Page 1 of 3 123 LastLast
Results 1 to 10 of 25

Thread: Spamware

  1. #1
    Member egrogan1's Avatar
    Join Date
    Apr 2008
    Location
    Ireland
    Posts
    36

    Default

    Help needed please


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.17.2
    Run by Eoin at 11:07:18 on 2013-04-22
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.3996.1496 [GMT 1:00]
    .
    AV: Avira Desktop *Enabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Enabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    c:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Windows\system32\mfevtps.exe
    c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
    C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\System32\alg.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
    C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\Eoin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Sony\VAIO Care\VCPerfService.exe
    C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Sony\VAIO Improvement\vim.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Sony\VAIO Improvement\vim.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Sony\VAIO Care\VCService.exe
    C:\Program Files\Sony\VAIO Care\VCAgent.exe
    C:\Windows\System32\vds.exe
    C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
    C:\Program Files\Sony\VAIO Care\VCAdmin.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe
    C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
    C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
    Q:\140066.enu\Office14\WINWORDC.EXE
    C:\Windows\splwow64.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
    Q:\140066.enu\Office14\OffSpon.EXE
    C:\Windows\system32\notepad.exe
    C:\Windows\system32\notepad.exe
    C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Users\Eoin\AppData\Local\CrossLoop\CrossLoopService.exe
    C:\Users\Eoin\AppData\Local\CrossLoop\CrossLoopConnect.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_169_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files\Sony\VAIO Care\listener.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.ie
    uLocal Page = hxxp://www.google.ie
    uWindow Title = Microsoft Internet Explorer
    uDefault_Page_URL = hxxp://vaioportal.sony.eu
    mStart Page = hxxp://www.google.ie
    mLocal Page = hxxp://www.google.ie
    mWindow Title = Microsoft Internet Explorer
    mDefault_Page_URL = hxxp://www.google.ie
    uProxyOverride = <local>;*.local
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    BHO: BrOwwse2Saavei: {6CCA71BB-4A17-554A-7B2B-8905AEC189DF} - C:\ProgramData\BrOwwse2Saavei\516bf6e2604b1.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121012182632.dll
    BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: SeaaRchh--NewTAb: {FFBF941B-B45E-56DF-E662-7141F54D7983} - C:\ProgramData\SeaaRchh--NewTAb\516bf70307b9b.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [SkyDrive] "C:\Users\Eoin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
    uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    uRun: [CrossLoop] "C:\Users\Eoin\AppData\Local\CrossLoop\CrossLoopConnect.exe" -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server -minimize
    uRunOnce: [SpybotDeletingF9213] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\WebSearch\sprotector.dll"
    uRunOnce: [SpybotDeletingF462] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\WebSearch\uninstall.exe"
    uRunOnce: [SpybotDeletingF2150] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\BrowseToSave\sprotector.dll"
    uRunOnce: [SpybotDeletingF156] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\BrowseToSave\uninstall.exe"
    uRunOnce: [SpybotDeletingF5817] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\WebSearch\sprotector.dll"
    uRunOnce: [SpybotDeletingF8588] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\WebSearch\uninstall.exe"
    uRunOnce: [SpybotDeletingF5275] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\BrowseToSave\sprotector.dll"
    uRunOnce: [SpybotDeletingF7711] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\BrowseToSave\uninstall.exe"
    uRunOnce: [SpybotDeletingF6627] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\WebSearch\sprotector.dll_old"
    uRunOnce: [SpybotDeletingF9702] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\BrowseToSave\sprotector.dll_old"
    uRunOnce: [SpybotDeletingF3652] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\WebSearch\sprotector.dll_old"
    uRunOnce: [SpybotDeletingF6887] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\BrowseToSave\sprotector.dll_old"
    uRunOnce: [SpybotDeletingF8878] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\WebSearch\sprotector.dll_old"
    uRunOnce: [SpybotDeletingF5697] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\BrowseToSave\sprotector.dll_old"
    uRunOnce: [SpybotDeletingF3281] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\WebSearch\sprotector.dll_old"
    uRunOnce: [SpybotDeletingF5916] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\BrowseToSave\sprotector.dll_old"
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
    mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
    mRun: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    mRun: [ShaPlus Bandwidth Meter] "C:\Program Files (x86)\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe" /s
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    mRun: [ADBlocker] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe -tray
    mRun: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
    mRunOnce: [SpybotDeletingE9833] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\WebSearch\sprotector.dll_old"
    mRunOnce: [SpybotDeletingE4020] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\BrowseToSave\sprotector.dll_old"
    mRunOnce: [SpybotDeletingE5901] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\WebSearch\sprotector.dll_old"
    mRunOnce: [SpybotDeletingE8534] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files (x86)\BrowseToSave\sprotector.dll_old"
    StartupFolder: C:\Users\Eoin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
    StartupFolder: C:\Users\Eoin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NCDOWN~1.LNK - C:\Program Files (x86)\Solibo Ltd\NCdownloader\NCdownloader.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: SoftwareSASGeneration = dword:3
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: Interfaces\{204075A0-3C79-4EC6-ADCB-9C1406296244} : DHCPNameServer = 8.8.4.4
    TCP: Interfaces\{4C67F788-B788-42CE-9E44-562ED4D265A7} : DHCPNameServer = 172.31.140.69 172.30.140.69
    TCP: Interfaces\{55606A95-2C0D-4635-8BB8-75C01926828F} : NameServer = 89.19.64.164 89.19.64.36
    TCP: Interfaces\{7787CE1A-FC98-4EEF-8D4C-2DBCEA5736EA}\54962736F6D6 : DHCPNameServer = 10.0.0.6
    TCP: Interfaces\{B91DE24D-00AD-4036-A20A-B54F260E9DE7} : NameServer = 89.19.64.164 89.19.64.36
    TCP: Interfaces\{F84F9782-03FD-4F96-9127-821FBC75F442} : NameServer = 89.19.64.164 89.19.64.36
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121012182632.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SONYAPO
    x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
    x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [NetWorx] "C:\Users\Eoin\Downloads\networx_portable\64-bit\networx.exe" /auto
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Eoin\AppData\Roaming\Mozilla\Firefox\Profiles\kgt8vqf0.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://websearch.pu-results.info/?pid=726&r=2013/04/15&hid=665674988&lg=EN&cc=IE&l=1&q=
    FF - prefs.js: browser.search.selectedEngine - WebSearch
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/
    FF - prefs.js: keyword.URL - hxxp://websearch.pu-results.info/?pid=726&r=2013/04/15&hid=665674988&lg=EN&cc=IE&l=1&q=
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
    FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
    FF - plugin: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-2-28 16152]
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-8-15 647208]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-8-15 289664]
    R1 asdnet;asdnet;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [2013-4-15 19280]
    R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-30 28600]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2011-8-15 75936]
    R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-11-16 86752]
    R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-11-16 110816]
    R2 asdrs;AntiMalware Host-based Intrusion Prevention System;C:\Windows\System32\drivers\asdrs.sys [2013-4-15 23376]
    R2 asdws;AnviSmartDefender Web Guard;C:\Windows\System32\drivers\asdws.sys [2013-4-15 17232]
    R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-2-23 106144]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-30 100712]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-12 13592]
    R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-5-12 2429544]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
    R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-5-12 128280]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-5-12 161560]
    R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\systemcore\mcshield.exe [2012-5-12 199304]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe [2012-5-12 210616]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-5-12 162224]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-2-21 473960]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
    R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-11-30 260768]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-4-14 1103392]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-4-14 1369624]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-4-14 168384]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2012-5-12 19968]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-2-23 36000]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-2-23 339616]
    R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-2-23 110752]
    R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-2-23 30368]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-2-23 167584]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-2-23 68256]
    R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-2-23 280992]
    R3 BTATH_VDP;Bluetooth VDP Driver;C:\Windows\System32\drivers\btath_vdp.sys [2012-2-23 421664]
    R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-2-23 550560]
    R3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2012-10-12 13952]
    R3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\drivers\ew_jucdcacm.sys [2012-10-12 98816]
    R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2012-10-12 86016]
    R3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\System32\drivers\ew_juextctrl.sys [2012-10-12 28672]
    R3 huawei_wwanecm;huawei_wwanecm;C:\Windows\System32\drivers\ew_juwwanecm.sys [2012-10-12 213504]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-14 331264]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-2-28 356120]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-2-28 787736]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-8-15 229528]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-8-15 487296]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-5-12 339048]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-27 675432]
    R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2012-1-16 14336]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2012-2-23 51872]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
    S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-8-15 65264]
    S3 DCDhcpService;DCDhcpService;C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2012-5-12 112256]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2012-10-12 117248]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 lehidmini;Bluetooth Low Energy Hid Device;C:\Windows\System32\drivers\leath_hid.sys [2012-2-23 36128]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-8-15 100912]
    S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-25 19456]
    S3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver.sys [2012-3-14 21264]
    S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2012-1-6 138392]
    S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2012-1-6 74904]
    S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-1 289952]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-25 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-25 30208]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
    .
    =============== File Associations ===============
    .
    FileExt: .vbs: VBSFile=C:\Windows\SysWow64\WScript.exe "%1" %*
    FileExt: .js: jsfile=C:\Windows\SysWow64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2013-04-22 09:58:11 -------- d-----w- C:\Users\Eoin\AppData\Local\{B9B0DAAC-1BD0-4027-AD7E-F953F5C3472E}
    2013-04-21 21:45:25 -------- d-----w- C:\Users\Eoin\AppData\Local\{EC477530-4A7A-4DEC-8BF8-29C6214C03B2}
    2013-04-20 21:07:12 -------- d-----w- C:\Users\Eoin\AppData\Local\CrossLoop
    2013-04-20 20:29:58 -------- d-----w- C:\Program Files\CCleaner
    2013-04-20 19:35:42 -------- d-----w- C:\Users\Eoin\AppData\Local\{9714F002-CD9D-426F-AE32-8ADF0C2429E9}
    2013-04-18 15:10:38 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{804BF8CC-918A-4124-A831-56239B848A4C}\offreg.dll
    2013-04-18 15:06:08 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{804BF8CC-918A-4124-A831-56239B848A4C}\mpengine.dll
    2013-04-15 18:48:21 -------- d-----w- C:\Users\Eoin\AppData\Roaming\Anvisoft
    2013-04-15 18:48:08 23376 ----a-w- C:\Windows\System32\drivers\asdrs.sys
    2013-04-15 18:48:08 18768 ----a-w- C:\Windows\System32\drivers\asdrm.sys
    2013-04-15 18:48:08 17232 ----a-w- C:\Windows\System32\drivers\asdws.sys
    2013-04-15 18:47:48 -------- d-----w- C:\ProgramData\Anvisoft
    2013-04-15 18:47:44 -------- d-----w- C:\Program Files (x86)\Anvisoft
    2013-04-15 12:10:29 -------- d-----w- C:\ProgramData\SeaaRchh--NewTAb
    2013-04-15 12:10:11 -------- d-----w- C:\ProgramData\BrOwwse2Saavei
    2013-04-15 12:09:53 -------- d-----w- C:\Windows\SysWow64\X86
    2013-04-15 12:09:53 -------- d-----w- C:\Windows\SysWow64\AMD64
    2013-04-15 12:09:53 -------- d-----w- C:\Program Files (x86)\Solibo Ltd
    2013-04-15 12:09:22 -------- d-----w- C:\ProgramData\InstallMate
    2013-04-15 10:15:25 -------- d-----w- C:\Users\Eoin\AppData\Local\{ED471A26-CA0C-48A0-8EB4-A93CC3163F57}
    2013-04-15 09:02:38 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2013-04-15 09:01:10 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-04-15 09:01:10 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-04-15 09:01:10 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-04-15 09:01:10 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2013-04-15 09:01:10 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-04-15 09:01:10 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-04-15 09:01:07 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2013-04-15 09:01:07 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2013-04-15 09:00:06 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2013-04-15 09:00:06 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-04-15 09:00:02 2002432 ----a-w- C:\Windows\System32\msxml6.dll
    2013-04-15 09:00:01 1882624 ----a-w- C:\Windows\System32\msxml3.dll
    2013-04-15 09:00:01 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2013-04-15 09:00:01 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2013-04-15 08:58:54 800768 ----a-w- C:\Windows\System32\usp10.dll
    2013-04-15 08:58:54 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2013-04-15 08:57:52 68608 ----a-w- C:\Windows\System32\taskhost.exe
    2013-04-15 08:57:51 750592 ----a-w- C:\Windows\System32\win32spl.dll
    2013-04-15 08:57:50 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2013-04-15 08:57:00 3153408 ----a-w- C:\Windows\System32\win32k.sys
    2013-04-15 08:56:59 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-04-15 08:56:58 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-04-15 08:56:58 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-04-15 08:56:57 112640 ----a-w- C:\Windows\System32\smss.exe
    2013-04-15 08:56:56 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
    2013-04-15 08:56:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2013-04-15 08:56:00 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
    2013-04-14 13:01:23 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2013-04-14 13:01:11 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
    2013-04-14 13:01:06 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2013-04-14 13:00:21 -------- d-----w- C:\Users\Eoin\AppData\Local\Programs
    2013-04-08 20:48:41 -------- d-----w- C:\Users\Eoin\AppData\Local\{9D7FCF6B-2783-43C4-ABC2-4D9561264A86}
    2013-04-01 15:46:03 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2013-04-01 15:45:43 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-03-30 01:03:47 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
    2013-03-30 01:03:47 100712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2013-03-29 19:30:38 -------- d-----w- C:\Program Files\iPod
    2013-03-29 19:30:37 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-03-29 19:30:37 -------- d-----w- C:\Program Files\iTunes
    2013-03-29 19:30:37 -------- d-----w- C:\Program Files (x86)\iTunes
    2013-03-29 17:26:43 -------- d-----w- C:\Users\Eoin\AppData\Local\{D97FF038-D245-4C9E-9246-AC7E4AA24732}
    2013-03-23 22:58:49 -------- d-----w- C:\Users\Eoin\AppData\Local\{0B67321A-1C22-4FF5-A497-F6D1DB96E529}
    .
    ==================== Find3M ====================
    .
    2013-04-20 19:33:54 60 ----a-w- C:\Windows\wpd99.drv
    2013-04-15 09:43:47 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-04-15 09:43:47 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-04-01 15:45:37 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-03-12 00:10:56 282744 ------w- C:\Windows\System32\MpSigStub.exe
    2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
    2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
    .
    ============= FINISH: 11:09:58.82 ===============

