Hi
I was in msconfig and noticed a new item in start up .. Background container .. I Googled it and found it to be an undesirable item.
The only thing I have d/loaded recently is ghost mouse auto clicker from here - http://download.cnet.com/Ghost-Mouse...-75322043.html
I have run Malwarebytes, ADW Cleaner and SAS but Background container still remains in start up (logs also posted).
I am not having any problems with the laptop but would like to remove the Background container if possible.
Thanks
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:24:33 AM, on 24/2/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\CometBird\cometbird.exe
C:\Program Files (x86)\CometBird\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Users\kevhatch\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.yahoo.com/?type=994...=spigot-yhp-ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\kevhatch\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\kevhatch\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd6 4"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7280 bytes
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.51.2
Run by kevhatch at 10:29:11 on 2014-02-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.8100.5927 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\windows\Explorer.EXE
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\CometBird\cometbird.exe
C:\Program Files (x86)\CometBird\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://uk.search.yahoo.com/?type=994519&fr=spigot-yhp-ie
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRunOnce: [Uninstall C:\Users\kevhatch\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\kevhatch\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd6 4"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3E805C4F-A592-4AB7-BFD3-5DF9686384C6} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3E805C4F-A592-4AB7-BFD3-5DF9686384C6}\35B4953393436323 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{3E805C4F-A592-4AB7-BFD3-5DF9686384C6}\64163747E65647 : DHCPNameServer = 212.42.162.1 212.42.162.2
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\kevhatch\AppData\Roaming\Mozilla\Firefox\Profiles\os4ifuaa.default \
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxp://uk.search.yahoo.com/?type=994519&fr=spigot-yhp-ff
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-11-21 55856]
R0 RapportKE64;RapportKE64;C:\windows\System32\drivers\RapportKE64.sys [2013-8-29 295696]
R1 RapportCerberus_56758;RapportCerberus_56758;C:\ProgramData\Trusteer\Rapport \store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys [2013-8-29 589872]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-8-19 265872]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-8-19 384432]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2013-6-18 134944]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R3 bcbtums;Bluetooth USB LD Filter;C:\windows\System32\drivers\bcbtums.sys [2013-10-28 170712]
R3 BTWAMPFL;BTWAMPFL;C:\windows\System32\drivers\btwampfl.sys [2013-8-9 166104]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2011-11-21 39464]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2011-11-21 176096]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-11-21 317440]
R3 intelkmd;intelkmd;C:\windows\System32\drivers\igdpmd64.sys [2011-11-21 12223936]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\windows\System32\drivers\teamviewervpn.sys [2013-12-22 35112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-2-12 111616]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2011-3-18 25072]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-8-30 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-11-21 250984]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-2-12 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-8-30 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-8-28 1255736]
S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
S4 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-11-21 89600]
S4 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2011-11-21 204288]
S4 BcmBtRSupport;Bluetooth Driver Management Service;C:\windows\System32\BtwRSupportService.exe [2013-10-28 2255064]
S4 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-9-19 250200]
S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-21 13336]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
S4 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-26 2823000]
S4 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-8-19 1435928]
S4 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S4 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-11-21 1692480]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S4 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S4 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-22 4915040]
S4 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-11-21 2656280]
.
=============== Created Last 30 ================
.
