PUM.userWLoad and Trojan.ransom how to remove?

[saywoot]

I have the same problem with the others . I don't know how to remove them . I tried to remove them in Malwarebytes Anti-Malware, it kept coming back. I also notices, and not sure if it is related, whenever I start my laptop on , a pop up box appears "explorer.exe" i dont know why. 

here is the result of my scan:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.09.13.03

 

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16688

Andrea :: ANDI [administrator]

 

Protection: Enabled

 

9/13/2013 4:14:23 PM

MBAM-log-2013-09-13 (20-35-55).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 299553

Time elapsed: 4 hour(s), 9 minute(s), 33 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 2

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Andrea\LOCALS~1\Temp\cchmoavw.com -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Andrea\LOCALS~1\Temp\cchmoavw.com -> No action taken.

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 

[MrCharlie]

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes and use the default font)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

[saywoot]

Attach.txt log:

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8 Single Language

Boot Device: \Device\HarddiskVolume2

Install Date: 6/1/2013 10:31:22 AM

System Uptime: 9/13/2013 4:10:33 PM (28 hours ago)

.

Motherboard: LENOVO |  | INVALID

Processor: Intel® Core i3-3120M CPU @ 2.50GHz | U3E1 | 1200/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 501 GiB total, 410.802 GiB free.

D: is FIXED (NTFS) - 88 GiB total, 75.915 GiB free.

E: is CDROM ()

F: is FIXED (NTFS) - 88 GiB total, 87.416 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP19: 8/23/2013 6:09:11 PM - Removed Vegas Pro 11.0

RP20: 9/6/2013 1:54:15 PM - Scheduled Checkpoint

RP21: 9/13/2013 3:42:46 PM - Windows Update

.

==== Installed Programs ======================

.

µTorrent

7-Zip 9.20

Adobe After Effects CS4

Adobe After Effects CS4 Presets

Adobe After Effects CS4 Third Party Content

Adobe AIR

Adobe Anchor Service CS4

Adobe CMaps CS4

Adobe Color Video Profiles AE CS4

Adobe Default Language CS4

Adobe Dynamiclink Support

Adobe ExtendScript Toolkit CS4

Adobe Flash Player 11 Plugin

Adobe Fonts All

Adobe MotionPicture Color Files CS4

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS5

Adobe Setup

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe XMP Panels CS4

Amazon Browser App

AppsHat Mobile Apps

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

Audacity 2.0.3

avast! Internet Security

Bundled software uninstaller

Conexant HD Audio

D3DX10

Dolby Advanced Audio v2

DownLite

Energy Management

FilesFrog Update Checker

FreeRide Games

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

hosts

Intel AppUp(SM) center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Intel® SDK for OpenCL - CPU Only Runtime Package

Intel® Trusted Connect Service Client

Lenovo Bluetooth with Enhanced Data Rate Software

Lenovo EasyCamera

Lenovo OneKey Recovery

Lenovo pointing device

Lenovo PowerDVD10

Lenovo Solution Center

Lenovo YouCam

Lenovo_Wireless_Driver

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft Application Error Reporting

Microsoft Office

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft Visual C++ Run Time  Lib Setup

Microsoft_VC80_ATL_x86

Microsoft_VC80_ATL_x86_x64

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

Movie Maker

Moyea PPT to Video Converter version 2.6.0.68

Mozilla Firefox 24.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT Redists

MSVCRT110

MSVCRT110_amd64

NVIDIA Control Panel 307.45

NVIDIA Graphics Driver 307.45

NVIDIA Install Application

NVIDIA Optimus 1.10.8

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0604

NVIDIA Update 1.10.8

NVIDIA Update Components

OpenOffice.org 3.0

PDF Settings CS5

Photo Common

Photo Gallery

Photoshop Camera Raw

Pixel Bender Toolkit

Power2Go

Realtek USB 2.0 Card Reader

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760588) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760823) 32-Bit Edition 

Security Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit Edition 

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 

Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition 

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 

Security Update for Microsoft Office Word 2007 (KB2767773) 32-Bit Edition 

Shared C Run-time for x64

Skype Click to Call

Skype™ 6.6

SugarSync Manager

Suite Shared Configuration CS4

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

UserGuide

uTorrentControl_v6 Toolbar

Vegas Pro 11.0

Vegas Pro 12.0 (64-bit)

Visual Studio 2010 x64 Redistributables

Wacom Tablet

WebCake 3.00

WebTablet IE Plugin

WebTablet Netscape Plugin

Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1)

Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

YTD Video Downloader 4.1

.

