kokirikid

Thats interésting, i guess it's ok now,thank you mr Charlie, hope this doesn't happen again :/

ok so far nothing, but I wanna report how it runs for the next hours, Will post update during the day, MRcharlie! question So windows defender must be off if I am already using AVAST or A/Malware is that correct?

So.. That is what caused it?

Mr charlie, i cant help but notice on the logs there is always a ''windowsdefender'' enabled, does it affect the combofix scan? Also, about the china ip, I downloaded a program called tongu for iphone apps for free.. way back I got these issues, I will delete that cuz thats the only thing I can think of ''chinese program''

ComboFix 14-01-01.01 - wiz 01/02/2014 13:28:02.5.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2414 [GMT -6:00] Running from: c:\users\wiz\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-12-02 to 2014-01-02 ))))))))))))))))))))))))))))))) . . 2014-01-02 19:45 . 2014-01-02 19:45 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2014-01-02 19:45 . 2014-01-02 19:45 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-12-31 15:31 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{40A78BB2-A6F3-4370-9A5B-7762DBD602A3}\mpengine.dll 2013-12-30 20:06 . 2013-12-30 20:06 -------- d-----w- C:\FRST 2013-12-28 02:15 . 2013-12-28 02:15 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-12-28 02:15 . 2013-12-28 02:15 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-12-28 02:02 . 2013-12-28 02:02 -------- d-----w- C:\Foxit Software 2013-12-28 02:01 . 2013-12-28 02:02 -------- d-----w- c:\users\wiz\AppData\Roaming\Foxit Software 2013-12-28 02:00 . 2013-12-28 02:00 -------- d-----w- c:\program files (x86)\Foxit Software 2013-12-27 00:15 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-12-26 17:24 . 2013-12-26 18:22 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-12-26 17:19 . 2013-12-27 00:05 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-12-24 19:38 . 2013-12-24 20:19 -------- d-----w- c:\program files (x86)\JDownloader 2013-12-23 21:34 . 2013-12-26 17:09 64080 ----a-w- c:\windows\system32\drivers\UAGP35.SYS.bak 2013-12-23 21:33 . 2013-12-26 17:09 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys.bak 2013-12-23 01:42 . 2013-12-23 01:42 -------- d-----w- c:\program files\WinRAR 2013-12-23 01:39 . 2013-12-23 01:39 -------- d-----w- c:\program files (x86)\RealNetworks 2013-12-23 01:39 . 2013-12-23 01:39 -------- d-----w- c:\programdata\RealNetworks 2013-12-23 01:38 . 2013-12-23 01:38 -------- d-----w- c:\program files (x86)\Common Files\xing shared 2013-12-23 01:07 . 2013-12-23 01:07 -------- d-----w- c:\users\wiz\AppData\Roaming\AVAST Software 2013-12-23 01:06 . 2013-12-23 01:07 79672 ----a-w- c:\windows\system32\drivers\aswstm.sys 2013-12-23 01:06 . 2013-12-23 01:06 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-12-23 01:06 . 2013-12-23 01:06 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-12-23 01:06 . 2013-12-23 01:06 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-12-23 01:06 . 2013-12-23 01:06 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-12-23 01:06 . 2013-12-23 01:06 422216 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-12-23 01:06 . 2013-12-23 01:06 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-12-23 01:06 . 2013-12-23 01:06 334136 ----a-w- c:\windows\system32\aswBoot.exe 2013-12-23 01:06 . 2013-12-23 01:06 43152 ----a-w- c:\windows\avastSS.scr 2013-12-23 01:05 . 2013-12-23 01:05 -------- d-----w- c:\program files\AVAST Software 2013-12-23 01:04 . 2013-12-23 01:04 -------- d-----w- c:\programdata\AVAST Software 2013-12-23 00:08 . 2013-12-30 22:43 -------- d-----w- C:\AdwCleaner 2013-12-13 20:19 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe 2013-12-13 20:19 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe 2013-12-13 20:19 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL 2013-12-13 20:19 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL 2013-12-13 20:19 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll 2013-12-13 19:16 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-12-13 19:16 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2013-12-13 19:16 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys 2013-12-13 19:16 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll 2013-12-13 19:16 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll 2013-12-13 19:16 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll 2013-12-13 19:16 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2013-12-13 19:16 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys 2013-12-13 19:16 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys 2013-12-13 19:16 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll 2013-12-13 19:16 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2013-12-13 19:15 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx 2013-12-13 19:15 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll 2013-12-13 19:15 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx 2013-12-13 19:15 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll 2013-12-13 19:15 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe 2013-12-13 19:15 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe 2013-12-13 19:15 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe 2013-12-13 19:15 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe 2013-12-09 22:57 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2013-12-09 22:57 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-12-17 18:02 . 2013-11-26 17:46 90708896 ----a-w- c:\windows\system32\MRT.exe 2013-12-13 20:11 . 2012-07-10 21:40 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-12-13 20:11 . 2011-05-18 01:51 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-12-03 17:57 . 2013-12-03 17:57 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-12-03 17:57 . 2013-12-03 17:57 194048 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-12-03 17:57 . 2013-12-03 17:57 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-12-03 17:57 . 