Jump to content

MALWAREBYTES BLOCKED ACCESS TO MALICIOUS WEBSITE PORT 6881 EXPLORER .EXE


Recommended Posts

Help!

 

So long short story, I am writing on here because I wanna get rid of this strange behavior on my laptop (for  once and all) Its been WEEKS since google chrome hadnt been loading pages, only IE. I thought it was a chrome update issue, so I did research and ran anti rootkits like TDSKILLER just in case & updated stupid windows updates, everytime I rebooted system, google wasnt accessing the internet nevertheless, only IE worked. 

 

 

Until today I was able to navigate back again after running anti malware scan,  Malwarebytes Anti-Rootkit and adwcleaner, THEN I regained access to the web, tested/navigated on chrome/safari/IE

NOW..I kept getting the following message:

 

 

Successfully blocked access to a potentially malicious website: 222.65.145. 167
Type: outgoing
Port:6881
Process: explorer.exe

 

IP HAD changed 3 times so far..

AVAST ANTIVIRUS detected NOTHING. WILLING to do ANY report if needed, let me know,

please assist

I hope someone helps me get rid of this for good ! :excl: 

 

Specifics: Windows 7, 64bits, Avast Antivirus, Firewall is on, Malaware is installed. 

 

 

Link to post
Share on other sites

  • Replies 67
  • Created
  • Last Reply

Top Posters In This Topic

here is malware report I ran this morning

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.12.23.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
wiz :: WIZ-PC [administrator]
 
Protection: Enabled
 
12/23/2013 9:12:52 AM
mbam-log-2013-12-23 (09-12-52).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215670
Time elapsed: 9 minute(s), 35 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 1
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: 11111111 -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Thanks! I am sorry i took forever to reply, I followed the steps, 

 

first two reports:

 

ATTACHT.TXT :

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 1/19/2010 1:19:25 PM
System Uptime: 12/23/2013 2:36:40 PM (1 hours ago)
.
Motherboard: Hewlett-Packard |  | 3656
Processor: AMD Athlon Neo X2 Dual Core Processor L335 | Socket AM2/S1G2 | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 54.387 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 2.152 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.093 GiB free.
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: HP Integrated Module with Bluetooth 2.1 Wireless Technology
Device ID: USB\VID_03F0&PID_231D\5&3A58DD53&0&2
Manufacturer: Broadcom
Name: HP Integrated Module with Bluetooth 2.1 Wireless Technology
PNP Device ID: USB\VID_03F0&PID_231D\5&3A58DD53&0&2
Service: BTHUSB
.
==== System Restore Points ===================
.
RP352: 12/9/2013 4:57:54 PM - Windows Update
RP353: 12/10/2013 1:55:16 PM - Windows Update
RP354: 12/13/2013 2:14:23 PM - Windows Update
RP355: 12/14/2013 5:14:15 PM - Windows Update
RP356: 12/15/2013 10:41:28 AM - Windows Update
RP357: 12/17/2013 9:18:26 AM - Windows Update
RP358: 12/17/2013 11:42:34 AM - HPSF Restore Point
RP359: 12/17/2013 12:02:09 PM - Windows Update
RP360: 12/17/2013 2:03:53 PM - Windows Update
RP361: 12/17/2013 2:18:49 PM - Windows Update
RP362: 12/17/2013 4:45:32 PM - Windows Update
RP363: 12/17/2013 10:32:28 PM - Windows Update
RP364: 12/20/2013 10:18:34 PM - Windows Update
RP365: 12/21/2013 7:41:00 PM - Installed Safari
RP366: 12/21/2013 9:05:34 PM - Windows Update
RP367: 12/21/2013 11:34:06 PM - Windows Update
RP368: 12/22/2013 2:08:11 PM - Malwarebytes Anti-Rootkit Restore Point
RP369: 12/22/2013 6:41:41 PM - Removed Pcsx2 0.9.6
RP370: 12/22/2013 7:04:54 PM - avast! antivirus system restore point
RP371: 12/22/2013 7:43:22 PM - Installed Java 7 Update 45 (64-bit)
RP372: 12/22/2013 11:19:40 PM - Windows Update
RP373: 12/23/2013 10:52:00 AM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
AAC Decoder
Acrobat.com
Adobe AIR
Adobe Anchor Service CS4
Adobe Anchor Service x64 CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe CMaps x64 CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe CSI CS4 x64
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe Drive CS4 x64
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Fonts All x64
Adobe Linguistics CS4
Adobe Linguistics CS4 x64
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe PDF Library Files x64 CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 (64 Bit)
Adobe Photoshop CS4 Support
Adobe Reader 9.5.5 MUI
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player
Adobe Type Support CS4
Adobe Type Support x64 CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe WinSoft Linguistics Plugin x64
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Aimersoft DVD Ripper(Build 2.6.1.0)
Aiseesoft TS Video Converter 6.2.16
Alcor Micro USB Card Reader
Alps Touch Pad Driver
AMD USB Filter Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
ATI Catalyst Install Manager
AutoUpdate
avast! Free Antivirus
BlackBerry Device Software Updater
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Combined Community Codec Pack 2011-11-11
Connect
Control ActiveX de Windows Live Sync para conexiones remotas (español)
CyberLink DVD Suite
D3DX10
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
DiskAid 5.46
DivX Codec
DivX Plus DirectShow Filters
DivX Plus Media Foundation Components
DivX Plus Web Player
DivX Version Checker
DVD Menu Pack for HP MediaSmart Video
ESU for Microsoft Windows 7
Facebook Plug-In
ffdshow v1.2.4422 [2012-04-09]
Galería fotográfica de Windows Live Beta
Google Chrome
Google Update Helper
Guitar Pro 5.2
H.264 Decoder
Hewlett-Packard ACLM.NET v1.1.1.0
High-Definition Video Playback
HP 3D DriveGuard
HP Advisor
HP Customer Experience Enhancements
HP Games
HP Integrated Module with Bluetooth wireless technology
HP MediaSmart Internet TV
HP MediaSmart Music/Photo/Video
HP MediaSmart SlingPlayer
HP MediaSmart SmartMenu
HP MediaSmart Software Notebook Demo
HP MediaSmart Webcam
HP MediaSmart/TouchSmart Netflix
HP Quick Launch Buttons
HP QuickWeb
HP Setup
HP Smart Web Printing 4.60
HP Support Assistant
HP Update
HP User Guides 0174
HP Wireless Assistant
Hulu Desktop
IDT Audio
iPhone Explorer 0.992
iTunes
Java 7 Update 45
Java 7 Update 45 (64-bit)
Java Auto Updater
Java 6 Update 20
Java 6 Update 22 (64-bit)
Java 6 Update 26
Java SE Development Kit 6 Update 15 (64-bit)
Junk Mail filter update
kuler
LabelPrint
LG Media Center
Los Sims™ 3
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Messenger Companion
Messenger Plus! 5
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft WSE 3.0 Runtime
MKV Splitter
MobileMe Control Panel
Movie Theme Pack for HP MediaSmart Video
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Norton Online Backup
Pazera Free Audio Extractor 1.4
PDF Settings CS4
Photoshop Camera Raw
Photoshop Camera Raw_x64
Power2Go
PowerDirector
PPÖúÊÖ PC°æ 1.1.0.0
QLBCASL
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver For Windows Vista and Later
RealUpgrade 1.1
Recovery Manager
Safari
Security Update for Microsoft Excel 2010 (KB2826033) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 64-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 64-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
SmartWebPrinting
Subtitle Workshop 2.51
Suite Shared Configuration CS4
Tongbu Assistant 2.0.9.0
Topaz DeNoise 5
Topaz DeNoise 5 (64-bit)
TSST OEM Content
Uninstall 1.0.0.1
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition
VC80CRTRedist - 8.0.50727.4053
Vegas Movie Studio Platinum 9.0
VLC media player 2.1.2
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials Beta
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common Beta
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync Beta
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
WinRAR 5.01 (64-bit)
WinRAR archiver
WinSCP 4.2.8
Word Magic Translator Professional Plus 5.0
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
12/23/2013 2:58:33 PM, Error: Microsoft-Windows-DNS-Client [1012]  - There was an error while attempting to read the local hosts file.
12/23/2013 2:37:05 PM, Error: atikmdag [52236]  - CPLIB :: General - Invalid Parameter
12/22/2013 8:33:04 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
12/22/2013 8:33:04 PM, Error: Service Control Manager [7000]  - The Windows Live ID Sign-in Assistant service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12/22/2013 6:29:04 PM, Error: Service Control Manager [7024]  - The Avira Mail Protection service terminated with service-specific error Incorrect function..
12/22/2013 6:22:24 PM, Error: Service Control Manager [7034]  - The DeviceVM Meta Data Export Service service terminated unexpectedly.  It has done this 1 time(s).
12/22/2013 2:11:01 PM, Error: Service Control Manager [7038]  - The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/22/2013 2:11:01 PM, Error: Service Control Manager [7000]  - The Print Spooler service failed to start due to the following error:  The service did not start due to a logon failure.
12/22/2013 2:10:01 PM, Error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/22/2013 2:09:44 PM, Error: Service Control Manager [7031]  - The Avira FireWall service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
12/21/2013 6:57:04 PM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
12/21/2013 6:50:33 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
12/21/2013 6:50:33 PM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12/21/2013 6:50:32 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/21/2013 6:50:31 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
12/21/2013 6:50:21 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
12/20/2013 6:56:17 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Update BuzzSearch service to connect.
12/20/2013 6:56:17 PM, Error: Service Control Manager [7000]  - The Update BuzzSearch service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12/17/2013 9:17:28 AM, Error: Service Control Manager [7024]  - The Avira Web Protection service terminated with service-specific error Incorrect function..
.
==== End Of File ===========================
 