==== Event Viewer Messages From Past Week ========

.

9/14/2013 7:56:05 PM, Error: Service Control Manager [7031]  - The avast! Antivirus service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

9/13/2013 4:10:37 PM, Error: Microsoft-Windows-Kernel-General [6]  - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.

9/13/2013 3:07:31 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the BrowserDefendert service, but this action failed with the following error:  An instance of the service is already running.

9/13/2013 3:07:01 PM, Error: Service Control Manager [7031]  - The BrowserDefendert service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

9/13/2013 2:48:35 PM, Error: Microsoft-Windows-Time-Service [34]  - The time service has detected that the system time needs to be  changed by -54088 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->64.4.10.33:123) is working properly.

9/13/2013 10:05:04 PM, Error: Service Control Manager [7000]  - The BrowserDefendert service failed to start due to the following error:  The system cannot find the file specified.

9/11/2013 12:17:42 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service defragsvc with arguments "Unavailable" in order to run the server: {D20A3293-3341-4AE8-9AAF-8E397CB63C34}

9/11/2013 12:17:41 PM, Error: Service Control Manager [7000]  - The Optimize drives service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

9/11/2013 12:17:12 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Optimize drives service to connect.

.

==== End Of File ===========================

dds.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16688

Run by Andrea at 20:48:35 on 2013-09-14

Microsoft Windows 8 Single Language  6.2.9200.0.1252.63.1033.18.3962.1964 [GMT -7:00]

.

AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

.

============== Running Processes ===============

.

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\WLANExt.exe

C:\Program Files\AVAST Software\Avast\afwServ.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\BtwRSupportService.exe

C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe

C:\windows\system32\CxAudMsg64.exe

C:\Program Files\Elantech\ETDService.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\windows\SysWOW64\NLSSRV32.EXE

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\windows\system32\Wacom_Tablet.exe

C:\Windows\System32\WUDFHost.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\System32\LogonUI.exe

C:\windows\System32\dwm.exe

C:\windows\system32\dwm.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\windows\system32\nvvsvc.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\windows\system32\msiexec.exe

C:\windows\system32\taskhostex.exe

C:\windows\Explorer.EXE

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Program Files\Elantech\ETDIntelligent.exe

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe

C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

C:\Users\Andrea\AppData\Local\FilesFrog Update Checker\update_checker.exe

C:\Users\Andrea\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe

C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe

C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe

C:\Program Files (x86)\USB Camera\VM331STI.EXE

C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\windows\SysWOW64\RunDll32.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\windows\system32\taskhost.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: {96f454ea-9d38-474f-b504-56193e00c1a5} - <orphaned>

mURLSearchHooks: {96f454ea-9d38-474f-b504-56193e00c1a5} - <orphaned>

uWindows: Load = C:\Users\Andrea\LOCALS~1\Temp\cchmoavw.com

mWinlogon: Userinit = userinit.exe,

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: {96f454ea-9d38-474f-b504-56193e00c1a5} - <orphaned>

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [sDP] C:\Users\Andrea\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto 

uRun: [AppsHat] C:\Users\Andrea\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe

mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart

mRun: [331BigDog] C:\Program Files (x86)\USB Camera\VM331STI.EXE

mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"

mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s

mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"

mRun: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"

mRun: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

StartupFolder: C:\Users\Andrea\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} - 

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{A4587C0F-6359-4E7F-8AC3-A8DFBC15CD85} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{A4587C0F-6359-4E7F-8AC3-A8DFBC15CD85}\05C44445D4974435C4 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{A4587C0F-6359-4E7F-8AC3-A8DFBC15CD85}\35D6162747022427F6F5631373436463 : DHCPNameServer = 192.168.0.1 192.168.0.1

TCP: Interfaces\{A4587C0F-6359-4E7F-8AC3-A8DFBC15CD85}\54749402451666470245F677562702C4566647027596E676 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{A4587C0F-6359-4E7F-8AC3-A8DFBC15CD85}\A4F656C602742796666696478637 : DHCPNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{A4587C0F-6359-4E7F-8AC3-A8DFBC15CD85}\D69775966496 : DHCPNameServer = 192.168.9.206

