MALWAREBYTES BLOCKED ACCESS TO MALICIOUS WEBSITE PORT 6881 EXPLORER .EXE

[MrCharlie]

Let AdwCleaner fix all of what it found.

If you don't use FireFox, just go a head and reset it:

https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems

MrC

[AdvancedSetup]

Are you still with us?

[kokirikid]

I'm sorry for taking so long , thanks for sticking with the topic

Ok so mr Charlie I did run adwcleaner, but I got the pop up 1 time, something else i should check?

[MrCharlie]

Can you show me the log from Malwarebytes that shows the block and what browser is open.

 

MrC

[kokirikid]

Sorry Mr Charlie, where do I find this log? you mean the screencap for the pop up message i get randomly?

 

And antimalware  says my trial ends in 2 days , 

[kokirikid]

there are a couple of logs under logs tab 

Last one its on december 31

 

 

2013/12/31 09:25:51 -0600 WIZ-PC (null) MESSAGE Starting protection

2013/12/31 09:25:51 -0600 WIZ-PC (null) MESSAGE Protection started successfully

2013/12/31 09:25:51 -0600 WIZ-PC (null) MESSAGE Starting IP protection

2013/12/31 09:26:03 -0600 WIZ-PC (null) MESSAGE IP Protection started successfully

2013/12/31 09:43:38 -0600 WIZ-PC (null) MESSAGE Starting protection

2013/12/31 09:43:38 -0600 WIZ-PC (null) MESSAGE Protection started successfully

2013/12/31 09:43:38 -0600 WIZ-PC (null) MESSAGE Starting IP protection

2013/12/31 09:43:50 -0600 WIZ-PC (null) MESSAGE IP Protection started successfully

2013/12/31 09:59:08 -0600 WIZ-PC wiz MESSAGE Executing scheduled update:  Daily

2013/12/31 09:59:29 -0600 WIZ-PC wiz MESSAGE Scheduled update executed successfully:  database updated from version v2013.12.30.07 to version v2013.12.31.04

2013/12/31 09:59:29 -0600 WIZ-PC wiz MESSAGE Starting database refresh

2013/12/31 09:59:29 -0600 WIZ-PC wiz MESSAGE Stopping IP protection

2013/12/31 09:59:31 -0600 WIZ-PC wiz MESSAGE IP Protection stopped successfully

2013/12/31 09:59:37 -0600 WIZ-PC wiz MESSAGE Database refreshed successfully

2013/12/31 09:59:37 -0600 WIZ-PC wiz MESSAGE Starting IP protection

2013/12/31 09:59:47 -0600 WIZ-PC wiz MESSAGE IP Protection started successfully

2013/12/31 10:41:08 -0600 WIZ-PC wiz IP-BLOCK 219.152.126.130 (Type: outgoing, Port: 6881, Process: explorer.exe)

[MrCharlie]

Here's where that ip address is from:

http://images.ip2location.com/13410034.png

This is when Chrome is open??? Correct???

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[kokirikid]

ComboFix 14-01-01.01 - wiz 01/02/2014  13:28:02.5.2 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3836.2414 [GMT -6:00]

Running from: c:\users\wiz\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((   Files Created from 2013-12-02 to 2014-01-02  )))))))))))))))))))))))))))))))

.

.

2014-01-02 19:45 . 2014-01-02 19:45 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2014-01-02 19:45 . 2014-01-02 19:45 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-12-31 15:31 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{40A78BB2-A6F3-4370-9A5B-7762DBD602A3}\mpengine.dll

2013-12-30 20:06 . 2013-12-30 20:06 -------- d-----w- C:\FRST

2013-12-28 02:15 . 2013-12-28 02:15 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-12-28 02:15 . 2013-12-28 02:15 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-12-28 02:02 . 2013-12-28 02:02 -------- d-----w- C:\Foxit Software

2013-12-28 02:01 . 2013-12-28 02:02 -------- d-----w- c:\users\wiz\AppData\Roaming\Foxit Software

2013-12-28 02:00 . 2013-12-28 02:00 -------- d-----w- c:\program files (x86)\Foxit Software