2013-12-03 17:57 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll 2013-12-03 17:57 . 2013-12-03 17:57 235008 ----a-w- c:\windows\system32\elshyph.dll 2013-12-03 17:57 . 2013-12-03 17:57 182272 ----a-w- c:\windows\SysWow64\msls31.dll 2013-12-03 17:57 . 2013-12-03 17:57 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll 2013-12-03 17:57 . 2013-12-03 17:57 62464 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-12-03 17:57 . 2013-12-03 17:57 337408 ----a-w- c:\windows\SysWow64\html.iec 2013-12-03 17:57 . 2013-12-03 17:57 61952 ----a-w- c:\windows\SysWow64\iesetup.dll 2013-12-03 17:57 . 2013-12-03 17:57 454656 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-12-03 17:57 . 2013-12-03 17:57 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-12-03 17:57 . 2013-12-03 17:57 151552 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-12-03 17:57 . 2013-12-03 17:57 139264 ----a-w- c:\windows\SysWow64\wextract.exe 2013-12-03 17:57 . 2013-12-03 17:57 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-12-03 17:57 . 2013-12-03 17:57 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll 2013-12-03 17:57 . 2013-12-03 17:57 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll 2013-12-03 17:57 . 2013-12-03 17:57 36352 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-12-03 17:57 . 2013-12-03 17:57 13312 ----a-w- c:\windows\SysWow64\mshta.exe 2013-12-03 17:57 . 2013-12-03 17:57 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-12-03 17:57 . 2013-12-03 17:57 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-12-03 17:57 . 2013-12-03 17:57 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-12-03 17:57 . 2013-12-03 17:57 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-12-03 17:57 . 2013-12-03 17:57 942592 ----a-w- c:\windows\system32\jsIntl.dll 2013-12-03 17:57 . 2013-12-03 17:57 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-12-03 17:57 . 2013-12-03 17:57 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-12-03 17:57 . 2013-12-03 17:57 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-12-03 17:57 . 2013-12-03 17:57 247808 ----a-w- c:\windows\system32\msls31.dll 2013-12-03 17:57 . 2013-12-03 17:57 195584 ----a-w- c:\windows\system32\msrating.dll 2013-12-03 17:57 . 2013-12-03 17:57 13312 ----a-w- c:\windows\system32\msfeedssync.exe 2013-12-03 17:57 . 2013-12-03 17:57 131072 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-12-03 17:57 . 2013-12-03 17:57 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-12-03 17:57 . 2013-12-03 17:57 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-12-03 17:57 . 2013-12-03 17:57 105984 ----a-w- c:\windows\system32\iesysprep.dll 2013-12-03 17:57 . 2013-12-03 17:57 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-12-03 17:57 . 2013-12-03 17:57 616104 ----a-w- c:\windows\system32\ieapfltr.dat 2013-12-03 17:57 . 2013-12-03 17:57 453120 ----a-w- c:\windows\system32\dxtmsft.dll 2013-12-03 17:57 . 2013-12-03 17:57 413696 ----a-w- c:\windows\system32\html.iec 2013-12-03 17:57 . 2013-12-03 17:57 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll 2013-12-03 17:57 . 2013-12-03 17:57 296960 ----a-w- c:\windows\system32\dxtrans.dll 2013-12-03 17:57 . 2013-12-03 17:57 81408 ----a-w- c:\windows\system32\icardie.dll 2013-12-03 17:57 . 2013-12-03 17:57 30208 ----a-w- c:\windows\system32\licmgr10.dll 2013-12-03 17:57 . 2013-12-03 17:57 263376 ----a-w- c:\windows\system32\iedkcs32.dll 2013-12-03 17:57 . 2013-12-03 17:57 243200 ----a-w- c:\windows\system32\webcheck.dll 2013-12-03 17:57 . 2013-12-03 17:57 235520 ----a-w- c:\windows\system32\url.dll 2013-12-03 17:57 . 2013-12-03 17:57 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-12-03 17:57 . 2013-12-03 17:57 101376 ----a-w- c:\windows\system32\inseng.dll 2013-12-03 17:57 . 2013-12-03 17:57 84992 ----a-w- c:\windows\system32\mshtmled.dll 2013-12-03 17:57 . 2013-12-03 17:57 626176 ----a-w- c:\windows\system32\msfeeds.dll 2013-12-03 17:57 . 2013-12-03 17:57 548352 ----a-w- c:\windows\system32\vbscript.dll 2013-12-03 17:57 . 2013-12-03 17:57 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-12-03 17:57 . 2013-12-03 17:57 143872 ----a-w- c:\windows\system32\wextract.exe 2013-12-03 17:57 . 2013-12-03 17:57 62464 ----a-w- c:\windows\system32\pngfilt.dll 2013-12-03 17:57 . 2013-12-03 17:57 147968 ----a-w- c:\windows\system32\occache.dll 2013-12-03 17:57 . 2013-12-03 17:57 13824 ----a-w- c:\windows\system32\mshta.exe 2013-12-03 17:57 . 2013-12-03 17:57 83968 ----a-w- c:\windows\system32\MshtmlDac.dll 2013-12-03 17:57 . 2013-12-03 17:57 774144 ----a-w- c:\windows\system32\jscript.dll 2013-12-03 17:57 . 2013-12-03 17:57 48128 ----a-w- c:\windows\system32\imgutil.dll 2013-12-03 17:57 . 2013-12-03 17:57 135680 ----a-w- c:\windows\system32\iepeers.dll 2013-11-26 18:36 . 2013-11-26 18:36 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-11-26 18:36 . 2013-11-26 18:36 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-11-26 18:36 . 2013-11-26 18:36 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-11-26 18:36 . 2013-11-26 18:36 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-11-26 18:36 . 2013-11-26 18:36 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-11-26 18:36 . 2013-11-26 18:36 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-11-26 18:36 . 2013-11-26 18:36 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-11-26 18:36 . 2013-11-26 18:36 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-11-26 18:36 . 2013-11-26 18:36 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-11-26 18:36 . 2013-11-26 18:36 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2013-11-26 18:36 . 2013-11-26 18:36 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-11-26 18:36 . 2013-11-26 18:36 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-11-26 18:36 . 2013-11-26 18:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-11-26 18:36 . 2013-11-26 18:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-11-26 18:36 . 2013-11-26 18:36 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-11-26 18:36 . 2013-11-26 18:36 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-11-26 18:36 . 