 
****DDS.TXT:
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by wiz at 15:02:44 on 2013-12-23
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3836.2253 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5ea32181aefd3364\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5ea32181aefd3364\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\SPLASH.SYS\config\DVMExportService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: BHOImpl Class: {E1499FE7-129D-4B6E-B681-DDF21E14172C} - 
BHO: ͬ²½Ò»¼ü°²×°Ö§³Ö: {F72C8153-7140-4FEE-8F69-CA4579D71195} - C:\Program Files (x86)\Tongbu\Addin\tbIEAddin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [AdobeBridge] <no file>
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRun: [HanaConnect] "C:\Program Files (x86)\HanaMobile\HanaConnect\StarterApp.exe"
dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 192.168.2.7 190.113.97.11
TCP: Interfaces\{E0AA1266-A404-4E91-8709-E5B7D751B056} : DHCPNameServer = 192.168.2.7 190.113.97.11
TCP: Interfaces\{E0AA1266-A404-4E91-8709-E5B7D751B056}\35F6276797 : DHCPNameServer = 192.168.2.7 190.113.97.11
TCP: Interfaces\{E0AA1266-A404-4E91-8709-E5B7D751B056}\449464553594F4E4029502445435142525F4C4C4F4D296E66796471646F6 : DHCPNameServer = 186.32.0.99 186.177.16.220
TCP: Interfaces\{E0AA1266-A404-4E91-8709-E5B7D751B056}\D4F6E6475627F6 : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: BHOImpl Class: {E1499FE7-129D-4B6E-B681-DDF21E14172C} - 
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-12-22 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-12-22 207904]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-12-22 1034464]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-12-22 422216]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-2-7 283200]
R1 DVMIO;DVMIO;C:\SPLASH.SYS\config\dvmio.sys [2009-9-27 21624]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5ea32181aefd3364\AESTSr64.exe [2009-12-19 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-9-22 203264]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-12-22 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-12-22 50344]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SPLASH.SYS\config\DVMExportService.exe [2009-7-8 323584]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-8 30520]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-21 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-21 701512]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-11-26 227896]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-10-18 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-12-19 291328]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-12-19 34872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-9-29 40448]
S3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2013-12-22 79672]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-12-19 35104]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-2-6 1038088]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-1-25 48488]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-13 111616]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-17 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-11-15 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-12-23 15:09:47 89162 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmp667F.exe
2013-12-23 01:44:07 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-12-23 01:39:30 -------- d-----w- C:\Program Files (x86)\RealNetworks
2013-12-23 01:39:24 -------- d-----w- C:\ProgramData\RealNetworks
2013-12-23 01:38:56 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2013-12-23 01:07:39 -------- d-----w- C:\Users\wiz\AppData\Roaming\AVAST Software
2013-12-23 01:06:50 79672 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2013-12-23 01:06:50 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-12-23 01:06:48 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-12-23 01:06:47 1034464 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-12-23 01:06:46 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-12-23 01:06:45 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-12-23 01:06:30 43152 ----a-w- C:\Windows\avastSS.scr
2013-12-23 01:05:34 -------- d-----w- C:\Program Files\AVAST Software
2013-12-23 01:04:17 -------- d-----w- C:\ProgramData\AVAST Software
2013-12-23 00:08:42 -------- d-----w- C:\AdwCleaner
2013-12-22 05:16:21 89304 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2013-12-21 01:02:02 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{279DDA5D-B846-417C-A18B-21E889D7207C}\mpengine.dll
2013-12-13 20:19:51 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-13 20:19:51 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-13 20:19:50 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-13 20:19:48 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-13 19:16:32 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-12-13 19:16:32 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-12-13 19:16:28 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-12-13 19:16:23 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-12-13 19:16:23 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-12-13 19:16:18 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-12-13 19:16:18 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-12-13 19:16:13 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-12-13 19:16:13 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-12-13 19:16:04 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-12-13 19:16:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-12-13 19:15:41 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-12-13 19:15:40 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-12-13 19:15:40 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-12-13 19:15:40 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-12-13 19:15:40 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-12-13 19:15:40 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-12-13 19:15:40 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-12-13 19:15:40 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-12-09 22:26:54 -------- d-----w- C:\Windows\pss
2013-11-26 22:25:47 -------- d-----w- C:\Windows\Migration
2013-11-26 20:55:05 2871808 ----a-w- C:\Windows\explorer.exe
2013-11-26 20:55:05 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2013-11-26 20:55:02 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-11-26 20:55:02 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-11-26 20:54:51 67072 ----a-w- C:\Windows\splwow64.exe
2013-11-26 20:54:51 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2013-11-26 17:46:55 -------- d-----w- C:\Windows\System32\MRT
2013-11-26 17:03:54 -------- d-----w- C:\TDSSKiller_Quarantine
2013-11-26 16:09:19 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-26 16:09:19 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-26 16:09:18 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-26 16:09:18 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-26 16:09:18 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-26 16:09:18 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-26 16:09:18 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-24 18:00:40 633856 ----a-w- C:\Windows\System32\comctl32.dll
2013-11-24 18:00:40 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2013-11-24 18:00:35 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2013-11-24 18:00:35 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2013-11-24 18:00:35 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2013-11-24 18:00:35 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2013-11-24 17:58:58 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-11-24 17:58:58 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-11-24 17:56:58 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-11-24 17:56:58 111448 ----a-w- C:\Windows\System32\consent.exe
2013-11-24 17:56:16 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-11-24 17:56:16 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-11-24 17:56:10 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-11-24 17:56:10 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-11-24 17:56:09 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-11-24 17:56:09 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-11-24 17:56:09 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-11-24 17:56:09 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-11-24 17:55:31 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-11-24 17:54:21 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-11-24 17:54:15 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-11-24 17:54:14 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-11-24 17:54:14 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-11-24 17:54:13 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-11-24 17:54:12 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-11-24 17:54:11 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-11-24 17:54:11 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-11-24 17:52:40 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-11-24 17:52:40 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-11-24 17:52:36 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2013-11-24 17:52:35 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2013-11-24 17:49:50 76800 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2013-11-24 17:49:49 32896 ----a-w- C:\Windows\System32\drivers\hidparse.sys
2013-11-24 17:49:47 259584 ----a-w- C:\Windows\System32\WebClnt.dll
2013-11-24 17:49:47 205824 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2013-11-24 17:49:46 81920 ----a-w- C:\Windows\SysWow64\davclnt.dll
2013-11-24 17:49:46 140800 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2013-11-24 17:49:46 102400 ----a-w- C:\Windows\System32\davclnt.dll
2013-11-24 17:49:39 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-11-24 17:49:39 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-11-24 17:49:35 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2013-11-24 17:47:33 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-11-24 17:47:29 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-11-24 17:47:29 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-11-24 17:47:28 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-11-24 17:43:10 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-11-24 17:43:10 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-11-24 17:42:55 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-11-24 17:42:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-11-24 17:41:57 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-11-24 17:41:57 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-11-24 17:41:55 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-11-24 17:41:55 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-11-24 17:40:43 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-11-24 17:40:43 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-11-24 17:40:40 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-11-24 17:40:27 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-11-24 17:40:26 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-11-24 17:40:22 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-11-24 17:40:22 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-11-24 17:40:19 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-11-24 17:40:19 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-11-24 17:40:19 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-11-24 17:38:54 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-11-24 17:38:53 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-11-24 17:38:53 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-11-24 17:38:53 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-11-24 17:38:52 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-11-24 17:38:38 461312 ----a-w- C:\Windows\System32\scavengeui.dll
.
==================== Find3M  ====================
.
2013-12-13 20:11:36 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-13 20:11:36 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 18:36:20 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-20 21:01:35 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-11-20 21:01:34 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-11-19 09:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-10-08 13:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
.
============= FINISH: 15:04:53.26 ===============
 
