dll_old"
uRunOnce: [SpybotDeletingF5916] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\BrowseToSave\sprotector.dll_old"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
mRun: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [ShaPlus Bandwidth Meter] "C:\Program Files (x86)\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe" /s
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [ADBlocker] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe -tray
mRun: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
mRunOnce: [SpybotDeletingE9833] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\WebSearch\sprotector.dll_old"
mRunOnce: [SpybotDeletingE4020] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\BrowseToSave\sprotector.dll_old"
mRunOnce: [SpybotDeletingE5901] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\WebSearch\sprotector.dll_old"
mRunOnce: [SpybotDeletingE8534] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\BrowseToSave\sprotector.dll_old"
StartupFolder: C:\Users\Eoin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\Eoin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NCDOWN~1.LNK - C:\Program Files (x86)\Solibo Ltd\NCdownloader\NCdownloader.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:3
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: Interfaces\{204075A0-3C79-4EC6-ADCB-9C1406296244} : DHCPNameServer = 8.8.4.4
TCP: Interfaces\{4C67F788-B788-42CE-9E44-562ED4D265A7} : DHCPNameServer = 172.31.140.69 172.30.140.69
TCP: Interfaces\{55606A95-2C0D-4635-8BB8-75C01926828F} : NameServer = 89.19.64.164 89.19.64.36
TCP: Interfaces\{7787CE1A-FC98-4EEF-8D4C-2DBCEA5736EA}\54962736F6D6 : DHCPNameServer = 10.0.0.6
TCP: Interfaces\{B91DE24D-00AD-4036-A20A-B54F260E9DE7} : NameServer = 89.19.64.164 89.19.64.36
TCP: Interfaces\{F84F9782-03FD-4F96-9127-821FBC75F442} : NameServer = 89.19.64.164 89.19.64.36
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121012182632.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SONYAPO
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [NetWorx] "C:\Users\Eoin\Downloads\networx_portable\64-bit\networx.exe" /auto
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eoin\AppData\Roaming\Mozilla\Firefox\Profiles\kgt8vqf0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.pu-results.info/?pid=726&r=2013/04/15&hid=665674988&lg=EN&cc=IE&l=1&q=
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/
FF - prefs.js: keyword.URL - hxxp://websearch.pu-results.info/?pid=726&r=2013/04/15&hid=665674988&lg=EN&cc=IE&l=1&q=
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
FF - plugin: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-2-28 16152]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-8-15 647208]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-8-15 289664]
R1 asdnet;asdnet;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [2013-4-15 19280]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-30 28600]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2011-8-15 75936]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-11-16 86752]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-11-16 110816]
R2 asdrs;AntiMalware Host-based Intrusion Prevention System;C:\Windows\System32\drivers\asdrs.sys [2013-4-15 23376]
R2 asdws;AnviSmartDefender Web Guard;C:\Windows\System32\drivers\asdws.sys [2013-4-15 17232]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-2-23 106144]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-30 100712]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-12 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-5-12 2429544]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-5-12 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-5-12 161560]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\systemcore\mcshield.exe [2012-5-12 199304]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe [2012-5-12 210616]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-5-12 162224]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-2-21 473960]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-11-30 260768]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-4-14 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-4-14 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-4-14 168384]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2012-5-12 19968]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-2-23 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-2-23 339616]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-2-23 110752]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-2-23 30368]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-2-23 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-2-23 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-2-23 280992]
R3 BTATH_VDP;Bluetooth VDP Driver;C:\Windows\System32\drivers\btath_vdp.sys [2012-2-23 421664]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-2-23 550560]
R3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2012-10-12 13952]
R3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\drivers\ew_jucdcacm.sys [2012-10-12 98816]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2012-10-12 86016]
R3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\System32\drivers\ew_juextctrl.sys [2012-10-12 28672]
R3 huawei_wwanecm;huawei_wwanecm;C:\Windows\System32\drivers\ew_juwwanecm.sys [2012-10-12 213504]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-14 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-2-28 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-2-28 787736]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-8-15 229528]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-8-15 487296]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-5-12 339048]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-27 675432]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2012-1-16 14336]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2012-2-23 51872]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-8-15 65264]
S3 DCDhcpService;DCDhcpService;C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2012-5-12 112256]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2012-10-12 117248]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 lehidmini;Bluetooth Low Energy Hid Device;C:\Windows\System32\drivers\leath_hid.sys [2012-2-23 36128]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-8-15 100912]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-25 19456]
S3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver.sys [2012-3-14 21264]
S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2012-1-6 138392]
S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2012-1-6 74904]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-1 289952]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-25 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-25 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
.
=============== File Associations ===============
.
FileExt: .vbs: VBSFile=C:\Windows\SysWow64\WScript.exe "%1" %*
FileExt: .js: jsfile=C:\Windows\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2013-04-22 09:58:11 -------- d-----w- C:\Users\Eoin\AppData\Local\{B9B0DAAC-1BD0-4027-AD7E-F953F5C3472E}
2013-04-21 21:45:25 -------- d-----w- C:\Users\Eoin\AppData\Local\{EC477530-4A7A-4DEC-8BF8-29C6214C03B2}
2013-04-20 21:07:12 -------- d-----w- C:\Users\Eoin\AppData\Local\CrossLoop
2013-04-20 20:29:58 -------- d-----w- C:\Program Files\CCleaner
2013-04-20 19:35:42 -------- d-----w- C:\Users\Eoin\AppData\Local\{9714F002-CD9D-426F-AE32-8ADF0C2429E9}
2013-04-18 15:10:38 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{804BF8CC-918A-4124-A831-56239B848A4C}\offreg.dll
2013-04-18 15:06:08 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{804BF8CC-918A-4124-A831-56239B848A4C}\mpengine.dll
2013-04-15 18:48:21 -------- d-----w- C:\Users\Eoin\AppData\Roaming\Anvisoft
2013-04-15 18:48:08 23376 ----a-w- C:\Windows\System32\drivers\asdrs.sys
2013-04-15 18:48:08 18768 ----a-w- C:\Windows\System32\drivers\asdrm.sys
2013-04-15 18:48:08 17232 ----a-w- C:\Windows\System32\drivers\asdws.sys
2013-04-15 18:47:48 -------- d-----w- C:\ProgramData\Anvisoft
2013-04-15 18:47:44 -------- d-----w- C:\Program Files (x86)\Anvisoft
2013-04-15 12:10:29 -------- d-----w- C:\ProgramData\SeaaRchh--NewTAb
2013-04-15 12:10:11 -------- d-----w- C:\ProgramData\BrOwwse2Saavei
2013-04-15 12:09:53 -------- d-----w- C:\Windows\SysWow64\X86
2013-04-15 12:09:53 -------- d-----w- C:\Windows\SysWow64\AMD64
2013-04-15 12:09:53 -------- d-----w- C:\Program Files (x86)\Solibo Ltd
2013-04-15 12:09:22 -------- d-----w- C:\ProgramData\InstallMate
2013-04-15 10:15:25 -------- d-----w- C:\Users\Eoin\AppData\Local\{ED471A26-CA0C-48A0-8EB4-A93CC3163F57}
2013-04-15 09:02:38 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-04-15 09:01:10 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-04-15 09:01:10 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-04-15 09:01:10 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-04-15 09:01:10 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-04-15 09:01:10 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-04-15 09:01:10 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-04-15 09:01:07 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-04-15 09:01:07 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-04-15 09:00:06 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-04-15 09:00:06 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-04-15 09:00:02 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2013-04-15 09:00:01 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2013-04-15 09:00:01 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-04-15 09:00:01 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-04-15 08:58:54 800768 ----a-w- C:\Windows\System32\usp10.dll
2013-04-15 08:58:54 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2013-04-15 08:57:52 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-04-15 08:57:51 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-15 08:57:50 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-15 08:57:00 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-04-15 08:56:59 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-04-15 08:56:58 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-15 08:56:58 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-04-15 08:56:57 112640 ----a-w- C:\Windows\System32\smss.exe
2013-04-15 08:56:56 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-04-15 08:56:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-04-15 08:56:00 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-04-14 13:01:23 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-04-14 13:01:11 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-04-14 13:01:06 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-04-14 13:00:21 -------- d-----w- C:\Users\Eoin\AppData\Local\Programs
2013-04-08 20:48:41 -------- d-----w- C:\Users\Eoin\AppData\Local\{9D7FCF6B-2783-43C4-ABC2-4D9561264A86}
2013-04-01 15:46:03 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-04-01 15:45:43 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-30 01:03:47 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2013-03-30 01:03:47 100712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-03-29 19:30:38 -------- d-----w- C:\Program Files\iPod
2013-03-29 19:30:37 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-03-29 19:30:37 -------- d-----w- C:\Program Files\iTunes
2013-03-29 19:30:37 -------- d-----w- C:\Program Files (x86)\iTunes
2013-03-29 17:26:43 -------- d-----w- C:\Users\Eoin\AppData\Local\{D97FF038-D245-4C9E-9246-AC7E4AA24732}
2013-03-23 22:58:49 -------- d-----w- C:\Users\Eoin\AppData\Local\{0B67321A-1C22-4FF5-A497-F6D1DB96E529}
.
==================== Find3M ====================
.
2013-04-20 19:33:54 60 ----a-w- C:\Windows\wpd99.drv
2013-04-15 09:43:47 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-15 09:43:47 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-01 15:45:37 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-12 00:10:56 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
.
============= FINISH: 11:09:58.82 ===============

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-22 11:11:46
-----------------------------
11:11:46.384 OS Version: Windows x64 6.1.7601 Service Pack 1
11:11:46.384 Number of processors: 4 586 0x2A07
11:11:46.385 ComputerName: EOIN_LAPTOP UserName: Eoin
11:11:50.803 Initialize success
11:18:05.415 AVAST engine defs: 13042201
11:20:13.954 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:20:13.956 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
11:20:14.064 Disk 0 MBR read successfully
11:20:14.067 Disk 0 MBR scan
11:20:14.073 Disk 0 Windows 7 default MBR code
11:20:14.076 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16773 MB offset 2048
11:20:14.107 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 350 MB offset 34353152
11:20:14.117 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 593355 MB offset 35069952
11:20:14.177 Disk 0 scanning C:\Windows\system32\drivers
11:20:27.764 Service scanning
11:21:03.539 Modules scanning
11:21:03.557 Disk 0 trace - called modules:
11:21:03.568
11:21:05.402 AVAST engine scan C:\Windows
11:21:08.646 AVAST engine scan C:\Windows\system32
11:25:21.543 AVAST engine scan C:\Windows\system32\drivers
11:25:46.883 AVAST engine scan C:\Users\Eoin
11:38:48.283 Disk 0 MBR has been saved successfully to "C:\Users\Eoin\Desktop\MBR.dat"
11:38:48.293 The log file has been saved successfully to "C:\Users\Eoin\Desktop\aswMBR.txt"

Search results from Spybot - Search & Destroy

20/04/2013 21:43:54
Scan took 00:25:10.
41 items found.

KeywordHijacker: [SBI $63D7C158] Application data folder (Directory, nothing done)
C:\Program Files (x86)\WebSearch\
Directory.subfile=C:\Program Files (x86)\WebSearch\sprotector.dll_old
Directory.subfile.size=1044480
Directory.subfile.md5=D59FB8A196CC8AD8E8BDE0C437070CC6
Directory.subfile.filedate=1359026702
Directory.subfile.filedatetext=2013-01-24 12:25:02

Barowwsoe2Save: [SBI $EBD45A68] Program directory (Directory, nothing done)
C:\Program Files (x86)\BrowseToSave\
Directory.subfile=C:\Program Files (x86)\BrowseToSave\sprotector.dll_old
Directory.subfile.size=1050112
Directory.subfile.md5=2E705785860F95358DC9AA6ED402198B
Directory.subfile.filedate=1359026214
Directory.subfile.filedatetext=2013-01-24 12:16:54

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\assets.tp-cdn.com\dealspot.sol
Properties.size=84
Properties.md5=A3C844689757A37BAB2BE9DD8DF96FBF
Properties.filedate=1366295945
Properties.filedatetext=2013-04-18 15:39:05

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\cdn.zopim.com\uysmwvCAsocTdZxFSaGkuDCxGQFV3jnfSession_SO.sol
Properties.size=1118
Properties.md5=C3173C439BAA62576727EB8DD0CAA1FB
Properties.filedate=1366060415
Properties.filedatetext=2013-04-15 22:13:35

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\cdn.zopim.com\uysmwvCAsocTdZxFSaGkuDCxGQFV3jnfVolatile_SO.sol
Properties.size=225
Properties.md5=8F0B399BA2221FF6F265864656115593
Properties.filedate=1366060415
Properties.filedatetext=2013-04-15 22:13:35

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\plarium.hs.llnwd.net\analytics.sol
Properties.size=394
Properties.md5=8D35B32829304ADDCF54FA3152B50202
Properties.filedate=1366404898
Properties.filedatetext=2013-04-19 21:54:57

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\plarium.hs.llnwd.net\dealspot.sol
Properties.size=125
Properties.md5=4BA752798CEC78C815779A67338F0F9C
Properties.filedate=1366389739
Properties.filedatetext=2013-04-19 17:42:18

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\s.ytimg.com\soundData.sol
Properties.size=49
Properties.md5=F2945B8419B125F71FC8FD7CDDB59948
Properties.filedate=1366295478
Properties.filedatetext=2013-04-18 15:31:17

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\s.ytimg.com\videostats.sol
Properties.size=275
Properties.md5=54857831AC26FA6BFE2DF31EC7F5B851
Properties.filedate=1366295507
Properties.filedatetext=2013-04-18 15:31:47

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\software.hiro.tv\HIRO_REPO.sol
Properties.size=108
Properties.md5=310DD4B2D014BEF87E184FA4CAD2CAA9
Properties.filedate=1366487223
Properties.filedatetext=2013-04-20 20:47:03

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\tag.audiencetv.hiro.tv\dbg.sol
Properties.size=51
Properties.md5=CFD4D4C0F07C595513D7025003616E9D
Properties.filedate=1366051782
Properties.filedatetext=2013-04-15 19:49:41

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\tag.audiencetv.hiro.tv\hiro_companion_cookie.sol
Properties.size=106
Properties.md5=338A1515EAFFDE5FD5D1C3FE2B9FE5F5
Properties.filedate=1366053245
Properties.filedatetext=2013-04-15 20:14:04

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\tag.audiencetv.hiro.tv\HIRO_NETWORK_CAPPING_COOKIE.sol
Properties.size=4339
Properties.md5=74FDBBD7E51B6D424C32F7C46B86AD49
Properties.filedate=1366053286
Properties.filedatetext=2013-04-15 20:14:45

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\tag.audiencetv.hiro.tv\mb.sol
Properties.size=55
Properties.md5=4489AD0FEC9425D59115564920A01383
Properties.filedate=1366052303
Properties.filedatetext=2013-04-15 19:58:23

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\tag.audiencetv.hiro.tv\US_FARM_AudienceTV.hiro.tv_STREMING_CLIENT_ID_COOKIE.sol
Properties.size=182
Properties.md5=5FEAB201FD2753DCA8CCD88FB796850E
Properties.filedate=1366053205
Properties.filedatetext=2013-04-15 20:13:24

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\tag.audiencetv.hiro.tv\US_FARM__STREMING_CLIENT_ID_COOKIE.sol
Properties.size=164
Properties.md5=2B3163A6A1D696F016A5E19B541BBD18
Properties.filedate=1366053245
Properties.filedatetext=2013-04-15 20:14:04

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\tag.matomy.hiro.tv\dbg.sol
Properties.size=51
Properties.md5=633E952FD00F31A0A8AA514FC8407265
Properties.filedate=1366485099
Properties.filedatetext=2013-04-20 20:11:39

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\tag.matomy.hiro.tv\hiro_companion_cookie.sol
Properties.size=106
Properties.md5=DA54FAF1165EAEC445FC0CECB41F80EB
Properties.filedate=1366486755
Properties.filedatetext=2013-04-20 20:39:14

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\tag.matomy.hiro.tv\HIRO_NETWORK_CAPPING_COOKIE.sol
Properties.size=1477
Properties.md5=DE9F3C36886F1C2861B73F1287708D6E
Properties.filedate=1366487590
Properties.filedatetext=2013-04-20 20:53:10

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\tag.matomy.hiro.tv\mb.sol
Properties.size=55
Properties.md5=55A6BD74A124F896745466FDC43ADF63
Properties.filedate=1366486617
Properties.filedatetext=2013-04-20 20:36:56

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\tag.matomy.hiro.tv\US_FARM_Matomy.hiro.tv_STREMING_CLIENT_ID_COOKIE.sol
Properties.size=178
Properties.md5=F5D3E2835AD1F79B1BE0421928A6D1B0
Properties.filedate=1366487223
Properties.filedatetext=2013-04-20 20:47:03

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\tag.matomy.hiro.tv\US_FARM__STREMING_CLIENT_ID_COOKIE.sol
Properties.size=164
Properties.md5=403160B7E480D2B9C58BAD0F91C84C00
Properties.filedate=1366486691
Properties.filedatetext=2013-04-20 20:38:10