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-04-22 11:11:46
    -----------------------------
    11:11:46.384 OS Version: Windows x64 6.1.7601 Service Pack 1
    11:11:46.384 Number of processors: 4 586 0x2A07
    11:11:46.385 ComputerName: EOIN_LAPTOP UserName: Eoin
    11:11:50.803 Initialize success
    11:18:05.415 AVAST engine defs: 13042201
    11:20:13.954 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    11:20:13.956 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
    11:20:14.064 Disk 0 MBR read successfully
    11:20:14.067 Disk 0 MBR scan
    11:20:14.073 Disk 0 Windows 7 default MBR code
    11:20:14.076 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16773 MB offset 2048
    11:20:14.107 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 350 MB offset 34353152
    11:20:14.117 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 593355 MB offset 35069952
    11:20:14.177 Disk 0 scanning C:\Windows\system32\drivers
    11:20:27.764 Service scanning
    11:21:03.539 Modules scanning
    11:21:03.557 Disk 0 trace - called modules:
    11:21:03.568
    11:21:05.402 AVAST engine scan C:\Windows
    11:21:08.646 AVAST engine scan C:\Windows\system32
    11:25:21.543 AVAST engine scan C:\Windows\system32\drivers
    11:25:46.883 AVAST engine scan C:\Users\Eoin
    11:38:48.283 Disk 0 MBR has been saved successfully to "C:\Users\Eoin\Desktop\MBR.dat"
    11:38:48.293 The log file has been saved successfully to "C:\Users\Eoin\Desktop\aswMBR.txt"

    Search results from Spybot - Search & Destroy

    20/04/2013 21:43:54
    Scan took 00:25:10.
    41 items found.

    KeywordHijacker: [SBI $63D7C158] Application data folder (Directory, nothing done)
    C:\Program Files (x86)\WebSearch\
    Directory.subfile=C:\Program Files (x86)\WebSearch\sprotector.dll_old
    Directory.subfile.size=1044480
    Directory.subfile.md5=D59FB8A196CC8AD8E8BDE0C437070CC6
    Directory.subfile.filedate=1359026702
    Directory.subfile.filedatetext=2013-01-24 12:25:02

    Barowwsoe2Save: [SBI $EBD45A68] Program directory (Directory, nothing done)
    C:\Program Files (x86)\BrowseToSave\
    Directory.subfile=C:\Program Files (x86)\BrowseToSave\sprotector.dll_old
    Directory.subfile.size=1050112
    Directory.subfile.md5=2E705785860F95358DC9AA6ED402198B
    Directory.subfile.filedate=1359026214
    Directory.subfile.filedatetext=2013-01-24 12:16:54

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\assets.tp-cdn.com\dealspot.sol
    Properties.size=84
    Properties.md5=A3C844689757A37BAB2BE9DD8DF96FBF
    Properties.filedate=1366295945
    Properties.filedatetext=2013-04-18 15:39:05

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\cdn.zopim.com\uysmwvCAsocTdZxFSaGkuDCxGQFV3jnfSession_SO.sol
    Properties.size=1118
    Properties.md5=C3173C439BAA62576727EB8DD0CAA1FB
    Properties.filedate=1366060415
    Properties.filedatetext=2013-04-15 22:13:35

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\cdn.zopim.com\uysmwvCAsocTdZxFSaGkuDCxGQFV3jnfVolatile_SO.sol
    Properties.size=225
    Properties.md5=8F0B399BA2221FF6F265864656115593
    Properties.filedate=1366060415
    Properties.filedatetext=2013-04-15 22:13:35

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\plarium.hs.llnwd.net\analytics.sol
    Properties.size=394
    Properties.md5=8D35B32829304ADDCF54FA3152B50202
    Properties.filedate=1366404898
    Properties.filedatetext=2013-04-19 21:54:57

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\plarium.hs.llnwd.net\dealspot.sol
    Properties.size=125
    Properties.md5=4BA752798CEC78C815779A67338F0F9C
    Properties.filedate=1366389739
    Properties.filedatetext=2013-04-19 17:42:18

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\s.ytimg.com\soundData.sol
    Properties.size=49
    Properties.md5=F2945B8419B125F71FC8FD7CDDB59948
    Properties.filedate=1366295478
    Properties.filedatetext=2013-04-18 15:31:17

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\s.ytimg.com\videostats.sol
    Properties.size=275
    Properties.md5=54857831AC26FA6BFE2DF31EC7F5B851
    Properties.filedate=1366295507
    Properties.filedatetext=2013-04-18 15:31:47

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\software.hiro.tv\HIRO_REPO.sol
    Properties.size=108
    Properties.md5=310DD4B2D014BEF87E184FA4CAD2CAA9
    Properties.filedate=1366487223
    Properties.filedatetext=2013-04-20 20:47:03

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\tag.audiencetv.hiro.tv\dbg.sol
    Properties.size=51
    Properties.md5=CFD4D4C0F07C595513D7025003616E9D
    Properties.filedate=1366051782
    Properties.filedatetext=2013-04-15 19:49:41

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\tag.audiencetv.hiro.tv\hiro_companion_cookie.sol
    Properties.size=106
    Properties.md5=338A1515EAFFDE5FD5D1C3FE2B9FE5F5
    Properties.filedate=1366053245
    Properties.filedatetext=2013-04-15 20:14:04