 
 RogueKiller report:(which cant help but see zelda's triforce sign)
 
 
RogueKiller V8.7.13 _x64_ [Dec 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : wiz [Admin rights]
Mode : Scan -- Date : 12/23/2013 15:35:24
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH][DLL] explorer.exe -- C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll [x] -> UNLOADED
[sUSP PATH][DLL] explorer.exe -- C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopCore.dll [x] -> UNLOADED
 
¤¤¤ Registry Entries : 6 ¤¤¤
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 2 ¤¤¤
[V2][sUSP PATH] AppIs : C:\Users\wiz\AppData\Local\AppIs\appis.exe [x] -> FOUND
[V2][sUSP PATH] IPopUpdate : C:\Users\wiz\AppData\Local\Ipop\update.exe - admin [x] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Folder] Install : C:\Users\wiz\AppData\Local\Google\Desktop\Install [-] --> FOUND
[ZeroAccess][Folder] Install : C:\Program Files (x86)\Google\Desktop\Install [-] --> FOUND
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection : ZeroAccess ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9320423AS ATA Device +++++
--- User ---
[MBR] a49bf6b5a6e364f137bdab537bf7683a
[bSP] fb630b35af561af2b26f4c0630bc5f2f : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 290063 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 594458624 | Size: 14878 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_12232013_153524.txt >>
 
 
 
** After Roguekiller finished it popped up on browser a ZeroAccess removal with RogueKiller page, and inside RogueQuarantine folder  there is a file called: PhysicalDrive0_User.dat
 
 
Thanks for your help! waiting on here .
Link to post
Share on other sites

Because it says ZeroAccess, I have to give you this warning:

Please read the following information first.
 

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall
http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

I would change all my passwords and keep a close eye on all your sensitive accounts.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


-----------------------------------------

Run RogueKiller again and click Scan
When the scan completes > click on the Files tab
Put a check next to all of these and uncheck the rest: (if found)
 

[ZeroAccess][Folder] Install : C:\Users\wiz\AppData\Local\Google\Desktop\Install [-] --> FOUND
[ZeroAccess][Folder] Install : C:\Program Files (x86)\Google\Desktop\Install [-] --> FOUND


Now click Delete on the right hand column under Options

Then......

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.
reply1.jpg

New window that comes up.
replyer1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:
If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
Internet access
Windows Update
Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.


MrC

Link to post
Share on other sites

Thanks mr charlie, so now I am a bit concerned indeed

Before continuing you said to only delete files ----> Put a check next to all of these and uncheck the rest: (if found)"

1-should I only delete The ones you wrote down only?

2-**** I should change all passwords and stuff after we solve this right?, you can help to make sure it isn't that compromised no more? What do you recommend? Format?

And I will update here as soon as I get the reports

Link to post
Share on other sites

Before continuing you said to only delete files ----> Put a check next to all of these and uncheck the rest: (if found)"
1-should I only delete The ones you wrote down only?

Yes

2-**** I should change all passwords and stuff after we solve this right?
Yes

, you can help to make sure it isn't that compromised no more?
as best as possible

What do you recommend? Format?
No

And I will update here as soon as I get the reports
OK

MrC

Link to post
Share on other sites

These are to be deleted, they're actually folders and yes change you passwords when we're done but check you accounts now to make sure there's no illegal activity:

[ZeroAccess][Folder] Install : C:\Users\wiz\AppData\Local\Google\Desktop\Install [-] --> FOUND

[ZeroAccess][Folder] Install : C:\Program Files (x86)\Google\Desktop\Install [-] --> FOUND

MrC

Link to post
Share on other sites

Hello MrCharlie thank you for answering, Ok did all you said. Attached MBAR reports. mbar log, mbar text

 

I did 1more scan with mbar after reboot/clean up as you instructed, found nothing both times, 

So far, Internet Access , Firewall, Antivirus is working fine, but Windows Update is still showing like ALWAYS there is an update left

doesnt matter if I reboot, shut down, it says its installing but it always shows the [!] sign on menu (attached a picture, hope its ok)

 

Let me know whats next and if I my system is still a potential hacker target  hehe..thanks.

mbar-log-2013-12-26 (11-24-32).txt

mbar-log-2013-12-26 (11-58-49).txt

system-log.txt

post-153113-0-49130500-1388083433_thumb.