TCP: Interfaces\{A4587C0F-6359-4E7F-8AC3-A8DFBC15CD85}\F4E6560214273686562772370205C6163656 : DHCPNameServer = 10.10.10.1 203.167.97.66 203.167.97.200

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs= c:\windows\syswow64\nvinit.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t

x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe

x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe

x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\s7agalmy.default\

FF - prefs.js: browser.search.selectedEngine - Bing 

FF - plugin: C:\Program Files (x86)\FreeRide Games\npExentControl.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\s7agalmy.default\extensions\{97A78363-B868-4B48-AC91-A783A31215AF}\plugins\npMinibarPlugin.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll

FF - ExtSQL: 2013-07-20 20:04; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF

FF - ExtSQL: 2013-08-23 18:36; 05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com; C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\s7agalmy.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.privitize.hpOld0 - 

FF - user.js: extensions.privitize.id - 424b4427000000000000689423fca26a

FF - user.js: extensions.privitize.appId - {301966DF-A84B-4255-AAB9-574B5CE237E4}

FF - user.js: extensions.privitize.instlDay - 15870

FF - user.js: extensions.privitize.vrsn - 1.8.21.6

FF - user.js: extensions.privitize.vrsni - 1.8.21.6

FF - user.js: extensions.privitize.vrsnTs - 1.8.21.618:41:49

FF - user.js: extensions.privitize.prtnrId - privitize

FF - user.js: extensions.privitize.prdct - privitize

FF - user.js: extensions.privitize.aflt - 5

FF - user.js: extensions.privitize.smplGrp - none

FF - user.js: extensions.privitize.tlbrId - base

FF - user.js: extensions.privitize.instlRef - 

FF - user.js: extensions.privitize.dfltLng - 

FF - user.js: extensions.privitize.excTlbr - false

FF - user.js: extensions.privitize.ffxUnstlRst - false

FF - user.js: extensions.privitize.admin - false

FF - user.js: extensions.privitize.autoRvrt - false

FF - user.js: extensions.privitize.rvrt - false

FF - user.js: extensions.privitize.hmpg - true

FF - user.js: extensions.privitize.dfltSrch - true

FF - user.js: extensions.privitize.srchPrvdr - Search The Web (privitize)

FF - user.js: extensions.privitize.dnsErr - true

FF - user.js: extensions.privitize.newTab - true

FF - user.js: extentions.webcake.installId - 537a3ef3-1011-4851-b457-a514e18e837b

FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc

FF - user.js: extensions.delta.tlbrSrchUrl - 

FF - user.js: extensions.delta.id - 424b4427000000000000689423fca26a

FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

FF - user.js: extensions.delta.instlDay - 15871

FF - user.js: extensions.delta.vrsn - 1.8.21.5

FF - user.js: extensions.delta.vrsni - 1.8.21.5

FF - user.js: extensions.delta.vrsnTs - 1.8.21.521:07:07

FF - user.js: extensions.delta.prtnrId - delta

FF - user.js: extensions.delta.prdct - delta

FF - user.js: extensions.delta.aflt - babsst

FF - user.js: extensions.delta.smplGrp - none

FF - user.js: extensions.delta.tlbrId - base

FF - user.js: extensions.delta.instlRef - sst

FF - user.js: extensions.delta.dfltLng - en

FF - user.js: extensions.delta.excTlbr - false

FF - user.js: extensions.delta.ffxUnstlRst - true

FF - user.js: extensions.delta.admin - false

FF - user.js: extensions.delta_i.babTrack - affID=119776&tt=120613_adn

FF - user.js: extensions.delta_i.babExt - 

FF - user.js: extensions.delta_i.srcExt - ss

FF - user.js: extensions.delta.autoRvrt - false

FF - user.js: extensions.delta.rvrt - false

FF - user.js: extensions.delta.newTab - false

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;C:\windows\System32\Drivers\aswRvrt.sys [2013-7-20 65336]

R0 aswVmm;aswVmm;C:\windows\System32\Drivers\aswVmm.sys [2013-7-20 204880]