2013-12-27 00:15 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-12-26 17:24 . 2013-12-26 18:22 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-12-26 17:19 . 2013-12-27 00:05 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2013-12-24 19:38 . 2013-12-24 20:19 -------- d-----w- c:\program files (x86)\JDownloader

2013-12-23 21:34 . 2013-12-26 17:09 64080 ----a-w- c:\windows\system32\drivers\UAGP35.SYS.bak

2013-12-23 21:33 . 2013-12-26 17:09 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys.bak

2013-12-23 01:42 . 2013-12-23 01:42 -------- d-----w- c:\program files\WinRAR

2013-12-23 01:39 . 2013-12-23 01:39 -------- d-----w- c:\program files (x86)\RealNetworks

2013-12-23 01:39 . 2013-12-23 01:39 -------- d-----w- c:\programdata\RealNetworks

2013-12-23 01:38 . 2013-12-23 01:38 -------- d-----w- c:\program files (x86)\Common Files\xing shared

2013-12-23 01:07 . 2013-12-23 01:07 -------- d-----w- c:\users\wiz\AppData\Roaming\AVAST Software

2013-12-23 01:06 . 2013-12-23 01:07 79672 ----a-w- c:\windows\system32\drivers\aswstm.sys

2013-12-23 01:06 . 2013-12-23 01:06 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-12-23 01:06 . 2013-12-23 01:06 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-12-23 01:06 . 2013-12-23 01:06 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-12-23 01:06 . 2013-12-23 01:06 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-12-23 01:06 . 2013-12-23 01:06 422216 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-12-23 01:06 . 2013-12-23 01:06 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-12-23 01:06 . 2013-12-23 01:06 334136 ----a-w- c:\windows\system32\aswBoot.exe

2013-12-23 01:06 . 2013-12-23 01:06 43152 ----a-w- c:\windows\avastSS.scr

2013-12-23 01:05 . 2013-12-23 01:05 -------- d-----w- c:\program files\AVAST Software

2013-12-23 01:04 . 2013-12-23 01:04 -------- d-----w- c:\programdata\AVAST Software

2013-12-23 00:08 . 2013-12-30 22:43 -------- d-----w- C:\AdwCleaner

2013-12-13 20:19 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2013-12-13 20:19 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe

2013-12-13 20:19 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL

2013-12-13 20:19 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL

2013-12-13 20:19 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll

2013-12-13 19:16 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-12-13 19:16 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2013-12-13 19:16 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys

2013-12-13 19:16 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll

2013-12-13 19:16 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll

2013-12-13 19:16 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll

2013-12-13 19:16 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2013-12-13 19:16 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys

2013-12-13 19:16 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys

2013-12-13 19:16 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll

2013-12-13 19:16 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2013-12-13 19:15 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx

2013-12-13 19:15 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll

2013-12-13 19:15 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx

2013-12-13 19:15 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll

2013-12-13 19:15 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe

2013-12-13 19:15 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe

2013-12-13 19:15 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe

2013-12-13 19:15 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe

2013-12-09 22:57 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2013-12-09 22:57 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-12-17 18:02 . 2013-11-26 17:46 90708896 ----a-w- c:\windows\system32\MRT.exe

2013-12-13 20:11 . 2012-07-10 21:40 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-12-13 20:11 . 2011-05-18 01:51 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-12-03 17:57 . 2013-12-03 17:57 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-12-03 17:57 . 2013-12-03 17:57 194048 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-12-03 17:57 . 2013-12-03 17:57 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2013-12-03 17:57 . 2013-12-03 17:57 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll

2013-12-03 17:57 . 2013-12-03 17:57 235008 ----a-w- c:\windows\system32\elshyph.dll

2013-12-03 17:57 . 2013-12-03 17:57 182272 ----a-w- c:\windows\SysWow64\msls31.dll

2013-12-03 17:57 . 2013-12-03 17:57 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll

2013-12-03 17:57 . 2013-12-03 17:57 62464 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-12-03 17:57 . 2013-12-03 17:57 337408 ----a-w- c:\windows\SysWow64\html.iec

2013-12-03 17:57 . 2013-12-03 17:57 61952 ----a-w- c:\windows\SysWow64\iesetup.dll

2013-12-03 17:57 . 2013-12-03 17:57 454656 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-12-03 17:57 . 2013-12-03 17:57 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-12-03 17:57 . 2013-12-03 17:57 151552 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-12-03 17:57 . 2013-12-03 17:57 139264 ----a-w- c:\windows\SysWow64\wextract.exe

2013-12-03 17:57 . 2013-12-03 17:57 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-12-03 17:57 . 2013-12-03 17:57 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll

2013-12-03 17:57 . 2013-12-03 17:57 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll

2013-12-03 17:57 . 2013-12-03 17:57 36352 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-12-03 17:57 . 2013-12-03 17:57 13312 ----a-w- c:\windows\SysWow64\mshta.exe

2013-12-03 17:57 . 2013-12-03 17:57 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-12-03 17:57 . 2013-12-03 17:57 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-12-03 17:57 . 2013-12-03 17:57 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-12-03 17:57 . 2013-12-03 17:57 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-12-03 17:57 . 2013-12-03 17:57 942592 ----a-w- c:\windows\system32\jsIntl.dll

2013-12-03 17:57 . 2013-12-03 17:57 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll

2013-12-03 17:57 . 2013-12-03 17:57 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-12-03 17:57 . 2013-12-03 17:57 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-12-03 17:57 . 2013-12-03 17:57 247808 ----a-w- c:\windows\system32\msls31.dll

2013-12-03 17:57 . 2013-12-03 17:57 195584 ----a-w- c:\windows\system32\msrating.dll

2013-12-03 17:57 . 2013-12-03 17:57 13312 ----a-w- c:\windows\system32\msfeedssync.exe

2013-12-03 17:57 . 2013-12-03 17:57 131072 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-12-03 17:57 . 2013-12-03 17:57 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-12-03 17:57 . 2013-12-03 17:57 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-12-03 17:57 . 2013-12-03 17:57 105984 ----a-w- c:\windows\system32\iesysprep.dll

2013-12-03 17:57 . 2013-12-03 17:57 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-12-03 17:57 . 2013-12-03 17:57 616104 ----a-w- c:\windows\system32\ieapfltr.dat

2013-12-03 17:57 . 2013-12-03 17:57 453120 ----a-w- c:\windows\system32\dxtmsft.dll

2013-12-03 17:57 . 2013-12-03 17:57 413696 ----a-w- c:\windows\system32\html.iec

2013-12-03 17:57 . 2013-12-03 17:57 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll

2013-12-03 17:57 . 2013-12-03 17:57 296960 ----a-w- c:\windows\system32\dxtrans.dll

2013-12-03 17:57 . 2013-12-03 17:57 81408 ----a-w- c:\windows\system32\icardie.dll

2013-12-03 17:57 . 2013-12-03 17:57 30208 ----a-w- c:\windows\system32\licmgr10.dll

2013-12-03 17:57 . 2013-12-03 17:57 263376 ----a-w- c:\windows\system32\iedkcs32.dll

2013-12-03 17:57 . 2013-12-03 17:57 243200 ----a-w- c:\windows\system32\webcheck.dll

2013-12-03 17:57 . 2013-12-03 17:57 235520 ----a-w- c:\windows\system32\url.dll

2013-12-03 17:57 . 2013-12-03 17:57 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-12-03 17:57 . 2013-12-03 17:57 101376 ----a-w- c:\windows\system32\inseng.dll

2013-12-03 17:57 . 2013-12-03 17:57 84992 ----a-w- c:\windows\system32\mshtmled.dll

2013-12-03 17:57 . 2013-12-03 17:57 626176 ----a-w- c:\windows\system32\msfeeds.dll

2013-12-03 17:57 . 2013-12-03 17:57 548352 ----a-w- c:\windows\system32\vbscript.dll