Link to post
Share on other sites

We're not done yet.......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Hope its oK to paste in here

 

 

ComboFix 13-12-26.01 - wiz 12/26/2013  13:54:48.1.2 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3836.2510 [GMT -6:00]

Running from: c:\users\wiz\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\1SH1KH9M.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\3K2B3IQB.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\4IJ6IQ4V.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\4J0H61MC.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\60VTLH0M.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\container.dat

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\IQFDAMAF.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\IVOIC7TP.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\IXBLZZ2Q.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\07IG6H4Y.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\1O23KRKN.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\1RYF58M2.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\256D61LY.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\2I7K0J52.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\317IDD2H.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\367LIG1O.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\3D3L7U0J.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\46AL0BZD.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\48HC5XQF.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\4M4J9KQB.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\554T70C4.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\56K6Q3NC.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\5XKKC11I.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\7T6W76NC.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\7VC7GAWA.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\81I4PC4S.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\8W8DH34R.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\942MG7MP.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\9W03WA40.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\A80YC8PW.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\AL04ALII.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\B4D808W0.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\C8XNY8ZY.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\container.dat

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\CZY0LN3I.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\DF7BTIP0.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\DW2LHDRR.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\F0ITB86A.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\FVE2FHX3.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\FWR6C5VR.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\GWNUKFYQ.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\HPR1M3PA.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\HR964NB5.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\HYA4X6FB.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\IUOIXNB6.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\J7B42PUW.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\JNV4BOP4.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\JYPU3K4P.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\KPF22NMX.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\KQ4YBJ2G.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\L1KIZKQZ.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\LTRRQ7OA.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\LWCGBG6O.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\MWT2EFH9.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\NAF4EWL8.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\NW6T4Z4C.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\NXIN4GBR.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\NYQ7L1IV.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\PUW33W4R.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\QVQXNLKO.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\R0C2OLPG.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\R2M4D1V8.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\SIAPQ0A1.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\SLJH9KN8.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\SLKZUDX7.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\T0P40RH4.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\TKJ5PYP8.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\TU930G51.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\TULHT0JD.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\UA263G5Y.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\UEWIF6RJ.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\UI802EHE.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\V5JN91HG.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\W2RBRACZ.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\W4AN8HMS.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\WC8LK30T.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\X4VOS7N0.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\XX7MWGC8.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\YEF4166H.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\YM7CZNQM.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\YVNT0S7G.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZD63PWVR.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZYJS5QT2.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\LPEB3ZGN.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\MVKOSK5D.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\O1NCKUDQ.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\PWU2CE8W.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\TEHKXEEG.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\XCTKVK3J.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\Y6FSBYU1.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Cookies\YEB41P8Q.txt

c:\users\wiz\AppData\Roaming\Microsoft\Windows\DNTException\container.dat

c:\users\wiz\AppData\Roaming\Microsoft\Windows\DNTException\Low\container.dat

c:\users\wiz\AppData\Roaming\Microsoft\Windows\IECompatCache\container.dat

c:\users\wiz\AppData\Roaming\Microsoft\Windows\IECompatCache\Low\container.dat

c:\users\wiz\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.dat

c:\users\wiz\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low\container.dat

c:\users\wiz\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.dat

c:\users\wiz\AppData\Roaming\Microsoft\Windows\IETldCache\Low\container.dat

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\PrivacIE\Low\container.dat

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\001LegendOfZelda013.jpg.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\01 mermaid pose-grab.jpg.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\anchor sketch flowers.jpg.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\ariel and pose.png.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\ariel collarbone.jpg.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\Ariel sugar skull ANCHOR TATTOO.docx.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\attach.txt.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\12dc1ea8e34b5a6.automaticDestinations-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\1b4dd67f29cb1962.automaticDestinations-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\1c479ed23d7616f9.automaticDestinations-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\290532160612e071.automaticDestinations-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\44a3621b32122d64.automaticDestinations-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\469e4a7982cea4d4.automaticDestinations-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\6d2622d3380e820e.automaticDestinations-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\74d7f43c1561fc1e.automaticDestinations-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\7593af37134fd767.automaticDestinations-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\7e4dca80246863e3.automaticDestinations-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\994be2f3cd8dd2ba.automaticDestinations-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\9b9cdc69c1c24e2b.automaticDestinations-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\9fda41b86ddcf1db.automaticDestinations-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\a5aa1f0803b39035.automaticDestinations-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\bd7ab401076a9757.automaticDestinations-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\Bluetooth Exchange Folder.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CD Drive.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\18c370c1790089fd.customDestinations-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\20f7bac4c86481f7.customDestinations-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\337ed59af273c758.customDestinations-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\54dc7cf90006bae4.customDestinations-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5afe4de1b92fc382.customDestinations-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms~RF6c5469.TMP

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d6f13ed567aa2da.customDestinations-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\83b03b46dcd30a0e.customDestinations-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\91617709c28931b7.customDestinations-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9645f58513b1a821.customDestinations-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a01c887317f3bcce.customDestinations-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b06a975b62567622.customDestinations-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b51952bd21c1f4ef.customDestinations-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b91050d8b077a4e8.customDestinations-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\bd249197a6faeff2.customDestinations-ms~RF114cd33.TMP

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\bd249197a6faeff2.customDestinations-ms~RF124bef.TMP

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\bd249197a6faeff2.customDestinations-ms~RF132c335.TMP

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\bd249197a6faeff2.customDestinations-ms~RF1342ce0.TMP

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\bd249197a6faeff2.customDestinations-ms~RF13bb467.TMP

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\bd249197a6faeff2.customDestinations-ms~RF146216c.TMP

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\bd249197a6faeff2.customDestinations-ms~RF148f00f.TMP

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\bd249197a6faeff2.customDestinations-ms~RF150bc44.TMP

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\bd249197a6faeff2.customDestinations-ms~RF1718b64.TMP

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\bd249197a6faeff2.customDestinations-ms~RF1994cb2.TMP

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\bd249197a6faeff2.customDestinations-ms~RF1995307.TMP

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\bd249197a6faeff2.customDestinations-ms~RF1da6023.TMP

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\bd249197a6faeff2.customDestinations-ms~RF1e0628.TMP

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\bd249197a6faeff2.customDestinations-ms~RF1f3ba91.TMP

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\bd249197a6faeff2.customDestinations-ms~RF301cce0.TMP

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\bd249197a6faeff2.customDestinations-ms~RF3208e1b.TMP

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\bd249197a6faeff2.customDestinations-ms~RF4a3d30.TMP

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\bd249197a6faeff2.customDestinations-ms~RF9fecf1.TMP

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\bd249197a6faeff2.customDestinations-ms~RFf7101c.TMP

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\bd249197a6faeff2.customDestinations-ms~RFf7aac4.TMP

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\bd249197a6faeff2.customDestinations-ms~RFffc6ae.TMP

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\bd7ab401076a9757.customDestinations-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d217311302efbc4c.customDestinations-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ed7a5cc3cca8d52a.customDestinations-ms

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\NC2927R04ZZRI8UUAMTJ.temp

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\V9QBK7Z12OJKBUK8AW5B.temp

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\dds.txt.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\dec 2013, 21th.png.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\Documents.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\Downloads.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\Home Alone 2 Lost In New York 1992 720p BluRay DTS x264-MgB.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\Home Alone 2 Lost In New York 1992 720p BluRay DTS x264-MgB.mkv.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\IHYV EP4-6 Han Ki Woong -won.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\IHYV06.rar.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\Logs.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\malware1.png.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\MBAM-log-2013-12-21 (21-35-23).txt.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\MBAM-log-2013-12-23 (09-23-29).txt.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\Pictures.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\RKreport[0]_D_12262013_111537.txt.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\RKreport[0]_S_12232013_153524.txt.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\RKreport[0]_S_12242013_101842.txt.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\RKreport[0]_S_12262013_111017.txt.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\sakura BIG one lower.jpg.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\sakura cc dl.txt.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\sakura colors.jpg.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\SIZE exactly lol.jpg.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\skelita calavera.jpg.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\updatecrazy.png.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\wave spiral.jpg.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\windows update.png.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Recent\zelda_series_1_8_by_lubez88-d4j8d8r__large.jpg.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\SendTo\bluetooth.btwsendto