2014-02-24 02:37:33 -------- d-----w- C:\Users\kevhatch\Tracing
2014-02-24 02:34:07 -------- d-----w- C:\windows\en
2014-02-24 02:33:04 77656 ----a-w- C:\windows\System32\XAPOFX1_5.dll
2014-02-24 02:33:04 74072 ----a-w- C:\windows\SysWow64\XAPOFX1_5.dll
2014-02-24 02:33:04 527192 ----a-w- C:\windows\SysWow64\XAudio2_7.dll
2014-02-24 02:33:04 518488 ----a-w- C:\windows\System32\XAudio2_7.dll
2014-02-24 02:33:01 2526056 ----a-w- C:\windows\System32\D3DCompiler_43.dll
2014-02-24 02:33:01 2106216 ----a-w- C:\windows\SysWow64\D3DCompiler_43.dll
2014-02-24 02:32:58 276832 ----a-w- C:\windows\System32\d3dx11_43.dll
2014-02-24 02:32:58 248672 ----a-w- C:\windows\SysWow64\d3dx11_43.dll
2014-02-24 02:31:47 6072008 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\90c290551cf310801\onedrivesetup.exe
2014-02-23 10:48:44 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{196138A6-13E7-49A6-AD1F-E4C0FE1061E8}\mpengine.dll
2014-02-22 10:22:40 10536864 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-21 09:45:24 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C72A99ED-209D-4C7E-B478-4DBC536AA143}\gapaengine.dll
2014-02-21 03:03:29 -------- d-----w- C:\Program Files (x86)\Ghost Mouse Auto Clicker
2014-02-12 23:52:51 6573056 ----a-w- C:\windows\System32\mstscax.dll
2014-02-12 23:52:51 5693440 ----a-w- C:\windows\SysWow64\mstscax.dll
2014-02-12 02:08:42 548864 ----a-w- C:\windows\System32\vbscript.dll
2014-02-12 02:07:50 658432 ----a-w- C:\windows\System32\RMActivate_isv.exe
.
==================== Find3M ====================
.
2014-02-22 11:17:32 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-22 11:17:32 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-02-06 11:30:46 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\windows\SysWow64\wininet.dll
2014-01-19 07:33:29 270496 ------w- C:\windows\System32\MpSigStub.exe
2014-01-10 13:40:12 58560 ----a-w- C:\windows\SysWow64\sirenacm.dll
2014-01-10 13:31:32 322240 ----a-w- C:\windows\WLXPGSS.SCR
2014-01-06 19:23:36 4558848 ----a-w- C:\windows\SysWow64\GPhotos.scr
2013-12-24 23:09:41 1987584 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\windows\System32\d3d10warp.dll
2013-12-21 08:56:47 454656 ----a-w- C:\windows\SysWow64\vbscript.dll
2013-12-18 21:09:39 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-06 02:30:08 2048 ----a-w- C:\windows\System32\msxml3r.dll
2013-12-06 02:30:08 1882112 ----a-w- C:\windows\System32\msxml3.dll
2013-12-06 02:02:08 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
2013-12-06 02:02:08 1237504 ----a-w- C:\windows\SysWow64\msxml3.dll
2013-12-04 02:27:33 485888 ----a-w- C:\windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\windows\System32\msdrm.dll
2013-12-04 02:16:51 626176 ----a-w- C:\windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-27 01:42:42 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys
2013-11-27 01:42:20 99840 ----a-w- C:\windows\System32\drivers\usbccgp.sys
2013-11-27 01:42:18 325120 ----a-w- C:\windows\System32\drivers\usbport.sys
2013-11-27 01:42:16 53248 ----a-w- C:\windows\System32\drivers\usbehci.sys
2013-11-27 01:42:13 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys
2013-11-27 01:42:12 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys
2013-11-27 01:42:08 7808 ----a-w- C:\windows\System32\drivers\usbd.sys
2013-11-26 23:58:02 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2013-11-26 23:58:02 194048 ----a-w- C:\windows\SysWow64\elshyph.dll
2013-11-26 11:40:00 376768 ----a-w- C:\windows\System32\drivers\netio.sys
2013-11-26 10:32:56 3156480 ----a-w- C:\windows\System32\win32k.sys
.