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\tag.audiencetv.hiro.tv\HIRO_NETWORK_CAPPING_COOKIE.sol
    Properties.size=4339
    Properties.md5=74FDBBD7E51B6D424C32F7C46B86AD49
    Properties.filedate=1366053286
    Properties.filedatetext=2013-04-15 20:14:45

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\tag.audiencetv.hiro.tv\mb.sol
    Properties.size=55
    Properties.md5=4489AD0FEC9425D59115564920A01383
    Properties.filedate=1366052303
    Properties.filedatetext=2013-04-15 19:58:23

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\tag.audiencetv.hiro.tv\US_FARM_AudienceTV.hiro.tv_STREMING_CLIENT_ID_COOKIE.sol
    Properties.size=182
    Properties.md5=5FEAB201FD2753DCA8CCD88FB796850E
    Properties.filedate=1366053205
    Properties.filedatetext=2013-04-15 20:13:24

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\tag.audiencetv.hiro.tv\US_FARM__STREMING_CLIENT_ID_COOKIE.sol
    Properties.size=164
    Properties.md5=2B3163A6A1D696F016A5E19B541BBD18
    Properties.filedate=1366053245
    Properties.filedatetext=2013-04-15 20:14:04

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\tag.matomy.hiro.tv\dbg.sol
    Properties.size=51
    Properties.md5=633E952FD00F31A0A8AA514FC8407265
    Properties.filedate=1366485099
    Properties.filedatetext=2013-04-20 20:11:39

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\tag.matomy.hiro.tv\hiro_companion_cookie.sol
    Properties.size=106
    Properties.md5=DA54FAF1165EAEC445FC0CECB41F80EB
    Properties.filedate=1366486755
    Properties.filedatetext=2013-04-20 20:39:14

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\tag.matomy.hiro.tv\HIRO_NETWORK_CAPPING_COOKIE.sol
    Properties.size=1477
    Properties.md5=DE9F3C36886F1C2861B73F1287708D6E
    Properties.filedate=1366487590
    Properties.filedatetext=2013-04-20 20:53:10

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\tag.matomy.hiro.tv\mb.sol
    Properties.size=55
    Properties.md5=55A6BD74A124F896745466FDC43ADF63
    Properties.filedate=1366486617
    Properties.filedatetext=2013-04-20 20:36:56

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\tag.matomy.hiro.tv\US_FARM_Matomy.hiro.tv_STREMING_CLIENT_ID_COOKIE.sol
    Properties.size=178
    Properties.md5=F5D3E2835AD1F79B1BE0421928A6D1B0
    Properties.filedate=1366487223
    Properties.filedatetext=2013-04-20 20:47:03

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\tag.matomy.hiro.tv\US_FARM__STREMING_CLIENT_ID_COOKIE.sol
    Properties.size=164
    Properties.md5=403160B7E480D2B9C58BAD0F91C84C00
    Properties.filedate=1366486691
    Properties.filedatetext=2013-04-20 20:38:10

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\zcache.zgncdn.com\bubblesafari-1.sol
    Properties.size=70
    Properties.md5=B11E6C18D7B90B32D6DC9BA5884F7DED
    Properties.filedate=1366053284
    Properties.filedatetext=2013-04-15 20:14:44

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\zynga2-a.akamaihd.net\analytics.sol
    Properties.size=189
    Properties.md5=8E61EB2FEA821EAED6B4BFC86E025CA5
    Properties.filedate=1366240196
    Properties.filedatetext=2013-04-18 00:09:56

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\zynga2-a.akamaihd.net\com.jeroenwijering.sol
    Properties.size=47
    Properties.md5=1040E99E03EEE58909886B2268FF85DC
    Properties.filedate=1366052385
    Properties.filedatetext=2013-04-15 19:59:45

    Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
    C:\Users\Eoin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UTZ5NQFH\cdn.zopim.com\swf\ZClientController2.swf\ZopConfig.sol
    Properties.size=135
    Properties.md5=AE7FBAFF1B41A09C72126BAA77DC4EB0
    Properties.filedate=1366060402
    Properties.filedatetext=2013-04-15 22:13:21

    Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-4170974503-3432114913-2014430358-1000\Software\Microsoft\Internet Explorer\TypedURLs

    Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

    Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

    MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

    MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-4170974503-3432114913-2014430358-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

    MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

    MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

    MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-4170974503-3432114913-2014430358-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name

    MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-4170974503-3432114913-2014430358-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id

    Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

    Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

    Cookie: [SBI $49804B54] Browser: Cookie (12) (Browser: Cookie, nothing done)


    Cache: [SBI $49804B54] Browser: Cache (80) (Browser: Cache, nothing done)


    History: [SBI $49804B54] Browser: History (229) (Browser: History, nothing done)


    Cookie: [SBI $49804B54] Browser: Cookie (68) (Browser: Cookie, nothing done)



    --- Spybot - Search & Destroy version: 2.0.12.131 DLL (build: 20121113) ---

    2012-11-13 blindman.exe (2.0.12.151)
    2012-11-13 explorer.exe (2.0.12.173)
    2012-11-13 SDBootCD.exe (2.0.12.109)
    2012-11-13 SDCleaner.exe (2.0.12.110)
    2012-11-13 SDDelFile.exe (2.0.12.94)
    2012-11-13 SDFiles.exe (2.0.12.135)
    2012-11-13 SDFileScanHelper.exe (2.0.12.1)
    2012-11-13 SDFSSvc.exe (2.0.12.205)
    2012-11-13 SDImmunize.exe (2.0.12.130)
    2012-11-13 SDLogReport.exe (2.0.12.107)
    2012-11-13 SDPESetup.exe (2.0.12.3)
    2012-11-13 SDPEStart.exe (2.0.12.86)
    2012-11-13 SDPhoneScan.exe (2.0.12.27)
    2012-11-13 SDPRE.exe (2.0.12.13)
    2012-11-13 SDPrepPos.exe (2.0.12.10)
    2012-11-13 SDQuarantine.exe (2.0.12.103)
    2012-11-13 SDRootAlyzer.exe (2.0.12.116)
    2012-11-13 SDSBIEdit.exe (2.0.12.39)
    2012-11-13 SDScan.exe (2.0.12.173)
    2012-11-13 SDScript.exe (2.0.12.53)
    2012-11-13 SDSettings.exe (2.0.12.130)
    2012-11-13 SDShred.exe (2.0.12.105)
    2012-11-13 SDSysRepair.exe (2.0.12.101)
    2012-11-13 SDTools.exe (2.0.12.150)
    2012-11-13 SDTray.exe (2.0.12.127)
    2012-11-13 SDUpdate.exe (2.0.12.89)
    2012-11-13 SDUpdSvc.exe (2.0.12.76)
    2012-11-13 SDWelcome.exe (2.0.12.126)
    2012-11-13 SDWSCSvc.exe (2.0.12.2)
    2013-04-14 unins000.exe (51.1052.0.0)
    1999-12-02 xcacls.exe
    2012-08-23 borlndmm.dll (10.0.2288.42451)
    2012-09-05 DelZip190.dll (1.9.0.107)
    2012-09-10 libeay32.dll (1.0.0.4)
    2012-09-10 libssl32.dll (1.0.0.4)
    2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98)
    2012-11-13 SDECon32.dll (2.0.12.113)
    2012-11-13 SDECon64.dll (2.0.12.113)
    2012-11-13 SDEvents.dll (2.0.12.2)
    2012-11-13 SDFileScanLibrary.dll (2.0.12.9)
    2012-11-13 SDHelper.dll (2.0.12.88)
    2012-11-13 SDImmunizeLibrary.dll (2.0.12.2)
    2012-11-13 SDLists.dll (2.0.12.4)
    2012-11-13 SDResources.dll (2.0.12.7)
    2012-11-13 SDScanLibrary.dll (2.0.12.131)
    2012-11-13 SDTasks.dll (2.0.12.15)
    2012-11-13 SDWinLogon.dll (2.0.12.0)
    2012-08-23 sqlite3.dll
    2012-09-10 ssleay32.dll (1.0.0.4)
    2012-11-13 Tools.dll (2.0.12.36)
    2012-11-13 UninsSrv.dll (2.0.12.52)
    2012-12-18 Includes\Adware.sbi (*)
    2013-04-09 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2012-11-14 Includes\Dialer.sbi (*)
    2012-11-14 Includes\DialerC.sbi (*)
    2012-11-14 Includes\HeavyDuty.sbi (*)
    2012-11-14 Includes\Hijackers.sbi (*)
    2012-11-14 Includes\HijackersC.sbi (*)
    2012-11-14 Includes\iPhone.sbi (*)
    2012-11-14 Includes\Keyloggers.sbi (*)
    2012-12-18 Includes\KeyloggersC.sbi (*)
    2012-11-21 Includes\Malware.sbi (*)
    2013-04-09 Includes\MalwareC.sbi (*)
    2012-11-14 Includes\PUPS.sbi (*)
    2013-04-09 Includes\PUPSC.sbi (*)
    2012-11-14 Includes\Security.sbi (*)
    2012-11-14 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2013-04-09 Includes\Spyware.sbi (*)
    2013-04-09 Includes\SpywareC.sbi (*)
    2011-06-07 Includes\Tracks.sbi (*)
    2012-11-19 Includes\Tracks.uti (*)
    2013-01-16 Includes\Trojans.sbi (*)
    2013-03-19 Includes\TrojansC-02.sbi (*)
    2013-04-09 Includes\TrojansC-03.sbi (*)
    2013-03-14 Includes\TrojansC-04.sbi (*)
    2012-11-14 Includes\TrojansC-05.sbi (*)
    2013-03-01 Includes\TrojansC.sbi (*)
    Last edited by tashi; 2013-04-22 at 17:29. Reason: Merged three posts as per forum FAQ

  2. #2
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Please post fresh dds.txt log.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Member egrogan1's Avatar
    Join Date
    Apr 2008
    Location
    Ireland
    Posts
    36

