TechSpot

Toolbar.Widgi problem

Inactive
By Will Harris
Feb 7, 2013
  1. I run ESET and came up with a warning Win32/Toolbar.Widgi
    I followed the step and copied the logs into the post.
    Any help would be appreciated!

    Malwarebytes Anti-Malware (Trial) 1.70.0.1100
    www.malwarebytes.org
    Database version: v2013.02.07.07
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Will :: WILL-PC [administrator]
    Protection: Enabled
    2/7/2013 10:01:06 AM
    mbam-log-2013-02-07 (10-01-06).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 212242
    Time elapsed: 57 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume4
    Install Date: 5/1/2012 11:36:34 AM
    System Uptime: 2/7/2013 8:25:57 AM (2 hours ago)
    .
    Motherboard: Apple Inc. | | Mac-942B59F58194171B
    Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz | U2E1 | 2584/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 117 GiB total, 35.89 GiB free.
    D: is CDROM ()
    E: is FIXED (HFS) - 116 GiB total, 103.174 GiB free.
    F: is Removable
    T: is NetworkDisk (NTFS) - 1863 GiB total, 802.968 GiB free.
    U: is NetworkDisk (NTFS) - 1763 GiB total, 1406.329 GiB free.
    V: is NetworkDisk (NTFS) - 1863 GiB total, 802.968 GiB free.
    W: is NetworkDisk (NTFS) - 1863 GiB total, 802.968 GiB free.
    Y: is NetworkDisk (NTFS) - 1863 GiB total, 802.968 GiB free.
    Z: is NetworkDisk (NTFS) - 1863 GiB total, 802.968 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP56: 12/3/2012 12:26:34 PM - Scheduled Checkpoint
    RP57: 12/11/2012 9:01:41 AM - Scheduled Checkpoint
    RP58: 12/18/2012 10:59:43 AM - Scheduled Checkpoint
    RP59: 12/26/2012 1:17:53 PM - Scheduled Checkpoint
    RP60: 1/3/2013 12:02:17 PM - Scheduled Checkpoint
    RP61: 1/10/2013 12:14:18 PM - Scheduled Checkpoint
    RP62: 1/18/2013 11:39:46 AM - Scheduled Checkpoint
    RP63: 1/28/2013 9:19:54 AM - Scheduled Checkpoint
    RP64: 2/4/2013 10:01:30 AM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    3Dconnexion 3DxSoftware (x64 Edition)
    3Dconnexion 3DxWare (x64)
    3Dconnexion Add-In for AutoCAD 2007 - 2010
    3Dconnexion Add-In for Inventor 11 - 2013
    3Dconnexion Add-In for Solid Edge V18 - ST4
    3Dconnexion Add-In for SolidWorks 2005 - 2012 (x64)
    3Dconnexion Add-On for XSI v5.0 - 2013
    3Dconnexion Collage
    3Dconnexion Extension for SketchUp
    3Dconnexion LCD Applets for SpacePilot PRO (x64)
    3Dconnexion Plug-In for 3ds Max v9 - 2013
    3Dconnexion Plug-in for Acrobat 3D
    3Dconnexion Plug-In for Maya v8.5 - 2013
    3Dconnexion Plug-In for NX v3.0 - v8.0
    3Dconnexion Plug-In for Photoshop CS3 - CS6
    3Dconnexion Plug-In for Pro/ENGINEER Wildfire 3.0 - Creo 2.0
    3Dconnexion Trainer
    Acronis True Image Home 2012
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.3)
    Apple Software Update
    AutoCAD Electrical 2009
    AutoCAD Electrical 2009 Service Pack 3
    AutoCAD Electrical 2010
    AutoCAD Electrical 2010 Language Pack - English
    AutoCAD Electrical 2010 Version 2
    Boot Camp Services
    BufferChm
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Destinations
    DocProc
    Dropbox
    DWG TrueView 2013
    EPSON WorkForce 1100 Series Printer Uninstall
    ESET NOD32 Antivirus
    GPBaseService2
    Hotfix for Microsoft .NET Framework 4 Client Profile (KB2652531)
    HP Imaging Device Functions 13.0
    HP Photosmart Essential 3.5
    HP Solution Center 13.0
    HP Update
    hpg5590
    HPPhotosmartEssential
    HPProductAssistant
    Intel(R) Management Engine Components
    Logitech LCD Manager
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Office 2003 Web Components
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Business 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
    Microsoft Visual Studio 2005 Tools for Applications - ENU
    Microsoft WSE 3.0 Runtime
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    OCR Software by I.R.I.S. 13.0
    Realtek High Definition Audio Driver
    Scan
    Scanjet 5590
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
    SolidWorks 2012 x64 Edition SP04
    SolidWorks eDrawings 2012 x64 Edition SP04
    SolidWorks Explorer 2012 SP04 x64 Edition
    SolutionCenter
    SpeedyPC Pro
    TeamViewer 7
    Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    VBA (2627.01)
    WebEx
    WebReg
    Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.10.3.10)
    Windows Driver Package - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5)
    Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