c:\users\wiz\AppData\Roaming\Microsoft\Windows\SendTo\Compressed (zipped) Folder.ZFSendToTarget

c:\users\wiz\AppData\Roaming\Microsoft\Windows\SendTo\Desktop (create shortcut).DeskLink

c:\users\wiz\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini

c:\users\wiz\AppData\Roaming\Microsoft\Windows\SendTo\Documents.mydocs

c:\users\wiz\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\SendTo\Mail Recipient.MAPIMail

c:\users\wiz\AppData\Roaming\Microsoft\Windows\SendTo\WinSCP (for upload).lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Dora  the Explorer Fairytale Adventure™.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\The Sims 2™.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP\HP MediaSmart\HP MediaSmart Webcam.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hulu Desktop.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Inforall\iPhone Backup Utility 4.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word Magic Software 5.0\Help\English Help\Translator - Dictionary & Tools Help.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word Magic Software 5.0\Help\Spanish Help\Ayuda de Translator - Dictionary & Tools.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word Magic Software 5.0\Utilities\Backup-Restore Utility.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word Magic Software 5.0\Utilities\Inactivate Products.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word Magic Software 5.0\Utilities\Initial Configuration Settings.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word Magic Software 5.0\Utilities\Word Magic Updater.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word Magic Software 5.0\Word Magic Translator Professional Plus.lnk

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini

c:\users\wiz\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

c:\windows\assembly\tmp\U

c:\windows\PFRO.log

c:\windows\UA000106.DLL

.

.

(((((((((((((((((((((((((   Files Created from 2013-11-26 to 2013-12-26  )))))))))))))))))))))))))))))))

.

.

2013-12-26 20:11 . 2013-12-26 20:11 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-12-26 17:24 . 2013-12-26 18:22 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-12-26 17:24 . 2013-12-26 17:58 117464 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2013-12-26 17:19 . 2013-12-26 19:44 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2013-12-25 18:38 . 2013-12-25 18:38 456704 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\temp\tmpBB43.exe

2013-12-24 19:38 . 2013-12-24 20:19 -------- d-----w- c:\program files (x86)\JDownloader

2013-12-24 16:13 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{25125BA3-0D2A-41E4-B8A2-2BF640BE807F}\mpengine.dll

2013-12-23 21:34 . 2013-12-26 17:09 64080 ----a-w- c:\windows\system32\drivers\UAGP35.SYS.bak

2013-12-23 21:33 . 2013-12-26 17:09 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys.bak

2013-12-23 15:09 . 2013-12-23 15:09 89162 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\temp\tmp667F.exe

2013-12-23 01:44 . 2013-12-23 01:43 312744 ----a-w- c:\windows\system32\javaws.exe

2013-12-23 01:44 . 2013-12-23 01:43 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2013-12-23 01:44 . 2013-12-23 01:43 189352 ----a-w- c:\windows\system32\javaw.exe

2013-12-23 01:44 . 2013-12-23 01:43 189352 ----a-w- c:\windows\system32\java.exe

2013-12-23 01:42 . 2013-12-23 01:42 -------- d-----w- c:\program files\WinRAR

2013-12-23 01:39 . 2013-12-23 01:39 -------- d-----w- c:\program files (x86)\RealNetworks

2013-12-23 01:39 . 2013-12-23 01:39 -------- d-----w- c:\programdata\RealNetworks

2013-12-23 01:38 . 2013-12-23 01:38 -------- d-----w- c:\program files (x86)\Common Files\xing shared

2013-12-23 01:07 . 2013-12-23 01:07 -------- d-----w- c:\users\wiz\AppData\Roaming\AVAST Software

2013-12-23 01:06 . 2013-12-23 01:07 79672 ----a-w- c:\windows\system32\drivers\aswstm.sys

2013-12-23 01:06 . 2013-12-23 01:06 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-12-23 01:06 . 2013-12-23 01:06 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-12-23 01:06 . 2013-12-23 01:06 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-12-23 01:06 . 2013-12-23 01:06 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-12-23 01:06 . 2013-12-23 01:06 422216 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-12-23 01:06 . 2013-12-23 01:06 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-12-23 01:06 . 2013-12-23 01:06 334136 ----a-w- c:\windows\system32\aswBoot.exe

2013-12-23 01:06 . 2013-12-23 01:06 43152 ----a-w- c:\windows\avastSS.scr

2013-12-23 01:05 . 2013-12-23 01:05 -------- d-----w- c:\program files\AVAST Software

2013-12-23 01:04 . 2013-12-23 01:04 -------- d-----w- c:\programdata\AVAST Software

2013-12-23 00:08 . 2013-12-23 00:19 -------- d-----w- C:\AdwCleaner

2013-12-13 20:19 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2013-12-13 20:19 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe

2013-12-13 20:19 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL

2013-12-13 20:19 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL

2013-12-13 20:19 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll

2013-12-13 19:16 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-12-13 19:16 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2013-12-13 19:16 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys

2013-12-13 19:16 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll

2013-12-13 19:16 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll

2013-12-13 19:16 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll

2013-12-13 19:16 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2013-12-13 19:16 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys

2013-12-13 19:16 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys

2013-12-13 19:16 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll

2013-12-13 19:16 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2013-12-13 19:15 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx

2013-12-13 19:15 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll

2013-12-13 19:15 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx

2013-12-13 19:15 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll

2013-12-13 19:15 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe

2013-12-13 19:15 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe

2013-12-13 19:15 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe

2013-12-13 19:15 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe

2013-12-03 18:01 . 2013-10-15 00:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE

2013-11-26 22:25 . 2013-11-26 22:25 -------- d-----w- c:\windows\Migration

2013-11-26 20:55 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe

2013-11-26 20:55 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe

2013-11-26 20:55 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll

2013-11-26 20:55 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll

2013-11-26 20:54 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe

2013-11-26 20:54 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-12-17 18:02 . 2013-11-26 17:46 90708896 ----a-w- c:\windows\system32\MRT.exe

2013-12-13 20:11 . 2012-07-10 21:40 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-12-13 20:11 . 2011-05-18 01:51 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-11-26 18:36 . 2013-11-26 18:36 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-11-26 18:36 . 2013-11-26 18:36 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-11-26 18:36 . 2013-11-26 18:36 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2013-11-26 18:36 . 2013-11-26 18:36 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-11-26 18:36 . 2013-11-26 18:36 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-11-26 18:36 . 2013-11-26 18:36 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-11-26 18:36 . 2013-11-26 18:36 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-11-26 18:36 . 2013-11-26 18:36 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-11-26 18:36 . 2013-11-26 18:36 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-11-26 18:36 . 2013-11-26 18:36 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2013-11-26 18:36 . 2013-11-26 18:36 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-11-26 18:36 . 2013-11-26 18:36 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-11-26 18:36 . 2013-11-26 18:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-11-26 18:36 . 2013-11-26 18:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-11-26 18:36 . 2013-11-26 18:36 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-11-26 18:36 . 2013-11-26 18:36 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-11-26 18:36 . 2013-11-26 18:36 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-11-26 18:36 . 2013-11-26 18:36 1682432 ----a-w- c:\windows\system32\XpsPrint.dll

2013-11-26 18:36 . 2013-11-26 18:36 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2013-11-26 18:36 . 2013-11-26 18:36 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-11-26 18:36 . 2013-11-26 18:36 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-11-26 18:36 . 2013-11-26 18:36 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2013-11-26 18:36 . 2013-11-26 18:36 3928064 ----a-w- c:\windows\system32\d2d1.dll