    Smile

    Many thanks for your help. Below is the new dds file

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.21.2
    Run by Eoin at 16:59:45 on 2013-04-29
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.3996.1937 [GMT 1:00]
    .
    AV: Avira Desktop *Enabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Enabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
    C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Users\Eoin\AppData\Local\CrossLoop\CrossLoopService.exe
    C:\Windows\system32\taskhost.exe
    c:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Windows\system32\mfevtps.exe
    C:\Windows\Explorer.EXE
    c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
    C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\Eoin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    C:\Users\Eoin\AppData\Local\CrossLoop\CrossLoopConnect.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\alg.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
    C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe
    C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Sony\VAIO Care\VCPerfService.exe
    C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
    C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Sony\VAIO Improvement\vim.exe
    C:\Program Files\Sony\VAIO Care\VCService.exe
    C:\Program Files\Sony\VAIO Care\VCAgent.exe
    C:\Program Files\Sony\VAIO Improvement\vim.exe
    C:\Windows\System32\vds.exe
    C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
    C:\Program Files\Sony\VAIO Care\VCAdmin.exe
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
    C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_169_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Sony\VAIO Care\listener.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.ie
    uLocal Page = hxxp://www.google.ie
    uWindow Title = Microsoft Internet Explorer
    uDefault_Page_URL = hxxp://vaioportal.sony.eu
    mStart Page = hxxp://www.google.ie
    mLocal Page = hxxp://www.google.ie
    mWindow Title = Microsoft Internet Explorer
    mDefault_Page_URL = hxxp://www.google.ie
    uProxyOverride = <local>;*.local
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    BHO: BrOwwse2Saavei: {6CCA71BB-4A17-554A-7B2B-8905AEC189DF} - C:\ProgramData\BrOwwse2Saavei\516bf6e2604b1.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121012182632.dll
    BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [SkyDrive] "C:\Users\Eoin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
    uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    uRun: [CrossLoop] "C:\Users\Eoin\AppData\Local\CrossLoop\CrossLoopConnect.exe" -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server -minimize
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
    mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
    mRun: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    mRun: [ShaPlus Bandwidth Meter] "C:\Program Files (x86)\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe" /s
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    mRun: [ADBlocker] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe -tray
    mRun: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\Users\Eoin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
    StartupFolder: C:\Users\Eoin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NCDOWN~1.LNK - C:\Program Files (x86)\Solibo Ltd\NCdownloader\NCdownloader.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: SoftwareSASGeneration = dword:3
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: Interfaces\{204075A0-3C79-4EC6-ADCB-9C1406296244} : DHCPNameServer = 8.8.4.4
    TCP: Interfaces\{4C67F788-B788-42CE-9E44-562ED4D265A7} : DHCPNameServer = 172.31.140.69 172.30.140.69
    TCP: Interfaces\{55606A95-2C0D-4635-8BB8-75C01926828F} : NameServer = 89.19.64.164 89.19.64.36
    TCP: Interfaces\{7787CE1A-FC98-4EEF-8D4C-2DBCEA5736EA}\54962736F6D6 : DHCPNameServer = 10.0.0.6
    TCP: Interfaces\{B91DE24D-00AD-4036-A20A-B54F260E9DE7} : NameServer = 89.19.64.164 89.19.64.36
    TCP: Interfaces\{F84F9782-03FD-4F96-9127-821FBC75F442} : NameServer = 89.19.64.36 89.19.64.164
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: SDWinLogon - SDWinLogon.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121012182632.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SONYAPO
    x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
    x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [NetWorx] "C:\Users\Eoin\Downloads\networx_portable\64-bit\networx.exe" /auto
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Eoin\AppData\Roaming\Mozilla\Firefox\Profiles\kgt8vqf0.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://websearch.pu-results.info/?pid=726&r=2013/04/15&hid=665674988&lg=EN&cc=IE&l=1&q=
    FF - prefs.js: browser.search.selectedEngine - WebSearch
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/
    FF - prefs.js: keyword.URL - hxxp://websearch.pu-results.info/?pid=726&r=2013/04/15&hid=665674988&lg=EN&cc=IE&l=1&q=
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
    FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
    FF - plugin: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 asdnet;asdnet;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [2013-4-15 19280]
    R1 asdrm;asdrm;C:\Windows\System32\drivers\asdrm.sys [2013-4-15 18768]
    R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-30 28600]
    R2 asdrs;AntiMalware Host-based Intrusion Prevention System;C:\Windows\System32\drivers\asdrs.sys [2013-4-15 23376]
    R2 asdws;AnviSmartDefender Web Guard;C:\Windows\System32\drivers\asdws.sys [2013-4-15 17232]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-30 100712]
    R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2012-5-12 19968]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-2-23 36000]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-2-23 339616]
    R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-2-23 110752]
    R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-2-23 30368]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-2-23 167584]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-2-23 68256]
    R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-2-23 280992]
    R3 BTATH_VDP;Bluetooth VDP Driver;C:\Windows\System32\drivers\btath_vdp.sys [2012-2-23 421664]
    R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-2-23 550560]
    R3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2012-10-12 13952]
    R3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\drivers\ew_jucdcacm.sys [2012-10-12 98816]
    S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2012-2-23 51872]
    S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-8-15 65264]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2012-10-12 117248]
    .
    =============== File Associations ===============
    .
    FileExt: .vbs: VBSFile=C:\Windows\SysWow64\WScript.exe "%1" %*
    FileExt: .js: jsfile=C:\Windows\SysWow64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2013-04-25 21:02:09 -------- d-----w- C:\Users\Eoin\AppData\Local\{ED53CFDC-939E-490D-B5FE-0109566D5955}
    2013-04-24 10:24:50 -------- d-----w- C:\Users\Eoin\AppData\Local\{3C2EF2D8-C77C-4509-9D85-83B244C5D50E}
    2013-04-23 13:18:06 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-04-23 10:10:12 -------- d-----w- C:\Users\Eoin\AppData\Local\{057902C9-86B9-4A67-A371-792D4676ED0A}
    2013-04-22 10:45:28 -------- d-----w- C:\Users\Eoin\AppData\Roaming\NCdownloader
    2013-04-22 09:58:11 -------- d-----w- C:\Users\Eoin\AppData\Local\{B9B0DAAC-1BD0-4027-AD7E-F953F5C3472E}
    2013-04-21 21:45:25 -------- d-----w- C:\Users\Eoin\AppData\Local\{EC477530-4A7A-4DEC-8BF8-29C6214C03B2}
    2013-04-20 21:07:12 -------- d-----w- C:\Users\Eoin\AppData\Local\CrossLoop
    2013-04-20 20:29:58 -------- d-----w- C:\Program Files\CCleaner
    2013-04-20 19:35:42 -------- d-----w- C:\Users\Eoin\AppData\Local\{9714F002-CD9D-426F-AE32-8ADF0C2429E9}
    2013-04-18 15:10:38 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{804BF8CC-918A-4124-A831-56239B848A4C}\offreg.dll
    2013-04-18 15:06:08 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{804BF8CC-918A-4124-A831-56239B848A4C}\mpengine.dll
    2013-04-15 18:48:21 -------- d-----w- C:\Users\Eoin\AppData\Roaming\Anvisoft
    2013-04-15 18:48:08 23376 ----a-w- C:\Windows\System32\drivers\asdrs.sys
    2013-04-15 18:48:08 18768 ----a-w- C:\Windows\System32\drivers\asdrm.sys
    2013-04-15 18:48:08 17232 ----a-w- C:\Windows\System32\drivers\asdws.sys
    2013-04-15 18:47:48 -------- d-----w- C:\ProgramData\Anvisoft
    2013-04-15 18:47:44 -------- d-----w- C:\Program Files (x86)\Anvisoft
    2013-04-15 12:10:29 -------- d-----w- C:\ProgramData\SeaaRchh--NewTAb
    2013-04-15 12:10:11 -------- d-----w- C:\ProgramData\BrOwwse2Saavei
    2013-04-15 12:09:53 -------- d-----w- C:\Windows\SysWow64\X86
    2013-04-15 12:09:53 -------- d-----w- C:\Windows\SysWow64\AMD64
    2013-04-15 12:09:53 -------- d-----w- C:\Program Files (x86)\Solibo Ltd
    2013-04-15 12:09:22 -------- d-----w- C:\ProgramData\InstallMate
    2013-04-15 10:15:25 -------- d-----w- C:\Users\Eoin\AppData\Local\{ED471A26-CA0C-48A0-8EB4-A93CC3163F57}
    2013-04-15 09:02:38 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2013-04-15 09:01:10 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-04-15 09:01:10 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-04-15 09:01:10 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-04-15 09:01:10 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2013-04-15 09:01:10 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-04-15 09:01:10 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-04-15 09:01:07 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2013-04-15 09:01:07 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2013-04-15 09:00:06 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2013-04-15 09:00:06 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-04-15 09:00:02 2002432 ----a-w- C:\Windows\System32\msxml6.dll
    2013-04-15 09:00:01 1882624 ----a-w- C:\Windows\System32\msxml3.dll
    2013-04-15 09:00:01 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2013-04-15 09:00:01 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2013-04-15 08:58:54 800768 ----a-w- C:\Windows\System32\usp10.dll
    2013-04-15 08:58:54 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2013-04-15 08:57:52 68608 ----a-w- C:\Windows\System32\taskhost.exe
    2013-04-15 08:57:51 750592 ----a-w- C:\Windows\System32\win32spl.dll
    2013-04-15 08:57:50 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2013-04-15 08:57:00 3153408 ----a-w- C:\Windows\System32\win32k.sys
    2013-04-15 08:56:59 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-04-15 08:56:58 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-04-15 08:56:58 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-04-15 08:56:57 112640 ----a-w- C:\Windows\System32\smss.exe
    2013-04-15 08:56:56 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
    2013-04-15 08:56:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2013-04-15 08:56:00 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
    2013-04-14 13:01:23 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2013-04-14 13:01:11 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
    2013-04-14 13:01:06 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2013-04-14 13:00:21 -------- d-----w- C:\Users\Eoin\AppData\Local\Programs
    2013-04-08 20:48:41 -------- d-----w- C:\Users\Eoin\AppData\Local\{9D7FCF6B-2783-43C4-ABC2-4D9561264A86}
    2013-04-01 15:46:03 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    .
    ==================== Find3M ====================
    .
    2013-04-28 21:39:51 60 ----a-w- C:\Windows\wpd99.drv
    2013-04-23 16:48:48 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-04-23 16:48:48 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-04-01 15:45:37 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-03-30 01:03:41 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
    2013-03-30 01:03:41 100712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2013-03-12 00:10:56 282744 ------w- C:\Windows\System32\MpSigStub.exe
    2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
    2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
    .
    ============= FINISH: 17:04:05.48 ===============

  4. #4
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi


    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    Please ensure you read this guide carefully first.