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\zcache.zgncdn.com\bubblesafari-1.sol
Properties.size=70
Properties.md5=B11E6C18D7B90B32D6DC9BA5884F7DED
Properties.filedate=1366053284
Properties.filedatetext=2013-04-15 20:14:44

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\zynga2-a.akamaihd.net\analytics.sol
Properties.size=189
Properties.md5=8E61EB2FEA821EAED6B4BFC86E025CA5
Properties.filedate=1366240196
Properties.filedatetext=2013-04-18 00:09:56

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\zynga2-a.akamaihd.net\com.jeroenwijering.sol
Properties.size=47
Properties.md5=1040E99E03EEE58909886B2268FF85DC
Properties.filedate=1366052385
Properties.filedatetext=2013-04-15 19:59:45

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\cdn.zopim.com\swf\ZClientController2.swf\ZopConfig.sol
Properties.size=135
Properties.md5=AE7FBAFF1B41A09C72126BAA77DC4EB0
Properties.filedate=1366060402
Properties.filedatetext=2013-04-15 22:13:21

Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-4170974503-3432114913-2014430358-1000\Software\Microsoft\Internet Explorer\TypedURLs

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-4170974503-3432114913-2014430358-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-4170974503-3432114913-2014430358-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-4170974503-3432114913-2014430358-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Cookie: [SBI $49804B54] Browser: Cookie (12) (Browser: Cookie, nothing done)


Cache: [SBI $49804B54] Browser: Cache (80) (Browser: Cache, nothing done)


History: [SBI $49804B54] Browser: History (229) (Browser: History, nothing done)


Cookie: [SBI $49804B54] Browser: Cookie (68) (Browser: Cookie, nothing done)



--- Spybot - Search & Destroy version: 2.0.12.131 DLL (build: 20121113) ---

2012-11-13 blindman.exe (2.0.12.151)
2012-11-13 explorer.exe (2.0.12.173)
2012-11-13 SDBootCD.exe (2.0.12.109)
2012-11-13 SDCleaner.exe (2.0.12.110)
2012-11-13 SDDelFile.exe (2.0.12.94)
2012-11-13 SDFiles.exe (2.0.12.135)
2012-11-13 SDFileScanHelper.exe (2.0.12.1)
2012-11-13 SDFSSvc.exe (2.0.12.205)
2012-11-13 SDImmunize.exe (2.0.12.130)
2012-11-13 SDLogReport.exe (2.0.12.107)
2012-11-13 SDPESetup.exe (2.0.12.3)
2012-11-13 SDPEStart.exe (2.0.12.86)
2012-11-13 SDPhoneScan.exe (2.0.12.27)
2012-11-13 SDPRE.exe (2.0.12.13)
2012-11-13 SDPrepPos.exe (2.0.12.10)
2012-11-13 SDQuarantine.exe (2.0.12.103)
2012-11-13 SDRootAlyzer.exe (2.0.12.116)
2012-11-13 SDSBIEdit.exe (2.0.12.39)
2012-11-13 SDScan.exe (2.0.12.173)
2012-11-13 SDScript.exe (2.0.12.53)
2012-11-13 SDSettings.exe (2.0.12.130)
2012-11-13 SDShred.exe (2.0.12.105)
2012-11-13 SDSysRepair.exe (2.0.12.101)
2012-11-13 SDTools.exe (2.0.12.150)
2012-11-13 SDTray.exe (2.0.12.127)
2012-11-13 SDUpdate.exe (2.0.12.89)
2012-11-13 SDUpdSvc.exe (2.0.12.76)
2012-11-13 SDWelcome.exe (2.0.12.126)
2012-11-13 SDWSCSvc.exe (2.0.12.2)
2013-04-14 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98)
2012-11-13 SDECon32.dll (2.0.12.113)
2012-11-13 SDECon64.dll (2.0.12.113)
2012-11-13 SDEvents.dll (2.0.12.2)
2012-11-13 SDFileScanLibrary.dll (2.0.12.9)
2012-11-13 SDHelper.dll (2.0.12.88)
2012-11-13 SDImmunizeLibrary.dll (2.0.12.2)
2012-11-13 SDLists.dll (2.0.12.4)
2012-11-13 SDResources.dll (2.0.12.7)
2012-11-13 SDScanLibrary.dll (2.0.12.131)
2012-11-13 SDTasks.dll (2.0.12.15)
2012-11-13 SDWinLogon.dll (2.0.12.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2012-11-13 Tools.dll (2.0.12.36)
2012-11-13 UninsSrv.dll (2.0.12.52)
2012-12-18 Includes\Adware.sbi (*)
2013-04-09 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-12-18 Includes\KeyloggersC.sbi (*)
2012-11-21 Includes\Malware.sbi (*)
2013-04-09 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-04-09 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2013-04-09 Includes\Spyware.sbi (*)
2013-04-09 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2013-01-16 Includes\Trojans.sbi (*)
2013-03-19 Includes\TrojansC-02.sbi (*)
2013-04-09 Includes\TrojansC-03.sbi (*)
2013-03-14 Includes\TrojansC-04.sbi (*)
2012-11-14 Includes\TrojansC-05.sbi (*)
2013-03-01 Includes\TrojansC.sbi (*)

Blade81
2013-04-29, 10:14
Hi,

Please post fresh dds.txt log.

egrogan1
2013-04-29, 19:05
Many thanks for your help. Below is the new dds file

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.21.2
Run by Eoin at 16:59:45 on 2013-04-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.3996.1937 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Users\Eoin\AppData\Local\CrossLoop\CrossLoopService.exe
C:\Windows\system32\taskhost.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\Explorer.EXE
c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Eoin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Users\Eoin\AppData\Local\CrossLoop\CrossLoopConnect.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\alg.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Sony\VAIO Improvement\vim.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Program Files\Sony\VAIO Improvement\vim.exe
C:\Windows\System32\vds.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files\Sony\VAIO Care\VCAdmin.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_169_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ie
uLocal Page = hxxp://www.google.ie
uWindow Title = Microsoft Internet Explorer
uDefault_Page_URL = hxxp://vaioportal.sony.eu
mStart Page = hxxp://www.google.ie
mLocal Page = hxxp://www.google.ie
mWindow Title = Microsoft Internet Explorer
mDefault_Page_URL = hxxp://www.google.ie
uProxyOverride = <local>;*.local
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: BrOwwse2Saavei: {6CCA71BB-4A17-554A-7B2B-8905AEC189DF} - C:\ProgramData\BrOwwse2Saavei\516bf6e2604b1.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121012182632.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SkyDrive] "C:\Users\Eoin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [CrossLoop] "C:\Users\Eoin\AppData\Local\CrossLoop\CrossLoopConnect.exe" -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server -minimize
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
mRun: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [ShaPlus Bandwidth Meter] "C:\Program Files (x86)\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe" /s
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [ADBlocker] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe -tray
mRun: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Eoin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\Eoin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NCDOWN~1.LNK - C:\Program Files (x86)\Solibo Ltd\NCdownloader\NCdownloader.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:3
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: Interfaces\{204075A0-3C79-4EC6-ADCB-9C1406296244} : DHCPNameServer = 8.8.4.4
TCP: Interfaces\{4C67F788-B788-42CE-9E44-562ED4D265A7} : DHCPNameServer = 172.31.140.69 172.30.140.69
TCP: Interfaces\{55606A95-2C0D-4635-8BB8-75C01926828F} : NameServer = 89.19.64.164 89.19.64.36
TCP: Interfaces\{7787CE1A-FC98-4EEF-8D4C-2DBCEA5736EA}\54962736F6D6 : DHCPNameServer = 10.0.0.6
TCP: Interfaces\{B91DE24D-00AD-4036-A20A-B54F260E9DE7} : NameServer = 89.19.64.164 89.19.64.36
TCP: Interfaces\{F84F9782-03FD-4F96-9127-821FBC75F442} : NameServer = 89.19.64.36 89.19.64.164
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121012182632.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SONYAPO
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [NetWorx] "C:\Users\Eoin\Downloads\networx_portable\64-bit\networx.exe" /auto
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eoin\AppData\Roaming\Mozilla\Firefox\Profiles\kgt8vqf0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.pu-results.info/?pid=726&r=2013/04/15&hid=665674988&lg=EN&cc=IE&l=1&q=
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/
FF - prefs.js: keyword.URL - hxxp://websearch.pu-results.info/?pid=726&r=2013/04/15&hid=665674988&lg=EN&cc=IE&l=1&q=
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
FF - plugin: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
.
============= SERVICES / DRIVERS ===============
.
R1 asdnet;asdnet;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [2013-4-15 19280]
R1 asdrm;asdrm;C:\Windows\System32\drivers\asdrm.sys [2013-4-15 18768]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-30 28600]
R2 asdrs;AntiMalware Host-based Intrusion Prevention System;C:\Windows\System32\drivers\asdrs.sys [2013-4-15 23376]
R2 asdws;AnviSmartDefender Web Guard;C:\Windows\System32\drivers\asdws.sys [2013-4-15 17232]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-30 100712]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2012-5-12 19968]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-2-23 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-2-23 339616]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-2-23 110752]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-2-23 30368]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-2-23 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-2-23 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-2-23 280992]
R3 BTATH_VDP;Bluetooth VDP Driver;C:\Windows\System32\drivers\btath_vdp.sys [2012-2-23 421664]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-2-23 550560]
R3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2012-10-12 13952]
R3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\drivers\ew_jucdcacm.sys [2012-10-12 98816]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2012-2-23 51872]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-8-15 65264]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2012-10-12 117248]
.
=============== File Associations ===============
.
FileExt: .vbs: VBSFile=C:\Windows\SysWow64\WScript.exe "%1" %*
FileExt: .js: jsfile=C:\Windows\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2013-04-25 21:02:09 -------- d-----w- C:\Users\Eoin\AppData\Local\{ED53CFDC-939E-490D-B5FE-0109566D5955}
2013-04-24 10:24:50 -------- d-----w- C:\Users\Eoin\AppData\Local\{3C2EF2D8-C77C-4509-9D85-83B244C5D50E}
2013-04-23 13:18:06 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-23 10:10:12 -------- d-----w- C:\Users\Eoin\AppData\Local\{057902C9-86B9-4A67-A371-792D4676ED0A}
2013-04-22 10:45:28 -------- d-----w- C:\Users\Eoin\AppData\Roaming\NCdownloader
2013-04-22 09:58:11 -------- d-----w- C:\Users\Eoin\AppData\Local\{B9B0DAAC-1BD0-4027-AD7E-F953F5C3472E}
2013-04-21 21:45:25 -------- d-----w- C:\Users\Eoin\AppData\Local\{EC477530-4A7A-4DEC-8BF8-29C6214C03B2}
2013-04-20 21:07:12 -------- d-----w- C:\Users\Eoin\AppData\Local\CrossLoop
2013-04-20 20:29:58 -------- d-----w- C:\Program Files\CCleaner
2013-04-20 19:35:42 -------- d-----w- C:\Users\Eoin\AppData\Local\{9714F002-CD9D-426F-AE32-8ADF0C2429E9}
2013-04-18 15:10:38 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{804BF8CC-918A-4124-A831-56239B848A4C}\offreg.dll
2013-04-18 15:06:08 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{804BF8CC-918A-4124-A831-56239B848A4C}\mpengine.dll
2013-04-15 18:48:21 -------- d-----w- C:\Users\Eoin\AppData\Roaming\Anvisoft
2013-04-15 18:48:08 23376 ----a-w- C:\Windows\System32\drivers\asdrs.sys
2013-04-15 18:48:08 18768 ----a-w- C:\Windows\System32\drivers\asdrm.sys
2013-04-15 18:48:08 17232 ----a-w- C:\Windows\System32\drivers\asdws.sys
2013-04-15 18:47:48 -------- d-----w- C:\ProgramData\Anvisoft
2013-04-15 18:47:44 -------- d-----w- C:\Program Files (x86)\Anvisoft
2013-04-15 12:10:29 -------- d-----w- C:\ProgramData\SeaaRchh--NewTAb
2013-04-15 12:10:11 -------- d-----w- C:\ProgramData\BrOwwse2Saavei
2013-04-15 12:09:53 -------- d-----w- C:\Windows\SysWow64\X86
2013-04-15 12:09:53 -------- d-----w- C:\Windows\SysWow64\AMD64
2013-04-15 12:09:53 -------- d-----w- C:\Program Files (x86)\Solibo Ltd
2013-04-15 12:09:22 -------- d-----w- C:\ProgramData\InstallMate
2013-04-15 10:15:25 -------- d-----w- C:\Users\Eoin\AppData\Local\{ED471A26-CA0C-48A0-8EB4-A93CC3163F57}
2013-04-15 09:02:38 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-04-15 09:01:10 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-04-15 09:01:10 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-04-15 09:01:10 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-04-15 09:01:10 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-04-15 09:01:10 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-04-15 09:01:10 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-04-15 09:01:07 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-04-15 09:01:07 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-04-15 09:00:06 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-04-15 09:00:06 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-04-15 09:00:02 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2013-04-15 09:00:01 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2013-04-15 09:00:01 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-04-15 09:00:01 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-04-15 08:58:54 800768 ----a-w- C:\Windows\System32\usp10.dll
2013-04-15 08:58:54 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2013-04-15 08:57:52 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-04-15 08:57:51 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-15 08:57:50 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-15 08:57:00 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-04-15 08:56:59 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-04-15 08:56:58 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-15 08:56:58 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-04-15 08:56:57 112640 ----a-w- C:\Windows\System32\smss.exe
2013-04-15 08:56:56 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-04-15 08:56:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-04-15 08:56:00 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-04-14 13:01:23 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-04-14 13:01:11 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-04-14 13:01:06 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-04-14 13:00:21 -------- d-----w- C:\Users\Eoin\AppData\Local\Programs
2013-04-08 20:48:41 -------- d-----w- C:\Users\Eoin\AppData\Local\{9D7FCF6B-2783-43C4-ABC2-4D9561264A86}
2013-04-01 15:46:03 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
.
==================== Find3M ====================
.
2013-04-28 21:39:51 60 ----a-w- C:\Windows\wpd99.drv
2013-04-23 16:48:48 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-23 16:48:48 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-01 15:45:37 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-30 01:03:41 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2013-03-30 01:03:41 100712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-03-12 00:10:56 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
.
============= FINISH: 17:04:05.48 ===============

Blade81
2013-04-30, 08:19
Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

egrogan1
2013-05-01, 00:34
ComboFix 13-04-29.01 - Eoin 30/04/2013 21:49:09.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.3996.2381 [GMT 1:00]
Running from: C:\Users\Eoin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\ProgramData\BrOwwse2Saavei
C:\ProgramData\BrOwwse2Saavei\516bf6e2604b1.dll
C:\ProgramData\BrOwwse2Saavei\516bf6e2604b1.tlb
C:\ProgramData\BrOwwse2Saavei\settings.ini
C:\ProgramData\BrOwwse2Saavei\uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrOwwse2Saavei
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrOwwse2Saavei\BrOwwse2Saavei.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrOwwse2Saavei\Uninstall.lnk
C:\ProgramData\SeaaRchh--NewTAb
C:\ProgramData\SeaaRchh--NewTAb\516bf70307b9b.dll
C:\ProgramData\SeaaRchh--NewTAb\516bf70307b9b.tlb
C:\ProgramData\SeaaRchh--NewTAb\settings.ini
C:\Windows\SysWow64\X86
C:\Windows\wininit.ini


((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-30 )))))))))))))))))))))))))))))))