2013-12-03 17:57 . 2013-12-03 17:57 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-12-03 17:57 . 2013-12-03 17:57 143872 ----a-w- c:\windows\system32\wextract.exe

2013-12-03 17:57 . 2013-12-03 17:57 62464 ----a-w- c:\windows\system32\pngfilt.dll

2013-12-03 17:57 . 2013-12-03 17:57 147968 ----a-w- c:\windows\system32\occache.dll

2013-12-03 17:57 . 2013-12-03 17:57 13824 ----a-w- c:\windows\system32\mshta.exe

2013-12-03 17:57 . 2013-12-03 17:57 83968 ----a-w- c:\windows\system32\MshtmlDac.dll

2013-12-03 17:57 . 2013-12-03 17:57 774144 ----a-w- c:\windows\system32\jscript.dll

2013-12-03 17:57 . 2013-12-03 17:57 48128 ----a-w- c:\windows\system32\imgutil.dll

2013-12-03 17:57 . 2013-12-03 17:57 135680 ----a-w- c:\windows\system32\iepeers.dll

2013-11-26 18:36 . 2013-11-26 18:36 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-11-26 18:36 . 2013-11-26 18:36 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-11-26 18:36 . 2013-11-26 18:36 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2013-11-26 18:36 . 2013-11-26 18:36 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-11-26 18:36 . 2013-11-26 18:36 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-11-26 18:36 . 2013-11-26 18:36 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-11-26 18:36 . 2013-11-26 18:36 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-11-26 18:36 . 2013-11-26 18:36 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-11-26 18:36 . 2013-11-26 18:36 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-11-26 18:36 . 2013-11-26 18:36 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2013-11-26 18:36 . 2013-11-26 18:36 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-11-26 18:36 . 2013-11-26 18:36 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-11-26 18:36 . 2013-11-26 18:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-11-26 18:36 . 2013-11-26 18:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-11-26 18:36 . 2013-11-26 18:36 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-11-26 18:36 . 2013-11-26 18:36 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-11-26 18:36 . 2013-11-26 18:36 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-11-26 18:36 . 2013-11-26 18:36 1682432 ----a-w- c:\windows\system32\XpsPrint.dll

2013-11-26 18:36 . 2013-11-26 18:36 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2013-11-26 18:36 . 2013-11-26 18:36 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-11-26 18:36 . 2013-11-26 18:36 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-11-26 18:36 . 2013-11-26 18:36 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2013-11-26 18:36 . 2013-11-26 18:36 3928064 ----a-w- c:\windows\system32\d2d1.dll

2013-11-26 18:36 . 2013-11-26 18:36 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll

2013-11-26 18:36 . 2013-11-26 18:36 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll

2013-11-26 18:36 . 2013-11-26 18:36 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2013-11-26 18:36 . 2013-11-26 18:36 363008 ----a-w- c:\windows\system32\dxgi.dll

2013-11-26 18:36 . 2013-11-26 18:36 2565120 ----a-w- c:\windows\system32\d3d10warp.dll

2013-11-26 18:36 . 2013-11-26 18:36 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2013-11-26 18:36 . 2013-11-26 18:36 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll

2013-11-26 18:36 . 2013-11-26 18:36 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll

2013-11-26 18:36 . 2013-11-26 18:36 1643520 ----a-w- c:\windows\system32\DWrite.dll

2013-11-26 18:36 . 2013-11-26 18:36 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2013-11-26 18:36 . 2013-11-26 18:36 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll

2013-11-26 18:36 . 2013-11-26 18:36 1175552 ----a-w- c:\windows\system32\FntCache.dll

2013-11-26 18:36 . 2013-11-26 18:36 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll

2013-11-26 18:36 . 2013-11-26 18:36 648192 ----a-w- c:\windows\system32\d3d10level9.dll

2013-11-26 18:36 . 2013-11-26 18:36 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F72C8153-7140-4FEE-8F69-CA4579D71195}]

2013-04-01 02:22 73728 ----a-w- c:\program files (x86)\Tongbu\Addin\tbIEAddin.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-23 3764024]

"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-12-23 295512]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"LocalAccountTokenFilterPolicy"= 0100000000000000

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer5"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]

R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 aswRvrt;avast! Revert; [x]

S0 aswVmm;avast! VM Monitor; [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys;c:\splash.sys\config\dvmio.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5ea32181aefd3364\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5ea32181aefd3364\AESTSr64.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe;c:\splash.sys\config\DVMExportService.exe [x]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]

S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]

S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-12-22 00:56 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-01-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-11 20:11]

.