    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.


    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds log.


    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  5. #5
    Member egrogan1's Avatar
    Join Date
    Apr 2008
    Location
    Ireland
    Posts
    36

    Default dds and combofix

    ComboFix 13-04-29.01 - Eoin 30/04/2013 21:49:09.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.3996.2381 [GMT 1:00]
    Running from: C:\Users\Eoin\Desktop\ComboFix.exe
    AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\ProgramData\BrOwwse2Saavei
    C:\ProgramData\BrOwwse2Saavei\516bf6e2604b1.dll
    C:\ProgramData\BrOwwse2Saavei\516bf6e2604b1.tlb
    C:\ProgramData\BrOwwse2Saavei\settings.ini
    C:\ProgramData\BrOwwse2Saavei\uninstall.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrOwwse2Saavei
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrOwwse2Saavei\BrOwwse2Saavei.lnk
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrOwwse2Saavei\Uninstall.lnk
    C:\ProgramData\SeaaRchh--NewTAb
    C:\ProgramData\SeaaRchh--NewTAb\516bf70307b9b.dll
    C:\ProgramData\SeaaRchh--NewTAb\516bf70307b9b.tlb
    C:\ProgramData\SeaaRchh--NewTAb\settings.ini
    C:\Windows\SysWow64\X86
    C:\Windows\wininit.ini


    ((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-30 )))))))))))))))))))))))))))))))


    2013-04-30 21:10:10 . 2013-04-30 21:10:10 -------- d-----w- C:\Users\Default\AppData\Local\temp
    2013-04-23 15:38:04 . 2013-04-23 15:38:08 -------- d-----w- C:\Windows\LastGood
    2013-04-23 13:18:31 . 2013-04-23 13:18:31 -------- d-----w- C:\Program Files (x86)\Common Files\Java
    2013-04-23 13:18:06 . 2013-04-04 04:35:05 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-04-22 10:45:28 . 2013-04-22 10:45:28 -------- d-----w- C:\Users\Eoin\AppData\Roaming\NCdownloader
    2013-04-22 10:02:58 . 2013-04-22 10:03:05 -------- d-----w- C:\Program Files (x86)\ERUNT
    2013-04-20 21:07:12 . 2013-04-23 09:58:50 -------- d-----w- C:\Users\Eoin\AppData\Local\CrossLoop
    2013-04-20 20:54:43 . 2013-04-22 10:01:56 -------- d-----w- C:\Users\Eoin\AppData\Roaming\Skype
    2013-04-20 20:29:58 . 2013-04-20 20:30:03 -------- d-----w- C:\Program Files\CCleaner
    2013-04-18 15:10:38 . 2013-04-23 16:53:09 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{804BF8CC-918A-4124-A831-56239B848A4C}\offreg.dll
    2013-04-18 15:06:08 . 2013-03-15 06:28:52 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{804BF8CC-918A-4124-A831-56239B848A4C}\mpengine.dll
    2013-04-15 18:48:21 . 2013-04-15 18:48:21 -------- d-----w- C:\Users\Eoin\AppData\Roaming\Anvisoft
    2013-04-15 18:48:08 . 2012-11-07 07:16:18 17232 ----a-w- C:\Windows\system32\drivers\asdws.sys
    2013-04-15 18:48:08 . 2012-11-07 07:16:16 23376 ----a-w- C:\Windows\system32\drivers\asdrs.sys
    2013-04-15 18:48:08 . 2012-11-07 07:16:16 18768 ----a-w- C:\Windows\system32\drivers\asdrm.sys
    2013-04-15 18:47:48 . 2013-04-15 18:47:48 -------- d-----w- C:\ProgramData\Anvisoft
    2013-04-15 18:47:44 . 2013-04-15 18:47:44 -------- d-----w- C:\Program Files (x86)\Anvisoft
    2013-04-15 12:09:53 . 2013-04-15 12:09:53 -------- d-----w- C:\Windows\SysWow64\AMD64
    2013-04-15 12:09:53 . 2013-04-15 12:09:53 -------- d-----w- C:\Program Files (x86)\Solibo Ltd
    2013-04-15 12:09:22 . 2013-04-15 12:10:34 -------- d-----w- C:\ProgramData\InstallMate
    2013-04-15 09:15:58 . 2013-02-22 06:57:13 17817088 ----a-w- C:\Windows\system32\mshtml.dll
    2013-04-15 09:15:56 . 2013-02-22 06:29:21 10925568 ----a-w- C:\Windows\system32\ieframe.dll
    2013-04-15 09:07:41 . 2013-04-15 09:07:41 -------- d-----w- C:\Program Files\Microsoft Silverlight
    2013-04-15 09:07:41 . 2013-04-15 09:07:41 -------- d-----w- C:\Program Files (x86)\Microsoft Silverlight
    2013-04-15 09:02:38 . 2012-11-30 05:41:07 424448 ----a-w- C:\Windows\system32\KernelBase.dll
    2013-04-15 09:01:10 . 2013-01-04 05:46:09 215040 ----a-w- C:\Windows\system32\winsrv.dll
    2013-04-15 09:01:10 . 2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-04-15 09:01:10 . 2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-04-15 09:01:10 . 2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-04-15 09:01:10 . 2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-04-15 09:01:10 . 2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-04-15 09:01:07 . 2012-11-20 05:48:49 307200 ----a-w- C:\Windows\system32\ncrypt.dll
    2013-04-15 09:01:07 . 2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2013-04-15 09:00:06 . 2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\system32\drivers\tcpip.sys
    2013-04-15 09:00:06 . 2013-01-03 06:00:42 288088 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS
    2013-04-15 09:00:02 . 2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\system32\msxml6.dll
    2013-04-15 09:00:01 . 2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\system32\msxml3.dll
    2013-04-15 09:00:01 . 2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2013-04-15 09:00:01 . 2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2013-04-15 08:58:54 . 2012-11-22 05:44:23 800768 ----a-w- C:\Windows\system32\usp10.dll
    2013-04-15 08:58:54 . 2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2013-04-15 08:57:52 . 2012-11-23 03:13:57 68608 ----a-w- C:\Windows\system32\taskhost.exe
    2013-04-15 08:57:51 . 2012-11-09 05:45:32 750592 ----a-w- C:\Windows\system32\win32spl.dll
    2013-04-15 08:57:50 . 2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2013-04-15 08:57:00 . 2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\system32\win32k.sys
    2013-04-15 08:56:59 . 2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\system32\ntoskrnl.exe
    2013-04-15 08:56:58 . 2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-04-15 08:56:58 . 2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-04-15 08:56:57 . 2013-03-19 03:06:33 112640 ----a-w- C:\Windows\system32\smss.exe
    2013-04-15 08:56:56 . 2013-03-19 05:46:56 43520 ----a-w- C:\Windows\system32\csrsrv.dll
    2013-04-15 08:56:56 . 2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
    2013-04-15 08:56:00 . 2013-01-24 06:01:01 223752 ----a-w- C:\Windows\system32\drivers\fvevol.sys
    2013-04-14 13:01:23 . 2013-04-22 10:50:22 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2013-04-14 13:01:11 . 2009-01-25 11:14:02 17272 ----a-w- C:\Windows\system32\sdnclean64.exe
    2013-04-14 13:01:06 . 2013-04-14 13:01:20 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2013-04-14 13:00:21 . 2013-04-14 13:00:21 -------- d-----w- C:\Users\Eoin\AppData\Local\Programs
    2013-04-01 15:46:03 . 2013-04-01 15:45:37 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2013-04-01 15:45:36 . 2013-04-23 13:18:06 -------- d-----w- C:\Program Files (x86)\Java
    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2013-04-23 16:48:48 . 2012-05-12 09:28:58 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-04-23 16:48:48 . 2012-05-12 09:28:58 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-04-01 18:58:38 . 2012-12-25 13:47:49 72702784 ----a-w- C:\Windows\system32\MRT.exe
    2013-04-01 15:45:37 . 2012-05-12 09:11:53 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-03-30 01:03:41 . 2013-03-30 01:03:47 28600 ----a-w- C:\Windows\system32\drivers\avkmgr.sys
    2013-03-30 01:03:41 . 2013-03-30 01:03:47 130016 ----a-w- C:\Windows\system32\drivers\avipbb.sys
    2013-03-30 01:03:41 . 2013-03-30 01:03:47 100712 ----a-w- C:\Windows\system32\drivers\avgntflt.sys
    2013-03-12 00:10:56 . 2010-11-21 03:27:21 282744 ------w- C:\Windows\system32\MpSigStub.exe
    2013-02-12 05:45:24 . 2013-04-15 08:59:55 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-02-12 05:45:22 . 2013-04-15 08:59:56 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-02-12 05:45:22 . 2013-04-15 08:59:55 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-02-12 05:45:22 . 2013-04-15 08:59:55 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-02-12 04:48:31 . 2013-04-15 08:59:56 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
    2013-02-12 04:48:26 . 2013-04-15 08:59:56 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll






    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.21.2
    Run by Eoin at 22:32:29 on 2013-04-30
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.3996.1864 [GMT 1:00]
    .
    AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
    C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    c:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Windows\system32\mfevtps.exe
    C:\Windows\Explorer.EXE
    c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
    C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\alg.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Sony\VAIO Care\VCPerfService.exe
    C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
    C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Sony\VAIO Improvement\vim.exe
    C:\Program Files\Sony\VAIO Care\VCService.exe
    C:\Program Files\Sony\VAIO Care\VCAgent.exe
    C:\Windows\System32\vds.exe
    C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
    C:\Program Files\Sony\VAIO Care\VCAdmin.exe
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
    C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Program Files\Sony\VAIO Care\listener.exe
    C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
    C:\ComboFix\CF7837.3XE
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_169_ActiveX.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWow64\cmd.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\ComboFix\pev.3XE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.ie
    uLocal Page = hxxp://www.google.ie
    mStart Page = hxxp://www.google.ie
    mLocal Page = hxxp://www.google.ie
    mWindow Title = Microsoft Internet Explorer
    mDefault_Page_URL = hxxp://www.google.ie
    uProxyOverride = <local>;*.local
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    BHO: BrOwwse2Saavei: {6CCA71BB-4A17-554A-7B2B-8905AEC189DF} -
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121012182632.dll
    BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [SkyDrive] "C:\Users\Eoin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
    uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    uRun: [CrossLoop] "C:\Users\Eoin\AppData\Local\CrossLoop\CrossLoopConnect.exe" -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server -minimize
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
    mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
    mRun: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    mRun: [ShaPlus Bandwidth Meter] "C:\Program Files (x86)\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe" /s
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    mRun: [ADBlocker] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe -tray
    mRun: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\Users\Eoin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
    StartupFolder: C:\Users\Eoin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NCDOWN~1.LNK - C:\Program Files (x86)\Solibo Ltd\NCdownloader\NCdownloader.exe
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: SoftwareSASGeneration = dword:3
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: Interfaces\{204075A0-3C79-4EC6-ADCB-9C1406296244} : DHCPNameServer = 8.8.4.4
    TCP: Interfaces\{4C67F788-B788-42CE-9E44-562ED4D265A7} : DHCPNameServer = 172.31.140.69 172.30.140.69
    TCP: Interfaces\{55606A95-2C0D-4635-8BB8-75C01926828F} : NameServer = 89.19.64.164 89.19.64.36
    TCP: Interfaces\{7787CE1A-FC98-4EEF-8D4C-2DBCEA5736EA}\54962736F6D6 : DHCPNameServer = 10.0.0.6
    TCP: Interfaces\{B91DE24D-00AD-4036-A20A-B54F260E9DE7} : NameServer = 89.19.64.164 89.19.64.36
    TCP: Interfaces\{F84F9782-03FD-4F96-9127-821FBC75F442} : NameServer = 89.19.64.36 89.19.64.164
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: SDWinLogon - SDWinLogon.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121012182632.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SONYAPO
    x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
    x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [NetWorx] "C:\Users\Eoin\Downloads\networx_portable\64-bit\networx.exe" /auto
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Eoin\AppData\Roaming\Mozilla\Firefox\Profiles\kgt8vqf0.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://websearch.pu-results.info/?pid=726&r=2013/04/15&hid=665674988&lg=EN&cc=IE&l=1&q=
    FF - prefs.js: browser.search.selectedEngine - WebSearch
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/
    FF - prefs.js: keyword.URL - hxxp://websearch.pu-results.info/?pid=726&r=2013/04/15&hid=665674988&lg=EN&cc=IE&l=1&q=
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
    FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
    FF - plugin: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-2-28 16152]
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-8-15 647208]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-8-15 289664]
    R1 asdnet;asdnet;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [2013-4-15 19280]
    R1 asdrm;asdrm;C:\Windows\System32\drivers\asdrm.sys [2013-4-15 18768]
    R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-30 28600]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2011-8-15 75936]
    R2 ADBlockerSrv;AD Blocker Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [2013-4-15 279368]
    R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-11-16 86752]
    R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-11-16 110816]
    R2 asdrs;AntiMalware Host-based Intrusion Prevention System;C:\Windows\System32\drivers\asdrs.sys [2013-4-15 23376]
    R2 asdsrv;Anvi Smart Defender Realtime Guard Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-12-21 735592]
    R2 asdws;AnviSmartDefender Web Guard;C:\Windows\System32\drivers\asdws.sys [2013-4-15 17232]
    R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-2-23 106144]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-30 100712]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-12 13592]
    R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-5-12 2429544]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
    R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-5-12 128280]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-5-12 161560]
    R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\systemcore\mcshield.exe [2012-5-12 199304]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe [2012-5-12 210616]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-5-12 162224]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-2-21 473960]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
    R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-11-30 260768]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-4-14 1103392]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-4-14 1369624]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-4-14 168384]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2012-5-12 105024]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-12 363800]
    R2 VmbService;Vodafone Mobile Broadband Service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-5-23 9216]
    R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2012-5-12 978056]
    R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-2-23 158880]
    R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2012-5-12 19968]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-2-23 36000]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-2-23 339616]
    R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-2-23 110752]
    R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-2-23 30368]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-2-23 167584]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-2-23 68256]
    R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-2-23 280992]
    R3 BTATH_VDP;Bluetooth VDP Driver;C:\Windows\System32\drivers\btath_vdp.sys [2012-2-23 421664]
    R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-2-23 550560]
    R3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2012-10-12 13952]
    R3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\drivers\ew_jucdcacm.sys [2012-10-12 98816]
    R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2012-10-12 86016]
    R3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\System32\drivers\ew_juextctrl.sys [2012-10-12 28672]
    R3 huawei_wwanecm;huawei_wwanecm;C:\Windows\System32\drivers\ew_juwwanecm.sys [2012-10-12 213504]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-14 331264]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-2-28 356120]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-2-28 787736]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-8-15 229528]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-8-15 487296]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-5-12 339048]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-27 675432]
    R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2012-1-16 14336]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-1-20 54432]
    R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1256040]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 CrossLoopService;CrossLoop Service;C:\Users\Eoin\AppData\Local\CrossLoop\CrossLoopService.exe [2013-4-20 569072]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2012-2-23 51872]
    S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-8-15 65264]
    S3 DCDhcpService;DCDhcpService;C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2012-5-12 112256]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2012-10-12 117248]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 lehidmini;Bluetooth Low Energy Hid Device;C:\Windows\System32\drivers\leath_hid.sys [2012-2-23 36128]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-8-15 100912]
    S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-25 19456]
    S3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver.sys [2012-3-14 21264]
    S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2012-1-6 138392]
    S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2012-1-6 74904]
    S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-1 289952]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-25 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-25 30208]
    S3 tvnserver;TightVNC Server;C:\Users\Eoin\AppData\Local\CrossLoop\tvnserver.exe [2013-4-20 814080]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2012-5-12 535688]
    S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-12-29 960160]
    S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-12-21 550128]
    S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-12-21 382720]
    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-8-26 101600]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-15 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2013-04-30 20:45:51 98816 ----a-w- C:\Windows\sed.exe
    2013-04-30 20:45:51 256000 ----a-w- C:\Windows\PEV.exe
    2013-04-30 20:45:51 208896 ----a-w- C:\Windows\MBR.exe
    2013-04-30 20:45:43 -------- d-----w- C:\ComboFix
    2013-04-25 21:02:09 -------- d-----w- C:\Users\Eoin\AppData\Local\{ED53CFDC-939E-490D-B5FE-0109566D5955}
    2013-04-24 10:24:50 -------- d-----w- C:\Users\Eoin\AppData\Local\{3C2EF2D8-C77C-4509-9D85-83B244C5D50E}
    2013-04-23 13:18:06 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-04-23 10:10:12 -------- d-----w- C:\Users\Eoin\AppData\Local\{057902C9-86B9-4A67-A371-792D4676ED0A}
    2013-04-22 10:45:28 -------- d-----w- C:\Users\Eoin\AppData\Roaming\NCdownloader
    2013-04-22 09:58:11 -------- d-----w- C:\Users\Eoin\AppData\Local\{B9B0DAAC-1BD0-4027-AD7E-F953F5C3472E}
    2013-04-21 21:45:25 -------- d-----w- C:\Users\Eoin\AppData\Local\{EC477530-4A7A-4DEC-8BF8-29C6214C03B2}
    2013-04-20 21:07:12 -------- d-----w- C:\Users\Eoin\AppData\Local\CrossLoop
    2013-04-20 20:29:58 -------- d-----w- C:\Program Files\CCleaner
    2013-04-20 19:35:42 -------- d-----w- C:\Users\Eoin\AppData\Local\{9714F002-CD9D-426F-AE32-8ADF0C2429E9}
    2013-04-18 15:10:38 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{804BF8CC-918A-4124-A831-56239B848A4C}\offreg.dll
    2013-04-18 15:06:08 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{804BF8CC-918A-4124-A831-56239B848A4C}\mpengine.dll
    2013-04-15 18:48:21 -------- d-----w- C:\Users\Eoin\AppData\Roaming\Anvisoft
    2013-04-15 18:48:08 23376 ----a-w- C:\Windows\System32\drivers\asdrs.sys
    2013-04-15 18:48:08 18768 ----a-w- C:\Windows\System32\drivers\asdrm.sys
    2013-04-15 18:48:08 17232 ----a-w- C:\Windows\System32\drivers\asdws.sys
    2013-04-15 18:47:48 -------- d-----w- C:\ProgramData\Anvisoft
    2013-04-15 18:47:44 -------- d-----w- C:\Program Files (x86)\Anvisoft
    2013-04-15 12:09:53 -------- d-----w- C:\Windows\SysWow64\AMD64
    2013-04-15 12:09:53 -------- d-----w- C:\Program Files (x86)\Solibo Ltd
    2013-04-15 12:09:22 -------- d-----w- C:\ProgramData\InstallMate
    2013-04-15 10:15:25 -------- d-----w- C:\Users\Eoin\AppData\Local\{ED471A26-CA0C-48A0-8EB4-A93CC3163F57}
    2013-04-15 09:02:38 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2013-04-15 09:01:10 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-04-15 09:01:10 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-04-15 09:01:10 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-04-15 09:01:10 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2013-04-15 09:01:10 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-04-15 09:01:10 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-04-15 09:01:07 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2013-04-15 09:01:07 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2013-04-15 09:00:06 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2013-04-15 09:00:06 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-04-15 09:00:02 2002432 ----a-w- C:\Windows\System32\msxml6.dll
    2013-04-15 09:00:01 1882624 ----a-w- C:\Windows\System32\msxml3.dll
    2013-04-15 09:00:01 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2013-04-15 09:00:01 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2013-04-15 08:58:54 800768 ----a-w- C:\Windows\System32\usp10.dll
    2013-04-15 08:58:54 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2013-04-15 08:57:52 68608 ----a-w- C:\Windows\System32\taskhost.exe
    2013-04-15 08:57:51 750592 ----a-w- C:\Windows\System32\win32spl.dll
    2013-04-15 08:57:50 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2013-04-15 08:57:00 3153408 ----a-w- C:\Windows\System32\win32k.sys
    2013-04-15 08:56:59 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-04-15 08:56:58 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-04-15 08:56:58 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-04-15 08:56:57 112640 ----a-w- C:\Windows\System32\smss.exe
    2013-04-15 08:56:56 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
    2013-04-15 08:56:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2013-04-15 08:56:00 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
    2013-04-14 13:01:23 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2013-04-14 13:01:11 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
    2013-04-14 13:01:06 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2013-04-14 13:00:21 -------- d-----w- C:\Users\Eoin\AppData\Local\Programs
    2013-04-08 20:48:41 -------- d-----w- C:\Users\Eoin\AppData\Local\{9D7FCF6B-2783-43C4-ABC2-4D9561264A86}
    2013-04-01 15:46:03 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    .
    ==================== Find3M ====================
    .
    2013-04-28 21:39:51 60 ----a-w- C:\Windows\wpd99.drv
    2013-04-23 16:48:48 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-04-23 16:48:48 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-04-01 15:45:37 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-03-30 01:03:41 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
    2013-03-30 01:03:41 100712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2013-03-12 00:10:56 282744 ------w- C:\Windows\System32\MpSigStub.exe
    2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
    2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
    .
    ============= FINISH: 22:32:49.06 ===============