2013-04-30 21:10:10 . 2013-04-30 21:10:10 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-04-23 15:38:04 . 2013-04-23 15:38:08 -------- d-----w- C:\Windows\LastGood
2013-04-23 13:18:31 . 2013-04-23 13:18:31 -------- d-----w- C:\Program Files (x86)\Common Files\Java
2013-04-23 13:18:06 . 2013-04-04 04:35:05 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-22 10:45:28 . 2013-04-22 10:45:28 -------- d-----w- C:\Users\Eoin\AppData\Roaming\NCdownloader
2013-04-22 10:02:58 . 2013-04-22 10:03:05 -------- d-----w- C:\Program Files (x86)\ERUNT
2013-04-20 21:07:12 . 2013-04-23 09:58:50 -------- d-----w- C:\Users\Eoin\AppData\Local\CrossLoop
2013-04-20 20:54:43 . 2013-04-22 10:01:56 -------- d-----w- C:\Users\Eoin\AppData\Roaming\Skype
2013-04-20 20:29:58 . 2013-04-20 20:30:03 -------- d-----w- C:\Program Files\CCleaner
2013-04-18 15:10:38 . 2013-04-23 16:53:09 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{804BF8CC-918A-4124-A831-56239B848A4C}\offreg.dll
2013-04-18 15:06:08 . 2013-03-15 06:28:52 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{804BF8CC-918A-4124-A831-56239B848A4C}\mpengine.dll
2013-04-15 18:48:21 . 2013-04-15 18:48:21 -------- d-----w- C:\Users\Eoin\AppData\Roaming\Anvisoft
2013-04-15 18:48:08 . 2012-11-07 07:16:18 17232 ----a-w- C:\Windows\system32\drivers\asdws.sys
2013-04-15 18:48:08 . 2012-11-07 07:16:16 23376 ----a-w- C:\Windows\system32\drivers\asdrs.sys
2013-04-15 18:48:08 . 2012-11-07 07:16:16 18768 ----a-w- C:\Windows\system32\drivers\asdrm.sys
2013-04-15 18:47:48 . 2013-04-15 18:47:48 -------- d-----w- C:\ProgramData\Anvisoft
2013-04-15 18:47:44 . 2013-04-15 18:47:44 -------- d-----w- C:\Program Files (x86)\Anvisoft
2013-04-15 12:09:53 . 2013-04-15 12:09:53 -------- d-----w- C:\Windows\SysWow64\AMD64
2013-04-15 12:09:53 . 2013-04-15 12:09:53 -------- d-----w- C:\Program Files (x86)\Solibo Ltd
2013-04-15 12:09:22 . 2013-04-15 12:10:34 -------- d-----w- C:\ProgramData\InstallMate
2013-04-15 09:15:58 . 2013-02-22 06:57:13 17817088 ----a-w- C:\Windows\system32\mshtml.dll
2013-04-15 09:15:56 . 2013-02-22 06:29:21 10925568 ----a-w- C:\Windows\system32\ieframe.dll
2013-04-15 09:07:41 . 2013-04-15 09:07:41 -------- d-----w- C:\Program Files\Microsoft Silverlight
2013-04-15 09:07:41 . 2013-04-15 09:07:41 -------- d-----w- C:\Program Files (x86)\Microsoft Silverlight
2013-04-15 09:02:38 . 2012-11-30 05:41:07 424448 ----a-w- C:\Windows\system32\KernelBase.dll
2013-04-15 09:01:10 . 2013-01-04 05:46:09 215040 ----a-w- C:\Windows\system32\winsrv.dll
2013-04-15 09:01:10 . 2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-04-15 09:01:10 . 2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-04-15 09:01:10 . 2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-04-15 09:01:10 . 2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-04-15 09:01:10 . 2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-04-15 09:01:07 . 2012-11-20 05:48:49 307200 ----a-w- C:\Windows\system32\ncrypt.dll
2013-04-15 09:01:07 . 2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-04-15 09:00:06 . 2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2013-04-15 09:00:06 . 2013-01-03 06:00:42 288088 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS
2013-04-15 09:00:02 . 2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\system32\msxml6.dll
2013-04-15 09:00:01 . 2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\system32\msxml3.dll
2013-04-15 09:00:01 . 2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-04-15 09:00:01 . 2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-04-15 08:58:54 . 2012-11-22 05:44:23 800768 ----a-w- C:\Windows\system32\usp10.dll
2013-04-15 08:58:54 . 2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2013-04-15 08:57:52 . 2012-11-23 03:13:57 68608 ----a-w- C:\Windows\system32\taskhost.exe
2013-04-15 08:57:51 . 2012-11-09 05:45:32 750592 ----a-w- C:\Windows\system32\win32spl.dll
2013-04-15 08:57:50 . 2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-15 08:57:00 . 2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\system32\win32k.sys
2013-04-15 08:56:59 . 2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\system32\ntoskrnl.exe
2013-04-15 08:56:58 . 2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-15 08:56:58 . 2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-04-15 08:56:57 . 2013-03-19 03:06:33 112640 ----a-w- C:\Windows\system32\smss.exe
2013-04-15 08:56:56 . 2013-03-19 05:46:56 43520 ----a-w- C:\Windows\system32\csrsrv.dll
2013-04-15 08:56:56 . 2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-04-15 08:56:00 . 2013-01-24 06:01:01 223752 ----a-w- C:\Windows\system32\drivers\fvevol.sys
2013-04-14 13:01:23 . 2013-04-22 10:50:22 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-04-14 13:01:11 . 2009-01-25 11:14:02 17272 ----a-w- C:\Windows\system32\sdnclean64.exe
2013-04-14 13:01:06 . 2013-04-14 13:01:20 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-04-14 13:00:21 . 2013-04-14 13:00:21 -------- d-----w- C:\Users\Eoin\AppData\Local\Programs
2013-04-01 15:46:03 . 2013-04-01 15:45:37 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-04-01 15:45:36 . 2013-04-23 13:18:06 -------- d-----w- C:\Program Files (x86)\Java
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-04-23 16:48:48 . 2012-05-12 09:28:58 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-23 16:48:48 . 2012-05-12 09:28:58 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-01 18:58:38 . 2012-12-25 13:47:49 72702784 ----a-w- C:\Windows\system32\MRT.exe
2013-04-01 15:45:37 . 2012-05-12 09:11:53 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-30 01:03:41 . 2013-03-30 01:03:47 28600 ----a-w- C:\Windows\system32\drivers\avkmgr.sys
2013-03-30 01:03:41 . 2013-03-30 01:03:47 130016 ----a-w- C:\Windows\system32\drivers\avipbb.sys
2013-03-30 01:03:41 . 2013-03-30 01:03:47 100712 ----a-w- C:\Windows\system32\drivers\avgntflt.sys
2013-03-12 00:10:56 . 2010-11-21 03:27:21 282744 ------w- C:\Windows\system32\MpSigStub.exe
2013-02-12 05:45:24 . 2013-04-15 08:59:55 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 . 2013-04-15 08:59:56 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 . 2013-04-15 08:59:55 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 . 2013-04-15 08:59:55 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 . 2013-04-15 08:59:56 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 . 2013-04-15 08:59:56 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll






DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.21.2
Run by Eoin at 22:32:29 on 2013-04-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.3996.1864 [GMT 1:00]
.
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\Explorer.EXE
c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\alg.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Sony\VAIO Improvement\vim.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Windows\System32\vds.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files\Sony\VAIO Care\VCAdmin.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\ComboFix\CF7837.3XE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_169_ActiveX.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWow64\cmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\ComboFix\pev.3XE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ie
uLocal Page = hxxp://www.google.ie
mStart Page = hxxp://www.google.ie
mLocal Page = hxxp://www.google.ie
mWindow Title = Microsoft Internet Explorer
mDefault_Page_URL = hxxp://www.google.ie
uProxyOverride = <local>;*.local
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: BrOwwse2Saavei: {6CCA71BB-4A17-554A-7B2B-8905AEC189DF} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121012182632.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SkyDrive] "C:\Users\Eoin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [CrossLoop] "C:\Users\Eoin\AppData\Local\CrossLoop\CrossLoopConnect.exe" -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server -minimize
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
mRun: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [ShaPlus Bandwidth Meter] "C:\Program Files (x86)\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe" /s
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [ADBlocker] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe -tray
mRun: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Eoin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\Eoin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NCDOWN~1.LNK - C:\Program Files (x86)\Solibo Ltd\NCdownloader\NCdownloader.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:3
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: Interfaces\{204075A0-3C79-4EC6-ADCB-9C1406296244} : DHCPNameServer = 8.8.4.4
TCP: Interfaces\{4C67F788-B788-42CE-9E44-562ED4D265A7} : DHCPNameServer = 172.31.140.69 172.30.140.69
TCP: Interfaces\{55606A95-2C0D-4635-8BB8-75C01926828F} : NameServer = 89.19.64.164 89.19.64.36
TCP: Interfaces\{7787CE1A-FC98-4EEF-8D4C-2DBCEA5736EA}\54962736F6D6 : DHCPNameServer = 10.0.0.6
TCP: Interfaces\{B91DE24D-00AD-4036-A20A-B54F260E9DE7} : NameServer = 89.19.64.164 89.19.64.36
TCP: Interfaces\{F84F9782-03FD-4F96-9127-821FBC75F442} : NameServer = 89.19.64.36 89.19.64.164
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121012182632.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SONYAPO
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [NetWorx] "C:\Users\Eoin\Downloads\networx_portable\64-bit\networx.exe" /auto
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eoin\AppData\Roaming\Mozilla\Firefox\Profiles\kgt8vqf0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.pu-results.info/?pid=726&r=2013/04/15&hid=665674988&lg=EN&cc=IE&l=1&q=
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/
FF - prefs.js: keyword.URL - hxxp://websearch.pu-results.info/?pid=726&r=2013/04/15&hid=665674988&lg=EN&cc=IE&l=1&q=
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
FF - plugin: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-2-28 16152]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-8-15 647208]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-8-15 289664]
R1 asdnet;asdnet;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [2013-4-15 19280]
R1 asdrm;asdrm;C:\Windows\System32\drivers\asdrm.sys [2013-4-15 18768]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-30 28600]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2011-8-15 75936]
R2 ADBlockerSrv;AD Blocker Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [2013-4-15 279368]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-11-16 86752]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-11-16 110816]
R2 asdrs;AntiMalware Host-based Intrusion Prevention System;C:\Windows\System32\drivers\asdrs.sys [2013-4-15 23376]
R2 asdsrv;Anvi Smart Defender Realtime Guard Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-12-21 735592]
R2 asdws;AnviSmartDefender Web Guard;C:\Windows\System32\drivers\asdws.sys [2013-4-15 17232]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-2-23 106144]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-30 100712]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-12 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-5-12 2429544]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-5-12 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-5-12 161560]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\systemcore\mcshield.exe [2012-5-12 199304]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe [2012-5-12 210616]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-5-12 162224]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-2-21 473960]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-11-30 260768]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-4-14 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-4-14 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-4-14 168384]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2012-5-12 105024]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-12 363800]
R2 VmbService;Vodafone Mobile Broadband Service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-5-23 9216]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2012-5-12 978056]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-2-23 158880]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2012-5-12 19968]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-2-23 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-2-23 339616]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-2-23 110752]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-2-23 30368]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-2-23 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-2-23 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-2-23 280992]
R3 BTATH_VDP;Bluetooth VDP Driver;C:\Windows\System32\drivers\btath_vdp.sys [2012-2-23 421664]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-2-23 550560]
R3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2012-10-12 13952]
R3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\drivers\ew_jucdcacm.sys [2012-10-12 98816]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2012-10-12 86016]
R3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\System32\drivers\ew_juextctrl.sys [2012-10-12 28672]
R3 huawei_wwanecm;huawei_wwanecm;C:\Windows\System32\drivers\ew_juwwanecm.sys [2012-10-12 213504]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-14 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-2-28 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-2-28 787736]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-8-15 229528]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-8-15 487296]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-5-12 339048]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-27 675432]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2012-1-16 14336]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-1-20 54432]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1256040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 CrossLoopService;CrossLoop Service;C:\Users\Eoin\AppData\Local\CrossLoop\CrossLoopService.exe [2013-4-20 569072]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2012-2-23 51872]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-8-15 65264]
S3 DCDhcpService;DCDhcpService;C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2012-5-12 112256]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2012-10-12 117248]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 lehidmini;Bluetooth Low Energy Hid Device;C:\Windows\System32\drivers\leath_hid.sys [2012-2-23 36128]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-8-15 100912]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-25 19456]
S3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver.sys [2012-3-14 21264]
S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2012-1-6 138392]
S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2012-1-6 74904]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-1 289952]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-25 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-25 30208]
S3 tvnserver;TightVNC Server;C:\Users\Eoin\AppData\Local\CrossLoop\tvnserver.exe [2013-4-20 814080]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2012-5-12 535688]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-12-29 960160]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-12-21 550128]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-12-21 382720]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-8-26 101600]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-15 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-04-30 20:45:51 98816 ----a-w- C:\Windows\sed.exe
2013-04-30 20:45:51 256000 ----a-w- C:\Windows\PEV.exe
2013-04-30 20:45:51 208896 ----a-w- C:\Windows\MBR.exe
2013-04-30 20:45:43 -------- d-----w- C:\ComboFix
2013-04-25 21:02:09 -------- d-----w- C:\Users\Eoin\AppData\Local\{ED53CFDC-939E-490D-B5FE-0109566D5955}
2013-04-24 10:24:50 -------- d-----w- C:\Users\Eoin\AppData\Local\{3C2EF2D8-C77C-4509-9D85-83B244C5D50E}
2013-04-23 13:18:06 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-23 10:10:12 -------- d-----w- C:\Users\Eoin\AppData\Local\{057902C9-86B9-4A67-A371-792D4676ED0A}
2013-04-22 10:45:28 -------- d-----w- C:\Users\Eoin\AppData\Roaming\NCdownloader
2013-04-22 09:58:11 -------- d-----w- C:\Users\Eoin\AppData\Local\{B9B0DAAC-1BD0-4027-AD7E-F953F5C3472E}
2013-04-21 21:45:25 -------- d-----w- C:\Users\Eoin\AppData\Local\{EC477530-4A7A-4DEC-8BF8-29C6214C03B2}
2013-04-20 21:07:12 -------- d-----w- C:\Users\Eoin\AppData\Local\CrossLoop
2013-04-20 20:29:58 -------- d-----w- C:\Program Files\CCleaner
2013-04-20 19:35:42 -------- d-----w- C:\Users\Eoin\AppData\Local\{9714F002-CD9D-426F-AE32-8ADF0C2429E9}
2013-04-18 15:10:38 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{804BF8CC-918A-4124-A831-56239B848A4C}\offreg.dll
2013-04-18 15:06:08 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{804BF8CC-918A-4124-A831-56239B848A4C}\mpengine.dll
2013-04-15 18:48:21 -------- d-----w- C:\Users\Eoin\AppData\Roaming\Anvisoft
2013-04-15 18:48:08 23376 ----a-w- C:\Windows\System32\drivers\asdrs.sys
2013-04-15 18:48:08 18768 ----a-w- C:\Windows\System32\drivers\asdrm.sys
2013-04-15 18:48:08 17232 ----a-w- C:\Windows\System32\drivers\asdws.sys
2013-04-15 18:47:48 -------- d-----w- C:\ProgramData\Anvisoft
2013-04-15 18:47:44 -------- d-----w- C:\Program Files (x86)\Anvisoft
2013-04-15 12:09:53 -------- d-----w- C:\Windows\SysWow64\AMD64
2013-04-15 12:09:53 -------- d-----w- C:\Program Files (x86)\Solibo Ltd
2013-04-15 12:09:22 -------- d-----w- C:\ProgramData\InstallMate
2013-04-15 10:15:25 -------- d-----w- C:\Users\Eoin\AppData\Local\{ED471A26-CA0C-48A0-8EB4-A93CC3163F57}
2013-04-15 09:02:38 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-04-15 09:01:10 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-04-15 09:01:10 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-04-15 09:01:10 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-04-15 09:01:10 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-04-15 09:01:10 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-04-15 09:01:10 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-04-15 09:01:07 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-04-15 09:01:07 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-04-15 09:00:06 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-04-15 09:00:06 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-04-15 09:00:02 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2013-04-15 09:00:01 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2013-04-15 09:00:01 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-04-15 09:00:01 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-04-15 08:58:54 800768 ----a-w- C:\Windows\System32\usp10.dll
2013-04-15 08:58:54 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2013-04-15 08:57:52 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-04-15 08:57:51 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-15 08:57:50 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-15 08:57:00 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-04-15 08:56:59 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-04-15 08:56:58 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-15 08:56:58 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-04-15 08:56:57 112640 ----a-w- C:\Windows\System32\smss.exe
2013-04-15 08:56:56 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-04-15 08:56:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-04-15 08:56:00 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-04-14 13:01:23 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-04-14 13:01:11 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-04-14 13:01:06 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-04-14 13:00:21 -------- d-----w- C:\Users\Eoin\AppData\Local\Programs
2013-04-08 20:48:41 -------- d-----w- C:\Users\Eoin\AppData\Local\{9D7FCF6B-2783-43C4-ABC2-4D9561264A86}
2013-04-01 15:46:03 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
.
==================== Find3M ====================
.
2013-04-28 21:39:51 60 ----a-w- C:\Windows\wpd99.drv
2013-04-23 16:48:48 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-23 16:48:48 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-01 15:45:37 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-30 01:03:41 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2013-03-30 01:03:41 100712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-03-12 00:10:56 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
.
============= FINISH: 22:32:49.06 ===============

Blade81
2013-05-01, 14:52
Hi,

It seems complete ComboFix log wasn't copy-pasted. Please post it.

egrogan1
2013-05-01, 14:55
Sorry, there seems to be more in the file now

ComboFix 13-04-29.01 - Eoin 30/04/2013 21:49:09.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.3996.2381 [GMT 1:00]
Running from: C:\Users\Eoin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\ProgramData\BrOwwse2Saavei
C:\ProgramData\BrOwwse2Saavei\516bf6e2604b1.dll
C:\ProgramData\BrOwwse2Saavei\516bf6e2604b1.tlb
C:\ProgramData\BrOwwse2Saavei\settings.ini
C:\ProgramData\BrOwwse2Saavei\uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrOwwse2Saavei
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrOwwse2Saavei\BrOwwse2Saavei.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrOwwse2Saavei\Uninstall.lnk
C:\ProgramData\SeaaRchh--NewTAb
C:\ProgramData\SeaaRchh--NewTAb\516bf70307b9b.dll
C:\ProgramData\SeaaRchh--NewTAb\516bf70307b9b.tlb
C:\ProgramData\SeaaRchh--NewTAb\settings.ini
C:\Windows\SysWow64\X86
C:\Windows\wininit.ini


((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-30 )))))))))))))))))))))))))))))))