2013-11-26 18:36 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-11-26 18:36 . 2013-11-26 18:36 1682432 ----a-w- c:\windows\system32\XpsPrint.dll 2013-11-26 18:36 . 2013-11-26 18:36 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2013-11-26 18:36 . 2013-11-26 18:36 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-11-26 18:36 . 2013-11-26 18:36 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-11-26 18:36 . 2013-11-26 18:36 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-11-26 18:36 . 2013-11-26 18:36 3928064 ----a-w- c:\windows\system32\d2d1.dll 2013-11-26 18:36 . 2013-11-26 18:36 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2013-11-26 18:36 . 2013-11-26 18:36 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll 2013-11-26 18:36 . 2013-11-26 18:36 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2013-11-26 18:36 . 2013-11-26 18:36 363008 ----a-w- c:\windows\system32\dxgi.dll 2013-11-26 18:36 . 2013-11-26 18:36 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2013-11-26 18:36 . 2013-11-26 18:36 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2013-11-26 18:36 . 2013-11-26 18:36 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll 2013-11-26 18:36 . 2013-11-26 18:36 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll 2013-11-26 18:36 . 2013-11-26 18:36 1643520 ----a-w- c:\windows\system32\DWrite.dll 2013-11-26 18:36 . 2013-11-26 18:36 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2013-11-26 18:36 . 2013-11-26 18:36 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll 2013-11-26 18:36 . 2013-11-26 18:36 1175552 ----a-w- c:\windows\system32\FntCache.dll 2013-11-26 18:36 . 2013-11-26 18:36 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll 2013-11-26 18:36 . 2013-11-26 18:36 648192 ----a-w- c:\windows\system32\d3d10level9.dll 2013-11-26 18:36 . 2013-11-26 18:36 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F72C8153-7140-4FEE-8F69-CA4579D71195}] 2013-04-01 02:22 73728 ----a-w- c:\program files (x86)\Tongbu\Addin\tbIEAddin.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-23 3764024] "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-12-23 295512] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "LocalAccountTokenFilterPolicy"= 0100000000000000 "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer5"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x] R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys;c:\splash.sys\config\dvmio.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5ea32181aefd3364\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5ea32181aefd3364\AESTSr64.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe;c:\splash.sys\config\DVMExportService.exe [x] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x] S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x] S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-12-22 00:56 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-01-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-11 20:11] . 2014-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-22 00:51] . 2014-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-22 00:51] . 2013-12-31 c:\windows\Tasks\HPCeeScheduleForwiz.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-12-23 01:06 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1BingDesktopOverlays] @="{B82655E9-B81D-4A97-8154-0D84A4C048E4}" [HKEY_CLASSES_ROOT\CLSID\{B82655E9-B81D-4A97-8154-0D84A4C048E4}] 2013-11-10 23:38 2492416 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: kuaiche.com\software TCP: DhcpNameServer = 192.168.2.7 190.113.97.11 . - - - - ORPHANS REMOVED - - - - . AddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice] @Denied: (2) (LocalSystem) "Progid"="SafariDownload" . [HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-3344068209-3418707906-1369181467-1000) "Progid"="SafariHTML" . [HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-3344068209-3418707906-1369181467-1000) "Progid"="SafariHTML" . [HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice] @Denied: (2) (LocalSystem) "Progid"="SafariExtension" . [HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-3344068209-3418707906-1369181467-1000) "Progid"="SafariHTML" . [HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="SafariHTML" . [HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice] @Denied: (2) (LocalSystem) "Progid"="SafariHTML" . [HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-3344068209-3418707906-1369181467-1000) "Progid"="SafariHTML" . [HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-3344068209-3418707906-1369181467-1000) "Progid"="SafariHTML" . [HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="SafariHTML" . [HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*“(8€ý*€S*] @Class="Shell" @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*“(8€ý*€S*\OpenWithList] @Class="Shell" "a"="vlc.exe" "MRUList"="a" . [HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Ã.<“Ù*€¤*] @Class="Shell" @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Ã.<“Ù*€¤*\OpenWithList] @Class="Shell" "a"="vlc.exe" "MRUList"="a" . [HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ŒQ©* *€—] @Class="Shell" @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ŒQ©* *€—\OpenWithList] @Class="Shell" "a"="vlc.exe" "MRUList"="a" . [HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):c3,db,f2,2b,b9,07,ee,2f,3f,14,d8,8d,48,87,e5,43,be,95,5c,2e,38, f7,88,6c,13,90,d8,6d,a7,25,bc,ad,2f,46,a7,45,e8,ca,a4,54,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000_Classes\Wow6432Node\CLSID\{677fc3bd-d7ec-4411-935b-95fac011be38}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:0000007f "Therad"=dword:0000001e "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,53,4e,1a,5b,76,50,55,59,0c,cc,e7,69,23,2a,9d,10,a0,34,6b,72,25,f5,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-01-02 13:50:03 ComboFix-quarantined-files.txt 2014-01-02 19:50 . Pre-Run: 55,400,820,736 bytes free Post-Run: 55,057,059,840 bytes free . - - End Of File - - 956C10F1C95D36E7848C749CF7154AFE 1859AB647997ACCC3369F96787DCBA5B