2013-11-26 18:36 . 2013-11-26 18:36 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll

2013-11-26 18:36 . 2013-11-26 18:36 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll

2013-11-26 18:36 . 2013-11-26 18:36 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2013-11-26 18:36 . 2013-11-26 18:36 363008 ----a-w- c:\windows\system32\dxgi.dll

2013-11-26 18:36 . 2013-11-26 18:36 2565120 ----a-w- c:\windows\system32\d3d10warp.dll

2013-11-26 18:36 . 2013-11-26 18:36 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2013-11-26 18:36 . 2013-11-26 18:36 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll

2013-11-26 18:36 . 2013-11-26 18:36 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll

2013-11-26 18:36 . 2013-11-26 18:36 1643520 ----a-w- c:\windows\system32\DWrite.dll

2013-11-26 18:36 . 2013-11-26 18:36 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2013-11-26 18:36 . 2013-11-26 18:36 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll

2013-11-26 18:36 . 2013-11-26 18:36 1175552 ----a-w- c:\windows\system32\FntCache.dll

2013-11-26 18:36 . 2013-11-26 18:36 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll

2013-11-26 18:36 . 2013-11-26 18:36 648192 ----a-w- c:\windows\system32\d3d10level9.dll

2013-11-26 18:36 . 2013-11-26 18:36 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll

2013-11-26 18:36 . 2013-11-26 18:36 333312 ----a-w- c:\windows\system32\d3d10_1core.dll

2013-11-26 18:36 . 2013-11-26 18:36 296960 ----a-w- c:\windows\system32\d3d10core.dll

2013-11-26 18:36 . 2013-11-26 18:36 293376 ----a-w- c:\windows\SysWow64\dxgi.dll

2013-11-26 18:36 . 2013-11-26 18:36 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2013-11-26 18:36 . 2013-11-26 18:36 221184 ----a-w- c:\windows\system32\UIAnimation.dll

2013-11-26 18:36 . 2013-11-26 18:36 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll

2013-11-26 18:36 . 2013-11-26 18:36 194560 ----a-w- c:\windows\system32\d3d10_1.dll

2013-11-26 18:36 . 2013-11-26 18:36 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll

2013-11-26 18:36 . 2013-11-26 18:36 1238528 ----a-w- c:\windows\system32\d3d10.dll

2013-11-20 21:01 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2013-11-20 21:01 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2013-11-19 09:33 . 2010-01-25 20:07 267936 ------w- c:\windows\system32\MpSigStub.exe

2013-11-10 23:38 . 2013-11-10 23:38 2179072 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\BingDesktopCore.dll

2013-10-12 02:30 . 2013-11-24 17:38 830464 ----a-w- c:\windows\system32\nshwfp.dll

2013-10-12 02:29 . 2013-11-24 17:38 859648 ----a-w- c:\windows\system32\IKEEXT.DLL

2013-10-12 02:29 . 2013-11-24 17:38 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL

2013-10-12 02:03 . 2013-11-24 17:38 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll

2013-10-12 02:01 . 2013-11-24 17:38 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL

2013-10-08 13:50 . 2013-11-11 21:29 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-10-05 20:25 . 2013-11-24 17:56 1474048 ----a-w- c:\windows\system32\crypt32.dll

2013-10-05 19:57 . 2013-11-24 17:56 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll

2013-10-04 02:28 . 2013-11-24 17:53 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll

2013-10-04 02:25 . 2013-11-24 17:53 197120 ----a-w- c:\windows\system32\credui.dll

2013-10-04 02:24 . 2013-11-24 17:53 1930752 ----a-w- c:\windows\system32\authui.dll

2013-10-04 01:58 . 2013-11-24 17:53 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll

2013-10-04 01:56 . 2013-11-24 17:53 168960 ----a-w- c:\windows\SysWow64\credui.dll

2013-10-04 01:56 . 2013-11-24 17:53 1796096 ----a-w- c:\windows\SysWow64\authui.dll

2013-10-03 02:23 . 2013-11-24 17:40 404480 ----a-w- c:\windows\system32\gdi32.dll

2013-10-03 02:00 . 2013-11-24 17:40 311808 ----a-w- c:\windows\SysWow64\gdi32.dll

2013-09-28 01:09 . 2013-11-24 17:55 497152 ----a-w- c:\windows\system32\drivers\afd.sys

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F72C8153-7140-4FEE-8F69-CA4579D71195}]

2013-04-01 02:22 73728 ----a-w- c:\program files (x86)\Tongbu\Addin\tbIEAddin.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}"= "c:\program files\AVAST Software\Avast\aswWebRepIE.dll" [2013-12-23 1138536]

.

[HKEY_CLASSES_ROOT\clsid\{cc1a175a-e45b-41ed-a30c-c9b1d7a0c02f}]

[HKEY_CLASSES_ROOT\TypeLib\{6B795924-95E7-4D31-8521-407360C3AA0B}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-23 3764024]

"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-12-23 295512]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"LocalAccountTokenFilterPolicy"= 0100000000000000

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer5"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R1 chuenxlz;chuenxlz;c:\windows\system32\drivers\chuenxlz.sys;c:\windows\SYSNATIVE\drivers\chuenxlz.sys [x]

R1 giwsrjei;giwsrjei;c:\windows\system32\drivers\giwsrjei.sys;c:\windows\SYSNATIVE\drivers\giwsrjei.sys [x]

R1 kmnxtivx;kmnxtivx;c:\windows\system32\drivers\kmnxtivx.sys;c:\windows\SYSNATIVE\drivers\kmnxtivx.sys [x]

R1 rjfzxrja;rjfzxrja;c:\windows\system32\drivers\rjfzxrja.sys;c:\windows\SYSNATIVE\drivers\rjfzxrja.sys [x]

R1 tkkpohaj;tkkpohaj;c:\windows\system32\drivers\tkkpohaj.sys;c:\windows\SYSNATIVE\drivers\tkkpohaj.sys [x]

R1 vdsuddoh;vdsuddoh;c:\windows\system32\drivers\vdsuddoh.sys;c:\windows\SYSNATIVE\drivers\vdsuddoh.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 aswRvrt;avast! Revert; [x]

S0 aswVmm;avast! VM Monitor; [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys;c:\splash.sys\config\dvmio.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5ea32181aefd3364\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5ea32181aefd3364\AESTSr64.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe;c:\splash.sys\config\DVMExportService.exe [x]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]

S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]

S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]

S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-12-22 00:56 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-12-26 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-11 20:11]

.

2013-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-22 00:51]

.

2013-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-22 00:51]

.

2013-12-26 c:\windows\Tasks\HPCeeScheduleForwiz.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}"= "c:\program files\AVAST Software\Avast\aswWebRepIE64.dll" [2013-12-23 1372864]

.

[HKEY_CLASSES_ROOT\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}]

[HKEY_CLASSES_ROOT\TypeLib\{6B795924-95E7-4D31-8521-407360C3AA0B}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-12-23 01:06 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1BingDesktopOverlays]

@="{B82655E9-B81D-4A97-8154-0D84A4C048E4}"

[HKEY_CLASSES_ROOT\CLSID\{B82655E9-B81D-4A97-8154-0D84A4C048E4}]

2013-11-10 23:38 2492416 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]

.

------- Supplementary Scan -------

.


uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: kuaiche.com\software

TCP: DhcpNameServer = 192.168.2.7 190.113.97.11

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe

Wow6432Node-HKU-Default-Run-HanaConnect - c:\program files (x86)\HanaMobile\HanaConnect\StarterApp.exe

Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe

SafeBoot-39859519.sys

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)

AddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe

AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="SafariDownload"

.