2013-04-30 21:10:10 . 2013-04-30 21:10:10 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-04-23 15:38:04 . 2013-04-23 15:38:08 -------- d-----w- C:\Windows\LastGood
2013-04-23 13:18:31 . 2013-04-23 13:18:31 -------- d-----w- C:\Program Files (x86)\Common Files\Java
2013-04-23 13:18:06 . 2013-04-04 04:35:05 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-22 10:45:28 . 2013-04-22 10:45:28 -------- d-----w- C:\Users\Eoin\AppData\Roaming\NCdownloader
2013-04-22 10:02:58 . 2013-04-22 10:03:05 -------- d-----w- C:\Program Files (x86)\ERUNT
2013-04-20 21:07:12 . 2013-04-23 09:58:50 -------- d-----w- C:\Users\Eoin\AppData\Local\CrossLoop
2013-04-20 20:54:43 . 2013-04-22 10:01:56 -------- d-----w- C:\Users\Eoin\AppData\Roaming\Skype
2013-04-20 20:29:58 . 2013-04-20 20:30:03 -------- d-----w- C:\Program Files\CCleaner
2013-04-18 15:10:38 . 2013-04-23 16:53:09 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{804BF8CC-918A-4124-A831-56239B848A4C}\offreg.dll
2013-04-18 15:06:08 . 2013-03-15 06:28:52 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{804BF8CC-918A-4124-A831-56239B848A4C}\mpengine.dll
2013-04-15 18:48:21 . 2013-04-15 18:48:21 -------- d-----w- C:\Users\Eoin\AppData\Roaming\Anvisoft
2013-04-15 18:48:08 . 2012-11-07 07:16:18 17232 ----a-w- C:\Windows\system32\drivers\asdws.sys
2013-04-15 18:48:08 . 2012-11-07 07:16:16 23376 ----a-w- C:\Windows\system32\drivers\asdrs.sys
2013-04-15 18:48:08 . 2012-11-07 07:16:16 18768 ----a-w- C:\Windows\system32\drivers\asdrm.sys
2013-04-15 18:47:48 . 2013-04-15 18:47:48 -------- d-----w- C:\ProgramData\Anvisoft
2013-04-15 18:47:44 . 2013-04-15 18:47:44 -------- d-----w- C:\Program Files (x86)\Anvisoft
2013-04-15 12:09:53 . 2013-04-15 12:09:53 -------- d-----w- C:\Windows\SysWow64\AMD64
2013-04-15 12:09:53 . 2013-04-15 12:09:53 -------- d-----w- C:\Program Files (x86)\Solibo Ltd
2013-04-15 12:09:22 . 2013-04-15 12:10:34 -------- d-----w- C:\ProgramData\InstallMate
2013-04-15 09:15:58 . 2013-02-22 06:57:13 17817088 ----a-w- C:\Windows\system32\mshtml.dll
2013-04-15 09:15:56 . 2013-02-22 06:29:21 10925568 ----a-w- C:\Windows\system32\ieframe.dll
2013-04-15 09:07:41 . 2013-04-15 09:07:41 -------- d-----w- C:\Program Files\Microsoft Silverlight
2013-04-15 09:07:41 . 2013-04-15 09:07:41 -------- d-----w- C:\Program Files (x86)\Microsoft Silverlight
2013-04-15 09:02:38 . 2012-11-30 05:41:07 424448 ----a-w- C:\Windows\system32\KernelBase.dll
2013-04-15 09:01:10 . 2013-01-04 05:46:09 215040 ----a-w- C:\Windows\system32\winsrv.dll
2013-04-15 09:01:10 . 2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-04-15 09:01:10 . 2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-04-15 09:01:10 . 2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-04-15 09:01:10 . 2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-04-15 09:01:10 . 2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-04-15 09:01:07 . 2012-11-20 05:48:49 307200 ----a-w- C:\Windows\system32\ncrypt.dll
2013-04-15 09:01:07 . 2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-04-15 09:00:06 . 2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2013-04-15 09:00:06 . 2013-01-03 06:00:42 288088 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS
2013-04-15 09:00:02 . 2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\system32\msxml6.dll
2013-04-15 09:00:01 . 2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\system32\msxml3.dll
2013-04-15 09:00:01 . 2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-04-15 09:00:01 . 2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-04-15 08:58:54 . 2012-11-22 05:44:23 800768 ----a-w- C:\Windows\system32\usp10.dll
2013-04-15 08:58:54 . 2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2013-04-15 08:57:52 . 2012-11-23 03:13:57 68608 ----a-w- C:\Windows\system32\taskhost.exe
2013-04-15 08:57:51 . 2012-11-09 05:45:32 750592 ----a-w- C:\Windows\system32\win32spl.dll
2013-04-15 08:57:50 . 2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-15 08:57:00 . 2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\system32\win32k.sys
2013-04-15 08:56:59 . 2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\system32\ntoskrnl.exe
2013-04-15 08:56:58 . 2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-15 08:56:58 . 2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-04-15 08:56:57 . 2013-03-19 03:06:33 112640 ----a-w- C:\Windows\system32\smss.exe
2013-04-15 08:56:56 . 2013-03-19 05:46:56 43520 ----a-w- C:\Windows\system32\csrsrv.dll
2013-04-15 08:56:56 . 2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-04-15 08:56:00 . 2013-01-24 06:01:01 223752 ----a-w- C:\Windows\system32\drivers\fvevol.sys
2013-04-14 13:01:23 . 2013-04-22 10:50:22 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-04-14 13:01:11 . 2009-01-25 11:14:02 17272 ----a-w- C:\Windows\system32\sdnclean64.exe
2013-04-14 13:01:06 . 2013-04-14 13:01:20 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-04-14 13:00:21 . 2013-04-14 13:00:21 -------- d-----w- C:\Users\Eoin\AppData\Local\Programs
2013-04-01 15:46:03 . 2013-04-01 15:45:37 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-04-01 15:45:36 . 2013-04-23 13:18:06 -------- d-----w- C:\Program Files (x86)\Java
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-04-23 16:48:48 . 2012-05-12 09:28:58 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-23 16:48:48 . 2012-05-12 09:28:58 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-01 18:58:38 . 2012-12-25 13:47:49 72702784 ----a-w- C:\Windows\system32\MRT.exe
2013-04-01 15:45:37 . 2012-05-12 09:11:53 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-30 01:03:41 . 2013-03-30 01:03:47 28600 ----a-w- C:\Windows\system32\drivers\avkmgr.sys
2013-03-30 01:03:41 . 2013-03-30 01:03:47 130016 ----a-w- C:\Windows\system32\drivers\avipbb.sys
2013-03-30 01:03:41 . 2013-03-30 01:03:47 100712 ----a-w- C:\Windows\system32\drivers\avgntflt.sys
2013-03-12 00:10:56 . 2010-11-21 03:27:21 282744 ------w- C:\Windows\system32\MpSigStub.exe
2013-02-12 05:45:24 . 2013-04-15 08:59:55 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 . 2013-04-15 08:59:56 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 . 2013-04-15 08:59:55 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 . 2013-04-15 08:59:55 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 . 2013-04-15 08:59:56 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 . 2013-04-15 08:59:56 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-20 14:11:17 222808 ----a-w- C:\Users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-20 14:11:17 222808 ----a-w- C:\Users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-20 14:11:17 222808 ----a-w- C:\Users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-21 03:24:51 1475584]
"SkyDrive"="C:\Users\Eoin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-03-20 14:11:15 256600]
"GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe" [2013-03-07 16:31:48 19357112]
"Spybot-S&D Cleaning"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 13:07:26 3713032]
"CrossLoop"="C:\Users\Eoin\AppData\Local\CrossLoop\CrossLoopConnect.exe" [2012-01-06 07:35:22 1208048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 19:04:54 284440]
"USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-22 17:10:28 291608]
"ISBMgr.exe"="C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-09-20 15:57:56 60552]
"PMBVolumeWatcher"="c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-02-21 11:37:16 693608]
"MobileBroadband"="C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2011-05-23 15:19:30 274944]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 13:08:14 59720]
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-30 01:02:07 345312]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-12-25 14:18:10 295072]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 12:35:28 152392]
"SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 13:08:08 3825176]
"ADBlocker"="C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe" [2012-12-21 08:26:34 979816]
"Anvi Smart Defender"="C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-12-21 02:43:14 1434984]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 06:32:50 253816]

C:\Users\Eoin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OpenOffice.org 3.4.1.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
NCdownloader.lnk - C:\Program Files (x86)\Solibo Ltd\NCdownloader\NCdownloader.exe [2013-4-15 270848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 22:27:14 138576]
R2 CrossLoopService;CrossLoop Service;C:\Users\Eoin\AppData\Local\CrossLoop\CrossLoopService.exe [2012-01-06 07:35:22 569072]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 12:28:36 160944]
R3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\Drivers\AthDfu.sys [2012-02-23 15:57:58 51872]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys [2012-02-22 12:29:46 65264]
R3 DCDhcpService;DCDhcpService;C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2012-03-21 16:08:20 112256]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 20:35:02 281088]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2011-05-20 15:38:34 117248]
R3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 17:59:12 206072]
R3 lehidmini;Bluetooth Low Energy Hid Device;C:\Windows\system32\drivers\leath_hid.sys [2012-02-23 16:01:34 36128]
R3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys [2012-02-22 12:29:46 100912]
R3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys [2012-03-26 13:50:12 22528]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14:10:20 19456]
R3 SmbDrv;SmbDrv;C:\Windows\system32\drivers\Smb_driver.sys [2012-03-13 17:01:03 21264]
R3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2012-01-06 15:44:26 138392]
R3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2012-01-06 15:44:28 74904]
R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-01 09:04:56 289952]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 14:07:35 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 14:08:26 30208]
R3 tvnserver;TightVNC Server;C:\Users\Eoin\AppData\Local\CrossLoop\tvnserver.exe [2010-07-21 06:50:26 814080]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [2012-12-13 13:50:36 54784]
R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2012-01-10 12:45:32 535688]
R3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-12-29 15:10:08 960160]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-12-21 12:15:06 550128]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-12-21 12:55:14 382720]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-08-26 17:47:26 101600]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2012-10-14 22:33:02 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 17:10:10 57184]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\system32\drivers\iusb3hcs.sys [2012-02-22 17:10:10 16152]
S0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys [2012-02-22 12:29:46 289664]
S1 asdnet;asdnet;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [2012-09-07 12:52:02 19280]
S1 asdrm;asdrm;C:\Windows\system32\DRIVERS\asdrm.sys [2012-11-07 07:16:16 18768]
S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys [2013-03-30 01:03:41 28600]
S1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 12:29:46 75936]
S2 ADBlockerSrv;AD Blocker Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [2012-11-13 13:18:00 279368]
S2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-30 01:03:18 86752]
S2 asdrs;AntiMalware Host-based Intrusion Prevention System;C:\Windows\system32\DRIVERS\asdrs.sys [2012-11-07 07:16:16 23376]
S2 asdsrv;Anvi Smart Defender Realtime Guard Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-12-21 02:43:12 735592]
S2 asdws;AnviSmartDefender Web Guard;C:\Windows\system32\DRIVERS\asdws.sys [2012-11-07 07:16:18 17232]
S2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2012-02-23 15:51:40 106144]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 13:22:40 822624]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 19:04:56 13592]
S2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-02-08 16:36:01 2429544]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-02-02 21:29:52 628448]
S2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-03-13 16:01:29 128280]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-03-13 16:00:11 161560]
S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-05-25 15:59:02 210616]
S2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\system32\mfevtps.exe [2012-05-25 16:13:54 162224]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-02-21 11:41:12 473960]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 20:31:04 38608]
S2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-11-30 17:49:50 260768]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 13:07:16 1103392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 13:07:20 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 13:07:24 168384]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 07:30:18 508776]
S2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 13:05:04 105024]
S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-03-13 16:02:03 363800]
S2 VmbService;Vodafone Mobile Broadband Service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-05-23 15:19:44 9216]
S2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2012-03-26 08:24:10 978056]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-02-23 16:09:58 158880]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 13:32:04 19968]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys [2012-02-23 15:59:16 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys [2012-02-23 15:58:28 339616]
S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\system32\drivers\btath_avdt.sys [2012-02-23 15:58:46 110752]
S3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\drivers\btath_bus.sys [2012-02-23 15:59:04 30368]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\drivers\btath_hcrp.sys [2012-02-23 15:59:34 167584]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys [2012-02-23 16:00:04 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\drivers\btath_rcp.sys [2012-02-23 16:00:16 280992]
S3 BTATH_VDP;Bluetooth VDP Driver;C:\Windows\system32\drivers\btath_vdp.sys [2012-02-23 16:00:34 421664]
S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys [2012-02-23 16:01:04 550560]
S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [2011-05-20 15:38:40 13952]
S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [2011-05-20 15:38:48 98816]
S3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2011-05-20 15:38:48 86016]
S3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\system32\DRIVERS\ew_juextctrl.sys [2011-05-20 15:38:48 28672]
S3 huawei_wwanecm;huawei_wwanecm;C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [2011-05-20 15:38:46 213504]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys [2012-03-14 08:22:23 331264]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\system32\drivers\iusb3hub.sys [2012-02-22 17:10:12 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\drivers\iusb3xhc.sys [2012-02-22 17:10:17 787736]
S3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys [2012-02-22 12:29:46 487296]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys [2012-02-08 16:36:36 339048]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-02-13 09:21:29 675432]
S3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys [2012-01-16 09:01:14 14336]
S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 07:30:10 764264]
S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 07:30:18 268648]
S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 07:30:18 25960]
S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 07:30:22 22376]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 07:30:22 219496]
S3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-01-20 14:23:00 54432]
S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 09:55:10 1256040]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 22:53:00 1642448 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe

Contents of the 'Scheduled Tasks' folder

2013-04-30 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 09:28:58 . 2013-04-23 16:48:49]

2013-04-30 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-01 15:42:55 . 2013-01-01 15:42:54]

2013-04-30 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-01 15:42:55 . 2013-01-01 15:42:54]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-20 14:11:19 261704 ----a-w- C:\Users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-20 14:11:19 261704 ----a-w- C:\Users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-20 14:11:19 261704 ----a-w- C:\Users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-03-07 16:31:52 776144 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-03-07 16:31:52 776144 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-03-07 16:31:52 776144 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-03-07 16:31:52 776144 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

Blade81
2013-05-01, 15:04
Hi,

Still doesn't seem to be everything. If the whole text doesn't fit there you may attach the log as a file.

egrogan1
2013-05-01, 15:16
no that is all the text that is in the file. Should I run combofix again?

Blade81
2013-05-01, 15:18
Yes, please run it again. Also, make sure antivirus protection is disabled during the run.

egrogan1
2013-05-01, 15:22
OK it could be a while before I'm back to you again then