there are a couple of logs under logs tab Last one its on december 31 2013/12/31 09:25:51 -0600 WIZ-PC (null) MESSAGE Starting protection2013/12/31 09:25:51 -0600 WIZ-PC (null) MESSAGE Protection started successfully2013/12/31 09:25:51 -0600 WIZ-PC (null) MESSAGE Starting IP protection2013/12/31 09:26:03 -0600 WIZ-PC (null) MESSAGE IP Protection started successfully2013/12/31 09:43:38 -0600 WIZ-PC (null) MESSAGE Starting protection2013/12/31 09:43:38 -0600 WIZ-PC (null) MESSAGE Protection started successfully2013/12/31 09:43:38 -0600 WIZ-PC (null) MESSAGE Starting IP protection2013/12/31 09:43:50 -0600 WIZ-PC (null) MESSAGE IP Protection started successfully2013/12/31 09:59:08 -0600 WIZ-PC wiz MESSAGE Executing scheduled update: Daily2013/12/31 09:59:29 -0600 WIZ-PC wiz MESSAGE Scheduled update executed successfully: database updated from version v2013.12.30.07 to version v2013.12.31.042013/12/31 09:59:29 -0600 WIZ-PC wiz MESSAGE Starting database refresh2013/12/31 09:59:29 -0600 WIZ-PC wiz MESSAGE Stopping IP protection2013/12/31 09:59:31 -0600 WIZ-PC wiz MESSAGE IP Protection stopped successfully2013/12/31 09:59:37 -0600 WIZ-PC wiz MESSAGE Database refreshed successfully2013/12/31 09:59:37 -0600 WIZ-PC wiz MESSAGE Starting IP protection2013/12/31 09:59:47 -0600 WIZ-PC wiz MESSAGE IP Protection started successfully2013/12/31 10:41:08 -0600 WIZ-PC wiz IP-BLOCK 219.152.126.130 (Type: outgoing, Port: 6881, Process: explorer.exe)