============= FINISH: 10:29:48.43 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 29/8/2013 12:29:31 AM
System Uptime: 24/2/2014 10:11:14 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0GGRV5
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz | CPU 1 | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 388.116 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Community Help
Adobe Flash Player 12 Plugin
Adobe Photoshop CS5.1
Adobe Reader X (10.1.9) MUI
Advanced Audio FX Engine
AMD APP SDK Runtime
ATI AVIVO64 Codecs
ATI Catalyst Install Manager
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
Combined Community Codec Pack 2013-11-27
CometBird 11.0 (x86 en-US)
Compatibility Pack for the 2007 Office system
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Edoc Viewer
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Product Registration
Dell Stage
Dell Stage Remote
Dell Support Center
Dell Touchpad
Dell VideoStage
Dell Webcam Central
DirectX 9 Runtime
DW WLAN Card
Elevated Installer
Encrypt Files v1.5
FileZilla Client 3.7.3
Garmin Express
Garmin Express Tray
Garmin USB Drivers
Ghost Mouse Auto Clicker 3.8.7
Google Earth
Google Update Helper
High-Definition Video Playback
IDT Audio
Intel(R) Display Audio Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java 7 Update 51
Java Auto Updater
Java(TM) 6 Update 27 (64-bit)
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Office Publisher 2003
Microsoft Office Starter 2010 - English
Microsoft Office XP Web Components
Microsoft OneDrive
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
Movie Maker
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Movie ThemePack Basic
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
OSM generic routable
Pale Moon 24.1.1 (x64 en-US)
Pale Moon 24.3.2 (x86 en-US)
PDF Settings CS5
Photo Common
Photo Gallery
PhotoShowExpress
Picasa 3
PowerXpressHybrid
PX Profile Update
Quickset64
Rapport
RBVirtualFolder64Inst
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
SeaMonkey 2.22.1 (x86 en-US)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Skype 6.11
Sonic CinePlayer Decoder Pack
SUPERAntiSpyware
SyncUP
TeamSpeak 3 Client
TeamViewer 9
Trusteer Endpoint Protection
Vuze
WIDCOMM Bluetooth Software
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.11 (64-bit)
WinZip 17.5
Zinio Reader 4
.
==== End Of File ===========================
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-02-24 11:04:02
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465.76GB
Running: rjfdwm09.exe; Driver: C:\Users\kevhatch\AppData\Local\Temp\uglcrkow.sys
---- User code sections - GMER 2.1 ----
? C:\windows\system32\mssprxy.dll [2760] entry point in ".rdata" section 00000000725e71e6
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2620] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076181465 2 bytes [18, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2620] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761814bb 2 bytes [18, 76]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4696] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076181465 2 bytes [18, 76]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4696] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761814bb 2 bytes [18, 76]
.text ... * 2
---- Processes - GMER 2.1 ----
Library c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{196138A6-13E7-49A6-AD1F-E4C0FE1061E8}\offreg.dll (*** suspicious ***) @ c:\Program Files\Microsoft Security Client\MsMpEng.exe [868](2014-02-24 10:30:23) 000007fef1d70000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015007f6c3b
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e5e96004
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e5e96004 @001a8ac541c4 0xFC 0xAA 0x43 0xE0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc7737048afc
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015007f6c3b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9439e5e96004 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9439e5e96004@001 a8ac541c4 0xFC 0xAA 0x43 0xE0 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc7737048afc (not active ControlSet)
---- EOF - GMER 2.1 ----
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.02.24.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
kevhatch :: KEVHATCH-PC [administrator]
24/2/2014 9:43:08 AM
mbam-log-2014-02-24 (09-43-08).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 239603
Time elapsed: 13 minute(s), 29 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 5
HKCR\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKCU\Software\iVIDI Plugin (PUP.Optional.Ividi.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT2504091 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{BA14329E-9550-4989-B3F2-9732E92D17CC} (PUP.Optional.Conduit) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{BA14329E-9550-4989-B3F2-9732E92D17CC} (PUP.Optional.Conduit) -> Data: Vuze Remote Toolbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{BA14329E-9550-4989-B3F2-9732E92D17CC} (PUP.Optional.Conduit) -> Data: -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 3
C:\Users\kevhatch\AppData\Local\Temp\ct2504091 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT2504091 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
Files Detected: 20
C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\kevhatch\AppData\Local\Temp\IMsetup.exe (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
C:\Users\kevhatch\AppData\Local\Temp\Install_BubbleDock.exe (PUP.Optional.BubbleDock.A) -> Quarantined and deleted successfully.
C:\Users\kevhatch\AppData\Local\Temp\Install_BubbleDock_new.exe (PUP.Optional.BubbleDock.A) -> Quarantined and deleted successfully.