[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-3344068209-3418707906-1369181467-1000)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-3344068209-3418707906-1369181467-1000)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="SafariExtension"

.

[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-3344068209-3418707906-1369181467-1000)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-3344068209-3418707906-1369181467-1000)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-3344068209-3418707906-1369181467-1000)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*“(8€ý*€S*]

@Class="Shell"

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*“(8€ý*€S*\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Ã.<“Ù*€¤*]

@Class="Shell"

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Ã.<“Ù*€¤*\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ŒQ©* *€—]

@Class="Shell"

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ŒQ©* *€—\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):c3,db,f2,2b,b9,07,ee,2f,3f,14,d8,8d,48,87,e5,43,be,95,5c,2e,38,

   f7,88,6c,13,90,d8,6d,a7,25,bc,ad,2f,46,a7,45,e8,ca,a4,54,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000_Classes\Wow6432Node\CLSID\{677fc3bd-d7ec-4411-935b-95fac011be38}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:0000007f

"Therad"=dword:0000001e

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

   38,95,44,53,4e,1a,5b,76,50,55,59,0c,cc,e7,69,23,2a,9d,10,a0,34,6b,72,25,f5,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-12-26  14:17:17

ComboFix-quarantined-files.txt  2013-12-26 20:17

.

Pre-Run: 52,075,876,352 bytes free

Post-Run: 51,740,696,576 bytes free

.

- - End Of File - - DD77502E610DA28D8D7FE1D571D06A16

1859AB647997ACCC3369F96787DCBA5B
Link to post
Share on other sites

Using ComboFix......

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

File::

c:\windows\system32\drivers\chuenxlz.sys

c:\windows\SYSNATIVE\drivers\chuenxlz.sys

c:\windows\system32\drivers\giwsrjei.sys

c:\windows\SYSNATIVE\drivers\giwsrjei.sys

c:\windows\system32\drivers\kmnxtivx.sys

c:\windows\SYSNATIVE\drivers\kmnxtivx.sys

c:\windows\system32\drivers\rjfzxrja.sys

c:\windows\SYSNATIVE\drivers\rjfzxrja.sys

c:\windows\system32\drivers\tkkpohaj.sys

c:\windows\SYSNATIVE\drivers\tkkpohaj.sys

c:\windows\system32\drivers\vdsuddoh.sys

c:\windows\SYSNATIVE\drivers\vdsuddoh.sys

Driver::

chuenxlz

giwsrjei

kmnxtivx

rjfzxrja

tkkpohaj

vdsuddoh

ClearJavaCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

Link to post
Share on other sites

here we go , Sorry, it took a while man, i had to cancel one bcoz the antivurs re enabled after 10 minutes and combofix took more, I totally spaced out on that detail

then I turned it off /no re active time set , re-did .text file, and dump it onto combofix and started running, then showed this report: (let me know if it went wrong)

 

