Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91701 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

A problem appeared this morning: nengine.dll did not start [Solved]


  • This topic is locked This topic is locked
34 replies to this topic

#1 terryfelter

terryfelter

    Authentic Member

  • Authentic Member
  • PipPip
  • 175 posts

Posted 22 February 2014 - 11:24 AM

I opened the lap top this morning, and had to do it twice, shutting down with the power key the first time.

Anyway when booted up a runDLL message popped:

There was a problem starting

C:\users\Terry\AppData\Roaming\newnext.me\nengine.dll

 

Operation did not complete successfully because the file contains a virus. 

 

I did a bit of searching and found one thread similar to mine and thought I might have a malware/virus, and the first step was to download FRST64.exe, but got another warning message about this file is not normally down loaded. 

 

Here is the HiJackThis out put

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:15:46 AM, on 2/22/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Office\Microsoft Office 97\Office\OSA.EXE
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Terry\Documents\SoftwareUpdates\HiJackThis.exe
C:\Program Files (x86)\TextPad 4\TextPad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_38_ActiveX.exe -update activex
O4 - .DEFAULT User Startup: Smart Settings.lnk = C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (User 'Default user')
O4 - Startup: Smart Settings.lnk = C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files (x86)\Office\Microsoft Office 97\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Office\Microsoft Office 2000\Office\OSA9.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files (x86)\Office\Microsoft Office 97\Office\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\Office\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\Office\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://tradestation...rt/ieatgpc1.cab
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: WebEx Service Host for Support Center (atashost) - Cisco WebEx LLC - C:\Windows\SysWOW64\atashost.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\ATService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: CyberLink Product - 2013/12/13 12:31:24 (CLKMSVC10_9EC60124) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dell Feature Enhancement Pack Service (DFEPService) - Dell Inc. - C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EmbassyService - Unknown owner - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Level Quality Watcher - Unknown owner - C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\o2flash.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Client/Server Security Agent (svcGenericHost) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
O23 - Service: NTRU TSS v1.2.1.37 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe
O23 - Service: Trend Micro Client/Server Security Agent Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: Wave Authentication Manager Service - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WvPCR - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe

--
End of file - 13150 bytes

 


    Advertisements

Register to Remove


#2 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,144 posts

Posted 24 February 2014 - 07:56 PM

Hi terryfelter,

  :welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
nengine.dll is probably a remnant of adware that was removed. I don't know why you couldn't run FRST.

Let's try a shotgun approach.

Step 1

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.
Step 3
Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it).
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#3 terryfelter

terryfelter

    Authentic Member

  • Authentic Member
  • PipPip
  • 175 posts

Posted 25 February 2014 - 07:41 AM

I guess I did not make the FRST.exe comment clear.  I did down load it, just chose not to run it.  After posting I did check my Avast and the nengine.dll was in a quarantine state.  Anyway here are the logs:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Professional x64
Ran by Terry on Tue 02/25/2014 at  6:23:55.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\quickshare_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\quickshare_rasmancs

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Terry\appdata\local\tempdir"
Successfully deleted: [Folder] "C:\Program Files (x86)\gamesbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\sweetpacks bundle uninstaller"
Successfully deleted: [Empty Folder] C:\Users\Terry\appdata\local\{D1316783-E681-4FE0-B1F5-DE359263D686}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/25/2014 at  6:29:02.44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

# AdwCleaner v3.019 - Report created 25/02/2014 at 06:31:57
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Terry - MININT-P570M4T
# Running from : C:\Users\Terry\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : Level Quality Watcher

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\TechSmith
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
Folder Deleted : C:\Program Files (x86)\TechSmith
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Users\Terry\AppData\Local\genienext
Folder Deleted : C:\Users\Terry\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Terry\AppData\Local\TechSmith
Folder Deleted : C:\Users\Terry\AppData\Roaming\newnext.me

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Scorpion Saver

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

*************************

AdwCleaner[R0].txt - [2110 octets] - [25/02/2014 06:31:22]
AdwCleaner[S0].txt - [2077 octets] - [25/02/2014 06:31:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2137 octets] ##########

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.25.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Terry :: MININT-P570M4T [administrator]