C:\Users\kevhatch\AppData\Local\Temp\UpdateCheckerSetup.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
C:\Users\kevhatch\AppData\Local\Temp\ct2504091\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\kevhatch\AppData\Local\Temp\ct2504091\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\kevhatch\AppData\Local\Temp\ct2504091\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\kevhatch\AppData\Local\Temp\ct2504091\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\kevhatch\AppData\Local\Conduit\CT2504091\Vuze_RemoteAutoUpdateHelp er.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\kevhatch\Local Settings\Temporary Internet Files\Content.IE5\2LC52MWG\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\kevhatch\Local Settings\Temporary Internet Files\Content.IE5\2LC52MWG\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\kevhatch\Local Settings\Temporary Internet Files\Content.IE5\OUHPOKQT\stublogic[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\kevhatch\Local Settings\Temporary Internet Files\Content.IE5\Z3N5R89H\Vuze_Remote[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\kevhatch\AppData\Local\Temp\ct2504091\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\kevhatch\AppData\Local\Temp\ct2504091\ism.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\kevhatch\AppData\Local\Temp\ct2504091\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT2504091\configutaion.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT2504091\SetupIcon.ico (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT2504091\UninstallerUI.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
(end)
# AdwCleaner v3.019 - Report created 24/02/2014 at 10:10:43
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : kevhatch - KEVHATCH-PC
# Running from : C:\Users\kevhatch\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Vuze_Remote
Folder Deleted : C:\Users\kevhatch\AppData\Local\Conduit
Folder Deleted : C:\Users\kevhatch\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\kevhatch\AppData\LocalLow\Vuze_Remote
Folder Deleted : C:\Users\kevhatch\AppData\Roaming\iPumper
File Deleted : C:\END
File Deleted : C:\windows\System32\Tasks\BackgroundContainer Startup Task
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AEDB6BCD-38CF-49C7-B349-38E2C104B8AD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DCBE7D51-BC18-4609-ACE9-9D45B18DD89B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : HKCU\Software\caphyon
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Escolade
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Show-Password
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote
Key Deleted : HKLM\Software\caphyon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Vuze_Remote
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16518
-\\ Mozilla Firefox v26.0 (en-US)
[ File : C:\Users\kevhatch\AppData\Roaming\Mozilla\Firefox\Profiles\os4ifuaa.default \prefs.js ]
Line Deleted : user_pref("extensions.scriptish.scriptvals.KOCPowerTools@mat.Options_367", "{\"includeCity\":true,\"includeMarching\":true,\"includeTraining\":false,\ "includeTrainingTotal\":false,\"encRemaining\":tru[...]
*************************
AdwCleaner[R0].txt - [1337 octets] - [10/09/2013 23:42:10]
AdwCleaner[R1].txt - [1992 octets] - [19/10/2013 15:06:44]
AdwCleaner[R2].txt - [2526 octets] - [14/11/2013 09:25:52]
AdwCleaner[R3].txt - [3844 octets] - [24/02/2014 10:09:04]
AdwCleaner[S0].txt - [2091 octets] - [19/10/2013 15:08:10]
AdwCleaner[S1].txt - [2588 octets] - [14/11/2013 09:26:59]
AdwCleaner[S2].txt - [3609 octets] - [24/02/2014 10:10:43]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3669 octets] ##########
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/24/2014 at 11:35 AM
Application Version : 5.7.1018
Core Rules Database Version : 10842
Trace Rules Database Version: 8654
Scan type : Quick Scan
Total Scan Time : 00:18:51
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 615
Memory threats detected : 0
Registry items scanned : 60572
Registry threats detected : 0
File items scanned : 29914
File threats detected : 3
Adware.Tracking Cookie
C:\Users\kevhatch\AppData\Roaming\Microsoft\Windows\Cookies\NO3ZCDE8.txt [ /doubleclick.net ]
C:\Users\kevhatch\AppData\Roaming\Microsoft\Windows\Cookies\XIJOTFF7.txt [ /atdmt.com ]
C:\Users\kevhatch\AppData\Roaming\Microsoft\Windows\Cookies\I13K5Y5Q.txt [ /c.atdmt.com ]
I was in msconfig and noticed a new item in start up .. Background container .. I Googled it and found it to be an undesirable item.