ComboFix 13-12-26.01 - wiz 12/26/2013  16:34:07.4.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3836.2099 [GMT -6:00]
Running from: c:\users\wiz\Desktop\ComboFix.exe
Command switches used :: c:\users\wiz\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\chuenxlz.sysc"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\wiz\AppData\Local\AppIs
c:\users\wiz\AppData\Roaming\IHelper
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_chuenxlz
-------\Service_giwsrjei
-------\Service_kmnxtivx
-------\Service_vdsuddoh
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-26 to 2013-12-26  )))))))))))))))))))))))))))))))
.
.
2013-12-26 22:49 . 2013-12-26 22:49 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-12-26 22:49 . 2013-12-26 22:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-26 17:24 . 2013-12-26 18:22 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-26 17:24 . 2013-12-26 17:58 117464 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-12-26 17:19 . 2013-12-26 19:44 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-25 18:38 . 2013-12-25 18:38 456704 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\temp\tmpBB43.exe
2013-12-24 19:38 . 2013-12-24 20:19 -------- d-----w- c:\program files (x86)\JDownloader
2013-12-24 16:13 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{25125BA3-0D2A-41E4-B8A2-2BF640BE807F}\mpengine.dll
2013-12-23 21:34 . 2013-12-26 17:09 64080 ----a-w- c:\windows\system32\drivers\UAGP35.SYS.bak
2013-12-23 21:33 . 2013-12-26 17:09 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys.bak
2013-12-23 15:09 . 2013-12-23 15:09 89162 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\temp\tmp667F.exe
2013-12-23 01:44 . 2013-12-23 01:43 312744 ----a-w- c:\windows\system32\javaws.exe
2013-12-23 01:44 . 2013-12-23 01:43 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-12-23 01:44 . 2013-12-23 01:43 189352 ----a-w- c:\windows\system32\javaw.exe
2013-12-23 01:44 . 2013-12-23 01:43 189352 ----a-w- c:\windows\system32\java.exe
2013-12-23 01:42 . 2013-12-23 01:42 -------- d-----w- c:\program files\WinRAR
2013-12-23 01:39 . 2013-12-23 01:39 -------- d-----w- c:\program files (x86)\RealNetworks
2013-12-23 01:39 . 2013-12-23 01:39 -------- d-----w- c:\programdata\RealNetworks
2013-12-23 01:38 . 2013-12-23 01:38 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2013-12-23 01:07 . 2013-12-23 01:07 -------- d-----w- c:\users\wiz\AppData\Roaming\AVAST Software
2013-12-23 01:06 . 2013-12-23 01:07 79672 ----a-w- c:\windows\system32\drivers\aswstm.sys
2013-12-23 01:06 . 2013-12-23 01:06 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-23 01:06 . 2013-12-23 01:06 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-12-23 01:06 . 2013-12-23 01:06 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-23 01:06 . 2013-12-23 01:06 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-23 01:06 . 2013-12-23 01:06 422216 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-12-23 01:06 . 2013-12-23 01:06 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-12-23 01:06 . 2013-12-23 01:06 334136 ----a-w- c:\windows\system32\aswBoot.exe
2013-12-23 01:06 . 2013-12-23 01:06 43152 ----a-w- c:\windows\avastSS.scr
2013-12-23 01:05 . 2013-12-23 01:05 -------- d-----w- c:\program files\AVAST Software
2013-12-23 01:04 . 2013-12-23 01:04 -------- d-----w- c:\programdata\AVAST Software
2013-12-23 00:08 . 2013-12-23 00:19 -------- d-----w- C:\AdwCleaner
2013-12-13 20:19 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-13 20:19 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-13 20:19 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-13 20:19 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-13 20:19 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-13 19:16 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-12-13 19:16 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-13 19:16 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-12-13 19:16 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-12-13 19:16 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-12-13 19:16 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-13 19:16 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-12-13 19:16 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-13 19:16 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-13 19:16 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-13 19:16 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-12-13 19:15 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
2013-12-13 19:15 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll
2013-12-13 19:15 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
2013-12-13 19:15 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
2013-12-13 19:15 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe
2013-12-13 19:15 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe
2013-12-13 19:15 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe
2013-12-13 19:15 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe
2013-12-03 18:01 . 2013-10-15 00:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-17 18:02 . 2013-11-26 17:46 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-13 20:11 . 2012-07-10 21:40 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-13 20:11 . 2011-05-18 01:51 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-26 18:36 . 2013-11-26 18:36 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-11-26 18:36 . 2013-11-26 18:36 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-11-26 18:36 . 2013-11-26 18:36 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-11-26 18:36 . 2013-11-26 18:36 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-26 18:36 . 2013-11-26 18:36 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-26 18:36 . 2013-11-26 18:36 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-11-26 18:36 . 2013-11-26 18:36 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-11-26 18:36 . 2013-11-26 18:36 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-11-26 18:36 . 2013-11-26 18:36 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-11-26 18:36 . 2013-11-26 18:36 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-11-26 18:36 . 2013-11-26 18:36 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-11-26 18:36 . 2013-11-26 18:36 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-11-26 18:36 . 2013-11-26 18:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-11-26 18:36 . 2013-11-26 18:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-11-26 18:36 . 2013-11-26 18:36 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-11-26 18:36 . 2013-11-26 18:36 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-11-26 18:36 . 2013-11-26 18:36 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-11-26 18:36 . 2013-11-26 18:36 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-11-26 18:36 . 2013-11-26 18:36 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-11-26 18:36 . 2013-11-26 18:36 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-11-26 18:36 . 2013-11-26 18:36 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-11-26 18:36 . 2013-11-26 18:36 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-11-26 18:36 . 2013-11-26 18:36 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-11-26 18:36 . 2013-11-26 18:36 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-11-26 18:36 . 2013-11-26 18:36 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-11-26 18:36 . 2013-11-26 18:36 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-11-26 18:36 . 2013-11-26 18:36 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-11-26 18:36 . 2013-11-26 18:36 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-11-26 18:36 . 2013-11-26 18:36 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-11-26 18:36 . 2013-11-26 18:36 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-11-26 18:36 . 2013-11-26 18:36 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-11-26 18:36 . 2013-11-26 18:36 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-11-26 18:36 . 2013-11-26 18:36 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-11-26 18:36 . 2013-11-26 18:36 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-11-26 18:36 . 2013-11-26 18:36 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-11-26 18:36 . 2013-11-26 18:36 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-11-26 18:36 . 2013-11-26 18:36 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-11-26 18:36 . 2013-11-26 18:36 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-11-26 18:36 . 2013-11-26 18:36 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-11-26 18:36 . 2013-11-26 18:36 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-11-26 18:36 . 2013-11-26 18:36 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-11-26 18:36 . 2013-11-26 18:36 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-11-26 18:36 . 2013-11-26 18:36 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-11-26 18:36 . 2013-11-26 18:36 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-11-26 18:36 . 2013-11-26 18:36 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-11-26 18:36 . 2013-11-26 18:36 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-11-26 18:36 . 2013-11-26 18:36 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-11-20 21:01 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-11-20 21:01 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-11-19 09:33 . 2010-01-25 20:07 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-10 23:38 . 2013-11-10 23:38 2179072 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\BingDesktopCore.dll
2013-10-12 02:30 . 2013-11-24 17:38 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-24 17:38 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-24 17:38 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-24 17:38 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-24 17:38 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-08 13:50 . 2013-11-11 21:29 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-05 20:25 . 2013-11-24 17:56 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-24 17:56 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-24 17:53 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-24 17:53 197120 ----a-w- c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-24 17:53 1930752 ----a-w- c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-24 17:53 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-24 17:53 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-24 17:53 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-24 17:40 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-24 17:40 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-09-28 01:09 . 2013-11-24 17:55 497152 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F72C8153-7140-4FEE-8F69-CA4579D71195}]
2013-04-01 02:22 73728 ----a-w- c:\program files (x86)\Tongbu\Addin\tbIEAddin.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}"= "c:\program files\AVAST Software\Avast\aswWebRepIE.dll" [2013-12-23 1138536]
.
[HKEY_CLASSES_ROOT\clsid\{cc1a175a-e45b-41ed-a30c-c9b1d7a0c02f}]
[HKEY_CLASSES_ROOT\TypeLib\{6B795924-95E7-4D31-8521-407360C3AA0B}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-23 3764024]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-12-23 295512]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"LocalAccountTokenFilterPolicy"= 0100000000000000
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys;c:\splash.sys\config\dvmio.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5ea32181aefd3364\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5ea32181aefd3364\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe;c:\splash.sys\config\DVMExportService.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-22 00:56 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-11 20:11]
.
2013-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-22 00:51]
.
2013-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-22 00:51]
.
2013-12-26 c:\windows\Tasks\HPCeeScheduleForwiz.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}"= "c:\program files\AVAST Software\Avast\aswWebRepIE64.dll" [2013-12-23 1372864]
.
[HKEY_CLASSES_ROOT\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}]
[HKEY_CLASSES_ROOT\TypeLib\{6B795924-95E7-4D31-8521-407360C3AA0B}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-23 01:06 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1BingDesktopOverlays]
@="{B82655E9-B81D-4A97-8154-0D84A4C048E4}"
[HKEY_CLASSES_ROOT\CLSID\{B82655E9-B81D-4A97-8154-0D84A4C048E4}]
2013-11-10 23:38 2492416 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: kuaiche.com\software
TCP: DhcpNameServer = 192.168.2.7 190.113.97.11
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3344068209-3418707906-1369181467-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3344068209-3418707906-1369181467-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3344068209-3418707906-1369181467-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3344068209-3418707906-1369181467-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3344068209-3418707906-1369181467-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*“(8€ý*€S*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*“(8€ý*€S*\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Ã.<“Ù*€¤*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Ã.<“Ù*€¤*\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ŒQ©* *€—]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ŒQ©* *€—\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):c3,db,f2,2b,b9,07,ee,2f,3f,14,d8,8d,48,87,e5,43,be,95,5c,2e,38,
   f7,88,6c,13,90,d8,6d,a7,25,bc,ad,2f,46,a7,45,e8,ca,a4,54,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000_Classes\Wow6432Node\CLSID\{677fc3bd-d7ec-4411-935b-95fac011be38}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000007f
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,53,4e,1a,5b,76,50,55,59,0c,cc,e7,69,23,2a,9d,10,a0,34,6b,72,25,f5,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2013-12-26  17:10:25 - machine was rebooted
ComboFix-quarantined-files.txt  2013-12-26 23:10
ComboFix2.txt  2013-12-26 20:17
.
Pre-Run: 52,421,918,720 bytes free
Post-Run: 51,846,287,360 bytes free
.
- - End Of File - - 2AC160EB48A4F2FDE510ACAF43CF2227
1859AB647997ACCC3369F96787DCBA5B
Link to post
Share on other sites

Looks OK.....

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

MrC

Link to post
Share on other sites

Ok so run both, anti malware didnt find anything and i deleted all adwcleaner found, no exceptions

 

 

 

adwc report

 

# AdwCleaner v3.016 - Report created 26/12/2013 at 17:57:42
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : wiz - WIZ-PC
# Running from : C:\Users\wiz\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Users\wiz\AppData\Local\apn
File Deleted : C:\Windows\System32\Tasks\NCH Software
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\Software\DeviceVM
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v
 
[ File : C:\Users\wiz\AppData\Roaming\Mozilla\Firefox\Profiles\vs3tv5xn.default\prefs.js ]
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\wiz\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [24256 octets] - [22/12/2013 18:08:54]
AdwCleaner[R1].txt - [1268 octets] - [26/12/2013 17:46:17]
AdwCleaner[s0].txt - [23686 octets] - [22/12/2013 18:18:15]
AdwCleaner[s1].txt - [1209 octets] - [26/12/2013 17:57:42]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1269 octets] ##########

 

 
 
malware report
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.12.26.07
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
wiz :: WIZ-PC [administrator]
 
Protection: Disabled
 
12/26/2013 6:18:33 PM
mbam-log-2013-12-26 (18-18-33).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226844
Time elapsed: 13 minute(s), 31 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.