egrogan1
2013-05-01, 16:33
ComboFix 13-05-01.03 - Eoin 01/05/2013 13:31:15.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.3996.2475 [GMT 1:00]
Running from: c:\users\Eoin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\programdata\BrOwwse2Saavei
c:\programdata\BrOwwse2Saavei\516bf6e2604b1.dll
c:\programdata\BrOwwse2Saavei\516bf6e2604b1.tlb
c:\programdata\BrOwwse2Saavei\settings.ini
c:\programdata\BrOwwse2Saavei\uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\BrOwwse2Saavei
c:\programdata\Microsoft\Windows\Start Menu\Programs\BrOwwse2Saavei\BrOwwse2Saavei.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\BrOwwse2Saavei\Uninstall.lnk
c:\programdata\SeaaRchh--NewTAb
c:\programdata\SeaaRchh--NewTAb\516bf70307b9b.dll
c:\programdata\SeaaRchh--NewTAb\516bf70307b9b.tlb
c:\programdata\SeaaRchh--NewTAb\settings.ini
c:\windows\SysWow64\X86
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-04-01 to 2013-05-01 )))))))))))))))))))))))))))))))
.
.
2013-05-01 12:50 . 2013-05-01 12:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-23 15:38 . 2013-04-23 15:38 -------- d-----w- c:\windows\LastGood
2013-04-23 13:18 . 2013-04-23 13:18 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-04-23 13:18 . 2013-04-04 04:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-22 10:45 . 2013-04-22 10:45 -------- d-----w- c:\users\Eoin\AppData\Roaming\NCdownloader
2013-04-22 10:02 . 2013-04-22 10:03 -------- d-----w- c:\program files (x86)\ERUNT
2013-04-20 21:07 . 2013-04-23 09:58 -------- d-----w- c:\users\Eoin\AppData\Local\CrossLoop
2013-04-20 20:54 . 2013-04-22 10:01 -------- d-----w- c:\users\Eoin\AppData\Roaming\Skype
2013-04-20 20:29 . 2013-04-20 20:30 -------- d-----w- c:\program files\CCleaner
2013-04-18 15:10 . 2013-04-23 16:53 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{804BF8CC-918A-4124-A831-56239B848A4C}\offreg.dll
2013-04-18 15:06 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{804BF8CC-918A-4124-A831-56239B848A4C}\mpengine.dll
2013-04-15 18:48 . 2013-04-15 18:48 -------- d-----w- c:\users\Eoin\AppData\Roaming\Anvisoft
2013-04-15 18:48 . 2012-11-07 07:16 17232 ----a-w- c:\windows\system32\drivers\asdws.sys
2013-04-15 18:48 . 2012-11-07 07:16 23376 ----a-w- c:\windows\system32\drivers\asdrs.sys
2013-04-15 18:48 . 2012-11-07 07:16 18768 ----a-w- c:\windows\system32\drivers\asdrm.sys
2013-04-15 18:47 . 2013-04-15 18:47 -------- d-----w- c:\programdata\Anvisoft
2013-04-15 18:47 . 2013-04-15 18:47 -------- d-----w- c:\program files (x86)\Anvisoft
2013-04-15 12:09 . 2013-04-15 12:09 -------- d-----w- c:\windows\SysWow64\AMD64
2013-04-15 12:09 . 2013-04-15 12:09 -------- d-----w- c:\program files (x86)\Solibo Ltd
2013-04-15 12:09 . 2013-04-15 12:10 -------- d-----w- c:\programdata\InstallMate
2013-04-15 09:15 . 2013-02-22 06:57 17817088 ----a-w- c:\windows\system32\mshtml.dll
2013-04-15 09:15 . 2013-02-22 06:29 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-04-15 09:07 . 2013-04-15 09:07 -------- d-----w- c:\program files\Microsoft Silverlight
2013-04-15 09:07 . 2013-04-15 09:07 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-04-15 09:02 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-04-15 09:01 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-04-15 09:01 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-04-15 09:01 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-04-15 09:01 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-04-15 09:01 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-04-15 09:01 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-04-15 09:01 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-04-15 09:01 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-04-15 09:00 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-04-15 09:00 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-04-15 09:00 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-04-15 09:00 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-04-15 09:00 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-04-15 09:00 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-04-15 08:58 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
2013-04-15 08:58 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2013-04-15 08:57 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-04-15 08:57 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-04-15 08:57 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-04-15 08:57 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-15 08:56 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-15 08:56 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-15 08:56 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-15 08:56 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-15 08:56 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-15 08:56 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-15 08:56 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-14 13:01 . 2013-04-22 10:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-04-14 13:01 . 2009-01-25 11:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2013-04-14 13:01 . 2013-04-14 13:01 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-04-14 13:00 . 2013-04-14 13:00 -------- d-----w- c:\users\Eoin\AppData\Local\Programs
2013-04-01 15:46 . 2013-04-01 15:45 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-01 15:45 . 2013-04-23 13:18 -------- d-----w- c:\program files (x86)\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-23 16:48 . 2012-05-12 09:28 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-23 16:48 . 2012-05-12 09:28 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-01 18:58 . 2012-12-25 13:47 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-01 15:45 . 2012-05-12 09:11 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-30 01:03 . 2013-03-30 01:03 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-30 01:03 . 2013-03-30 01:03 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-30 01:03 . 2013-03-30 01:03 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-12 00:10 . 2010-11-21 03:27 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-02-12 05:45 . 2013-04-15 08:59 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-04-15 08:59 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-04-15 08:59 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-04-15 08:59 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-04-15 08:59 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-04-15 08:59 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6CCA71BB-4A17-554A-7B2B-8905AEC189DF}]
c:\programdata\BrOwwse2Saavei\516bf6e2604b1.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-20 14:11 222808 ----a-w- c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-20 14:11 222808 ----a-w- c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-20 14:11 222808 ----a-w- c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"SkyDrive"="c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-03-20 256600]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-03-07 19357112]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
"CrossLoop"="c:\users\Eoin\AppData\Local\CrossLoop\CrossLoopConnect.exe" [2012-01-06 1208048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-22 291608]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-09-20 60552]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-02-21 693608]
"MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2011-05-23 274944]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-30 345312]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-12-25 295072]
"ShaPlus Bandwidth Meter"="c:\program files (x86)\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe" [BU]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"ADBlocker"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe" [2012-12-21 979816]
"Anvi Smart Defender"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-12-21 1434984]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Eoin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NCdownloader.lnk - c:\program files (x86)\Solibo Ltd\NCdownloader\NCdownloader.exe [2013-4-15 270848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 CrossLoopService;CrossLoop Service;c:\users\Eoin\AppData\Local\CrossLoop\CrossLoopService.exe [2012-01-06 569072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys [2012-02-23 51872]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2012-03-21 112256]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-05-20 117248]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 lehidmini;Bluetooth Low Energy Hid Device;c:\windows\system32\drivers\leath_hid.sys [2012-02-23 36128]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SmbDrv;SmbDrv;c:\windows\system32\drivers\Smb_driver.sys [2012-03-13 21264]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2012-01-06 138392]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2012-01-06 74904]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-01 289952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 tvnserver;TightVNC Server;c:\users\Eoin\AppData\Local\CrossLoop\tvnserver.exe [2010-07-21 814080]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2012-01-10 535688]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-12-29 960160]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-12-21 550128]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-12-21 382720]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-08-26 101600]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-14 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [2012-02-22 16152]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S1 asdnet;asdnet;c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [2012-09-07 19280]
S1 asdrm;asdrm;c:\windows\system32\DRIVERS\asdrm.sys [2012-11-07 18768]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-30 28600]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S2 ADBlockerSrv;AD Blocker Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [2012-11-13 279368]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-30 86752]
S2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\asdrs.sys [2012-11-07 23376]
S2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-12-21 735592]
S2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\DRIVERS\asdws.sys [2012-11-07 17232]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2012-02-23 106144]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-02-08 2429544]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-03-13 128280]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-03-13 161560]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-05-25 210616]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-05-25 162224]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-02-21 473960]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-11-30 260768]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-03-13 363800]
S2 VmbService;Vodafone Mobile Broadband Service;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-05-23 9216]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2012-03-26 978056]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-02-23 158880]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-02-23 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-02-23 339616]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-02-23 110752]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2012-02-23 30368]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2012-02-23 167584]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2012-02-23 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2012-02-23 280992]
S3 BTATH_VDP;Bluetooth VDP Driver;c:\windows\system32\drivers\btath_vdp.sys [2012-02-23 421664]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2012-02-23 550560]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2011-05-20 13952]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2011-05-20 98816]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-05-20 86016]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2011-05-20 28672]
S3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2011-05-20 213504]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-03-14 331264]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [2012-02-22 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys [2012-02-22 787736]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-02-08 339048]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-13 675432]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2012-01-16 14336]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2012-01-20 54432]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 22:53 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 16:48]
.
2013-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-01 15:42]
.
2013-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-01 15:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-20 14:11 261704 ----a-w- c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-20 14:11 261704 ----a-w- c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-20 14:11 261704 ----a-w- c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-03-07 16:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-03-07 16:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-03-07 16:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-03-07 16:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-13 1156712]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-02-23 1020576]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-02-23 800416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-14 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-14 398104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-14 440600]
.
------- Supplementary Scan -------
.
uLocal Page = hxxp://www.google.ie
uStart Page = hxxp://www.google.ie
mDefault_Page_URL = hxxp://www.google.ie
mStart Page = hxxp://www.google.ie
mLocal Page = hxxp://www.google.ie
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = <local>;*.local
TCP: Interfaces\{55606A95-2C0D-4635-8BB8-75C01926828F}: NameServer = 89.19.64.164 89.19.64.36
TCP: Interfaces\{B91DE24D-00AD-4036-A20A-B54F260E9DE7}: NameServer = 89.19.64.164 89.19.64.36
TCP: Interfaces\{F84F9782-03FD-4F96-9127-821FBC75F442}: NameServer = 89.19.64.36 89.19.64.164
FF - ProfilePath - c:\users\Eoin\AppData\Roaming\Mozilla\Firefox\Profiles\kgt8vqf0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.pu-results.info/?pid=726&r=2013/04/15&hid=665674988&lg=EN&cc=IE&l=1&q=
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/
FF - prefs.js: keyword.URL - hxxp://websearch.pu-results.info/?pid=726&r=2013/04/15&hid=665674988&lg=EN&cc=IE&l=1&q=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-NetWorx - c:\users\Eoin\Downloads\networx_portable\64-bit\networx.exe
AddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
AddRemove-SP_4e24eecb - c:\program files (x86)\WebSearch\uninstall.exe
AddRemove-SP_f2a323db - c:\program files (x86)\BrowseToSave\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-01 14:30:38
ComboFix-quarantined-files.txt 2013-05-01 13:30
.
Pre-Run: 510,409,486,336 bytes free
Post-Run: 510,089,138,176 bytes free
.
- - End Of File - - 525CD4F5C9347010865DDCD94FC562FE

Blade81
2013-05-01, 20:01
Hi again,


Open notepad and copy/paste the text in the quotebox below into it:



DDS::
BHO: BrOwwse2Saavei: {6CCA71BB-4A17-554A-7B2B-8905AEC189DF} -
Firefox::
FF - ProfilePath - C:\Users\Eoin\AppData\Roaming\Mozilla\Firefox\Profiles\kgt8vqf0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.pu-results.info/?pid=726&r=2013/04/15&hid=665674988&lg=EN&cc=IE&l=1&q=
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - prefs.js: keyword.URL - hxxp://websearch.pu-results.info/?pid=726&r=2013/04/15&hid=665674988&lg=EN&cc=IE&l=1&q=



Save this as

CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).

Then post the resultant log.


Uninstall old Adobe Reader versions and get Adobe Reader 11.0 here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) and updates 11.0.01 & 11.0.02 for it or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 7 Update 21 (http://www.oracle.com/technetwork/java/javase/downloads/index.html).
Click the Download button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-7u21-windows-i586.exe to install the newest version.


* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
Click Scan
Wait for the scan to finish.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

egrogan1
2013-05-01, 22:13
I have found an entry in the "Programmes and Features" section entitled "BrowseToSave1.74". From reading the logs this looks like some of the sections that were found and removed.

Also I have a lot of entries for "Windows Live Mesh", preceeded and followed by another language, But it is signed by "Microsoft Corporation". It this right??

egrogan1
2013-05-02, 00:49
C:\Qoobox\Quarantine\C\ProgramData\BrOwwse2Saavei\516bf6e2604b1.dll.vir a variant of Win32/Adware.MultiPlug.I application
C:\Qoobox\Quarantine\C\ProgramData\SeaaRchh--NewTAb\516bf70307b9b.dll.vir a variant of Win32/Adware.MultiPlug.I application
C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\djgbdjnomgncbhbodcbnlnnmmpikgcbl\1\516bf6e2602c31.82844823.js Win32/Adware.MultiPlug.H application
C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffhadohnojidlpbfiipbfbejffnfnobb\1\516bf7030798b2.04198383.js Win32/Adware.MultiPlug.H application
C:\Users\Eoin\Downloads\Adobe Photoshop CS5 Extended.exe Win32/InstalleRex.I application


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.21.2
Run by Eoin at 22:45:58 on 2013-05-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.3996.1066 [GMT 1:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Users\Eoin\AppData\Local\CrossLoop\CrossLoopService.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Windows\system32\mfevtps.exe
c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Eoin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_169_ActiveX.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Windows\System32\vds.exe
C:\Program Files\Sony\VAIO Improvement\vim.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files\Sony\VAIO Care\VCAdmin.exe
C:\Program Files\Sony\VAIO Improvement\vim.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ie
uLocal Page = hxxp://www.google.ie
mStart Page = hxxp://www.google.ie
mLocal Page = hxxp://www.google.ie
mWindow Title = Microsoft Internet Explorer
mDefault_Page_URL = hxxp://www.google.ie
uProxyOverride = <local>;*.local
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: BrOwwse2Saavei: {6CCA71BB-4A17-554A-7B2B-8905AEC189DF} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121012182632.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SkyDrive] "C:\Users\Eoin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [CrossLoop] "C:\Users\Eoin\AppData\Local\CrossLoop\CrossLoopConnect.exe" -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server -minimize
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
mRun: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [ShaPlus Bandwidth Meter] "C:\Program Files (x86)\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe" /s
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [ADBlocker] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe -tray
mRun: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Eoin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\Eoin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NCDOWN~1.LNK - C:\Program Files (x86)\Solibo Ltd\NCdownloader\NCdownloader.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:3
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: Interfaces\{204075A0-3C79-4EC6-ADCB-9C1406296244} : DHCPNameServer = 8.8.4.4
TCP: Interfaces\{4C67F788-B788-42CE-9E44-562ED4D265A7} : DHCPNameServer = 172.31.140.69 172.30.140.69
TCP: Interfaces\{55606A95-2C0D-4635-8BB8-75C01926828F} : NameServer = 89.19.64.36 89.19.64.164
TCP: Interfaces\{7787CE1A-FC98-4EEF-8D4C-2DBCEA5736EA}\54962736F6D6 : DHCPNameServer = 10.0.0.6
TCP: Interfaces\{B91DE24D-00AD-4036-A20A-B54F260E9DE7} : NameServer = 89.19.64.164 89.19.64.36
TCP: Interfaces\{F84F9782-03FD-4F96-9127-821FBC75F442} : NameServer = 89.19.64.36 89.19.64.164
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121012182632.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SONYAPO
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [NetWorx] "C:\Users\Eoin\Downloads\networx_portable\64-bit\networx.exe" /auto
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eoin\AppData\Roaming\Mozilla\Firefox\Profiles\kgt8vqf0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
FF - plugin: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-2-28 16152]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-8-15 647208]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-8-15 289664]
R1 asdnet;asdnet;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [2013-4-15 19280]
R1 asdrm;asdrm;C:\Windows\System32\drivers\asdrm.sys [2013-4-15 18768]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-30 28600]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2011-8-15 75936]
R2 ADBlockerSrv;AD Blocker Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [2013-4-15 279368]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-11-16 86752]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-11-16 110816]
R2 asdrs;AntiMalware Host-based Intrusion Prevention System;C:\Windows\System32\drivers\asdrs.sys [2013-4-15 23376]
R2 asdsrv;Anvi Smart Defender Realtime Guard Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-12-21 735592]
R2 asdws;AnviSmartDefender Web Guard;C:\Windows\System32\drivers\asdws.sys [2013-4-15 17232]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-2-23 106144]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-30 100712]
R2 CrossLoopService;CrossLoop Service;C:\Users\Eoin\AppData\Local\CrossLoop\CrossLoopService.exe [2013-4-20 569072]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-12 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-5-12 2429544]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-5-12 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-5-12 161560]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\systemcore\mcshield.exe [2012-5-12 199304]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe [2012-5-12 210616]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-5-12 162224]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-2-21 473960]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-11-30 260768]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-4-14 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-4-14 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-4-14 168384]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2012-5-12 105024]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-12 363800]
R2 VmbService;Vodafone Mobile Broadband Service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-5-23 9216]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2012-5-12 978056]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-2-23 158880]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2012-5-12 19968]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-2-23 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-2-23 339616]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-2-23 110752]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-2-23 30368]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-2-23 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-2-23 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-2-23 280992]
R3 BTATH_VDP;Bluetooth VDP Driver;C:\Windows\System32\drivers\btath_vdp.sys [2012-2-23 421664]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-2-23 550560]
R3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2012-10-12 13952]
R3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\drivers\ew_jucdcacm.sys [2012-10-12 98816]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2012-10-12 86016]
R3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\System32\drivers\ew_juextctrl.sys [2012-10-12 28672]
R3 huawei_wwanecm;huawei_wwanecm;C:\Windows\System32\drivers\ew_juwwanecm.sys [2012-10-12 213504]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-14 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-2-28 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-2-28 787736]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-8-15 229528]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-8-15 487296]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-5-12 339048]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-27 675432]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2012-1-16 14336]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-1-20 54432]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1256040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2012-2-23 51872]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-8-15 65264]
S3 DCDhcpService;DCDhcpService;C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2012-5-12 112256]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2012-10-12 117248]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 lehidmini;Bluetooth Low Energy Hid Device;C:\Windows\System32\drivers\leath_hid.sys [2012-2-23 36128]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-8-15 100912]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-25 19456]
S3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver.sys [2012-3-14 21264]
S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2012-1-6 138392]
S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2012-1-6 74904]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-1 289952]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-25 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-25 30208]
S3 tvnserver;TightVNC Server;C:\Users\Eoin\AppData\Local\CrossLoop\tvnserver.exe [2013-4-20 814080]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2012-5-12 535688]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-12-29 960160]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-12-21 550128]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-12-21 382720]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-8-26 101600]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-15 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-05-01 20:00:53 -------- d-----w- C:\Program Files (x86)\ESET
2013-05-01 19:53:09 -------- d-sh--w- C:\$RECYCLE.BIN
2013-05-01 19:14:36 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-30 20:45:51 98816 ----a-w- C:\Windows\sed.exe
2013-04-30 20:45:51 256000 ----a-w- C:\Windows\PEV.exe
2013-04-30 20:45:51 208896 ----a-w- C:\Windows\MBR.exe
2013-04-25 21:02:09 -------- d-----w- C:\Users\Eoin\AppData\Local\{ED53CFDC-939E-490D-B5FE-0109566D5955}
2013-04-24 10:24:50 -------- d-----w- C:\Users\Eoin\AppData\Local\{3C2EF2D8-C77C-4509-9D85-83B244C5D50E}
2013-04-23 10:10:12 -------- d-----w- C:\Users\Eoin\AppData\Local\{057902C9-86B9-4A67-A371-792D4676ED0A}
2013-04-22 10:45:28 -------- d-----w- C:\Users\Eoin\AppData\Roaming\NCdownloader
2013-04-22 09:58:11 -------- d-----w- C:\Users\Eoin\AppData\Local\{B9B0DAAC-1BD0-4027-AD7E-F953F5C3472E}
2013-04-21 21:45:25 -------- d-----w- C:\Users\Eoin\AppData\Local\{EC477530-4A7A-4DEC-8BF8-29C6214C03B2}
2013-04-20 21:07:12 -------- d-----w- C:\Users\Eoin\AppData\Local\CrossLoop
2013-04-20 20:29:58 -------- d-----w- C:\Program Files\CCleaner
2013-04-20 19:35:42 -------- d-----w- C:\Users\Eoin\AppData\Local\{9714F002-CD9D-426F-AE32-8ADF0C2429E9}
2013-04-18 15:10:38 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{804BF8CC-918A-4124-A831-56239B848A4C}\offreg.dll
2013-04-18 15:06:08 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{804BF8CC-918A-4124-A831-56239B848A4C}\mpengine.dll
2013-04-15 18:48:21 -------- d-----w- C:\Users\Eoin\AppData\Roaming\Anvisoft
2013-04-15 18:48:08 23376 ----a-w- C:\Windows\System32\drivers\asdrs.sys
2013-04-15 18:48:08 18768 ----a-w- C:\Windows\System32\drivers\asdrm.sys
2013-04-15 18:48:08 17232 ----a-w- C:\Windows\System32\drivers\asdws.sys
2013-04-15 18:47:48 -------- d-----w- C:\ProgramData\Anvisoft
2013-04-15 18:47:44 -------- d-----w- C:\Program Files (x86)\Anvisoft
2013-04-15 12:09:53 -------- d-----w- C:\Windows\SysWow64\AMD64
2013-04-15 12:09:53 -------- d-----w- C:\Program Files (x86)\Solibo Ltd
2013-04-15 12:09:22 -------- d-----w- C:\ProgramData\InstallMate
2013-04-15 10:15:25 -------- d-----w- C:\Users\Eoin\AppData\Local\{ED471A26-CA0C-48A0-8EB4-A93CC3163F57}
2013-04-15 09:02:38 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-04-15 09:01:10 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-04-15 09:01:10 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-04-15 09:01:10 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-04-15 09:01:10 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-04-15 09:01:10 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-04-15 09:01:10 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-04-15 09:01:07 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-04-15 09:01:07 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-04-15 09:00:06 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-04-15 09:00:06 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-04-15 09:00:02 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2013-04-15 09:00:01 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2013-04-15 09:00:01 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-04-15 09:00:01 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-04-15 08:58:54 800768 ----a-w- C:\Windows\System32\usp10.dll
2013-04-15 08:58:54 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2013-04-15 08:57:52 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-04-15 08:57:51 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-15 08:57:50 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-15 08:57:00 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-04-15 08:56:59 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-04-15 08:56:58 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-15 08:56:58 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-04-15 08:56:57 112640 ----a-w- C:\Windows\System32\smss.exe
2013-04-15 08:56:56 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-04-15 08:56:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-04-15 08:56:00 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-04-14 13:01:23 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-04-14 13:01:11 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-04-14 13:01:06 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-04-14 13:00:21 -------- d-----w- C:\Users\Eoin\AppData\Local\Programs
2013-04-08 20:48:41 -------- d-----w- C:\Users\Eoin\AppData\Local\{9D7FCF6B-2783-43C4-ABC2-4D9561264A86}
.
==================== Find3M ====================
.
2013-05-01 19:14:27 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-05-01 19:14:27 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-04-28 21:39:51 60 ----a-w- C:\Windows\wpd99.drv
2013-04-23 16:48:48 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-23 16:48:48 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-30 01:03:41 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2013-03-30 01:03:41 100712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-03-12 00:10:56 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
.
============= FINISH: 22:46:59.31 ===============