2/25/2014 6:59:38 AM
mbam-log-2014-02-25 (06-59-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 244846
Time elapsed: 19 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Terry\AppData\Local\Temp\CT3317209 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Files Detected: 7
C:\temp\000.exe (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\temp\t.msi (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\Users\Terry\AppData\Local\Temp\ICReinstall_cc_setup.exe (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\Users\Terry\AppData\Local\Temp\QS\Installer.exe (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\Terry\Downloads\Install-Chess-Free.exe (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
C:\Users\Terry\Downloads\Install-Hearts-Free.exe (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
C:\Users\Terry\AppData\Local\Temp\CT3317209\ddt.csf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

(end)



#4 terryfelter

terryfelter

    Authentic Member

  • Authentic Member
  • PipPip
  • 175 posts

Posted 25 February 2014 - 07:46 AM

I reviewed the log and found one program TechSmith/SnagIt was removed.  This is a image capture program not an adware type program.  Maybe thye shold be made aware of this and not delete it in the future.


Edited by terryfelter, 25 February 2014 - 07:47 AM.


#5 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,144 posts

Posted 25 February 2014 - 09:04 AM

Snagit and jing by Techsmith are both picked up by Avira, Kaspersky, and ESET (and others) as containing adware.  TechSmith says that this detection does not occur with the paid for program installed from their site.  They claim it only happens when the program is downloaded from an unauthorized site.  Is yours a paid program?


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#6 terryfelter

terryfelter

    Authentic Member

  • Authentic Member
  • PipPip
  • 175 posts

Posted 25 February 2014 - 12:42 PM

Yes it is a paid application, go figure?



#7 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,144 posts

Posted 25 February 2014 - 12:49 PM

I've been trying to research this and it appears that JRT is what removed it.  I believe that JRT just removed it because it has shown up in VirusTotal diagnostics numerous times as infected.  JRT did not actually "find" an infection.  I'm notifying the author of the tool as it appears to me that the "good" version is being removed as well as the "bad" version.

 

Thanks for letting me know.

 

Now... how is your system running?


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#8 terryfelter

terryfelter

    Authentic Member

  • Authentic Member
  • PipPip
  • 175 posts

Posted 25 February 2014 - 12:54 PM

On the last boot I got no errors.  The lap "seems" to boot up a little slower than it used to boot, but maybe it is perception.

Thanks



#9 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,144 posts

Posted 25 February 2014 - 12:59 PM

OOps.  JRT wasn't the tool.  It was AdwCleaner.  That author is a little harder to get ahold of but I think it's the same issue with the false positive.  I'm working on notifying him.

 

Seeing as how there is still some "drag" going on... let's go ahead and dig a little deeper.

 

Download ComboFix from here:  http://download.blee...Bs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

 

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html 
     
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.


Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix.  If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. CF disconnects your machine from the internet.  The connection is automatically restored before CF completes its run.  If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#10 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,144 posts

Posted 25 February 2014 - 01:11 PM

For your information, it turns out that snapit false positive was reported in December as well as January.  Obviously more work needs to be done to correct the targeting.  I'm working on it. :blush:


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

    Advertisements

Register to Remove


#11 terryfelter

terryfelter

    Authentic Member

  • Authentic Member
  • PipPip
  • 175 posts

Posted 25 February 2014 - 05:37 PM

The response took awhile, as ComboFix froze and I had to shut down manually and then restart the process again.

 