The only thing I have d/loaded recently is ghost mouse auto clicker from here - http://download.cnet.com/Ghost-Mouse...-75322043.html
I have run Malwarebytes, ADW Cleaner and SAS but Background container still remains in start up (logs also posted).
I am not having any problems with the laptop but would like to remove the Background container if possible.
Thanks
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:24:33 AM, on 24/2/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\CometBird\cometbird.exe
C:\Program Files (x86)\CometBird\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Users\kevhatch\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.yahoo.com/?type=994...=spigot-yhp-ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\kevhatch\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\kevhatch\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd6 4"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7280 bytes
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.51.2
Run by kevhatch at 10:29:11 on 2014-02-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.8100.5927 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\windows\Explorer.EXE
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\CometBird\cometbird.exe
C:\Program Files (x86)\CometBird\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://uk.search.yahoo.com/?type=994519&fr=spigot-yhp-ie
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRunOnce: [Uninstall C:\Users\kevhatch\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\kevhatch\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd6 4"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3E805C4F-A592-4AB7-BFD3-5DF9686384C6} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3E805C4F-A592-4AB7-BFD3-5DF9686384C6}\35B4953393436323 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{3E805C4F-A592-4AB7-BFD3-5DF9686384C6}\64163747E65647 : DHCPNameServer = 212.42.162.1 212.42.162.2
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\kevhatch\AppData\Roaming\Mozilla\Firefox\Profiles\os4ifuaa.default \
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxp://uk.search.yahoo.com/?type=994519&fr=spigot-yhp-ff
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-11-21 55856]
R0 RapportKE64;RapportKE64;C:\windows\System32\drivers\RapportKE64.sys [2013-8-29 295696]
R1 RapportCerberus_56758;RapportCerberus_56758;C:\ProgramData\Trusteer\Rapport \store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys [2013-8-29 589872]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-8-19 265872]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-8-19 384432]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2013-6-18 134944]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R3 bcbtums;Bluetooth USB LD Filter;C:\windows\System32\drivers\bcbtums.sys [2013-10-28 170712]
R3 BTWAMPFL;BTWAMPFL;C:\windows\System32\drivers\btwampfl.sys [2013-8-9 166104]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2011-11-21 39464]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2011-11-21 176096]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-11-21 317440]
R3 intelkmd;intelkmd;C:\windows\System32\drivers\igdpmd64.sys [2011-11-21 12223936]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\windows\System32\drivers\teamviewervpn.sys [2013-12-22 35112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-2-12 111616]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2011-3-18 25072]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-8-30 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-11-21 250984]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-2-12 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-8-30 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-8-28 1255736]
S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
S4 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-11-21 89600]
S4 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2011-11-21 204288]
S4 BcmBtRSupport;Bluetooth Driver Management Service;C:\windows\System32\BtwRSupportService.exe [2013-10-28 2255064]
S4 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-9-19 250200]
S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-21 13336]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
S4 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-26 2823000]
S4 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-8-19 1435928]
S4 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S4 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-11-21 1692480]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S4 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S4 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-22 4915040]
S4 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-11-21 2656280]
.
=============== Created Last 30 ================
.