egrogan1
2013-05-02, 00:50
ComboFix 13-05-01.03 - Eoin 01/05/2013 18:15:14.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.3996.2271 [GMT 1:00]
Running from: c:\users\Eoin\Desktop\ComboFix.exe
Command switches used :: c:\users\Eoin\Desktop\cfscript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-04-01 to 2013-05-01 )))))))))))))))))))))))))))))))
.
.
2013-05-01 17:33 . 2013-05-01 17:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-23 15:38 . 2013-04-23 15:38 -------- d-----w- c:\windows\LastGood
2013-04-23 13:18 . 2013-04-23 13:18 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-04-23 13:18 . 2013-04-04 04:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-22 10:45 . 2013-04-22 10:45 -------- d-----w- c:\users\Eoin\AppData\Roaming\NCdownloader
2013-04-22 10:02 . 2013-04-22 10:03 -------- d-----w- c:\program files (x86)\ERUNT
2013-04-20 21:07 . 2013-04-23 09:58 -------- d-----w- c:\users\Eoin\AppData\Local\CrossLoop
2013-04-20 20:54 . 2013-04-22 10:01 -------- d-----w- c:\users\Eoin\AppData\Roaming\Skype
2013-04-20 20:29 . 2013-04-20 20:30 -------- d-----w- c:\program files\CCleaner
2013-04-18 15:10 . 2013-04-23 16:53 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{804BF8CC-918A-4124-A831-56239B848A4C}\offreg.dll
2013-04-18 15:06 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{804BF8CC-918A-4124-A831-56239B848A4C}\mpengine.dll
2013-04-15 18:48 . 2013-04-15 18:48 -------- d-----w- c:\users\Eoin\AppData\Roaming\Anvisoft
2013-04-15 18:48 . 2012-11-07 07:16 17232 ----a-w- c:\windows\system32\drivers\asdws.sys
2013-04-15 18:48 . 2012-11-07 07:16 23376 ----a-w- c:\windows\system32\drivers\asdrs.sys
2013-04-15 18:48 . 2012-11-07 07:16 18768 ----a-w- c:\windows\system32\drivers\asdrm.sys
2013-04-15 18:47 . 2013-04-15 18:47 -------- d-----w- c:\programdata\Anvisoft
2013-04-15 18:47 . 2013-04-15 18:47 -------- d-----w- c:\program files (x86)\Anvisoft
2013-04-15 12:09 . 2013-04-15 12:09 -------- d-----w- c:\windows\SysWow64\AMD64
2013-04-15 12:09 . 2013-04-15 12:09 -------- d-----w- c:\program files (x86)\Solibo Ltd
2013-04-15 12:09 . 2013-04-15 12:10 -------- d-----w- c:\programdata\InstallMate
2013-04-15 09:15 . 2013-02-22 06:57 17817088 ----a-w- c:\windows\system32\mshtml.dll
2013-04-15 09:15 . 2013-02-22 06:29 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-04-15 09:07 . 2013-04-15 09:07 -------- d-----w- c:\program files\Microsoft Silverlight
2013-04-15 09:07 . 2013-04-15 09:07 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-04-15 09:02 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-04-15 09:01 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-04-15 09:01 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-04-15 09:01 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-04-15 09:01 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-04-15 09:01 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-04-15 09:01 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-04-15 09:01 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-04-15 09:01 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-04-15 09:00 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-04-15 09:00 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-04-15 09:00 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-04-15 09:00 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-04-15 09:00 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-04-15 09:00 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-04-15 08:58 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
2013-04-15 08:58 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2013-04-15 08:57 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-04-15 08:57 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-04-15 08:57 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-04-15 08:57 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-15 08:56 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-15 08:56 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-15 08:56 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-15 08:56 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-15 08:56 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-15 08:56 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-15 08:56 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-14 13:01 . 2013-04-22 10:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-04-14 13:01 . 2009-01-25 11:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2013-04-14 13:01 . 2013-04-14 13:01 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-04-14 13:00 . 2013-04-14 13:00 -------- d-----w- c:\users\Eoin\AppData\Local\Programs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-23 16:48 . 2012-05-12 09:28 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-23 16:48 . 2012-05-12 09:28 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-01 18:58 . 2012-12-25 13:47 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-01 15:45 . 2013-04-01 15:46 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-01 15:45 . 2012-05-12 09:11 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-30 01:03 . 2013-03-30 01:03 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-30 01:03 . 2013-03-30 01:03 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-30 01:03 . 2013-03-30 01:03 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-12 00:10 . 2010-11-21 03:27 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-02-12 05:45 . 2013-04-15 08:59 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-04-15 08:59 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-04-15 08:59 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-04-15 08:59 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-04-15 08:59 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-04-15 08:59 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6CCA71BB-4A17-554A-7B2B-8905AEC189DF}]
c:\programdata\BrOwwse2Saavei\516bf6e2604b1.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-20 14:11 222808 ----a-w- c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-20 14:11 222808 ----a-w- c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-20 14:11 222808 ----a-w- c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"SkyDrive"="c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-03-20 256600]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-03-07 19357112]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
"CrossLoop"="c:\users\Eoin\AppData\Local\CrossLoop\CrossLoopConnect.exe" [2012-01-06 1208048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-22 291608]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-09-20 60552]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-02-21 693608]
"MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2011-05-23 274944]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-30 345312]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-12-25 295072]
"ShaPlus Bandwidth Meter"="c:\program files (x86)\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe" [BU]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"ADBlocker"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe" [2012-12-21 979816]
"Anvi Smart Defender"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-12-21 1434984]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Eoin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NCdownloader.lnk - c:\program files (x86)\Solibo Ltd\NCdownloader\NCdownloader.exe [2013-4-15 270848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 CrossLoopService;CrossLoop Service;c:\users\Eoin\AppData\Local\CrossLoop\CrossLoopService.exe [2012-01-06 569072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys [2012-02-23 51872]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2012-03-21 112256]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-05-20 117248]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 lehidmini;Bluetooth Low Energy Hid Device;c:\windows\system32\drivers\leath_hid.sys [2012-02-23 36128]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SmbDrv;SmbDrv;c:\windows\system32\drivers\Smb_driver.sys [2012-03-13 21264]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2012-01-06 138392]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2012-01-06 74904]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-01 289952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 tvnserver;TightVNC Server;c:\users\Eoin\AppData\Local\CrossLoop\tvnserver.exe [2010-07-21 814080]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2012-01-10 535688]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-12-29 960160]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-12-21 550128]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-12-21 382720]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-08-26 101600]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-14 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [2012-02-22 16152]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S1 asdnet;asdnet;c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [2012-09-07 19280]
S1 asdrm;asdrm;c:\windows\system32\DRIVERS\asdrm.sys [2012-11-07 18768]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-30 28600]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S2 ADBlockerSrv;AD Blocker Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [2012-11-13 279368]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-30 86752]
S2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\asdrs.sys [2012-11-07 23376]
S2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-12-21 735592]
S2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\DRIVERS\asdws.sys [2012-11-07 17232]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2012-02-23 106144]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-02-08 2429544]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-03-13 128280]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-03-13 161560]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-05-25 210616]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-05-25 162224]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-02-21 473960]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-11-30 260768]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-03-13 363800]
S2 VmbService;Vodafone Mobile Broadband Service;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-05-23 9216]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2012-03-26 978056]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-02-23 158880]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-02-23 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-02-23 339616]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-02-23 110752]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2012-02-23 30368]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2012-02-23 167584]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2012-02-23 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2012-02-23 280992]
S3 BTATH_VDP;Bluetooth VDP Driver;c:\windows\system32\drivers\btath_vdp.sys [2012-02-23 421664]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2012-02-23 550560]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2011-05-20 13952]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2011-05-20 98816]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-05-20 86016]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2011-05-20 28672]
S3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2011-05-20 213504]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-03-14 331264]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [2012-02-22 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys [2012-02-22 787736]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-02-08 339048]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-13 675432]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2012-01-16 14336]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2012-01-20 54432]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 22:53 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 16:48]
.
2013-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-01 15:42]
.
2013-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-01 15:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-20 14:11 261704 ----a-w- c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-20 14:11 261704 ----a-w- c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-20 14:11 261704 ----a-w- c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-03-07 16:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-03-07 16:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-03-07 16:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-03-07 16:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-13 1156712]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-02-23 1020576]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-02-23 800416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-14 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-14 398104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-14 440600]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"NetWorx"="c:\users\Eoin\Downloads\networx_portable\64-bit\networx.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = hxxp://www.google.ie
uStart Page = hxxp://www.google.ie
mDefault_Page_URL = hxxp://www.google.ie
mStart Page = hxxp://www.google.ie
mLocal Page = hxxp://www.google.ie
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = <local>;*.local
TCP: Interfaces\{55606A95-2C0D-4635-8BB8-75C01926828F}: NameServer = 89.19.64.164 89.19.64.36
TCP: Interfaces\{B91DE24D-00AD-4036-A20A-B54F260E9DE7}: NameServer = 89.19.64.164 89.19.64.36
TCP: Interfaces\{F84F9782-03FD-4F96-9127-821FBC75F442}: NameServer = 89.19.64.36 89.19.64.164
FF - ProfilePath - c:\users\Eoin\AppData\Roaming\Mozilla\Firefox\Profiles\kgt8vqf0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
AddRemove-SP_4e24eecb - c:\program files (x86)\WebSearch\uninstall.exe
AddRemove-SP_f2a323db - c:\program files (x86)\BrowseToSave\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-01 19:17:04
ComboFix-quarantined-files.txt 2013-05-01 18:16
ComboFix2.txt 2013-05-01 13:30
.
Pre-Run: 510,104,616,960 bytes free
Post-Run: 510,030,413,824 bytes free
.
- - End Of File - - 485366AB84649FE6AE1C44B5F6CE8C21

Blade81
2013-05-02, 08:16
Hi,


I have found an entry in the "Programmes and Features" section entitled "BrowseToSave1.74". From reading the logs this looks like some of the sections that were found and removed.
Please uninstall that entry.


Also I have a lot of entries for "Windows Live Mesh", preceeded and followed by another language, But it is signed by "Microsoft Corporation". It this right??
I believe those are ok.



Please disable all protection software (Spybot and Windows Defender included) before doing the following.


Open notepad and copy/paste the text in the quotebox below into it:



Folder::
C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\djgbdjnomgncbhbodcbnlnnmmpikgcbl
C:\Users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffhadohnojidlpbfiipbfbejffnfnobb
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6CCA71BB-4A17-554A-7B2B-8905AEC189DF}]



Save this as

CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).

Then post the resultant log + fresh dds.txt log.

egrogan1
2013-05-03, 01:10
After running this fix I found I could not run any form of Internet explorer. It says "illegal operation attempted on a registry key that has been marked for deletion"