R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2013-2-8 645952]

R0 LHDmgr;LHDmgr;C:\windows\System32\Drivers\LhdX64.sys [2013-2-8 39008]

R0 nvpciflt;nvpciflt;C:\windows\System32\Drivers\nvpciflt.sys [2013-2-8 30056]

R1 aswFW;avast! TDI Firewall Driver;C:\windows\System32\Drivers\aswFW.sys [2013-9-4 131232]

R1 aswKbd;aswKbd;C:\windows\System32\Drivers\aswKbd.sys [2013-9-4 22600]

R1 aswNdisFlt;Avast! Firewall Driver;C:\windows\System32\Drivers\aswNdisFlt.sys [2013-9-4 276992]

R1 aswSnx;aswSnx;C:\windows\System32\Drivers\aswSnx.sys [2013-7-20 1030952]

R1 aswSP;aswSP;C:\windows\System32\Drivers\aswSP.sys [2013-7-20 378944]

R2 aswFsBlk;aswFsBlk;C:\windows\System32\Drivers\aswFsBlk.sys [2013-7-20 33400]

R2 aswMonFlt;aswMonFlt;C:\windows\System32\Drivers\aswMonFlt.sys [2013-7-20 80816]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-4 46808]

R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2013-9-4 137960]

R2 BcmBtRSupport;Bluetooth Radio Control Service;C:\windows\System32\BtwRSupportService.exe [2013-2-8 2227992]

R2 CxAudMsg;Conexant Audio Message Service;C:\windows\System32\CxAudMsg64.exe [2013-2-8 201376]

R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2012-11-22 83968]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-2-8 166720]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-2 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-2 701512]

R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-11-18 70152]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-14 3291008]

R2 TabletServiceWacom;TabletServiceWacom;C:\windows\System32\Wacom_Tablet.exe [2013-6-9 5876008]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-2-8 365376]

R2 X5XSEx_Pr148;X5XSEx_Pr148;C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.sys [2013-2-8 56136]

R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\Drivers\AcpiVpc.sys [2012-5-15 33560]

R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\windows\System32\Drivers\bcbtums.sys [2013-2-8 169240]

R3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]

R3 btwampfl;btwampfl Bluetooth filter driver;C:\windows\System32\Drivers\btwampfl.sys [2013-2-8 161144]

R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\Drivers\btwl2cap.sys [2013-2-8 40248]

R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\Drivers\ETD.sys [2012-11-22 323920]

R3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2012-8-14 342528]

R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\Drivers\L1C63x64.sys [2012-8-14 110744]

R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2013-9-2 25928]

R3 vm331avs;Digital Camera 1;C:\windows\System32\Drivers\vm331avs.sys [2013-2-8 975104]

S2 BrowserDefendert;BrowserDefendert;C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe --> C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [?]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]

S3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;C:\windows\System32\Drivers\InputFilter_FlexDef2b.sys [2010-6-19 17920]

S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUVStor.sys [2013-2-8 315536]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 wacmoumonitor;Wacom Mode Helper;C:\windows\System32\Drivers\wacmoumonitor.sys [2013-6-9 18216]

S3 wsvd;wsvd;C:\windows\System32\Drivers\wsvd.sys [2013-2-8 102376]

.

=============== File Associations ===============

.

FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [userChoice]

.

=============== Created Last 30 ================

.

2013-09-14 03:44:10 265392 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10216.bin

2013-09-13 23:12:48 78296 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-09-13 23:12:47 694232 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2013-09-13 22:27:15 4038144 ----a-w- C:\windows\System32\win32k.sys

2013-09-13 22:26:59 195416 ----a-w- C:\windows\System32\drivers\sdbus.sys

2013-09-13 22:22:30 9430408 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe

2013-09-08 22:52:24 -------- d-----w- C:\Users\Andrea\AppData\Local\avgchrome

2013-09-08 22:52:06 -------- d-----w- C:\ProgramData\BrowserDefender

2013-09-08 22:49:29 -------- d-----w- C:\Users\Andrea\AppData\Local\Bundled software uninstaller

2013-09-08 22:49:09 -------- d-----w- C:\Users\Andrea\AppData\Local\AppsHat Mobile Apps

2013-09-08 22:49:05 -------- d-----w- C:\Users\Andrea\AppData\Local\WebPlayer

2013-09-08 22:47:42 -------- d-----w- C:\Users\Andrea\AppData\Local\FilesFrog Update Checker

2013-09-05 02:59:17 131232 ----a-w- C:\windows\System32\drivers\aswFW.sys

2013-09-05 02:58:55 22600 ----a-w- C:\windows\System32\drivers\aswKbd.sys

2013-09-05 02:58:48 276992 ----a-w- C:\windows\System32\drivers\aswNdisFlt.sys

2013-09-05 02:44:39 -------- d-----w- C:\ldiag

2013-09-03 02:02:04 -------- d-----w- C:\Users\Andrea\AppData\Roaming\Malwarebytes

2013-09-03 02:01:48 -------- d-----w- C:\ProgramData\Malwarebytes

2013-09-03 02:01:43 25928 ----a-w- C:\windows\System32\drivers\mbam.sys

2013-09-03 02:01:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-08-30 02:17:09 -------- d-----w- C:\Program Files\Sony

2013-08-24 03:16:12 -------- d-----w- C:\Program Files (x86)\Sony

2013-08-24 01:36:31 -------- d-----w- C:\Program Files (x86)\hosts

2013-08-24 01:36:17 -------- d-----w- C:\Program Files (x86)\DownLite

2013-08-22 22:23:58 -------- d-----w- C:\ATI

2013-08-17 04:40:41 1314816 ----a-w- C:\windows\System32\rpcrt4.dll

2013-08-17 04:40:40 694272 ----a-w- C:\windows\SysWow64\rpcrt4.dll

2013-08-17 04:40:37 2233168 ----a-w- C:\windows\System32\drivers\tcpip.sys

2013-08-17 04:36:11 1889280 ----a-w- C:\windows\System32\crypt32.dll

2013-08-17 04:36:11 1568256 ----a-w- C:\windows\SysWow64\crypt32.dll

2013-08-17 04:36:10 337408 ----a-w- C:\windows\System32\wintrust.dll

2013-08-17 04:36:10 261120 ----a-w- C:\windows\SysWow64\wintrust.dll

2013-08-17 04:36:09 87040 ----a-w- C:\windows\SysWow64\apprepapi.dll

2013-08-17 04:36:09 124416 ----a-w- C:\windows\System32\apprepapi.dll

2013-08-17 04:36:08 98304 ----a-w- C:\windows\System32\apprepsync.dll

2013-08-17 04:36:08 68096 ----a-w- C:\windows\System32\cryptsvc.dll

2013-08-17 04:36:07 74240 ----a-w- C:\windows\SysWow64\apprepsync.dll

.

==================== Find3M  ====================

.

2013-08-30 07:48:10 72016 ----a-w- C:\windows\System32\drivers\aswRdr2.sys

2013-08-30 07:48:10 65336 ----a-w- C:\windows\System32\drivers\aswRvrt.sys

2013-08-30 07:48:10 204880 ----a-w- C:\windows\System32\drivers\aswVmm.sys

2013-08-30 07:48:10 1030952 ----a-w- C:\windows\System32\drivers\aswSnx.sys

2013-08-30 07:48:09 80816 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys

2013-08-30 07:47:40 41664 ----a-w- C:\windows\avastSS.scr

2013-08-21 04:12:06 2241024 ----a-w- C:\windows\System32\wininet.dll

2013-08-21 04:11:59 915968 ----a-w- C:\windows\System32\uxtheme.dll

2013-08-21 04:11:59 53760 ----a-w- C:\windows\System32\UXInit.dll

2013-08-21 04:11:07 3959296 ----a-w- C:\windows\System32\jscript9.dll

2013-08-21 04:11:04 67072 ----a-w- C:\windows\System32\iesetup.dll

2013-08-21 04:11:04 136704 ----a-w- C:\windows\System32\iesysprep.dll

2013-08-21 02:34:51 2706432 ----a-w- C:\windows\System32\mshtml.tlb

2013-08-21 02:06:11 1767936 ----a-w- C:\windows\SysWow64\wininet.dll

2013-08-21 02:06:06 44032 ----a-w- C:\windows\SysWow64\UXInit.dll

2013-08-21 02:05:28 2876928 ----a-w- C:\windows\SysWow64\jscript9.dll

2013-08-21 02:05:25 61440 ----a-w- C:\windows\SysWow64\iesetup.dll

2013-08-21 02:05:25 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll

2013-08-21 01:43:54 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb

2013-08-20 23:52:56 534528 ----a-w- C:\windows\SysWow64\uxtheme.dll

2013-08-16 05:41:13 58200 ----a-w- C:\windows\System32\drivers\dam.sys

2013-08-16 05:39:26 2371728 ----a-w- C:\windows\System32\WSService.dll

2013-08-16 05:32:48 209200 ----a-w- C:\windows\System32\NotificationUI.exe

2013-08-16 05:22:22 40448 ----a-w- C:\windows\System32\wuapp.exe

2013-08-16 05:22:11 4917760 ----a-w- C:\windows\System32\sppsvc.exe

2013-08-16 05:20:30 105984 ----a-w- C:\windows\System32\WinSetupUI.dll

2013-08-15 22:43:21 35328 ----a-w- C:\windows\SysWow64\wuapp.exe

2013-08-15 22:43:07 84992 ----a-w- C:\windows\SysWow64\wudriver.dll

2013-08-15 22:43:07 126976 ----a-w- C:\windows\SysWow64\wuwebv.dll

2013-08-15 22:43:03 562688 ----a-w- C:\windows\SysWow64\WSShared.dll

2013-08-15 22:43:03 159232 ----a-w- C:\windows\SysWow64\WSSync.dll

2013-08-15 22:43:02 83968 ----a-w- C:\windows\SysWow64\OEMLicense.dll

2013-08-15 22:43:02 167424 ----a-w- C:\windows\SysWow64\WSClient.dll

2013-08-15 22:43:02 143872 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.dll

2013-08-15 22:43:02 124928 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll

2013-08-15 22:42:52 76800 ----a-w- C:\windows\SysWow64\setupcln.dll

2013-08-15 22:42:47 91648 ----a-w- C:\windows\SysWow64\sppc.dll

2013-07-19 17:10:59 583168 ----a-w- C:\windows\System32\mscms.dll

2013-07-19 17:10:58 2219520 ----a-w- C:\windows\System32\dwmcore.dll

2013-07-09 08:04:07 120144 ----a-w- C:\windows\System32\drivers\msgpioclx.sys

2013-07-09 06:18:21 439488 ----a-w- C:\windows\System32\WerFault.exe

2013-07-09 04:25:45 385768 ----a-w- C:\windows\SysWow64\WerFault.exe

2013-07-09 03:57:19 245760 ----a-w- C:\windows\SysWow64\LocationApi.dll

2013-07-08 22:46:00 543744 ----a-w- C:\windows\System32\wwanmm.dll

2013-07-08 22:46:00 414208 ----a-w- C:\windows\System32\wwanconn.dll

2013-07-08 22:46:00 370688 ----a-w- C:\windows\System32\Wwanadvui.dll

2013-07-08 22:45:16 312832 ----a-w- C:\windows\System32\LocationApi.dll

2013-07-06 00:16:17 1025024 ----a-w- C:\windows\System32\localspl.dll

2013-07-03 00:23:43 391168 ----a-w- C:\windows\System32\Windows.Networking.BackgroundTransfer.dll

2013-07-03 00:23:12 778752 ----a-w- C:\windows\System32\oleaut32.dll

2013-07-03 00:22:26 1300480 ----a-w- C:\windows\System32\gdi32.dll

2013-07-03 00:11:23 268800 ----a-w- C:\windows\SysWow64\Windows.Networking.BackgroundTransfer.dll

2013-07-03 00:11:02 551424 ----a-w- C:\windows\SysWow64\oleaut32.dll

2013-07-02 00:44:14 36288 ----a-w- C:\windows\System32\drivers\WdBoot.sys

2013-07-01 22:08:49 247216 ----a-w- C:\windows\System32\drivers\WdFilter.sys

2013-06-30 22:30:14 67072 ----a-w- C:\windows\SysWow64\openfiles.exe

2013-06-30 22:29:22 77312 ----a-w- C:\windows\System32\openfiles.exe

2013-06-29 06:15:47 125784 ----a-w- C:\windows\System32\drivers\dumpsd.sys

2013-06-29 05:43:16 327512 ----a-w- C:\windows\System32\drivers\Classpnp.sys

2013-06-29 01:12:01 1022464 ----a-w- C:\windows\SysWow64\gdi32.dll

2013-06-26 03:01:38 321536 ----a-w- C:\windows\System32\drivers\udfs.sys

2013-06-26 02:59:34 341504 ----a-w- C:\windows\System32\drivers\HdAudio.sys

2013-06-24 22:54:52 447488 ----a-w- C:\windows\System32\wwansvc.dll

2013-06-24 22:54:45 74240 ----a-w- C:\windows\System32\wcmcsp.dll

2013-06-24 22:54:45 263680 ----a-w- C:\windows\System32\wcmsvc.dll

2013-06-19 05:36:21 183808 ----a-w- C:\windows\System32\winmmbase.dll

2013-06-19 05:36:21 115712 ----a-w- C:\windows\System32\winmm.dll

2013-06-18 22:38:00 160256 ----a-w- C:\windows\SysWow64\winmmbase.dll

2013-06-18 22:38:00 125440 ----a-w- C:\windows\SysWow64\winmm.dll

.

============= FINISH: 20:49:24.34 ===============

 

 

[MrCharlie]

RogueKiller log????  MrC

[saywoot]

here is the rogue killer report

 

RogueKiller V8.6.11 [sep 11 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows 8 (6.2.9200 ) 64 bits version

Started in : Normal mode

User : Andrea [Admin rights]

Mode : Scan -- Date : 09/14/2013 21:07:49

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 2 ¤¤¤

[sUSP PATH] update_checker.exe -- C:\Users\Andrea\AppData\Local\FilesFrog Update Checker\update_checker.exe [7] -> KILLED [TermProc]

[sUSP PATH] WebPlayer.exe -- C:\Users\Andrea\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe [-] -> KILLED [TermProc]

 

¤¤¤ Registry Entries : 8 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : SDP (C:\Users\Andrea\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto  [7]) -> FOUND

[RUN][sUSP PATH] HKCU\[...]\Run : AppsHat (C:\Users\Andrea\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe [-]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-629406413-2961214789-3571693237-1002\[...]\Run : SDP (C:\Users\Andrea\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto  [7]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-629406413-2961214789-3571693237-1002\[...]\Run : AppsHat (C:\Users\Andrea\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe [-]) -> FOUND

[sHELL][sUSP PATH] HKCU\[...]\Windows : load (C:\Users\Andrea\LOCALS~1\Temp\cchmoavw.com [x]) -> FOUND

[sHELL][sUSP PATH] HKUS\[...]\Windows : load (C:\Users\Andrea\LOCALS~1\Temp\cchmoavw.com [x]) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 2 ¤¤¤

[V2][sUSP PATH] EPUpdater : C:\Users\Andrea\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [x] -> FOUND

[V2][sUSP PATH] OFFICE2010ACT : C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [-] -> FOUND

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: ST750LM022 HN-M750MBB +++++

--- User ---

[MBR] d3ea4671b1ac6cf2895a4ad0aa7ee161

[bSP] 73ab7ca733a0f9d527bd6fc7ed62168b : Empty MBR Code

Partition table:

0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_09142013_210748.txt >>

RKreport[0]_S_09132013_151617.txt;RKreport[0]_S_09132013_152628.txt

 

 

 

[MrCharlie]

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

 

[sHELL][sUSP PATH] HKCU\[...]\Windows : load (C:\Users\Andrea\LOCALS~1\Temp\cchmoavw.com [x]) -> FOUND

[sHELL][sUSP PATH] HKUS\[...]\Windows : load (C:\Users\Andrea\LOCALS~1\Temp\cchmoavw.com [x]) -> FOUND

[V2][sUSP PATH] EPUpdater : C:\Users\Andrea\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [x] -> FOUND

Now click Delete on the right hand column under Options

-------------

Then...........

Download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

New window that comes up.

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

[saywoot]

I did the scan and checked everything . The malware was removed already. THANK YOU SO MUCH FOR THE HELP ! It means a lot cause I know nothing about these things

[MrCharlie]

OK.....

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[LDTate]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.