  6. #6
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    It seems complete ComboFix log wasn't copy-pasted. Please post it.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  7. #7
    Member egrogan1's Avatar
    Join Date
    Apr 2008
    Location
    Ireland
    Posts
    36

    Default

    Sorry, there seems to be more in the file now

    ComboFix 13-04-29.01 - Eoin 30/04/2013 21:49:09.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.3996.2381 [GMT 1:00]
    Running from: C:\Users\Eoin\Desktop\ComboFix.exe
    AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\ProgramData\BrOwwse2Saavei
    C:\ProgramData\BrOwwse2Saavei\516bf6e2604b1.dll
    C:\ProgramData\BrOwwse2Saavei\516bf6e2604b1.tlb
    C:\ProgramData\BrOwwse2Saavei\settings.ini
    C:\ProgramData\BrOwwse2Saavei\uninstall.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrOwwse2Saavei
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrOwwse2Saavei\BrOwwse2Saavei.lnk
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrOwwse2Saavei\Uninstall.lnk
    C:\ProgramData\SeaaRchh--NewTAb
    C:\ProgramData\SeaaRchh--NewTAb\516bf70307b9b.dll
    C:\ProgramData\SeaaRchh--NewTAb\516bf70307b9b.tlb
    C:\ProgramData\SeaaRchh--NewTAb\settings.ini
    C:\Windows\SysWow64\X86
    C:\Windows\wininit.ini


    ((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-30 )))))))))))))))))))))))))))))))


    2013-04-30 21:10:10 . 2013-04-30 21:10:10 -------- d-----w- C:\Users\Default\AppData\Local\temp
    2013-04-23 15:38:04 . 2013-04-23 15:38:08 -------- d-----w- C:\Windows\LastGood
    2013-04-23 13:18:31 . 2013-04-23 13:18:31 -------- d-----w- C:\Program Files (x86)\Common Files\Java
    2013-04-23 13:18:06 . 2013-04-04 04:35:05 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-04-22 10:45:28 . 2013-04-22 10:45:28 -------- d-----w- C:\Users\Eoin\AppData\Roaming\NCdownloader
    2013-04-22 10:02:58 . 2013-04-22 10:03:05 -------- d-----w- C:\Program Files (x86)\ERUNT
    2013-04-20 21:07:12 . 2013-04-23 09:58:50 -------- d-----w- C:\Users\Eoin\AppData\Local\CrossLoop
    2013-04-20 20:54:43 . 2013-04-22 10:01:56 -------- d-----w- C:\Users\Eoin\AppData\Roaming\Skype
    2013-04-20 20:29:58 . 2013-04-20 20:30:03 -------- d-----w- C:\Program Files\CCleaner
    2013-04-18 15:10:38 . 2013-04-23 16:53:09 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{804BF8CC-918A-4124-A831-56239B848A4C}\offreg.dll
    2013-04-18 15:06:08 . 2013-03-15 06:28:52 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{804BF8CC-918A-4124-A831-56239B848A4C}\mpengine.dll
    2013-04-15 18:48:21 . 2013-04-15 18:48:21 -------- d-----w- C:\Users\Eoin\AppData\Roaming\Anvisoft
    2013-04-15 18:48:08 . 2012-11-07 07:16:18 17232 ----a-w- C:\Windows\system32\drivers\asdws.sys
    2013-04-15 18:48:08 . 2012-11-07 07:16:16 23376 ----a-w- C:\Windows\system32\drivers\asdrs.sys
    2013-04-15 18:48:08 . 2012-11-07 07:16:16 18768 ----a-w- C:\Windows\system32\drivers\asdrm.sys
    2013-04-15 18:47:48 . 2013-04-15 18:47:48 -------- d-----w- C:\ProgramData\Anvisoft
    2013-04-15 18:47:44 . 2013-04-15 18:47:44 -------- d-----w- C:\Program Files (x86)\Anvisoft
    2013-04-15 12:09:53 . 2013-04-15 12:09:53 -------- d-----w- C:\Windows\SysWow64\AMD64
    2013-04-15 12:09:53 . 2013-04-15 12:09:53 -------- d-----w- C:\Program Files (x86)\Solibo Ltd
    2013-04-15 12:09:22 . 2013-04-15 12:10:34 -------- d-----w- C:\ProgramData\InstallMate
    2013-04-15 09:15:58 . 2013-02-22 06:57:13 17817088 ----a-w- C:\Windows\system32\mshtml.dll
    2013-04-15 09:15:56 . 2013-02-22 06:29:21 10925568 ----a-w- C:\Windows\system32\ieframe.dll
    2013-04-15 09:07:41 . 2013-04-15 09:07:41 -------- d-----w- C:\Program Files\Microsoft Silverlight
    2013-04-15 09:07:41 . 2013-04-15 09:07:41 -------- d-----w- C:\Program Files (x86)\Microsoft Silverlight
    2013-04-15 09:02:38 . 2012-11-30 05:41:07 424448 ----a-w- C:\Windows\system32\KernelBase.dll
    2013-04-15 09:01:10 . 2013-01-04 05:46:09 215040 ----a-w- C:\Windows\system32\winsrv.dll
    2013-04-15 09:01:10 . 2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-04-15 09:01:10 . 2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-04-15 09:01:10 . 2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-04-15 09:01:10 . 2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-04-15 09:01:10 . 2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-04-15 09:01:07 . 2012-11-20 05:48:49 307200 ----a-w- C:\Windows\system32\ncrypt.dll
    2013-04-15 09:01:07 . 2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2013-04-15 09:00:06 . 2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\system32\drivers\tcpip.sys
    2013-04-15 09:00:06 . 2013-01-03 06:00:42 288088 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS
    2013-04-15 09:00:02 . 2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\system32\msxml6.dll
    2013-04-15 09:00:01 . 2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\system32\msxml3.dll
    2013-04-15 09:00:01 . 2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2013-04-15 09:00:01 . 2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2013-04-15 08:58:54 . 2012-11-22 05:44:23 800768 ----a-w- C:\Windows\system32\usp10.dll
    2013-04-15 08:58:54 . 2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2013-04-15 08:57:52 . 2012-11-23 03:13:57 68608 ----a-w- C:\Windows\system32\taskhost.exe
    2013-04-15 08:57:51 . 2012-11-09 05:45:32 750592 ----a-w- C:\Windows\system32\win32spl.dll
    2013-04-15 08:57:50 . 2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2013-04-15 08:57:00 . 2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\system32\win32k.sys
    2013-04-15 08:56:59 . 2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\system32\ntoskrnl.exe
    2013-04-15 08:56:58 . 2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-04-15 08:56:58 . 2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-04-15 08:56:57 . 2013-03-19 03:06:33 112640 ----a-w- C:\Windows\system32\smss.exe
    2013-04-15 08:56:56 . 2013-03-19 05:46:56 43520 ----a-w- C:\Windows\system32\csrsrv.dll
    2013-04-15 08:56:56 . 2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
    2013-04-15 08:56:00 . 2013-01-24 06:01:01 223752 ----a-w- C:\Windows\system32\drivers\fvevol.sys
    2013-04-14 13:01:23 . 2013-04-22 10:50:22 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2013-04-14 13:01:11 . 2009-01-25 11:14:02 17272 ----a-w- C:\Windows\system32\sdnclean64.exe
    2013-04-14 13:01:06 . 2013-04-14 13:01:20 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2013-04-14 13:00:21 . 2013-04-14 13:00:21 -------- d-----w- C:\Users\Eoin\AppData\Local\Programs
    2013-04-01 15:46:03 . 2013-04-01 15:45:37 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2013-04-01 15:45:36 . 2013-04-23 13:18:06 -------- d-----w- C:\Program Files (x86)\Java
    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2013-04-23 16:48:48 . 2012-05-12 09:28:58 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-04-23 16:48:48 . 2012-05-12 09:28:58 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-04-01 18:58:38 . 2012-12-25 13:47:49 72702784 ----a-w- C:\Windows\system32\MRT.exe
    2013-04-01 15:45:37 . 2012-05-12 09:11:53 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-03-30 01:03:41 . 2013-03-30 01:03:47 28600 ----a-w- C:\Windows\system32\drivers\avkmgr.sys
    2013-03-30 01:03:41 . 2013-03-30 01:03:47 130016 ----a-w- C:\Windows\system32\drivers\avipbb.sys
    2013-03-30 01:03:41 . 2013-03-30 01:03:47 100712 ----a-w- C:\Windows\system32\drivers\avgntflt.sys
    2013-03-12 00:10:56 . 2010-11-21 03:27:21 282744 ------w- C:\Windows\system32\MpSigStub.exe
    2013-02-12 05:45:24 . 2013-04-15 08:59:55 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-02-12 05:45:22 . 2013-04-15 08:59:56 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-02-12 05:45:22 . 2013-04-15 08:59:55 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-02-12 05:45:22 . 2013-04-15 08:59:55 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-02-12 04:48:31 . 2013-04-15 08:59:56 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
    2013-02-12 04:48:26 . 2013-04-15 08:59:56 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2013-03-20 14:11:17 222808 ----a-w- C:\Users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2013-03-20 14:11:17 222808 ----a-w- C:\Users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2013-03-20 14:11:17 222808 ----a-w- C:\Users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-21 03:24:51 1475584]
    "SkyDrive"="C:\Users\Eoin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-03-20 14:11:15 256600]
    "GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe" [2013-03-07 16:31:48 19357112]
    "Spybot-S&D Cleaning"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 13:07:26 3713032]
    "CrossLoop"="C:\Users\Eoin\AppData\Local\CrossLoop\CrossLoopConnect.exe" [2012-01-06 07:35:22 1208048]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 19:04:54 284440]
    "USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-22 17:10:28 291608]
    "ISBMgr.exe"="C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-09-20 15:57:56 60552]
    "PMBVolumeWatcher"="c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-02-21 11:37:16 693608]
    "MobileBroadband"="C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2011-05-23 15:19:30 274944]
    "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 13:08:14 59720]
    "avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-30 01:02:07 345312]
    "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-12-25 14:18:10 295072]
    "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 12:35:28 152392]
    "SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 13:08:08 3825176]
    "ADBlocker"="C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe" [2012-12-21 08:26:34 979816]
    "Anvi Smart Defender"="C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-12-21 02:43:14 1434984]
    "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 06:32:50 253816]