2014-02-24 02:37:33 -------- d-----w- C:\Users\kevhatch\Tracing
2014-02-24 02:34:07 -------- d-----w- C:\windows\en
2014-02-24 02:33:04 77656 ----a-w- C:\windows\System32\XAPOFX1_5.dll
2014-02-24 02:33:04 74072 ----a-w- C:\windows\SysWow64\XAPOFX1_5.dll
2014-02-24 02:33:04 527192 ----a-w- C:\windows\SysWow64\XAudio2_7.dll
2014-02-24 02:33:04 518488 ----a-w- C:\windows\System32\XAudio2_7.dll
2014-02-24 02:33:01 2526056 ----a-w- C:\windows\System32\D3DCompiler_43.dll
2014-02-24 02:33:01 2106216 ----a-w- C:\windows\SysWow64\D3DCompiler_43.dll
2014-02-24 02:32:58 276832 ----a-w- C:\windows\System32\d3dx11_43.dll
2014-02-24 02:32:58 248672 ----a-w- C:\windows\SysWow64\d3dx11_43.dll
2014-02-24 02:31:47 6072008 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\90c290551cf310801\onedrivesetup.exe
2014-02-23 10:48:44 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{196138A6-13E7-49A6-AD1F-E4C0FE1061E8}\mpengine.dll
2014-02-22 10:22:40 10536864 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-21 09:45:24 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C72A99ED-209D-4C7E-B478-4DBC536AA143}\gapaengine.dll
2014-02-21 03:03:29 -------- d-----w- C:\Program Files (x86)\Ghost Mouse Auto Clicker
2014-02-12 23:52:51 6573056 ----a-w- C:\windows\System32\mstscax.dll
2014-02-12 23:52:51 5693440 ----a-w- C:\windows\SysWow64\mstscax.dll
2014-02-12 02:08:42 548864 ----a-w- C:\windows\System32\vbscript.dll
2014-02-12 02:07:50 658432 ----a-w- C:\windows\System32\RMActivate_isv.exe
.
==================== Find3M ====================
.
2014-02-22 11:17:32 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-22 11:17:32 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-02-06 11:30:46 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\windows\SysWow64\wininet.dll
2014-01-19 07:33:29 270496 ------w- C:\windows\System32\MpSigStub.exe
2014-01-10 13:40:12 58560 ----a-w- C:\windows\SysWow64\sirenacm.dll
2014-01-10 13:31:32 322240 ----a-w- C:\windows\WLXPGSS.SCR
2014-01-06 19:23:36 4558848 ----a-w- C:\windows\SysWow64\GPhotos.scr
2013-12-24 23:09:41 1987584 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\windows\System32\d3d10warp.dll
2013-12-21 08:56:47 454656 ----a-w- C:\windows\SysWow64\vbscript.dll
2013-12-18 21:09:39 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-06 02:30:08 2048 ----a-w- C:\windows\System32\msxml3r.dll
2013-12-06 02:30:08 1882112 ----a-w- C:\windows\System32\msxml3.dll
2013-12-06 02:02:08 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
2013-12-06 02:02:08 1237504 ----a-w- C:\windows\SysWow64\msxml3.dll
2013-12-04 02:27:33 485888 ----a-w- C:\windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\windows\System32\msdrm.dll
2013-12-04 02:16:51 626176 ----a-w- C:\windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-27 01:42:42 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys
2013-11-27 01:42:20 99840 ----a-w- C:\windows\System32\drivers\usbccgp.sys
2013-11-27 01:42:18 325120 ----a-w- C:\windows\System32\drivers\usbport.sys
2013-11-27 01:42:16 53248 ----a-w- C:\windows\System32\drivers\usbehci.sys
2013-11-27 01:42:13 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys
2013-11-27 01:42:12 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys
2013-11-27 01:42:08 7808 ----a-w- C:\windows\System32\drivers\usbd.sys
2013-11-26 23:58:02 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2013-11-26 23:58:02 194048 ----a-w- C:\windows\SysWow64\elshyph.dll
2013-11-26 11:40:00 376768 ----a-w- C:\windows\System32\drivers\netio.sys
2013-11-26 10:32:56 3156480 ----a-w- C:\windows\System32\win32k.sys
.