ComboFix 14-02-24.02 - Terry 02/25/2014  15:48:11.2.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8065.6230 [GMT -6:00]
Running from: c:\users\Terry\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Trend Micro Client/Server Security Agent Antivirus *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\security\Database\tmp.edb
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-25 to 2014-02-25  )))))))))))))))))))))))))))))))
.
.
2014-02-25 22:00 . 2014-02-25 22:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-25 14:14 . 2014-02-25 18:43 -------- d-----w- c:\programdata\TechSmith
2014-02-25 14:13 . 2014-02-25 14:13 -------- d-----w- c:\users\Terry\AppData\Local\TechSmith
2014-02-25 14:13 . 2014-02-25 14:13 -------- d-----w- c:\program files (x86)\TechSmith
2014-02-25 13:26 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{59658F00-46B7-4E18-AD16-5BB8FBAF36A9}\mpengine.dll
2014-02-25 12:44 . 2014-02-25 12:44 -------- d-----w- c:\users\Terry\AppData\Roaming\Malwarebytes
2014-02-25 12:44 . 2014-02-25 12:44 -------- d-----w- c:\programdata\Malwarebytes
2014-02-25 12:44 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-25 12:44 . 2014-02-25 12:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-25 12:44 . 2014-02-25 12:44 -------- d-----w- c:\users\Terry\AppData\Local\Programs
2014-02-25 12:31 . 2014-02-25 12:32 -------- d-----w- C:\AdwCleaner
2014-02-25 12:23 . 2014-02-25 12:23 -------- d-----w- c:\windows\ERUNT
2014-02-17 14:27 . 2014-02-17 14:27 -------- d-----w- c:\users\Terry\AppData\Roaming\AVAST Software
2014-02-17 14:20 . 2014-02-17 14:20 80184 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-02-17 13:16 . 2014-02-17 14:20 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-02-17 13:16 . 2014-02-17 14:20 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-02-17 13:16 . 2014-02-17 14:20 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-02-16 17:54 . 2013-11-26 23:29 5693440 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-02-16 17:54 . 2013-11-26 22:49 6573056 ----a-w- c:\windows\system32\mstscax.dll
2014-02-16 01:07 . 2014-02-16 01:07 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
2014-02-15 23:10 . 2013-12-04 02:16 658432 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-02-15 22:44 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-02-15 22:44 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-02-13 15:00 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 15:00 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-13 02:29 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-02-13 02:29 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-13 02:29 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-02-13 02:29 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-02-13 00:13 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-13 00:13 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-02-13 00:13 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-02-13 00:13 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-02-04 03:44 . 2014-02-04 03:44 -------- d-----w- c:\program files (x86)\Yahoo!
2014-01-30 13:19 . 2014-01-30 13:19 -------- d-----w- c:\users\Terry\AppData\Roaming\Stormdance
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-23 11:45 . 2013-12-31 04:04 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-23 11:45 . 2013-12-31 04:04 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-17 14:20 . 2013-12-31 00:15 421704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-02-17 14:20 . 2013-12-31 00:15 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-02-17 14:20 . 2013-12-31 00:15 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-02-17 14:20 . 2013-12-31 00:15 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-17 14:20 . 2013-12-31 00:15 43152 ----a-w- c:\windows\avastSS.scr
2014-02-15 23:43 . 2013-12-19 19:28 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-01-22 14:52 . 2013-12-31 00:15 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-01-06 08:38 . 2013-12-21 22:38 117024 ----a-w- c:\windows\system32\BootDefrag.exe
2014-01-06 03:28 . 2014-01-07 09:31 17088 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys
2013-12-20 14:04 . 2013-12-20 14:04 3017128 ----a-r- c:\users\Terry\AppData\Roaming\Microsoft\Installer\{5D292E0F-F1DB-4606-97A1-0B020621A139}\ScottradeELITELauncher.exe