2014-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-22 00:51]

.

2014-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-22 00:51]

.

2013-12-31 c:\windows\Tasks\HPCeeScheduleForwiz.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-12-23 01:06 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1BingDesktopOverlays]

@="{B82655E9-B81D-4A97-8154-0D84A4C048E4}"

[HKEY_CLASSES_ROOT\CLSID\{B82655E9-B81D-4A97-8154-0D84A4C048E4}]

2013-11-10 23:38 2492416 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: kuaiche.com\software

TCP: DhcpNameServer = 192.168.2.7 190.113.97.11

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe

AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="SafariDownload"

.

[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-3344068209-3418707906-1369181467-1000)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-3344068209-3418707906-1369181467-1000)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="SafariExtension"

.

[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-3344068209-3418707906-1369181467-1000)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-3344068209-3418707906-1369181467-1000)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-3344068209-3418707906-1369181467-1000)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*“(8€ý*€S*]

@Class="Shell"

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*“(8€ý*€S*\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Ã.<“Ù*€¤*]

@Class="Shell"

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Ã.<“Ù*€¤*\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ŒQ©* *€—]

@Class="Shell"

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ŒQ©* *€—\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):c3,db,f2,2b,b9,07,ee,2f,3f,14,d8,8d,48,87,e5,43,be,95,5c,2e,38,

   f7,88,6c,13,90,d8,6d,a7,25,bc,ad,2f,46,a7,45,e8,ca,a4,54,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-3344068209-3418707906-1369181467-1000_Classes\Wow6432Node\CLSID\{677fc3bd-d7ec-4411-935b-95fac011be38}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:0000007f

"Therad"=dword:0000001e

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

   38,95,44,53,4e,1a,5b,76,50,55,59,0c,cc,e7,69,23,2a,9d,10,a0,34,6b,72,25,f5,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2014-01-02  13:50:03

ComboFix-quarantined-files.txt  2014-01-02 19:50

.

Pre-Run: 55,400,820,736 bytes free

Post-Run: 55,057,059,840 bytes free

.

- - End Of File - - 956C10F1C95D36E7848C749CF7154AFE

1859AB647997ACCC3369F96787DCBA5B

[kokirikid]

Mr charlie, i cant help but notice on the logs there is always a ''windowsdefender'' enabled, does it affect the combofix scan?

 

Also, about the china ip, I downloaded a program called tongu for iphone apps for free.. way back I got these issues, I will delete that cuz thats the only thing I can think of ''chinese program''

[MrCharlie]

How to Disable Defender

Delete that program and let me know if you still have the blocks.

MrC

[kokirikid]

So.. That is what caused it?

[MrCharlie]

So.. That is what caused it?

Well are the blocks gone?? MrC

[kokirikid]

ok so far nothing, but I wanna report how it runs for the next hours, Will post update during the day, MRcharlie!

 

 

question

 

 

So windows defender must be off if I am already using AVAST or A/Malware is that correct?

[MrCharlie]

So windows defender must be off if I am already using AVAST or A/Malware is that correct?

Yes that's right.....MrC

[kokirikid]

Thats interésting, i guess it's ok now,thank you mr Charlie, hope this doesn't happen again :/

[MrCharlie]

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• If you get Unsupported operating system. Aborting now, just reboot and try again.
• A Notepad document should open automatically called checkup.txt.
• Please Post the contents of that document.
• Do Not Attach It!!!

MrC

[MrCharlie]

How are we doing??

Do you still need help or can I close this post??

MrC

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!