============= FINISH: 10:29:48.43 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 29/8/2013 12:29:31 AM
System Uptime: 24/2/2014 10:11:14 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0GGRV5
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz | CPU 1 | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 388.116 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Community Help
Adobe Flash Player 12 Plugin
Adobe Photoshop CS5.1
Adobe Reader X (10.1.9) MUI
Advanced Audio FX Engine
AMD APP SDK Runtime
ATI AVIVO64 Codecs
ATI Catalyst Install Manager
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
Combined Community Codec Pack 2013-11-27
CometBird 11.0 (x86 en-US)
Compatibility Pack for the 2007 Office system
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Edoc Viewer
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Product Registration
Dell Stage
Dell Stage Remote
Dell Support Center
Dell Touchpad
Dell VideoStage
Dell Webcam Central
DirectX 9 Runtime
DW WLAN Card
Elevated Installer
Encrypt Files v1.5
FileZilla Client 3.7.3
Garmin Express
Garmin Express Tray
Garmin USB Drivers
Ghost Mouse Auto Clicker 3.8.7
Google Earth
Google Update Helper
High-Definition Video Playback
IDT Audio
Intel(R) Display Audio Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java 7 Update 51
Java Auto Updater
Java(TM) 6 Update 27 (64-bit)
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Office Publisher 2003
Microsoft Office Starter 2010 - English
Microsoft Office XP Web Components
Microsoft OneDrive
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
Movie Maker
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Movie ThemePack Basic
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
OSM generic routable
Pale Moon 24.1.1 (x64 en-US)
Pale Moon 24.3.2 (x86 en-US)
PDF Settings CS5
Photo Common
Photo Gallery
PhotoShowExpress
Picasa 3
PowerXpressHybrid
PX Profile Update
Quickset64
Rapport
RBVirtualFolder64Inst
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
SeaMonkey 2.22.1 (x86 en-US)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Skype 6.11
Sonic CinePlayer Decoder Pack
SUPERAntiSpyware
SyncUP
TeamSpeak 3 Client
TeamViewer 9
Trusteer Endpoint Protection
Vuze
WIDCOMM Bluetooth Software
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.11 (64-bit)
WinZip 17.5
Zinio Reader 4
.
==== End Of File ===========================
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-02-24 11:04:02
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465.76GB
Running: rjfdwm09.exe; Driver: C:\Users\kevhatch\AppData\Local\Temp\uglcrkow.sys
---- User code sections - GMER 2.1 ----
? C:\windows\system32\mssprxy.dll [2760] entry point in ".rdata" section 00000000725e71e6
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2620] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076181465 2 bytes [18, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2620] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761814bb 2 bytes [18, 76]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4696] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076181465 2 bytes [18, 76]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4696] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761814bb 2 bytes [18, 76]
.text ... * 2
---- Processes - GMER 2.1 ----
Library c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{196138A6-13E7-49A6-AD1F-E4C0FE1061E8}\offreg.dll (*** suspicious ***) @ c:\Program Files\Microsoft Security Client\MsMpEng.exe [868](2014-02-24 10:30:23) 000007fef1d70000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015007f6c3b
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e5e96004
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e5e96004 @001a8ac541c4 0xFC 0xAA 0x43 0xE0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc7737048afc
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015007f6c3b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9439e5e96004 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9439e5e96004@001 a8ac541c4 0xFC 0xAA 0x43 0xE0 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc7737048afc (not active ControlSet)
---- EOF - GMER 2.1 ----
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.02.24.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
kevhatch :: KEVHATCH-PC [administrator]
24/2/2014 9:43:08 AM
mbam-log-2014-02-24 (09-43-08).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 239603
Time elapsed: 13 minute(s), 29 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 5
HKCR\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKCU\Software\iVIDI Plugin (PUP.Optional.Ividi.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT2504091 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{BA14329E-9550-4989-B3F2-9732E92D17CC} (PUP.Optional.Conduit) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{BA14329E-9550-4989-B3F2-9732E92D17CC} (PUP.Optional.Conduit) -> Data: Vuze Remote Toolbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{BA14329E-9550-4989-B3F2-9732E92D17CC} (PUP.Optional.Conduit) -> Data: -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 3
C:\Users\kevhatch\AppData\Local\Temp\ct2504091 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT2504091 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
Files Detected: 20
C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\kevhatch\AppData\Local\Temp\IMsetup.exe (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
C:\Users\kevhatch\AppData\Local\Temp\Install_BubbleDock.exe (PUP.Optional.BubbleDock.A) -> Quarantined and deleted successfully.
C:\Users\kevhatch\AppData\Local\Temp\Install_BubbleDock_new.exe (PUP.Optional.BubbleDock.A) -> Quarantined and deleted successfully.