egrogan1
2013-05-03, 01:29
I got it running again by doing a system reboot

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.21.2
Run by Eoin at 23:23:19 on 2013-05-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.3996.2112 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Users\Eoin\AppData\Local\CrossLoop\CrossLoopService.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Windows\system32\mfevtps.exe
c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Eoin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ie
uLocal Page = hxxp://www.google.ie
mStart Page = hxxp://www.google.ie
mLocal Page = hxxp://www.google.ie
mWindow Title = Microsoft Internet Explorer
mDefault_Page_URL = hxxp://www.google.ie
uProxyOverride = <local>;*.local
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: BrOwwse2Saavei: {6CCA71BB-4A17-554A-7B2B-8905AEC189DF} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121012182632.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SkyDrive] "C:\Users\Eoin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [CrossLoop] "C:\Users\Eoin\AppData\Local\CrossLoop\CrossLoopConnect.exe" -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server -minimize
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
mRun: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [ShaPlus Bandwidth Meter] "C:\Program Files (x86)\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe" /s
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [ADBlocker] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe -tray
mRun: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Eoin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\Eoin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NCDOWN~1.LNK - C:\Program Files (x86)\Solibo Ltd\NCdownloader\NCdownloader.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:3
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: Interfaces\{204075A0-3C79-4EC6-ADCB-9C1406296244} : DHCPNameServer = 8.8.4.4
TCP: Interfaces\{4C67F788-B788-42CE-9E44-562ED4D265A7} : DHCPNameServer = 172.31.140.69 172.30.140.69
TCP: Interfaces\{55606A95-2C0D-4635-8BB8-75C01926828F} : NameServer = 89.19.64.36 89.19.64.164
TCP: Interfaces\{7787CE1A-FC98-4EEF-8D4C-2DBCEA5736EA}\54962736F6D6 : DHCPNameServer = 10.0.0.6
TCP: Interfaces\{B91DE24D-00AD-4036-A20A-B54F260E9DE7} : NameServer = 89.19.64.164 89.19.64.36
TCP: Interfaces\{F84F9782-03FD-4F96-9127-821FBC75F442} : NameServer = 89.19.64.36 89.19.64.164
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121012182632.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SONYAPO
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [NetWorx] "C:\Users\Eoin\Downloads\networx_portable\64-bit\networx.exe" /auto
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eoin\AppData\Roaming\Mozilla\Firefox\Profiles\kgt8vqf0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/
.
============= SERVICES / DRIVERS ===============
.
R?2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-11-30 260768]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-2-28 16152]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-8-15 647208]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-8-15 289664]
R1 asdnet;asdnet;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [2013-4-15 19280]
R1 asdrm;asdrm;C:\Windows\System32\drivers\asdrm.sys [2013-4-15 18768]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-30 28600]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2011-8-15 75936]
R2 ADBlockerSrv;AD Blocker Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [2013-4-15 279368]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-11-16 86752]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-11-16 110816]
R2 asdrs;AntiMalware Host-based Intrusion Prevention System;C:\Windows\System32\drivers\asdrs.sys [2013-4-15 23376]
R2 asdsrv;Anvi Smart Defender Realtime Guard Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-12-21 735592]
R2 asdws;AnviSmartDefender Web Guard;C:\Windows\System32\drivers\asdws.sys [2013-4-15 17232]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-2-23 106144]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-30 100712]
R2 CrossLoopService;CrossLoop Service;C:\Users\Eoin\AppData\Local\CrossLoop\CrossLoopService.exe [2013-4-20 569072]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-12 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-5-12 2429544]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-5-12 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-5-12 161560]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\systemcore\mcshield.exe [2012-5-12 199304]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe [2012-5-12 210616]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-5-12 162224]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-2-21 473960]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-4-14 1103392]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-4-14 168384]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 VmbService;Vodafone Mobile Broadband Service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-5-23 9216]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2012-5-12 978056]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-2-23 158880]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2012-5-12 19968]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-2-23 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-2-23 339616]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-2-23 110752]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-2-23 30368]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-2-23 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-2-23 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-2-23 280992]
R3 BTATH_VDP;Bluetooth VDP Driver;C:\Windows\System32\drivers\btath_vdp.sys [2012-2-23 421664]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-2-23 550560]
R3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2012-10-12 13952]
R3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\drivers\ew_jucdcacm.sys [2012-10-12 98816]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2012-10-12 86016]
R3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\System32\drivers\ew_juextctrl.sys [2012-10-12 28672]
R3 huawei_wwanecm;huawei_wwanecm;C:\Windows\System32\drivers\ew_juwwanecm.sys [2012-10-12 213504]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-14 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-2-28 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-2-28 787736]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-8-15 229528]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-8-15 487296]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-5-12 339048]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-27 675432]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2012-1-16 14336]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-4-14 1369624]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2012-5-12 105024]
S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-12 363800]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2012-2-23 51872]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-8-15 65264]
S3 DCDhcpService;DCDhcpService;C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2012-5-12 112256]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2012-10-12 117248]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 lehidmini;Bluetooth Low Energy Hid Device;C:\Windows\System32\drivers\leath_hid.sys [2012-2-23 36128]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-8-15 100912]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-25 19456]
S3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver.sys [2012-3-14 21264]
S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2012-1-6 138392]
S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2012-1-6 74904]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-1 289952]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-25 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-25 30208]
S3 tvnserver;TightVNC Server;C:\Users\Eoin\AppData\Local\CrossLoop\tvnserver.exe [2013-4-20 814080]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2012-5-12 535688]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-12-29 960160]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-12-21 550128]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-12-21 382720]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-8-26 101600]
S3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-1-20 54432]
S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1256040]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-15 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-05-02 21:33:02 -------- d-----w- C:\$RECYCLE.BIN
2013-05-02 21:04:27 -------- d-----w- C:\ComboFix
2013-05-01 20:00:53 -------- d-----w- C:\Program Files (x86)\ESET
2013-05-01 19:14:36 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-30 20:45:51 98816 ----a-w- C:\Windows\sed.exe
2013-04-30 20:45:51 256000 ----a-w- C:\Windows\PEV.exe
2013-04-30 20:45:51 208896 ----a-w- C:\Windows\MBR.exe
2013-04-25 21:02:09 -------- d-----w- C:\Users\Eoin\AppData\Local\{ED53CFDC-939E-490D-B5FE-0109566D5955}
2013-04-24 10:24:50 -------- d-----w- C:\Users\Eoin\AppData\Local\{3C2EF2D8-C77C-4509-9D85-83B244C5D50E}
2013-04-23 10:10:12 -------- d-----w- C:\Users\Eoin\AppData\Local\{057902C9-86B9-4A67-A371-792D4676ED0A}
2013-04-22 10:45:28 -------- d-----w- C:\Users\Eoin\AppData\Roaming\NCdownloader
2013-04-22 09:58:11 -------- d-----w- C:\Users\Eoin\AppData\Local\{B9B0DAAC-1BD0-4027-AD7E-F953F5C3472E}
2013-04-21 21:45:25 -------- d-----w- C:\Users\Eoin\AppData\Local\{EC477530-4A7A-4DEC-8BF8-29C6214C03B2}
2013-04-20 21:07:12 -------- d-----w- C:\Users\Eoin\AppData\Local\CrossLoop
2013-04-20 20:29:58 -------- d-----w- C:\Program Files\CCleaner
2013-04-20 19:35:42 -------- d-----w- C:\Users\Eoin\AppData\Local\{9714F002-CD9D-426F-AE32-8ADF0C2429E9}
2013-04-18 15:10:38 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{804BF8CC-918A-4124-A831-56239B848A4C}\offreg.dll
2013-04-18 15:06:08 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{804BF8CC-918A-4124-A831-56239B848A4C}\mpengine.dll
2013-04-15 18:48:21 -------- d-----w- C:\Users\Eoin\AppData\Roaming\Anvisoft
2013-04-15 18:48:08 23376 ----a-w- C:\Windows\System32\drivers\asdrs.sys
2013-04-15 18:48:08 18768 ----a-w- C:\Windows\System32\drivers\asdrm.sys
2013-04-15 18:48:08 17232 ----a-w- C:\Windows\System32\drivers\asdws.sys
2013-04-15 18:47:48 -------- d-----w- C:\ProgramData\Anvisoft
2013-04-15 18:47:44 -------- d-----w- C:\Program Files (x86)\Anvisoft
2013-04-15 12:09:53 -------- d-----w- C:\Windows\SysWow64\AMD64
2013-04-15 12:09:53 -------- d-----w- C:\Program Files (x86)\Solibo Ltd
2013-04-15 12:09:22 -------- d-----w- C:\ProgramData\InstallMate
2013-04-15 10:15:25 -------- d-----w- C:\Users\Eoin\AppData\Local\{ED471A26-CA0C-48A0-8EB4-A93CC3163F57}
2013-04-15 09:02:38 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-04-15 09:01:10 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-04-15 09:01:10 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-04-15 09:01:10 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-04-15 09:01:10 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-04-15 09:01:10 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-04-15 09:01:10 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-04-15 09:01:07 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-04-15 09:01:07 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-04-15 09:00:06 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-04-15 09:00:06 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-04-15 09:00:02 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2013-04-15 09:00:01 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2013-04-15 09:00:01 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-04-15 09:00:01 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-04-15 08:58:54 800768 ----a-w- C:\Windows\System32\usp10.dll
2013-04-15 08:58:54 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2013-04-15 08:57:52 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-04-15 08:57:51 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-15 08:57:50 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-15 08:57:00 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-04-15 08:56:59 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-04-15 08:56:58 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-15 08:56:58 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-04-15 08:56:57 112640 ----a-w- C:\Windows\System32\smss.exe
2013-04-15 08:56:56 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-04-15 08:56:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-04-15 08:56:00 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-04-14 13:01:23 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-04-14 13:01:11 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-04-14 13:01:06 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-04-14 13:00:21 -------- d-----w- C:\Users\Eoin\AppData\Local\Programs
2013-04-08 20:48:41 -------- d-----w- C:\Users\Eoin\AppData\Local\{9D7FCF6B-2783-43C4-ABC2-4D9561264A86}
.
==================== Find3M ====================
.
2013-05-01 19:14:27 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-05-01 19:14:27 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-04-28 21:39:51 60 ----a-w- C:\Windows\wpd99.drv
2013-04-23 16:48:48 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-23 16:48:48 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-30 01:03:41 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2013-03-30 01:03:41 100712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-03-12 00:10:56 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
.
============= FINISH: 23:26:30.98 ===============

egrogan1
2013-05-03, 01:30
ComboFix 13-05-01.03 - Eoin 02/05/2013 22:06:08.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.3996.2443 [GMT 1:00]
Running from: c:\users\Eoin\Desktop\ComboFix.exe
Command switches used :: c:\users\Eoin\Desktop\cfscript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\djgbdjnomgncbhbodcbnlnnmmpikgcbl
c:\users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\djgbdjnomgncbhbodcbnlnnmmpikgcbl\1\516bf6e2602c31.82844823.js
c:\users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\djgbdjnomgncbhbodcbnlnnmmpikgcbl\1\background.html
c:\users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\djgbdjnomgncbhbodcbnlnnmmpikgcbl\1\content.js
c:\users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\djgbdjnomgncbhbodcbnlnnmmpikgcbl\1\lsdb.js
c:\users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\djgbdjnomgncbhbodcbnlnnmmpikgcbl\1\manifest.json
c:\users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\djgbdjnomgncbhbodcbnlnnmmpikgcbl\1\sqlite.js
c:\users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffhadohnojidlpbfiipbfbejffnfnobb
c:\users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffhadohnojidlpbfiipbfbejffnfnobb\1\516bf7030798b2.04198383.js
c:\users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffhadohnojidlpbfiipbfbejffnfnobb\1\background.html
c:\users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffhadohnojidlpbfiipbfbejffnfnobb\1\content.js
c:\users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffhadohnojidlpbfiipbfbejffnfnobb\1\lsdb.js
c:\users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffhadohnojidlpbfiipbfbejffnfnobb\1\manifest.json
c:\users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffhadohnojidlpbfiipbfbejffnfnobb\1\newtab.html
c:\users\Eoin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffhadohnojidlpbfiipbfbejffnfnobb\1\sqlite.js
c:\users\Eoin\AppData\Local\Temp\_MEI44162\_ctypes.pyd
c:\users\Eoin\AppData\Local\Temp\_MEI44162\_elementtree.pyd
c:\users\Eoin\AppData\Local\Temp\_MEI44162\_hashlib.pyd
c:\users\Eoin\AppData\Local\Temp\_MEI44162\_socket.pyd
c:\users\Eoin\AppData\Local\Temp\_MEI44162\_ssl.pyd
c:\users\Eoin\AppData\Local\Temp\_MEI44162\pyexpat.pyd
c:\users\Eoin\AppData\Local\Temp\_MEI44162\pysqlite2._sqlite.pyd
c:\users\Eoin\AppData\Local\Temp\_MEI44162\python27.dll
c:\users\Eoin\AppData\Local\Temp\_MEI44162\pythoncom27.dll
c:\users\Eoin\AppData\Local\Temp\_MEI44162\PyWinTypes27.dll
c:\users\Eoin\AppData\Local\Temp\_MEI44162\select.pyd
c:\users\Eoin\AppData\Local\Temp\_MEI44162\unicodedata.pyd
c:\users\Eoin\AppData\Local\Temp\_MEI44162\win32api.pyd
c:\users\Eoin\AppData\Local\Temp\_MEI44162\win32com.shell.shell.pyd
c:\users\Eoin\AppData\Local\Temp\_MEI44162\win32crypt.pyd
c:\users\Eoin\AppData\Local\Temp\_MEI44162\win32event.pyd
c:\users\Eoin\AppData\Local\Temp\_MEI44162\win32file.pyd
c:\users\Eoin\AppData\Local\Temp\_MEI44162\win32inet.pyd
c:\users\Eoin\AppData\Local\Temp\_MEI44162\win32pdh.pyd
c:\users\Eoin\AppData\Local\Temp\_MEI44162\win32process.pyd
c:\users\Eoin\AppData\Local\Temp\_MEI44162\win32profile.pyd
c:\users\Eoin\AppData\Local\Temp\_MEI44162\win32security.pyd
c:\users\Eoin\AppData\Local\Temp\_MEI44162\win32ts.pyd
c:\users\Eoin\AppData\Local\Temp\_MEI44162\windows._cacheinvalidation.pyd
c:\users\Eoin\AppData\Local\Temp\_MEI44162\wx._controls_.pyd
c:\users\Eoin\AppData\Local\Temp\_MEI44162\wx._core_.pyd
c:\users\Eoin\AppData\Local\Temp\_MEI44162\wx._gdi_.pyd
c:\users\Eoin\AppData\Local\Temp\_MEI44162\wx._html2.pyd
c:\users\Eoin\AppData\Local\Temp\_MEI44162\wx._misc_.pyd
c:\users\Eoin\AppData\Local\Temp\_MEI44162\wx._windows_.pyd
c:\users\Eoin\AppData\Local\Temp\_MEI44162\wx._wizard.pyd
c:\users\Eoin\AppData\Local\Temp\_MEI44162\wxbase294u_net_vc90.dll
c:\users\Eoin\AppData\Local\Temp\_MEI44162\wxbase294u_vc90.dll
c:\users\Eoin\AppData\Local\Temp\_MEI44162\wxmsw294u_adv_vc90.dll
c:\users\Eoin\AppData\Local\Temp\_MEI44162\wxmsw294u_core_vc90.dll
c:\users\Eoin\AppData\Local\Temp\_MEI44162\wxmsw294u_html_vc90.dll
c:\users\Eoin\AppData\Local\Temp\_MEI44162\wxmsw294u_webview_vc90.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-04-02 to 2013-05-02 )))))))))))))))))))))))))))))))
.
.
2013-05-02 21:29 . 2013-05-02 21:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-01 20:00 . 2013-05-01 20:00 -------- d-----w- c:\program files (x86)\ESET
2013-05-01 19:15 . 2013-05-01 19:15 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-05-01 19:14 . 2013-05-01 19:14 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-22 10:45 . 2013-04-22 10:45 -------- d-----w- c:\users\Eoin\AppData\Roaming\NCdownloader
2013-04-22 10:02 . 2013-04-22 10:03 -------- d-----w- c:\program files (x86)\ERUNT
2013-04-20 21:07 . 2013-04-23 09:58 -------- d-----w- c:\users\Eoin\AppData\Local\CrossLoop
2013-04-20 20:54 . 2013-04-22 10:01 -------- d-----w- c:\users\Eoin\AppData\Roaming\Skype
2013-04-20 20:29 . 2013-04-20 20:30 -------- d-----w- c:\program files\CCleaner
2013-04-18 15:10 . 2013-04-23 16:53 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{804BF8CC-918A-4124-A831-56239B848A4C}\offreg.dll
2013-04-18 15:06 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{804BF8CC-918A-4124-A831-56239B848A4C}\mpengine.dll
2013-04-15 18:48 . 2013-04-15 18:48 -------- d-----w- c:\users\Eoin\AppData\Roaming\Anvisoft
2013-04-15 18:48 . 2012-11-07 07:16 17232 ----a-w- c:\windows\system32\drivers\asdws.sys
2013-04-15 18:48 . 2012-11-07 07:16 23376 ----a-w- c:\windows\system32\drivers\asdrs.sys
2013-04-15 18:48 . 2012-11-07 07:16 18768 ----a-w- c:\windows\system32\drivers\asdrm.sys
2013-04-15 18:47 . 2013-04-15 18:47 -------- d-----w- c:\programdata\Anvisoft
2013-04-15 18:47 . 2013-04-15 18:47 -------- d-----w- c:\program files (x86)\Anvisoft
2013-04-15 12:09 . 2013-04-15 12:09 -------- d-----w- c:\windows\SysWow64\AMD64
2013-04-15 12:09 . 2013-04-15 12:09 -------- d-----w- c:\program files (x86)\Solibo Ltd
2013-04-15 12:09 . 2013-04-15 12:10 -------- d-----w- c:\programdata\InstallMate
2013-04-15 09:15 . 2013-02-22 06:57 17817088 ----a-w- c:\windows\system32\mshtml.dll
2013-04-15 09:15 . 2013-02-22 06:29 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-04-15 09:07 . 2013-04-15 09:07 -------- d-----w- c:\program files\Microsoft Silverlight
2013-04-15 09:07 . 2013-04-15 09:07 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-04-15 09:02 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-04-15 09:01 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-04-15 09:01 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-04-15 09:01 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-04-15 09:01 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-04-15 09:01 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-04-15 09:01 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-04-15 09:01 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-04-15 09:01 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-04-15 09:00 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-04-15 09:00 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-04-15 09:00 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-04-15 09:00 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-04-15 09:00 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-04-15 09:00 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-04-15 08:58 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
2013-04-15 08:58 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2013-04-15 08:57 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-04-15 08:57 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-04-15 08:57 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-04-15 08:57 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-15 08:56 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-15 08:56 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-15 08:56 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-15 08:56 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-15 08:56 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-15 08:56 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-15 08:56 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-14 13:01 . 2013-04-22 10:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-04-14 13:01 . 2009-01-25 11:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2013-04-14 13:01 . 2013-04-14 13:01 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-04-14 13:00 . 2013-04-14 13:00 -------- d-----w- c:\users\Eoin\AppData\Local\Programs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-01 19:14 . 2013-04-01 15:46 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-05-01 19:14 . 2012-05-12 09:11 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-23 16:48 . 2012-05-12 09:28 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-23 16:48 . 2012-05-12 09:28 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-01 18:58 . 2012-12-25 13:47 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-30 01:03 . 2013-03-30 01:03 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-30 01:03 . 2013-03-30 01:03 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-30 01:03 . 2013-03-30 01:03 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-12 00:10 . 2010-11-21 03:27 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-02-12 05:45 . 2013-04-15 08:59 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-04-15 08:59 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-04-15 08:59 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-04-15 08:59 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-04-15 08:59 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-04-15 08:59 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6CCA71BB-4A17-554A-7B2B-8905AEC189DF}]
c:\programdata\BrOwwse2Saavei\516bf6e2604b1.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-20 14:11 222808 ----a-w- c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-20 14:11 222808 ----a-w- c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-20 14:11 222808 ----a-w- c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"SkyDrive"="c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-03-20 256600]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-03-07 19357112]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
"CrossLoop"="c:\users\Eoin\AppData\Local\CrossLoop\CrossLoopConnect.exe" [2012-01-06 1208048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-22 291608]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-09-20 60552]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-02-21 693608]
"MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2011-05-23 274944]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-30 345312]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-12-25 295072]
"ShaPlus Bandwidth Meter"="c:\program files (x86)\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe" [BU]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"ADBlocker"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe" [2012-12-21 979816]
"Anvi Smart Defender"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-12-21 1434984]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Eoin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NCdownloader.lnk - c:\program files (x86)\Solibo Ltd\NCdownloader\NCdownloader.exe [2013-4-15 270848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys [2012-02-23 51872]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2012-03-21 112256]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-05-20 117248]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 lehidmini;Bluetooth Low Energy Hid Device;c:\windows\system32\drivers\leath_hid.sys [2012-02-23 36128]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SmbDrv;SmbDrv;c:\windows\system32\drivers\Smb_driver.sys [2012-03-13 21264]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2012-01-06 138392]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2012-01-06 74904]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-01 289952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 tvnserver;TightVNC Server;c:\users\Eoin\AppData\Local\CrossLoop\tvnserver.exe [2010-07-21 814080]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2012-01-10 535688]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-12-29 960160]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-12-21 550128]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-12-21 382720]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-08-26 101600]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-14 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [2012-02-22 16152]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S1 asdnet;asdnet;c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [2012-09-07 19280]
S1 asdrm;asdrm;c:\windows\system32\DRIVERS\asdrm.sys [2012-11-07 18768]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-30 28600]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S2 ADBlockerSrv;AD Blocker Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [2012-11-13 279368]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-30 86752]
S2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\asdrs.sys [2012-11-07 23376]
S2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-12-21 735592]
S2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\DRIVERS\asdws.sys [2012-11-07 17232]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2012-02-23 106144]
S2 CrossLoopService;CrossLoop Service;c:\users\Eoin\AppData\Local\CrossLoop\CrossLoopService.exe [2012-01-06 569072]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-02-08 2429544]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-03-13 128280]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-03-13 161560]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-05-25 210616]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-05-25 162224]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-02-21 473960]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-11-30 260768]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-03-13 363800]
S2 VmbService;Vodafone Mobile Broadband Service;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-05-23 9216]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2012-03-26 978056]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-02-23 158880]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-02-23 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-02-23 339616]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-02-23 110752]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2012-02-23 30368]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2012-02-23 167584]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2012-02-23 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2012-02-23 280992]
S3 BTATH_VDP;Bluetooth VDP Driver;c:\windows\system32\drivers\btath_vdp.sys [2012-02-23 421664]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2012-02-23 550560]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2011-05-20 13952]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2011-05-20 98816]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-05-20 86016]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2011-05-20 28672]
S3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2011-05-20 213504]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-03-14 331264]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [2012-02-22 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys [2012-02-22 787736]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-02-08 339048]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-13 675432]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2012-01-16 14336]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2012-01-20 54432]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 22:53 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 16:48]
.
2013-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-01 15:42]
.
2013-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-01 15:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-20 14:11 261704 ----a-w- c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-20 14:11 261704 ----a-w- c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-20 14:11 261704 ----a-w- c:\users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-03-07 16:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-03-07 16:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-03-07 16:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-03-07 16:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-13 1156712]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-02-23 1020576]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-02-23 800416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-14 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-14 398104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-14 440600]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"NetWorx"="c:\users\Eoin\Downloads\networx_portable\64-bit\networx.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = hxxp://www.google.ie
uStart Page = hxxp://www.google.ie
mDefault_Page_URL = hxxp://www.google.ie
mStart Page = hxxp://www.google.ie
mLocal Page = hxxp://www.google.ie
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = <local>;*.local
TCP: Interfaces\{55606A95-2C0D-4635-8BB8-75C01926828F}: NameServer = 89.19.64.36 89.19.64.164
TCP: Interfaces\{B91DE24D-00AD-4036-A20A-B54F260E9DE7}: NameServer = 89.19.64.164 89.19.64.36
TCP: Interfaces\{F84F9782-03FD-4F96-9127-821FBC75F442}: NameServer = 89.19.64.36 89.19.64.164
FF - ProfilePath - c:\users\Eoin\AppData\Roaming\Mozilla\Firefox\Profiles\kgt8vqf0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
AddRemove-SP_4e24eecb - c:\program files (x86)\WebSearch\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Sony\VAIO Control Center\VESMgr.exe
c:\program files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
c:\program files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
c:\windows\SysWOW64\DllHost.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Sony\VAIO Care\listener.exe
.
**************************************************************************
.
Completion time: 2013-05-02 22:58:06 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-02 21:57
ComboFix2.txt 2013-05-01 18:17
ComboFix3.txt 2013-05-01 13:30
.
Pre-Run: 508,526,379,008 bytes free
Post-Run: 508,213,866,496 bytes free
.
- - End Of File - - 46E1F57947F21A0E6AA9CEF3FB90BD05