    Windows Driver Package - Apple Inc. Apple Broadcom Bluetooth (10/05/2010 3.2.0.1)
    Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
    Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0)
    Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)
    Windows Driver Package - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1)
    Windows Driver Package - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1)
    Windows Driver Package - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1)
    Windows Driver Package - Apple Inc. Apple ODD (05/17/2010 3.1.0.0)
    Windows Driver Package - Apple Inc. Apple System Device (04/05/2011 3.2.0.8)
    Windows Driver Package - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1)
    Windows Driver Package - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1)
    Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1)
    Windows Driver Package - Apple Inc. Apple Wireless Trackpad (01/17/2011 3.2.0.0)
    Windows Driver Package - Atheros Communications Inc. (athr) Net (11/13/2010 9.2.0.113)
    Windows Driver Package - Broadcom (b57nd60a) Net (12/02/2010 14.4.2.2)
    Windows Driver Package - Broadcom (BCM43XX) Net (04/06/2011 5.100.198.22)
    Windows Driver Package - Broadcom Corporation (bScsiSDa) SDHost (01/18/2011 1.0.0.220)
    Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (12/03/2010 6.6001.1.30)
    Windows Driver Package - Intel (e1express) Net (03/26/2010 9.13.41.0)
    Windows Driver Package - Intel (e1kexpress) Net (04/12/2010 11.6.92.0)
    Windows Driver Package - Intel (e1qexpress) Net (12/04/2009 11.4.7.0)
    Windows Driver Package - Intel (e1rexpress) Net (01/07/2010 11.4.16.0)
    Windows Driver Package - Intel (e1yexpress) Net (04/07/2010 10.1.9.0)
    Windows Driver Package - Intel System (07/20/2007 1.2.76.0)
    Windows Driver Package - Marvell (yukonx64) Net (12/06/2007 10.51.1.3)
    .
    ==== End Of File ===========================
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16421
    Run by Will at 10:11:52 on 2013-02-07
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8168.6187 [GMT -6:00]
    .
    AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    C:\Windows\system32\AppleOSSMgr.exe
    C:\Windows\system32\AppleTimeSrv.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Boot Camp\Bootcamp.exe
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Windows\System32\spool\drivers\x64\3\E_IATIFEA.EXE
    C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
    C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3dxsrv.exe
    C:\Users\Will\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
    uRun: [EPSON WorkForce 1100 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIFEA.EXE /FU "C:\Windows\TEMP\E_S4CF7.tmp" /EF "HKCU"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\Users\Will\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Will\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOLIDW~1.LNK - C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\START3~1.LNK - C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3dxsrv.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    TCP: NameServer = 68.94.156.1 68.94.157.1
    TCP: Interfaces\{E0319679-DAAB-4FBB-9E4E-6872943E2EE2} : DHCPNameServer = 68.94.156.1 68.94.157.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    SSODL: WebCheck - <orphaned>
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe
    x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
    x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AppleHFS;AppleHFS;C:\Windows\System32\drivers\AppleHFS.sys [2011-6-29 72024]
    R0 AppleMNT;AppleMNT;C:\Windows\System32\drivers\AppleMNT.sys [2011-6-29 16216]
    R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2012-5-2 133728]
    R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2012-5-2 211040]
    R0 vidsflt61;Acronis Disk Storage Filter (61);C:\Windows\System32\drivers\vsflt61.sys [2012-5-2 142944]
    R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-5-2 3450832]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-5-1 203776]
    R2 AppleOSSMgr;Apple OS Switch Manager;C:\Windows\System32\AppleOSSMgr.exe [2011-6-29 224640]
    R2 AppleTimeSrv;Apple Time Service;C:\Windows\System32\AppleTimeSrv.exe [2011-6-29 111488]
    R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2010-12-21 170640]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-1-12 810144]
    R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2010-12-21 125296]