C:\Users\kevhatch\AppData\Local\Temp\UpdateCheckerSetup.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
C:\Users\kevhatch\AppData\Local\Temp\ct2504091\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\kevhatch\AppData\Local\Temp\ct2504091\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\kevhatch\AppData\Local\Temp\ct2504091\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\kevhatch\AppData\Local\Temp\ct2504091\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\kevhatch\AppData\Local\Conduit\CT2504091\Vuze_RemoteAutoUpdateHelp er.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\kevhatch\Local Settings\Temporary Internet Files\Content.IE5\2LC52MWG\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\kevhatch\Local Settings\Temporary Internet Files\Content.IE5\2LC52MWG\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\kevhatch\Local Settings\Temporary Internet Files\Content.IE5\OUHPOKQT\stublogic[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\kevhatch\Local Settings\Temporary Internet Files\Content.IE5\Z3N5R89H\Vuze_Remote[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\kevhatch\AppData\Local\Temp\ct2504091\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\kevhatch\AppData\Local\Temp\ct2504091\ism.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\kevhatch\AppData\Local\Temp\ct2504091\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT2504091\configutaion.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT2504091\SetupIcon.ico (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT2504091\UninstallerUI.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
(end)
# AdwCleaner v3.019 - Report created 24/02/2014 at 10:10:43
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : kevhatch - KEVHATCH-PC
# Running from : C:\Users\kevhatch\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Vuze_Remote
Folder Deleted : C:\Users\kevhatch\AppData\Local\Conduit
Folder Deleted : C:\Users\kevhatch\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\kevhatch\AppData\LocalLow\Vuze_Remote
Folder Deleted : C:\Users\kevhatch\AppData\Roaming\iPumper
File Deleted : C:\END
File Deleted : C:\windows\System32\Tasks\BackgroundContainer Startup Task
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AEDB6BCD-38CF-49C7-B349-38E2C104B8AD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DCBE7D51-BC18-4609-ACE9-9D45B18DD89B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : HKCU\Software\caphyon
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Escolade
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Show-Password
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote
Key Deleted : HKLM\Software\caphyon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Vuze_Remote
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16518
-\\ Mozilla Firefox v26.0 (en-US)
[ File : C:\Users\kevhatch\AppData\Roaming\Mozilla\Firefox\Profiles\os4ifuaa.default \prefs.js ]
Line Deleted : user_pref("extensions.scriptish.scriptvals.KOCPowerTools@mat.Options_367", "{\"includeCity\":true,\"includeMarching\":true,\"includeTraining\":false,\ "includeTrainingTotal\":false,\"encRemaining\":tru[...]
*************************
AdwCleaner[R0].txt - [1337 octets] - [10/09/2013 23:42:10]
AdwCleaner[R1].txt - [1992 octets] - [19/10/2013 15:06:44]
AdwCleaner[R2].txt - [2526 octets] - [14/11/2013 09:25:52]
AdwCleaner[R3].txt - [3844 octets] - [24/02/2014 10:09:04]
AdwCleaner[S0].txt - [2091 octets] - [19/10/2013 15:08:10]
AdwCleaner[S1].txt - [2588 octets] - [14/11/2013 09:26:59]
AdwCleaner[S2].txt - [3609 octets] - [24/02/2014 10:10:43]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3669 octets] ##########
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/24/2014 at 11:35 AM
Application Version : 5.7.1018
Core Rules Database Version : 10842
Trace Rules Database Version: 8654
Scan type : Quick Scan
Total Scan Time : 00:18:51
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 615
Memory threats detected : 0
Registry items scanned : 60572
Registry threats detected : 0
File items scanned : 29914
File threats detected : 3
Adware.Tracking Cookie
C:\Users\kevhatch\AppData\Roaming\Microsoft\Windows\Cookies\NO3ZCDE8.txt [ /doubleclick.net ]
C:\Users\kevhatch\AppData\Roaming\Microsoft\Windows\Cookies\XIJOTFF7.txt [ /atdmt.com ]
C:\Users\kevhatch\AppData\Roaming\Microsoft\Windows\Cookies\I13K5Y5Q.txt [ /c.atdmt.com ]