2013-12-19 23:17 . 2013-12-19 23:17 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-19 23:17 . 2013-12-19 23:17 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-19 23:17 . 2013-12-19 23:17 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-19 23:17 . 2013-12-19 23:17 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-19 23:17 . 2013-12-19 23:17 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-19 23:17 . 2013-12-19 23:17 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-19 23:17 . 2013-12-19 23:17 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-19 23:17 . 2013-12-19 23:17 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-19 23:17 . 2013-12-19 23:17 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-19 23:17 . 2013-12-19 23:17 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-19 23:17 . 2013-12-19 23:17 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-19 23:17 . 2013-12-19 23:17 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-19 23:17 . 2013-12-19 23:17 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-19 23:17 . 2013-12-19 23:17 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-19 23:17 . 2013-12-19 23:17 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-19 23:17 . 2013-12-19 23:17 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-19 23:17 . 2013-12-19 23:17 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-19 23:16 . 2013-12-19 23:16 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-19 23:16 . 2013-12-19 23:16 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-19 23:16 . 2013-12-19 23:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-19 23:16 . 2013-12-19 23:16 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-19 23:16 . 2013-12-19 23:16 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-19 23:16 . 2013-12-19 23:16 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-19 23:16 . 2013-12-19 23:16 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-19 23:16 . 2013-12-19 23:16 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-19 23:16 . 2013-12-19 23:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-19 23:16 . 2013-12-19 23:16 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-19 23:16 . 2013-12-19 23:16 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-19 23:16 . 2013-12-19 23:16 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-19 23:16 . 2013-12-19 23:16 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-19 23:16 . 2013-12-19 23:16 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-19 23:16 . 2013-12-19 23:16 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-19 23:16 . 2013-12-19 23:16 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-19 23:16 . 2013-12-19 23:16 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-19 23:16 . 2013-12-19 23:16 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-19 23:16 . 2013-12-19 23:16 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-19 23:16 . 2013-12-19 23:16 413696 ----a-w- c:\windows\system32\html.iec
2013-12-19 23:16 . 2013-12-19 23:16 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-19 23:16 . 2013-12-19 23:16 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-19 23:16 . 2013-12-19 23:16 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-19 23:16 . 2013-12-19 23:16 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-19 23:16 . 2013-12-19 23:16 235520 ----a-w- c:\windows\system32\url.dll
2013-12-19 23:16 . 2013-12-19 23:16 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-19 23:16 . 2013-12-19 23:16 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-19 23:16 . 2013-12-19 23:16 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-19 23:16 . 2013-12-19 23:16 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-19 23:16 . 2013-12-19 23:16 101376 ----a-w- c:\windows\system32\inseng.dll
2013-12-19 23:16 . 2013-12-19 23:16 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-19 23:16 . 2013-12-19 23:16 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-19 23:16 . 2013-12-19 23:16 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-19 23:16 . 2013-12-19 23:16 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-19 23:16 . 2013-12-19 23:16 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-12-19 23:15 . 2013-12-19 23:15 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-12-19 23:15 . 2013-12-19 23:15 859648 ----a-w- c:\windows\system32\tdh.dll
2013-12-19 23:15 . 2013-12-19 23:15 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-12-19 23:15 . 2013-12-19 23:15 362496 ----a-w- c:\windows\system32\wow64win.dll
2013-12-19 23:15 . 2013-12-19 23:15 243712 ----a-w- c:\windows\system32\wow64.dll
2013-12-19 23:15 . 2013-12-19 23:15 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-12-19 23:15 . 2013-12-19 23:15 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2013-12-19 23:15 . 2013-12-19 23:15 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2013-12-19 23:15 . 2013-12-19 23:15 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-12-19 23:15 . 2013-12-19 23:15 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2013-12-19 23:15 . 2013-12-19 23:15 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2013-12-19 23:15 . 2013-12-19 23:15 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-12-19 23:15 . 2013-12-19 23:15 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-12-19 23:15 . 2013-12-19 23:15 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-12-19 23:15 . 2013-12-19 23:15 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-12-19 23:15 . 2013-12-19 23:15 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-12-19 23:15 . 2013-12-19 23:15 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-12-19 23:15 . 2013-12-19 23:15 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-12-19 23:15 . 2013-12-19 23:15 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-12-19 23:15 . 2013-12-19 23:15 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-12-19 23:15 . 2013-12-19 23:15 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-12-19 23:15 . 2013-12-19 23:15 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-12-19 22:38 . 2013-12-19 22:39 117544 ----a-w- c:\windows\SysWow64\atashost.exe
2013-12-19 22:38 . 2013-12-19 22:39 209192 ----a-w- c:\windows\SysWow64\atsckernel.exe
2013-12-19 20:01 . 2013-12-19 20:01 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-19 20:01 . 2013-12-19 20:01 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-19 20:01 . 2013-12-19 20:01 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-19 20:01 . 2013-12-19 20:01 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-19 20:01 . 2013-12-19 20:01 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-19 20:01 . 2013-12-19 20:01 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-19 20:01 . 2013-12-19 20:01 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-12-19 20:01 . 2013-12-19 20:01 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-19 20:01 . 2013-12-19 20:01 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-19 20:01 . 2013-12-19 20:01 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-12-19 20:01 . 2013-12-19 20:01 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-19 20:01 . 2013-12-19 20:01 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2011-08-11 75048]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" [2011-02-27 1708048]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2012-02-29 133400]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-17 3767096]
.
c:\users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-5-8 506904]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files (x86)\Office\Microsoft Office 97\Office\FINDFAST.EXE [1997-7-11 122880]
Microsoft Office.lnk - c:\program files (x86)\Office\Microsoft Office 2000\Office\OSA9.EXE -b -l [1999-2-17 65588]
Office Startup.lnk - c:\program files (x86)\Office\Microsoft Office 97\Office\OSA.EXE -b [1997-7-11 61440]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-5-8 506904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2013/12/13 12:31;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDFw7x64.sys [x]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDRw7x64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 ST7007;ST7007;c:\windows\system32\drivers\ST7007.sys;c:\windows\SYSNATIVE\drivers\ST7007.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WvPCR;WvPCR;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys;c:\windows\SYSNATIVE\DRIVERS\tmlwf.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe;c:\windows\SysWOW64\atashost.exe [x]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe;c:\program files\Fingerprint Sensor\ATService.exe [x]
S2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe [x]
S2 EmbassyService;EmbassyService;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [x]
S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [x]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [x]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\tmwfp.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdjw7x64.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_ACCEL.sys;c:\windows\SYSNATIVE\DRIVERS\ST_ACCEL.sys [x]
S3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [x]
S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-25 c:\windows\Tasks\GlaryInitialize 4.job
- c:\program files (x86)\Glary Utilities 4\Initialize.exe [2014-01-06 08:37]
.
2014-02-23 c:\windows\Tasks\TradeStation Backup - Monthly.job
- c:\program files (x86)\TradeStation 9.1\Program\TSBackupRestore.exe [2013-11-07 10:03]
.
2014-02-23 c:\windows\Tasks\TradeStation Backup - Weekly.job
- c:\program files (x86)\TradeStation 9.1\Program\TSBackupRestore.exe [2013-11-07 10:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-17 14:20 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-12-08 16:45 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-12-08 16:45 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2012-01-26 626552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-25 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-25 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-25 439064]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-02-14 1425408]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-12-08 381296]
"DFEPApplication"="c:\program files\Dell\Feature Enhancement Pack\DFEPApplication.exe" [2012-05-08 7078424]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\Office\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 8.8.8.8
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-FileParade Bundle - c:\program files (x86)\sweetpacks bundle uninstaller\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-25  16:02:10
ComboFix-quarantined-files.txt  2014-02-25 22:02
.
Pre-Run: 179,992,825,856 bytes free
Post-Run: 179,619,155,968 bytes free
.
- - End Of File - - D82B92E53CE9B965766C328ED97C4264
 



#12 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,144 posts

Posted 25 February 2014 - 06:52 PM

It would appear that Trend Micro was running when you ran ComboFix.  There is a good chance that is what caused it to hang.  That leads me to the observation that you have two Anti-virus programs.  AVAST! and Trend Micro.  Currently, one is enabled while the other is disabled.  Having two running can cause all kinds of problems.  I would advise you to uninstall one of them to avoid any problems.  If you always keep one disabled... technically you should be OK, but I would still recommend removing one of them.

 

ComboFix didn't find anything except a few orphans left over from the previous tools.  Let's get an online scan.  This is a good way to go instead of having a second anti-virus program installed.  But it takes a long time.  Probably hours.

 

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
 

  • Please go here then click on: EOLS1.gif

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option   YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is  checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: EOLS4.gif
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
 

 


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#13 terryfelter

terryfelter

    Authentic Member

  • Authentic Member
  • PipPip
  • 175 posts

Posted 25 February 2014 - 09:27 PM

I don't think the intermittent behavior of my internet will allow an online search.  Perhaps a down loadable one?

 

Well it finally worked after the fourth try:

C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe.vir a variant of Win32/AdWare.Adpeak.B application
C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe.vir a variant of Win64/Adware.Adpeak.B application
C:\AdwCleaner\Quarantine\C\Users\Terry\AppData\Local\genienext\nengine.dll.vir Win32/NextLive.A potentially unwanted application
C:\Program Files (x86)\Cheat Engine 6.2\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application
C:\Program Files (x86)\Cheat Engine 6.2\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
C:\Program Files (x86)\Cheat Engine 6.3\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application
C:\Program Files (x86)\Cheat Engine 6.3\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
C:\Users\Terry\Documents\Games\Trainers\CheatEngine53.exe a variant of Win32/HackTool.CheatEngine.AA potentially unsafe application
C:\Users\Terry\Documents\InvestorsBusinessDaily\jenkatgame_9944.exe a variant of Win32/InstallIQ.A potentially unwanted application
C:\Users\Terry\Documents\My Cheat Tables\homm6_plus6_trainer.EXE a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
C:\Users\Terry\Documents\My Cheat Tables\CET820\homm6_plus6_trainer.EXE a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
C:\Users\Terry\Documents\SoftwareUpdates\100freechess-setup.exe Win32/DownloadAdmin.G potentially unwanted application
C:\Users\Terry\Documents\SoftwareUpdates\100freehearts-setup.exe Win32/DownloadAdmin.G potentially unwanted application
C:\Users\Terry\Documents\SoftwareUpdates\ARO2013_tbt.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\Terry\Documents\SoftwareUpdates\cbsidlm-tr1_12-Sudoku-SEO-10668151.exe Win32/DownloadAdmin.G potentially unwanted application
C:\Users\Terry\Documents\SoftwareUpdates\ccsetup323.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Users\Terry\Documents\SoftwareUpdates\ccsetup400.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Terry\Documents\SoftwareUpdates\ccsetup409.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Terry\Documents\SoftwareUpdates\CheatEngine53.exe a variant of Win32/HackTool.CheatEngine.AA potentially unsafe application
C:\Users\Terry\Documents\SoftwareUpdates\CheatEngine54.exe a variant of Win32/HackTool.CheatEngine.AA potentially unsafe application
C:\Users\Terry\Documents\SoftwareUpdates\CheatEngine61.exe Win32/OpenCandy potentially unsafe application
C:\Users\Terry\Documents\SoftwareUpdates\CheatEngine62.exe Win32/OpenCandy potentially unsafe application
C:\Users\Terry\Documents\SoftwareUpdates\DriverSweeper_3.0.0.exe Win32/OpenCandy potentially unsafe application
C:\Users\Terry\Documents\SoftwareUpdates\Final_Fantasy_III_rom_for_snes_by_progameroms.rar.exe Win32/Adware.1ClickDownload.AC application
C:\Users\Terry\Documents\SoftwareUpdates\Glary_Utilities_TSV19IPG.exe a variant of Win32/Wajam.F potentially unwanted application
C:\Users\Terry\Documents\SoftwareUpdates\GOMPLAYERENSETUP.EXE a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Terry\Documents\SoftwareUpdates\IZArc4.1.6.exe Win32/OpenCandy potentially unsafe application
C:\Users\Terry\Documents\SoftwareUpdates\mahjongsolitaire7-setup.exe Win32/DownloadAdmin.G potentially unwanted application
C:\Users\Terry\Documents\SoftwareUpdates\microsoft chess titans windows 7__3038_i203470221_il12297609.exe a variant of Win32/Amonetize.AA potentially unwanted application
C:\Users\Terry\Documents\SoftwareUpdates\Snes9x.exe MSIL/Solimba potentially unwanted application
C:\Users\Terry\Documents\SoftwareUpdates\SoftonicDownloader_for_gom-player.exe Win32/SoftonicDownloader.A potentially unwanted application
C:\Users\Terry\Documents\SoftwareUpdates\spidersolitaire-setup.exe Win32/DownloadAdmin.G potentially unwanted application
C:\Users\Terry\Documents\SoftwareUpdates\[www.indowebster.com]-PSX1.13BiosMemoryCard.exe a variant of Win32/Adware.MediaFinder.H application
C:\Users\Terry\Downloads\CheatEngine63.exe Win32/OpenCandy potentially unsafe application

 

Looking at the list, CheatEngine is hex editor, not dangerous, GOM  player is a media player, not dangerous, IZArc is compression (zip) software, not dangerous.  Snes9x is a game emulator, not dangerous.  CCsetups did not install any Google (Chrome) toolbar etc.  Glary_Utilities, registry repairer
 


Edited by terryfelter, 25 February 2014 - 11:36 PM.


#14 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,144 posts

Posted 25 February 2014 - 11:36 PM

I was unaware that you have intermittent internet. Is this normal or a new problem?

Your AVAST! AV is as good as any of the downloadables. Did you try ESET and it failed?

You apparently had some sort of issue in mid December. What was going on?

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#15 terryfelter

terryfelter

    Authentic Member

  • Authentic Member
  • PipPip
  • 175 posts

Posted 26 February 2014 - 05:55 AM

Work location in the woods.  Satellite connection between two carriers and it blinks off and on.

Yes the eset ran, included the output in the edit on my previous post. 

Problem in Dec was on a different lap.


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users