    C:\Users\Eoin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    OpenOffice.org 3.4.1.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    NCdownloader.lnk - C:\Program Files (x86)\Solibo Ltd\NCdownloader\NCdownloader.exe [2013-4-15 270848]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"="userinit.exe"

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 22:27:14 138576]
    R2 CrossLoopService;CrossLoop Service;C:\Users\Eoin\AppData\Local\CrossLoop\CrossLoopService.exe [2012-01-06 07:35:22 569072]
    R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 12:28:36 160944]
    R3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\Drivers\AthDfu.sys [2012-02-23 15:57:58 51872]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys [2012-02-22 12:29:46 65264]
    R3 DCDhcpService;DCDhcpService;C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2012-03-21 16:08:20 112256]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 20:35:02 281088]
    R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2011-05-20 15:38:34 117248]
    R3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 17:59:12 206072]
    R3 lehidmini;Bluetooth Low Energy Hid Device;C:\Windows\system32\drivers\leath_hid.sys [2012-02-23 16:01:34 36128]
    R3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys [2012-02-22 12:29:46 100912]
    R3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys [2012-03-26 13:50:12 22528]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14:10:20 19456]
    R3 SmbDrv;SmbDrv;C:\Windows\system32\drivers\Smb_driver.sys [2012-03-13 17:01:03 21264]
    R3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2012-01-06 15:44:26 138392]
    R3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2012-01-06 15:44:28 74904]
    R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-01 09:04:56 289952]
    R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 14:07:35 57856]
    R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 14:08:26 30208]
    R3 tvnserver;TightVNC Server;C:\Users\Eoin\AppData\Local\CrossLoop\tvnserver.exe [2010-07-21 06:50:26 814080]
    R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [2012-12-13 13:50:36 54784]
    R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2012-01-10 12:45:32 535688]
    R3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-12-29 15:10:08 960160]
    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-12-21 12:15:06 550128]
    R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-12-21 12:55:14 382720]
    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-08-26 17:47:26 101600]
    R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2012-10-14 22:33:02 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 17:10:10 57184]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\system32\drivers\iusb3hcs.sys [2012-02-22 17:10:10 16152]
    S0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys [2012-02-22 12:29:46 289664]
    S1 asdnet;asdnet;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [2012-09-07 12:52:02 19280]
    S1 asdrm;asdrm;C:\Windows\system32\DRIVERS\asdrm.sys [2012-11-07 07:16:16 18768]
    S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys [2013-03-30 01:03:41 28600]
    S1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 12:29:46 75936]
    S2 ADBlockerSrv;AD Blocker Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [2012-11-13 13:18:00 279368]
    S2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-30 01:03:18 86752]
    S2 asdrs;AntiMalware Host-based Intrusion Prevention System;C:\Windows\system32\DRIVERS\asdrs.sys [2012-11-07 07:16:16 23376]
    S2 asdsrv;Anvi Smart Defender Realtime Guard Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-12-21 02:43:12 735592]
    S2 asdws;AnviSmartDefender Web Guard;C:\Windows\system32\DRIVERS\asdws.sys [2012-11-07 07:16:18 17232]
    S2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2012-02-23 15:51:40 106144]
    S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 13:22:40 822624]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 19:04:56 13592]
    S2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-02-08 16:36:01 2429544]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-02-02 21:29:52 628448]
    S2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-03-13 16:01:29 128280]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-03-13 16:00:11 161560]
    S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-05-25 15:59:02 210616]
    S2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\system32\mfevtps.exe [2012-05-25 16:13:54 162224]
    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-02-21 11:41:12 473960]
    S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 20:31:04 38608]
    S2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-11-30 17:49:50 260768]
    S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 13:07:16 1103392]
    S2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 13:07:20 1369624]
    S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 13:07:24 168384]
    S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 07:30:18 508776]
    S2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 13:05:04 105024]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-03-13 16:02:03 363800]
    S2 VmbService;Vodafone Mobile Broadband Service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-05-23 15:19:44 9216]
    S2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2012-03-26 08:24:10 978056]
    S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-02-23 16:09:58 158880]
    S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 13:32:04 19968]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys [2012-02-23 15:59:16 36000]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys [2012-02-23 15:58:28 339616]
    S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\system32\drivers\btath_avdt.sys [2012-02-23 15:58:46 110752]
    S3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\drivers\btath_bus.sys [2012-02-23 15:59:04 30368]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\drivers\btath_hcrp.sys [2012-02-23 15:59:34 167584]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys [2012-02-23 16:00:04 68256]
    S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\drivers\btath_rcp.sys [2012-02-23 16:00:16 280992]
    S3 BTATH_VDP;Bluetooth VDP Driver;C:\Windows\system32\drivers\btath_vdp.sys [2012-02-23 16:00:34 421664]
    S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys [2012-02-23 16:01:04 550560]
    S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [2011-05-20 15:38:40 13952]
    S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [2011-05-20 15:38:48 98816]
    S3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2011-05-20 15:38:48 86016]
    S3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\system32\DRIVERS\ew_juextctrl.sys [2011-05-20 15:38:48 28672]
    S3 huawei_wwanecm;huawei_wwanecm;C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [2011-05-20 15:38:46 213504]
    S3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys [2012-03-14 08:22:23 331264]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\system32\drivers\iusb3hub.sys [2012-02-22 17:10:12 356120]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\drivers\iusb3xhc.sys [2012-02-22 17:10:17 787736]
    S3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys [2012-02-22 12:29:46 487296]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys [2012-02-08 16:36:36 339048]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-02-13 09:21:29 675432]
    S3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys [2012-01-16 09:01:14 14336]
    S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 07:30:10 764264]
    S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 07:30:18 268648]
    S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 07:30:18 25960]
    S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 07:30:22 22376]
    S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 07:30:22 219496]
    S3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-01-20 14:23:00 54432]
    S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 09:55:10 1256040]


    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-04-11 22:53:00 1642448 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe

    Contents of the 'Scheduled Tasks' folder

    2013-04-30 C:\Windows\Tasks\Adobe Flash Player Updater.job
    - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 09:28:58 . 2013-04-23 16:48:49]

    2013-04-30 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-01 15:42:55 . 2013-01-01 15:42:54]

    2013-04-30 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-01 15:42:55 . 2013-01-01 15:42:54]


    --------- X64 Entries -----------


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2013-03-20 14:11:19 261704 ----a-w- C:\Users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2013-03-20 14:11:19 261704 ----a-w- C:\Users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2013-03-20 14:11:19 261704 ----a-w- C:\Users\Eoin\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2013-03-07 16:31:52 776144 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2013-03-07 16:31:52 776144 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2013-03-07 16:31:52 776144 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2013-03-07 16:31:52 776144 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

  8. #8
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Still doesn't seem to be everything. If the whole text doesn't fit there you may attach the log as a file.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  9. #9
    Member egrogan1's Avatar
    Join Date
    Apr 2008
    Location
    Ireland
    Posts
    36

    Default

    no that is all the text that is in the file. Should I run combofix again?

  10. #10
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Yes, please run it again. Also, make sure antivirus protection is disabled during the run.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •