Jump to content

PUM.userWLoad and Trojan.ransom how to remove?


saywoot
 Share

Recommended Posts

I have the same problem with the others . I don't know how to remove them . I tried to remove them in Malwarebytes Anti-Malware, it kept coming back. I also notices, and not sure if it is related, whenever I start my laptop on , a pop up box appears "explorer.exe" i dont know why. 

here is the result of my scan:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.13.03
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16688
Andrea :: ANDI [administrator]
 
Protection: Enabled
 
9/13/2013 4:14:23 PM
MBAM-log-2013-09-13 (20-35-55).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 299553
Time elapsed: 4 hour(s), 9 minute(s), 33 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Andrea\LOCALS~1\Temp\cchmoavw.com -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Andrea\LOCALS~1\Temp\cchmoavw.com -> No action taken.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 

 

Link to post
Share on other sites

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes and use the default font)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Attach.txt log:

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Single Language
Boot Device: \Device\HarddiskVolume2
Install Date: 6/1/2013 10:31:22 AM
System Uptime: 9/13/2013 4:10:33 PM (28 hours ago)
.
Motherboard: LENOVO |  | INVALID
Processor: Intel® Core i3-3120M CPU @ 2.50GHz | U3E1 | 1200/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 501 GiB total, 410.802 GiB free.
D: is FIXED (NTFS) - 88 GiB total, 75.915 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 88 GiB total, 87.416 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP19: 8/23/2013 6:09:11 PM - Removed Vegas Pro 11.0
RP20: 9/6/2013 1:54:15 PM - Scheduled Checkpoint
RP21: 9/13/2013 3:42:46 PM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe CMaps CS4
Adobe Color Video Profiles AE CS4
Adobe Default Language CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS5
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
Amazon Browser App
AppsHat Mobile Apps
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Audacity 2.0.3
avast! Internet Security
Bundled software uninstaller
Conexant HD Audio
D3DX10
Dolby Advanced Audio v2
DownLite
Energy Management
FilesFrog Update Checker
FreeRide Games
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
hosts
Intel AppUp(SM) center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
Lenovo Bluetooth with Enhanced Data Rate Software
Lenovo EasyCamera
Lenovo OneKey Recovery
Lenovo pointing device
Lenovo PowerDVD10
Lenovo Solution Center
Lenovo YouCam
Lenovo_Wireless_Driver
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Office
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ Run Time  Lib Setup
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Movie Maker
Moyea PPT to Video Converter version 2.6.0.68
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT Redists
MSVCRT110
MSVCRT110_amd64
NVIDIA Control Panel 307.45
NVIDIA Graphics Driver 307.45
NVIDIA Install Application
NVIDIA Optimus 1.10.8
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0604
NVIDIA Update 1.10.8
NVIDIA Update Components
OpenOffice.org 3.0
PDF Settings CS5
Photo Common
Photo Gallery
Photoshop Camera Raw
Pixel Bender Toolkit
Power2Go
Realtek USB 2.0 Card Reader
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760588) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760823) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2767773) 32-Bit Edition 
Shared C Run-time for x64
Skype Click to Call
Skype™ 6.6
SugarSync Manager
Suite Shared Configuration CS4
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
UserGuide
uTorrentControl_v6 Toolbar
Vegas Pro 11.0
Vegas Pro 12.0 (64-bit)
Visual Studio 2010 x64 Redistributables
Wacom Tablet
WebCake 3.00
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
YTD Video Downloader 4.1
.
==== Event Viewer Messages From Past Week ========
.
9/14/2013 7:56:05 PM, Error: Service Control Manager [7031]  - The avast! Antivirus service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
9/13/2013 4:10:37 PM, Error: Microsoft-Windows-Kernel-General [6]  - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
9/13/2013 3:07:31 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the BrowserDefendert service, but this action failed with the following error:  An instance of the service is already running.
9/13/2013 3:07:01 PM, Error: Service Control Manager [7031]  - The BrowserDefendert service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
9/13/2013 2:48:35 PM, Error: Microsoft-Windows-Time-Service [34]  - The time service has detected that the system time needs to be  changed by -54088 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->64.4.10.33:123) is working properly.
9/13/2013 10:05:04 PM, Error: Service Control Manager [7000]  - The BrowserDefendert service failed to start due to the following error:  The system cannot find the file specified.
9/11/2013 12:17:42 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service defragsvc with arguments "Unavailable" in order to run the server: {D20A3293-3341-4AE8-9AAF-8E397CB63C34}
9/11/2013 12:17:41 PM, Error: Service Control Manager [7000]  - The Optimize drives service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
9/11/2013 12:17:12 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Optimize drives service to connect.
.
==== End Of File ===========================

dds.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16688
Run by Andrea at 20:48:35 on 2013-09-14
Microsoft Windows 8 Single Language  6.2.9200.0.1252.63.1033.18.3962.1964 [GMT -7:00]
.
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\BtwRSupportService.exe
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\windows\system32\CxAudMsg64.exe
C:\Program Files\Elantech\ETDService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\windows\SysWOW64\NLSSRV32.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\windows\system32\Wacom_Tablet.exe
C:\Windows\System32\WUDFHost.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\LogonUI.exe
C:\windows\System32\dwm.exe
C:\windows\system32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\msiexec.exe
C:\windows\system32\taskhostex.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Elantech\ETDIntelligent.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Users\Andrea\AppData\Local\FilesFrog Update Checker\update_checker.exe
C:\Users\Andrea\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
C:\Program Files (x86)\USB Camera\VM331STI.EXE
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: {96f454ea-9d38-474f-b504-56193e00c1a5} - <orphaned>
mURLSearchHooks: {96f454ea-9d38-474f-b504-56193e00c1a5} - <orphaned>
uWindows: Load = C:\Users\Andrea\LOCALS~1\Temp\cchmoavw.com
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: {96f454ea-9d38-474f-b504-56193e00c1a5} - <orphaned>
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [sDP] C:\Users\Andrea\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto 
uRun: [AppsHat] C:\Users\Andrea\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe
mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
mRun: [331BigDog] C:\Program Files (x86)\USB Camera\VM331STI.EXE
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
mRun: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\Users\Andrea\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} - 
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A4587C0F-6359-4E7F-8AC3-A8DFBC15CD85} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A4587C0F-6359-4E7F-8AC3-A8DFBC15CD85}\05C44445D4974435C4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A4587C0F-6359-4E7F-8AC3-A8DFBC15CD85}\35D6162747022427F6F5631373436463 : DHCPNameServer = 192.168.0.1 192.168.0.1
TCP: Interfaces\{A4587C0F-6359-4E7F-8AC3-A8DFBC15CD85}\54749402451666470245F677562702C4566647027596E676 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A4587C0F-6359-4E7F-8AC3-A8DFBC15CD85}\A4F656C602742796666696478637 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{A4587C0F-6359-4E7F-8AC3-A8DFBC15CD85}\D69775966496 : DHCPNameServer = 192.168.9.206
TCP: Interfaces\{A4587C0F-6359-4E7F-8AC3-A8DFBC15CD85}\F4E6560214273686562772370205C6163656 : DHCPNameServer = 10.10.10.1 203.167.97.66 203.167.97.200
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\windows\syswow64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\s7agalmy.default\
FF - prefs.js: browser.search.selectedEngine - Bing 
FF - plugin: C:\Program Files (x86)\FreeRide Games\npExentControl.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\s7agalmy.default\extensions\{97A78363-B868-4B48-AC91-A783A31215AF}\plugins\npMinibarPlugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - ExtSQL: 2013-07-20 20:04; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-08-23 18:36; 05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com; C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\s7agalmy.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.privitize.hpOld0 - 
FF - user.js: extensions.privitize.id - 424b4427000000000000689423fca26a
FF - user.js: extensions.privitize.appId - {301966DF-A84B-4255-AAB9-574B5CE237E4}
FF - user.js: extensions.privitize.instlDay - 15870
FF - user.js: extensions.privitize.vrsn - 1.8.21.6
FF - user.js: extensions.privitize.vrsni - 1.8.21.6
FF - user.js: extensions.privitize.vrsnTs - 1.8.21.618:41:49
FF - user.js: extensions.privitize.prtnrId - privitize
FF - user.js: extensions.privitize.prdct - privitize
FF - user.js: extensions.privitize.aflt - 5
FF - user.js: extensions.privitize.smplGrp - none
FF - user.js: extensions.privitize.tlbrId - base
FF - user.js: extensions.privitize.instlRef - 
FF - user.js: extensions.privitize.dfltLng - 
FF - user.js: extensions.privitize.excTlbr - false
FF - user.js: extensions.privitize.ffxUnstlRst - false
FF - user.js: extensions.privitize.admin - false
FF - user.js: extensions.privitize.autoRvrt - false
FF - user.js: extensions.privitize.rvrt - false
FF - user.js: extensions.privitize.hmpg - true
FF - user.js: extensions.privitize.dfltSrch - true
FF - user.js: extensions.privitize.srchPrvdr - Search The Web (privitize)
FF - user.js: extensions.privitize.dnsErr - true
FF - user.js: extensions.privitize.newTab - true
FF - user.js: extentions.webcake.installId - 537a3ef3-1011-4851-b457-a514e18e837b
FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 424b4427000000000000689423fca26a
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15871
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.521:07:07
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119776&tt=120613_adn
FF - user.js: extensions.delta_i.babExt - 
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\windows\System32\Drivers\aswRvrt.sys [2013-7-20 65336]
R0 aswVmm;aswVmm;C:\windows\System32\Drivers\aswVmm.sys [2013-7-20 204880]
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2013-2-8 645952]
R0 LHDmgr;LHDmgr;C:\windows\System32\Drivers\LhdX64.sys [2013-2-8 39008]
R0 nvpciflt;nvpciflt;C:\windows\System32\Drivers\nvpciflt.sys [2013-2-8 30056]
R1 aswFW;avast! TDI Firewall Driver;C:\windows\System32\Drivers\aswFW.sys [2013-9-4 131232]
R1 aswKbd;aswKbd;C:\windows\System32\Drivers\aswKbd.sys [2013-9-4 22600]
R1 aswNdisFlt;Avast! Firewall Driver;C:\windows\System32\Drivers\aswNdisFlt.sys [2013-9-4 276992]
R1 aswSnx;aswSnx;C:\windows\System32\Drivers\aswSnx.sys [2013-7-20 1030952]
R1 aswSP;aswSP;C:\windows\System32\Drivers\aswSP.sys [2013-7-20 378944]
R2 aswFsBlk;aswFsBlk;C:\windows\System32\Drivers\aswFsBlk.sys [2013-7-20 33400]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\Drivers\aswMonFlt.sys [2013-7-20 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-4 46808]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2013-9-4 137960]
R2 BcmBtRSupport;Bluetooth Radio Control Service;C:\windows\System32\BtwRSupportService.exe [2013-2-8 2227992]
R2 CxAudMsg;Conexant Audio Message Service;C:\windows\System32\CxAudMsg64.exe [2013-2-8 201376]
R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2012-11-22 83968]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-2-8 166720]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-2 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-2 701512]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-11-18 70152]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-14 3291008]
R2 TabletServiceWacom;TabletServiceWacom;C:\windows\System32\Wacom_Tablet.exe [2013-6-9 5876008]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-2-8 365376]
R2 X5XSEx_Pr148;X5XSEx_Pr148;C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.sys [2013-2-8 56136]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\Drivers\AcpiVpc.sys [2012-5-15 33560]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\windows\System32\Drivers\bcbtums.sys [2013-2-8 169240]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
R3 btwampfl;btwampfl Bluetooth filter driver;C:\windows\System32\Drivers\btwampfl.sys [2013-2-8 161144]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\Drivers\btwl2cap.sys [2013-2-8 40248]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\Drivers\ETD.sys [2012-11-22 323920]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2012-8-14 342528]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\Drivers\L1C63x64.sys [2012-8-14 110744]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2013-9-2 25928]
R3 vm331avs;Digital Camera 1;C:\windows\System32\Drivers\vm331avs.sys [2013-2-8 975104]
S2 BrowserDefendert;BrowserDefendert;C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe --> C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;C:\windows\System32\Drivers\InputFilter_FlexDef2b.sys [2010-6-19 17920]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUVStor.sys [2013-2-8 315536]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 wacmoumonitor;Wacom Mode Helper;C:\windows\System32\Drivers\wacmoumonitor.sys [2013-6-9 18216]
S3 wsvd;wsvd;C:\windows\System32\Drivers\wsvd.sys [2013-2-8 102376]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [userChoice]
.
=============== Created Last 30 ================
.
2013-09-14 03:44:10 265392 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10216.bin
2013-09-13 23:12:48 78296 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-13 23:12:47 694232 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-09-13 22:27:15 4038144 ----a-w- C:\windows\System32\win32k.sys
2013-09-13 22:26:59 195416 ----a-w- C:\windows\System32\drivers\sdbus.sys
2013-09-13 22:22:30 9430408 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2013-09-08 22:52:24 -------- d-----w- C:\Users\Andrea\AppData\Local\avgchrome
2013-09-08 22:52:06 -------- d-----w- C:\ProgramData\BrowserDefender
2013-09-08 22:49:29 -------- d-----w- C:\Users\Andrea\AppData\Local\Bundled software uninstaller
2013-09-08 22:49:09 -------- d-----w- C:\Users\Andrea\AppData\Local\AppsHat Mobile Apps
2013-09-08 22:49:05 -------- d-----w- C:\Users\Andrea\AppData\Local\WebPlayer
2013-09-08 22:47:42 -------- d-----w- C:\Users\Andrea\AppData\Local\FilesFrog Update Checker
2013-09-05 02:59:17 131232 ----a-w- C:\windows\System32\drivers\aswFW.sys
2013-09-05 02:58:55 22600 ----a-w- C:\windows\System32\drivers\aswKbd.sys
2013-09-05 02:58:48 276992 ----a-w- C:\windows\System32\drivers\aswNdisFlt.sys
2013-09-05 02:44:39 -------- d-----w- C:\ldiag
2013-09-03 02:02:04 -------- d-----w- C:\Users\Andrea\AppData\Roaming\Malwarebytes
2013-09-03 02:01:48 -------- d-----w- C:\ProgramData\Malwarebytes
2013-09-03 02:01:43 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-09-03 02:01:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-30 02:17:09 -------- d-----w- C:\Program Files\Sony
2013-08-24 03:16:12 -------- d-----w- C:\Program Files (x86)\Sony
2013-08-24 01:36:31 -------- d-----w- C:\Program Files (x86)\hosts
2013-08-24 01:36:17 -------- d-----w- C:\Program Files (x86)\DownLite
2013-08-22 22:23:58 -------- d-----w- C:\ATI
2013-08-17 04:40:41 1314816 ----a-w- C:\windows\System32\rpcrt4.dll
2013-08-17 04:40:40 694272 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2013-08-17 04:40:37 2233168 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-08-17 04:36:11 1889280 ----a-w- C:\windows\System32\crypt32.dll
2013-08-17 04:36:11 1568256 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-08-17 04:36:10 337408 ----a-w- C:\windows\System32\wintrust.dll
2013-08-17 04:36:10 261120 ----a-w- C:\windows\SysWow64\wintrust.dll
2013-08-17 04:36:09 87040 ----a-w- C:\windows\SysWow64\apprepapi.dll
2013-08-17 04:36:09 124416 ----a-w- C:\windows\System32\apprepapi.dll
2013-08-17 04:36:08 98304 ----a-w- C:\windows\System32\apprepsync.dll
2013-08-17 04:36:08 68096 ----a-w- C:\windows\System32\cryptsvc.dll
2013-08-17 04:36:07 74240 ----a-w- C:\windows\SysWow64\apprepsync.dll
.
==================== Find3M  ====================
.
2013-08-30 07:48:10 72016 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2013-08-30 07:48:10 65336 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2013-08-30 07:48:10 204880 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2013-08-30 07:48:10 1030952 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2013-08-30 07:48:09 80816 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2013-08-30 07:47:40 41664 ----a-w- C:\windows\avastSS.scr
2013-08-21 04:12:06 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-08-21 04:11:59 915968 ----a-w- C:\windows\System32\uxtheme.dll
2013-08-21 04:11:59 53760 ----a-w- C:\windows\System32\UXInit.dll
2013-08-21 04:11:07 3959296 ----a-w- C:\windows\System32\jscript9.dll
2013-08-21 04:11:04 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-08-21 04:11:04 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-08-21 02:34:51 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-08-21 02:06:11 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-08-21 02:06:06 44032 ----a-w- C:\windows\SysWow64\UXInit.dll
2013-08-21 02:05:28 2876928 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-08-21 02:05:25 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-08-21 02:05:25 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-08-21 01:43:54 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-08-20 23:52:56 534528 ----a-w- C:\windows\SysWow64\uxtheme.dll
2013-08-16 05:41:13 58200 ----a-w- C:\windows\System32\drivers\dam.sys
2013-08-16 05:39:26 2371728 ----a-w- C:\windows\System32\WSService.dll
2013-08-16 05:32:48 209200 ----a-w- C:\windows\System32\NotificationUI.exe
2013-08-16 05:22:22 40448 ----a-w- C:\windows\System32\wuapp.exe
2013-08-16 05:22:11 4917760 ----a-w- C:\windows\System32\sppsvc.exe
2013-08-16 05:20:30 105984 ----a-w- C:\windows\System32\WinSetupUI.dll
2013-08-15 22:43:21 35328 ----a-w- C:\windows\SysWow64\wuapp.exe
2013-08-15 22:43:07 84992 ----a-w- C:\windows\SysWow64\wudriver.dll
2013-08-15 22:43:07 126976 ----a-w- C:\windows\SysWow64\wuwebv.dll
2013-08-15 22:43:03 562688 ----a-w- C:\windows\SysWow64\WSShared.dll
2013-08-15 22:43:03 159232 ----a-w- C:\windows\SysWow64\WSSync.dll
2013-08-15 22:43:02 83968 ----a-w- C:\windows\SysWow64\OEMLicense.dll
2013-08-15 22:43:02 167424 ----a-w- C:\windows\SysWow64\WSClient.dll
2013-08-15 22:43:02 143872 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.dll
2013-08-15 22:43:02 124928 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-08-15 22:42:52 76800 ----a-w- C:\windows\SysWow64\setupcln.dll
2013-08-15 22:42:47 91648 ----a-w- C:\windows\SysWow64\sppc.dll
2013-07-19 17:10:59 583168 ----a-w- C:\windows\System32\mscms.dll
2013-07-19 17:10:58 2219520 ----a-w- C:\windows\System32\dwmcore.dll
2013-07-09 08:04:07 120144 ----a-w- C:\windows\System32\drivers\msgpioclx.sys
2013-07-09 06:18:21 439488 ----a-w- C:\windows\System32\WerFault.exe
2013-07-09 04:25:45 385768 ----a-w- C:\windows\SysWow64\WerFault.exe
2013-07-09 03:57:19 245760 ----a-w- C:\windows\SysWow64\LocationApi.dll
2013-07-08 22:46:00 543744 ----a-w- C:\windows\System32\wwanmm.dll
2013-07-08 22:46:00 414208 ----a-w- C:\windows\System32\wwanconn.dll
2013-07-08 22:46:00 370688 ----a-w- C:\windows\System32\Wwanadvui.dll
2013-07-08 22:45:16 312832 ----a-w- C:\windows\System32\LocationApi.dll
2013-07-06 00:16:17 1025024 ----a-w- C:\windows\System32\localspl.dll
2013-07-03 00:23:43 391168 ----a-w- C:\windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-07-03 00:23:12 778752 ----a-w- C:\windows\System32\oleaut32.dll
2013-07-03 00:22:26 1300480 ----a-w- C:\windows\System32\gdi32.dll
2013-07-03 00:11:23 268800 ----a-w- C:\windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
2013-07-03 00:11:02 551424 ----a-w- C:\windows\SysWow64\oleaut32.dll
2013-07-02 00:44:14 36288 ----a-w- C:\windows\System32\drivers\WdBoot.sys
2013-07-01 22:08:49 247216 ----a-w- C:\windows\System32\drivers\WdFilter.sys
2013-06-30 22:30:14 67072 ----a-w- C:\windows\SysWow64\openfiles.exe
2013-06-30 22:29:22 77312 ----a-w- C:\windows\System32\openfiles.exe
2013-06-29 06:15:47 125784 ----a-w- C:\windows\System32\drivers\dumpsd.sys
2013-06-29 05:43:16 327512 ----a-w- C:\windows\System32\drivers\Classpnp.sys
2013-06-29 01:12:01 1022464 ----a-w- C:\windows\SysWow64\gdi32.dll
2013-06-26 03:01:38 321536 ----a-w- C:\windows\System32\drivers\udfs.sys
2013-06-26 02:59:34 341504 ----a-w- C:\windows\System32\drivers\HdAudio.sys
2013-06-24 22:54:52 447488 ----a-w- C:\windows\System32\wwansvc.dll
2013-06-24 22:54:45 74240 ----a-w- C:\windows\System32\wcmcsp.dll
2013-06-24 22:54:45 263680 ----a-w- C:\windows\System32\wcmsvc.dll
2013-06-19 05:36:21 183808 ----a-w- C:\windows\System32\winmmbase.dll
2013-06-19 05:36:21 115712 ----a-w- C:\windows\System32\winmm.dll
2013-06-18 22:38:00 160256 ----a-w- C:\windows\SysWow64\winmmbase.dll
2013-06-18 22:38:00 125440 ----a-w- C:\windows\SysWow64\winmm.dll
.
============= FINISH: 20:49:24.34 ===============
 


 

Link to post
Share on other sites

here is the rogue killer report

 

RogueKiller V8.6.11 [sep 11 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Andrea [Admin rights]
Mode : Scan -- Date : 09/14/2013 21:07:49
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 2 ¤¤¤
[sUSP PATH] update_checker.exe -- C:\Users\Andrea\AppData\Local\FilesFrog Update Checker\update_checker.exe [7] -> KILLED [TermProc]
[sUSP PATH] WebPlayer.exe -- C:\Users\Andrea\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe [-] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : SDP (C:\Users\Andrea\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto  [7]) -> FOUND
[RUN][sUSP PATH] HKCU\[...]\Run : AppsHat (C:\Users\Andrea\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe [-]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-629406413-2961214789-3571693237-1002\[...]\Run : SDP (C:\Users\Andrea\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto  [7]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-629406413-2961214789-3571693237-1002\[...]\Run : AppsHat (C:\Users\Andrea\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe [-]) -> FOUND
[sHELL][sUSP PATH] HKCU\[...]\Windows : load (C:\Users\Andrea\LOCALS~1\Temp\cchmoavw.com [x]) -> FOUND
[sHELL][sUSP PATH] HKUS\[...]\Windows : load (C:\Users\Andrea\LOCALS~1\Temp\cchmoavw.com [x]) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 2 ¤¤¤
[V2][sUSP PATH] EPUpdater : C:\Users\Andrea\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [x] -> FOUND
[V2][sUSP PATH] OFFICE2010ACT : C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [-] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: ST750LM022 HN-M750MBB +++++
--- User ---
[MBR] d3ea4671b1ac6cf2895a4ad0aa7ee161
[bSP] 73ab7ca733a0f9d527bd6fc7ed62168b : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_09142013_210748.txt >>
RKreport[0]_S_09132013_151617.txt;RKreport[0]_S_09132013_152628.txt
 
 

 

Link to post
Share on other sites

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

 

[sHELL][sUSP PATH] HKCU\[...]\Windows : load (C:\Users\Andrea\LOCALS~1\Temp\cchmoavw.com [x]) -> FOUND

[sHELL][sUSP PATH] HKUS\[...]\Windows : load (C:\Users\Andrea\LOCALS~1\Temp\cchmoavw.com [x]) -> FOUND

[V2][sUSP PATH] EPUpdater : C:\Users\Andrea\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [x] -> FOUND

Now click Delete on the right hand column under Options

-------------

Then...........

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.