Sorry Mr Charlie, where do I find this log? you mean the screencap for the pop up message i get randomly? And antimalware says my trial ends in 2 days ,

I'm sorry for taking so long , thanks for sticking with the topic Ok so mr Charlie I did run adwcleaner, but I got the pop up 1 time, something else i should check?

@ mr charlie, I always try not to install stupid toolbars and stuff like that on browser, there are some old very old stufffloating around but they seem to be gone but still show and windows says 'not found' but its file always shows. example under programs. 1-What should I delete on adwcleaner? 2-why is there a firefox thing? I havent used firefox in a year or so.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-12-2013 01 Ran by wiz at 2013-12-30 15:28:04 Run:1 Running from C:\Users\wiz\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** CHR HKLM-x32\...\Chrome\Extension: [jhjjdgbhohaallcimgcmakfiobacimkm] - C:\Program Files (x86)\BuzzSearch\jhjjdgbhohaallcimgcmakfiobacimkm.crx C:\Program Files (x86)\BuzzSearch\jhjjdgbhohaallcimgcmakfiobacimkm.crx Task: {5CF538EE-50E3-4DFD-9948-55157062A3AC} - System32\Tasks\Express Files Updater => C:\Program Files (x86)\ExpressFiles\EFupdater.exe C:\Program Files (x86)\ExpressFiles ***************** HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jhjjdgbhohaallcimgcmakfiobacimkm => Key deleted successfully. "C:\Program Files (x86)\BuzzSearch\jhjjdgbhohaallcimgcmakfiobacimkm.crx" => File/Directory not found. "C:\Program Files (x86)\BuzzSearch\jhjjdgbhohaallcimgcmakfiobacimkm.crx" => File/Directory not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5CF538EE-50E3-4DFD-9948-55157062A3AC} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5CF538EE-50E3-4DFD-9948-55157062A3AC} => Key deleted successfully. C:\Windows\System32\Tasks\Express Files Updater => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Express Files Updater => Key deleted successfully. "C:\Program Files (x86)\ExpressFiles" => File/Directory not found. ==== End of Fixlog ==== and AWCLEANER found ***** [ Files / Folders ] ***** File Found : C:\Windows\System32\Tasks\NCH Software ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKLM\Software\DeviceVM ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Mozilla Firefox v [ File : C:\Users\wiz\AppData\Roaming\Mozilla\Firefox\Profiles\vs3tv5xn.default\prefs.js ] -\\ Google Chrome v31.0.1650.63 [ File : C:\Users\wiz\AppData\Local\Google\Chrome\User Data\Default\preferences ] *************************

And how do I avoid crapware? I will post txt files as soon as I do the steps

I think they are kinda long here i attached them, thanks mr charlie! Addition.txt FRST.txt

Used safari and got another pop up but just one within 30 min, I get like 4 within 1 hour on google chrome

Its google chrome. I will try with safari-IE, I dont use firefox.

I'll change info passwd on my ipad/tablet, is that ok! right@ hhahaha dont wanna sound paranoid but just checking