    R2 KeyAgent;KeyAgent;C:\Windows\System32\drivers\KeyAgent.sys [2011-6-29 17752]
    R2 MacHALDriver;Mac HAL;C:\Windows\System32\drivers\MacHALDriver.sys [2011-6-29 22872]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-7 398184]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-7 682344]
    R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2011-12-16 5881952]
    R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-7-11 2673064]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-1 2655768]
    R3 acpials;ALS Sensor Filter;C:\Windows\System32\drivers\acpials.sys [2009-7-14 9728]
    R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2012-5-2 367200]
    R3 applebmt;Apple Wireless Mouse;C:\Windows\System32\drivers\applebmt.sys [2012-5-1 52736]
    R3 AppleBtBc;Apple Broadcom Built-in Bluetooth;C:\Windows\System32\drivers\AppleBtBc.sys [2012-5-1 18944]
    R3 CirrusFilter;CS420xLowerFilter;C:\Windows\System32\drivers\CS420x64.sys [2012-5-1 18432]
    R3 IRRemoteFlt;IR Receiver Filter Driver;C:\Windows\System32\drivers\IRFilter.sys [2012-5-1 18432]
    R3 KeyMagic;USB Keyboard HID Filter;C:\Windows\System32\drivers\KeyMagic.sys [2012-5-1 32256]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-7 24176]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2012-6-8 89192]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-9-12 1431888]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-5-1 59392]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-1 1255736]
    .
    =============== File Associations ===============
    .
    FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
    .
    =============== Created Last 30 ================
    .
    2013-02-07 16:00:13 -------- d-----w- C:\Users\Will\AppData\Roaming\Malwarebytes
    2013-02-07 16:00:10 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-02-07 16:00:10 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-02-07 16:00:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-02-07 15:29:02 -------- d-----w- C:\Users\Will\AppData\Roaming\SpeedyPC Software
    2013-02-07 15:29:02 -------- d-----w- C:\Users\Will\AppData\Roaming\DriverCure
    2013-02-07 15:28:53 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedyPC Software
    2013-02-07 15:28:50 -------- d-----w- C:\ProgramData\SpeedyPC Software
    2013-02-07 15:28:50 -------- d-----w- C:\Program Files (x86)\SpeedyPC Software
    2013-01-23 23:13:51 -------- d-----w- C:\Users\Will\AppData\Local\3Dconnexion
    .
    ==================== Find3M ====================
    .
    2013-01-09 16:52:40 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-09 16:52:40 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    .
    ============= FINISH: 10:12:03.33 ===============
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Please first remove SpeedyPC from your Programs List.

    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
  3. Will Harris

    Will Harris TS Rookie Topic Starter

    This is my result of following your instruction.

    # AdwCleaner v2.111 - Logfile created 02/08/2013 at 08:39:50
    # Updated 05/02/2013 by Xplode
    # Operating system : Windows 7 Professional Service Pack 1 (64 bits)
    # User : Will - WILL-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Will\Desktop\adwcleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****

    ***** [Registry] *****

    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16421
    [OK] Registry is clean.
    *************************
    AdwCleaner[S1].txt - [512 octets] - [08/02/2013 08:39:50]
    ########## EOF - C:\AdwCleaner[S1].txt - [571 octets] ##########
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Junkware Removal Tool

    Please download Junkware Removal Tool to your desktop.
    • Warning! Once the scan is complete JRT will shut down your browser with NO warning.
    • Shut down your protection software now to avoid potential conflicts.
    • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
    • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Copy and Paste the JRT.txt log into your next message.


    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From TechSpot

    Direct Link (alternative)

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    This going alright?
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, are you still with us? Please update us with the state of your situation, so we know how to continue from here.

    We'd still like to help. Topic marked inactive, until your return.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.