Blade81
2013-05-03, 09:06
Hi,

Please download the Registry Search tool by clicking on the
hard drive icon halfway down this page:
http://www.billsway.com/vbspage/
Save it to the desktop and run it. If you get an alert from your antivirus about scripting, choose to allow the script to run. Search for 6CCA71BB-4A17-554A-7B2B-8905AEC189DF and click OK. Post the logfile from the tool here for me.

egrogan1
2013-05-03, 11:12
REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "6CCA71BB-4A17-554A-7B2B-8905AEC189DF" 03/05/2013 09:11:24

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6CCA71BB-4A17-554A-7B2B-8905AEC189DF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6CCA71BB-4A17-554A-7B2B-8905AEC189DF}\InProcServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6CCA71BB-4A17-554A-7B2B-8905AEC189DF}\ProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID]
"{6CCA71BB-4A17-554A-7B2B-8905AEC189DF}"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{6CCA71BB-4A17-554A-7B2B-8905AEC189DF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID]
"{6CCA71BB-4A17-554A-7B2B-8905AEC189DF}"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6CCA71BB-4A17-554A-7B2B-8905AEC189DF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6CCA71BB-4A17-554A-7B2B-8905AEC189DF}\InProcServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6CCA71BB-4A17-554A-7B2B-8905AEC189DF}\ProgID]

[HKEY_USERS\S-1-5-21-4170974503-3432114913-2014430358-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6CCA71BB-4A17-554A-7B2B-8905AEC189DF}]

[HKEY_USERS\S-1-5-21-4170974503-3432114913-2014430358-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6CCA71BB-4A17-554A-7B2B-8905AEC189DF}]

[HKEY_USERS\S-1-5-21-4170974503-3432114913-2014430358-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6CCA71BB-4A17-554A-7B2B-8905AEC189DF}\iexplore]

Blade81
2013-05-04, 02:04
Hi,

Click start -> type regedit.exe and press enter (allow running)
Navigate to this branch:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects

Under it there should be {6CCA71BB-4A17-554A-7B2B-8905AEC189DF} (carefully find the correct one).

Right click on it. Select delete. Close registry editor and run DDS again. Post back its log.

egrogan1
2013-05-05, 00:57
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.21.2
Run by Eoin at 22:54:14 on 2013-05-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.3996.2590 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Users\Eoin\AppData\Local\CrossLoop\CrossLoopService.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Windows\system32\mfevtps.exe
c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Eoin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Windows\System32\vds.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files\Sony\VAIO Care\VCAdmin.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Sony\VAIO Improvement\vim.exe
C:\Program Files\Sony\VAIO Improvement\vim.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
c:\program files (x86)\real\realplayer\update\realsched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ie
uLocal Page = hxxp://www.google.ie
mStart Page = hxxp://www.google.ie
mLocal Page = hxxp://www.google.ie
mWindow Title = Microsoft Internet Explorer
mDefault_Page_URL = hxxp://www.google.ie
uProxyOverride = <local>;*.local
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121012182632.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SkyDrive] "C:\Users\Eoin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [CrossLoop] "C:\Users\Eoin\AppData\Local\CrossLoop\CrossLoopConnect.exe" -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server -minimize
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
mRun: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [ShaPlus Bandwidth Meter] "C:\Program Files (x86)\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe" /s
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [ADBlocker] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe -tray
mRun: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Eoin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\Eoin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:3
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: Interfaces\{204075A0-3C79-4EC6-ADCB-9C1406296244} : DHCPNameServer = 8.8.4.4
TCP: Interfaces\{4C67F788-B788-42CE-9E44-562ED4D265A7} : DHCPNameServer = 172.31.140.69 172.30.140.69
TCP: Interfaces\{55606A95-2C0D-4635-8BB8-75C01926828F} : NameServer = 89.19.64.36 89.19.64.164
TCP: Interfaces\{7787CE1A-FC98-4EEF-8D4C-2DBCEA5736EA}\54962736F6D6 : DHCPNameServer = 10.0.0.6
TCP: Interfaces\{B91DE24D-00AD-4036-A20A-B54F260E9DE7} : NameServer = 89.19.64.164 89.19.64.36
TCP: Interfaces\{F84F9782-03FD-4F96-9127-821FBC75F442} : NameServer = 89.19.64.36 89.19.64.164
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121012182632.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SONYAPO
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [NetWorx] "C:\Users\Eoin\Downloads\networx_portable\64-bit\networx.exe" /auto
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eoin\AppData\Roaming\Mozilla\Firefox\Profiles\kgt8vqf0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
FF - plugin: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-2-28 16152]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-8-15 647208]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-8-15 289664]
R1 asdnet;asdnet;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [2013-4-15 19280]
R1 asdrm;asdrm;C:\Windows\System32\drivers\asdrm.sys [2013-4-15 18768]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-30 28600]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2011-8-15 75936]
R2 ADBlockerSrv;AD Blocker Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [2013-4-15 279368]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-11-16 86752]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-11-16 110816]
R2 asdrs;AntiMalware Host-based Intrusion Prevention System;C:\Windows\System32\drivers\asdrs.sys [2013-4-15 23376]
R2 asdsrv;Anvi Smart Defender Realtime Guard Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-12-21 735592]
R2 asdws;AnviSmartDefender Web Guard;C:\Windows\System32\drivers\asdws.sys [2013-4-15 17232]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-2-23 106144]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-30 100712]
R2 CrossLoopService;CrossLoop Service;C:\Users\Eoin\AppData\Local\CrossLoop\CrossLoopService.exe [2013-4-20 569072]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-12 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-5-12 2429544]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-5-12 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-5-12 161560]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\systemcore\mcshield.exe [2012-5-12 199304]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe [2012-5-12 210616]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-5-12 162224]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2012-5-12 19968]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-2-23 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-2-23 339616]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-2-23 110752]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-2-23 30368]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-2-23 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-2-23 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-2-23 280992]
R3 BTATH_VDP;Bluetooth VDP Driver;C:\Windows\System32\drivers\btath_vdp.sys [2012-2-23 421664]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-2-23 550560]
R3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2012-10-12 13952]
R3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\drivers\ew_jucdcacm.sys [2012-10-12 98816]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2012-10-12 86016]
R3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\System32\drivers\ew_juextctrl.sys [2012-10-12 28672]
R3 huawei_wwanecm;huawei_wwanecm;C:\Windows\System32\drivers\ew_juwwanecm.sys [2012-10-12 213504]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-14 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-2-28 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-2-28 787736]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-8-15 229528]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-8-15 487296]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-5-12 339048]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-27 675432]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2012-1-16 14336]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2012-2-23 51872]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-8-15 65264]
S3 DCDhcpService;DCDhcpService;C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2012-5-12 112256]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2012-10-12 117248]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 lehidmini;Bluetooth Low Energy Hid Device;C:\Windows\System32\drivers\leath_hid.sys [2012-2-23 36128]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-8-15 100912]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-25 19456]
S3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver.sys [2012-3-14 21264]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-25 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-25 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
.
=============== Created Last 30 ================
.
2013-05-02 21:33:02 -------- d-----w- C:\$RECYCLE.BIN
2013-05-02 21:04:27 -------- d-----w- C:\ComboFix
2013-05-01 20:00:53 -------- d-----w- C:\Program Files (x86)\ESET
2013-05-01 19:14:36 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-30 20:45:51 98816 ----a-w- C:\Windows\sed.exe
2013-04-30 20:45:51 256000 ----a-w- C:\Windows\PEV.exe
2013-04-30 20:45:51 208896 ----a-w- C:\Windows\MBR.exe
2013-04-25 21:02:09 -------- d-----w- C:\Users\Eoin\AppData\Local\{ED53CFDC-939E-490D-B5FE-0109566D5955}
2013-04-24 10:24:50 -------- d-----w- C:\Users\Eoin\AppData\Local\{3C2EF2D8-C77C-4509-9D85-83B244C5D50E}
2013-04-23 10:10:12 -------- d-----w- C:\Users\Eoin\AppData\Local\{057902C9-86B9-4A67-A371-792D4676ED0A}
2013-04-22 10:45:28 -------- d-----w- C:\Users\Eoin\AppData\Roaming\NCdownloader
2013-04-22 09:58:11 -------- d-----w- C:\Users\Eoin\AppData\Local\{B9B0DAAC-1BD0-4027-AD7E-F953F5C3472E}
2013-04-21 21:45:25 -------- d-----w- C:\Users\Eoin\AppData\Local\{EC477530-4A7A-4DEC-8BF8-29C6214C03B2}
2013-04-20 21:07:12 -------- d-----w- C:\Users\Eoin\AppData\Local\CrossLoop
2013-04-20 20:29:58 -------- d-----w- C:\Program Files\CCleaner
2013-04-20 19:35:42 -------- d-----w- C:\Users\Eoin\AppData\Local\{9714F002-CD9D-426F-AE32-8ADF0C2429E9}
2013-04-18 15:10:38 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{804BF8CC-918A-4124-A831-56239B848A4C}\offreg.dll
2013-04-18 15:06:08 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{804BF8CC-918A-4124-A831-56239B848A4C}\mpengine.dll
2013-04-15 18:48:21 -------- d-----w- C:\Users\Eoin\AppData\Roaming\Anvisoft
2013-04-15 18:48:08 23376 ----a-w- C:\Windows\System32\drivers\asdrs.sys
2013-04-15 18:48:08 18768 ----a-w- C:\Windows\System32\drivers\asdrm.sys
2013-04-15 18:48:08 17232 ----a-w- C:\Windows\System32\drivers\asdws.sys
2013-04-15 18:47:48 -------- d-----w- C:\ProgramData\Anvisoft
2013-04-15 18:47:44 -------- d-----w- C:\Program Files (x86)\Anvisoft
2013-04-15 12:09:22 -------- d-----w- C:\ProgramData\InstallMate
2013-04-15 10:15:25 -------- d-----w- C:\Users\Eoin\AppData\Local\{ED471A26-CA0C-48A0-8EB4-A93CC3163F57}
2013-04-15 09:02:38 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-04-15 09:01:10 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-04-15 09:01:10 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-04-15 09:01:10 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-04-15 09:01:10 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-04-15 09:01:10 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-04-15 09:01:10 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-04-15 09:01:07 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-04-15 09:01:07 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-04-15 09:00:06 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-04-15 09:00:06 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-04-15 09:00:02 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2013-04-15 09:00:01 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2013-04-15 09:00:01 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-04-15 09:00:01 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-04-15 08:58:54 800768 ----a-w- C:\Windows\System32\usp10.dll
2013-04-15 08:58:54 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2013-04-15 08:57:52 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-04-15 08:57:51 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-15 08:57:50 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-15 08:57:00 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-04-15 08:56:59 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-04-15 08:56:58 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-15 08:56:58 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-04-15 08:56:57 112640 ----a-w- C:\Windows\System32\smss.exe
2013-04-15 08:56:56 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-04-15 08:56:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-04-15 08:56:00 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-04-14 13:01:23 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-04-14 13:01:11 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-04-14 13:01:06 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-04-14 13:00:21 -------- d-----w- C:\Users\Eoin\AppData\Local\Programs
2013-04-08 20:48:41 -------- d-----w- C:\Users\Eoin\AppData\Local\{9D7FCF6B-2783-43C4-ABC2-4D9561264A86}
.
==================== Find3M ====================
.
2013-05-01 19:14:27 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-05-01 19:14:27 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-04-28 21:39:51 60 ----a-w- C:\Windows\wpd99.drv
2013-04-23 16:48:48 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-23 16:48:48 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-30 01:03:41 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2013-03-30 01:03:41 100712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-03-12 00:10:56 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
.
============= FINISH: 22:56:15.58 ===============

Blade81
2013-05-05, 18:09
Good. How's the system running now? Any issues? If not let's see the final steps.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.

B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.


Now lets uninstall ComboFix:

Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK



UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.


Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool: