Jump to content

computer trying to contact 162.210.192.21 every few minutes


Recommended Posts

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428
Run by Hagen at 13:40:24 on 2014-01-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4004.1579 [GMT -8:00]
.
AV: avast! Internet Security *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Internet Security *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\Apoint.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Users\Hagen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Hagen\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Hagen\AppData\Local\VNT\vntldr.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
mURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
mWinlogon: Userinit = userinit.exe,
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: NCH EN Toolbar: {37483B40-C254-4A72-BDA4-22EE90182C1E} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - 
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - 
uRun: [spotify Web Helper] "C:\Users\Hagen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Google Update] "C:\Users\Hagen\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\Hagen\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
mRun: [VNT] C:\Program Files (x86)\VNT\vntldr.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - 
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.20.1
TCP: Interfaces\{9DEB627B-0431-403E-BF24-FA1233703AE7} : DHCPNameServer = 192.168.20.1
TCP: Interfaces\{9DEB627B-0431-403E-BF24-FA1233703AE7}\377796D6D65627 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{9DEB627B-0431-403E-BF24-FA1233703AE7}\5454D275C414E4 : DHCPNameServer = 192.168.241.222 192.168.244.222
TCP: Interfaces\{9DEB627B-0431-403E-BF24-FA1233703AE7}\84F4D454D283130323 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{9DEB627B-0431-403E-BF24-FA1233703AE7}\C696E6B6379737 : DHCPNameServer = 192.168.10.1
TCP: Interfaces\{9DEB627B-0431-403E-BF24-FA1233703AE7}\D4363416272716E60275966496 : DHCPNameServer = 207.14.235.234 205.171.3.65 205.171.2.65
TCP: Interfaces\{9DEB627B-0431-403E-BF24-FA1233703AE7}\D49636861656C6026416D696C6970284F6D65602E4564777F627B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{9DEB627B-0431-403E-BF24-FA1233703AE7}\E4544574541425 : DHCPNameServer = 192.168.10.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~2\gssupp~1\browsafe.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: ChheapMe: {8EA156F4-D3C6-8045-FB48-4AAA52CC03D3} - 
x64-BHO: Fun22Saave: {C0B3B33C-25F2-9ED2-07FF-B7614464B10A} - 
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2013-3-6 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2013-3-6 207904]
R1 aswKbd;aswKbd;C:\windows\System32\drivers\aswKbd.sys [2012-12-4 28184]
R1 aswNdisFlt;Avast! Firewall Driver;C:\windows\System32\drivers\aswNdisFlt.sys [2013-3-6 439648]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2012-12-4 1034464]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2012-12-4 422216]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-5-20 89600]
R2 APNMCP;Ask Update Service;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-12-16 166352]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2012-12-4 78648]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2012-3-8 107648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-1-1 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-1-1 113704]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 e9f32388;GS Supporter;C:\windows\System32\rundll32.exe [2009-7-13 45568]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-20 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-1 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-1 701512]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-20 2656280]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2012-3-8 159360]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2012-5-20 77824]
R3 aswStm;aswStm;C:\windows\System32\drivers\aswstm.sys [2014-1-1 79672]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\System32\drivers\btath_flt.sys [2012-3-8 36480]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\drivers\btath_a2dp.sys [2012-3-8 340096]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\windows\System32\drivers\btath_avdt.sys [2012-3-8 111232]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\System32\drivers\btath_bus.sys [2012-3-8 30848]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\drivers\btath_hcrp.sys [2012-3-8 168064]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\drivers\btath_lwflt.sys [2012-3-8 68736]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\drivers\btath_rcp.sys [2012-3-8 281472]
R3 BtFilter;BtFilter;C:\windows\System32\drivers\btfilter.sys [2012-3-8 551552]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2012-5-20 176096]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-5-20 317440]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-1-1 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-5-20 533096]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 voxaldriver;Voxal Filter Driver 2.00.00;C:\windows\System32\drivers\voxaldriverx64.sys [2013-1-12 32024]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-5-20 250984]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-12-25 1255736]
S4 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-3-8 166912]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S4 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-5-20 1695040]
S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-3-19 3289208]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-01-02 15:30:01 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C39C323E-62DE-48F1-9717-E3C0E9625EC3}\offreg.dll
2014-01-02 05:40:18 -------- d-----w- C:\Users\Hagen\AppData\Roaming\Malwarebytes
2014-01-02 05:40:11 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-02 05:40:10 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-01-02 05:40:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-02 05:18:58 -------- d-----w- C:\Users\Hagen\AppData\Roaming\AVAST Software
2014-01-02 02:08:09 82744 ----a-w- C:\windows\System32\drivers\aswstm.sys.1388676860
2014-01-02 02:08:09 79672 ----a-w- C:\windows\System32\drivers\aswstm.sys
2013-12-31 20:49:31 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C39C323E-62DE-48F1-9717-E3C0E9625EC3}\mpengine.dll
2013-12-30 08:26:28 -------- d-----w- C:\ProgramData\ChheapMe
2013-12-30 08:26:27 -------- d-----w- C:\ProgramData\fdklbhmhchijodciienjabcgagmcmfkk
2013-12-30 08:26:20 -------- d-----w- C:\Users\Hagen\AppData\Local\Packages
2013-12-30 08:26:13 -------- d-----w- C:\ProgramData\4d09ce8d5400296d
2013-12-30 08:26:06 -------- d-----w- C:\ProgramData\Fun22Saave
2013-12-29 03:10:51 -------- d-----w- C:\ProgramData\QuickSet
2013-12-29 03:10:15 -------- d-----w- C:\Program Files (x86)\GS Supporter
2013-12-29 03:08:04 -------- d-----w- C:\ProgramData\InstallMate
2013-12-12 06:02:57 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-12 06:02:57 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 06:02:56 12625920 ----a-w- C:\windows\System32\wmploc.DLL
2013-12-12 06:02:55 12625408 ----a-w- C:\windows\SysWow64\wmploc.DLL
2013-12-12 04:52:54 335360 ----a-w- C:\windows\System32\msieftp.dll
.
==================== Find3M  ====================
.
2014-01-02 07:20:43 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-02 07:20:43 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-01-02 02:07:51 78648 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2014-01-02 02:07:51 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2014-01-02 02:07:51 207904 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2014-01-02 02:07:51 1034464 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2014-01-02 02:07:50 92544 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2014-01-02 02:07:49 43152 ----a-w- C:\windows\avastSS.scr
2014-01-02 02:07:39 28184 ----a-w- C:\windows\System32\drivers\aswKbd.sys
2014-01-02 02:07:33 439648 ----a-w- C:\windows\System32\drivers\aswNdisFlt.sys
2013-12-19 13:11:26 270824 ----a-w- C:\windows\System32\drivers\aswNdis2.sys
2013-12-19 13:11:24 131232 ----a-w- C:\windows\System32\drivers\aswFW.sys
2013-12-01 08:53:53 0 ----a-w- C:\windows\SysWow64\shoD39.tmp
2013-11-26 10:19:07 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\windows\System32\WMPhoto.dll
2013-11-19 11:33:38 267936 ------w- C:\windows\System32\MpSigStub.exe
2013-11-18 05:53:46 0 ----a-w- C:\windows\SysWow64\shoB834.tmp
2013-11-17 08:55:05 0 ----a-w- C:\windows\SysWow64\sho6776.tmp
2013-11-12 02:23:09 2048 ----a-w- C:\windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2013-10-30 02:19:52 301568 ----a-w- C:\windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\windows\System32\win32k.sys
2013-10-19 02:18:57 81408 ----a-w- C:\windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04 150016 ----a-w- C:\windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\windows\System32\scrrun.dll
2013-10-12 02:30:42 830464 ----a-w- C:\windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36 121856 ----a-w- C:\windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\windows\SysWow64\scrrun.dll
2013-10-12 02:03:08 656896 ----a-w- C:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39 156160 ----a-w- C:\windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\windows\SysWow64\cscript.exe
2013-10-09 05:08:06 0 ----a-w- C:\windows\SysWow64\sho2034.tmp
2013-10-05 20:25:35 1474048 ----a-w- C:\windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\windows\SysWow64\crypt32.dll
.
============= FINISH: 13:41:15.77 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 12/4/2012 5:45:36 PM
System Uptime: 1/2/2014 8:28:35 AM (5 hours ago)
.
Motherboard: Dell Inc. |  | 01HXXJ
Processor: Intel® Core i3-2370M CPU @ 2.40GHz | CPU 1 | 2400/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 446 GiB total, 291.854 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: HP LaserJet 1022n
Device ID: ROOT\MULTIFUNCTION\0019
Manufacturer: 
Name: HP LaserJet 1022n
PNP Device ID: ROOT\MULTIFUNCTION\0019
Service: 
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: avast! Firewall NDIS Filter Miniport
Device ID: ROOT\SW_ASWNDISMP\0000
Manufacturer: ALWIL Software
Name: avast! Firewall NDIS Filter Miniport
PNP Device ID: ROOT\SW_ASWNDISMP\0000
Service: aswNdis
.
Class GUID: 
Description: HP LaserJet 1022n
Device ID: ROOT\MULTIFUNCTION\0020
Manufacturer: 
Name: HP LaserJet 1022n
PNP Device ID: ROOT\MULTIFUNCTION\0020
Service: 
.
Class GUID: 
Description: HP LaserJet 1022n
Device ID: ROOT\MULTIFUNCTION\0021
Manufacturer: 
Name: HP LaserJet 1022n
PNP Device ID: ROOT\MULTIFUNCTION\0021
Service: 
.
Class GUID: 
Description: HP LaserJet 1022n
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: 
Name: HP LaserJet 1022n
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service: 
.
Class GUID: 
Description: HP LaserJet P2015 Series
Device ID: ROOT\MULTIFUNCTION\0022
Manufacturer: 
Name: HP LaserJet P2015 Series
PNP Device ID: ROOT\MULTIFUNCTION\0022
Service: 
.
Class GUID: 
Description: HP LaserJet 1022n
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: 
Name: HP LaserJet 1022n
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service: 
.
Class GUID: 
Description: HP LaserJet 1022n
Device ID: ROOT\MULTIFUNCTION\0023
Manufacturer: 
Name: HP LaserJet 1022n
PNP Device ID: ROOT\MULTIFUNCTION\0023
Service: 
.
Class GUID: 
Description: HP LaserJet 1022n
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer: 
Name: HP LaserJet 1022n
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service: 
.
Class GUID: 
Description: HP LaserJet 1022n
Device ID: ROOT\MULTIFUNCTION\0027
Manufacturer: 
Name: HP LaserJet 1022n
PNP Device ID: ROOT\MULTIFUNCTION\0027
Service: 
.
Class GUID: 
Description: HP LaserJet 1022n
Device ID: ROOT\MULTIFUNCTION\0004
Manufacturer: 
Name: HP LaserJet 1022n
PNP Device ID: ROOT\MULTIFUNCTION\0004
Service: 
.
Class GUID: 
Description: HP LaserJet 1022n
Device ID: ROOT\MULTIFUNCTION\0028
Manufacturer: 
Name: HP LaserJet 1022n
PNP Device ID: ROOT\MULTIFUNCTION\0028
Service: 
.
Class GUID: 
Description: HP LaserJet 1022n
Device ID: ROOT\MULTIFUNCTION\0005
Manufacturer: 
Name: HP LaserJet 1022n
PNP Device ID: ROOT\MULTIFUNCTION\0005
Service: 
.
Class GUID: 
Description: HP LaserJet 1022n
Device ID: ROOT\MULTIFUNCTION\0030
Manufacturer: 
Name: HP LaserJet 1022n
PNP Device ID: ROOT\MULTIFUNCTION\0030
Service: 
.
Class GUID: 
Description: HP LaserJet 1022n
Device ID: ROOT\MULTIFUNCTION\0006
Manufacturer: 
Name: HP LaserJet 1022n
PNP Device ID: ROOT\MULTIFUNCTION\0006
Service: 
.
Class GUID: 
Description: HP LaserJet 9000 Series
Device ID: ROOT\MULTIFUNCTION\0031
Manufacturer: 
Name: HP LaserJet 9000 Series
PNP Device ID: ROOT\MULTIFUNCTION\0031
Service: 
.
Class GUID: 
Description: HP LaserJet 1022n
Device ID: ROOT\MULTIFUNCTION\0007
Manufacturer: 
Name: HP LaserJet 1022n
PNP Device ID: ROOT\MULTIFUNCTION\0007
Service: 
.
Class GUID: 
Description: HP LaserJet 1022n
Device ID: ROOT\MULTIFUNCTION\0032
Manufacturer: 
Name: HP LaserJet 1022n
PNP Device ID: ROOT\MULTIFUNCTION\0032
Service: 
.
Class GUID: 
Description: HP LaserJet 1022n
Device ID: ROOT\MULTIFUNCTION\0008
Manufacturer: 
Name: HP LaserJet 1022n
PNP Device ID: ROOT\MULTIFUNCTION\0008
Service: 
.
Class GUID: 
Description: HP LaserJet 1022n
Device ID: ROOT\MULTIFUNCTION\0036
Manufacturer: 
Name: HP LaserJet 1022n
PNP Device ID: ROOT\MULTIFUNCTION\0036
Service: 
.
Class GUID: 
Description: HP LaserJet 1022n
Device ID: ROOT\MULTIFUNCTION\0009
Manufacturer: 
Name: HP LaserJet 1022n
PNP Device ID: ROOT\MULTIFUNCTION\0009
Service: 
.
Class GUID: 
Description: HP LaserJet 9000 Series
Device ID: ROOT\MULTIFUNCTION\0037
Manufacturer: 
Name: HP LaserJet 9000 Series
PNP Device ID: ROOT\MULTIFUNCTION\0037
Service: 
.
Class GUID: 
Description: HP LaserJet 1022n
Device ID: ROOT\MULTIFUNCTION\0010
Manufacturer: 
Name: HP LaserJet 1022n
PNP Device ID: ROOT\MULTIFUNCTION\0010
Service: 
.
Class GUID: 
Description: HP LaserJet 1022n
Device ID: ROOT\MULTIFUNCTION\0039
Manufacturer: 
Name: HP LaserJet 1022n
PNP Device ID: ROOT\MULTIFUNCTION\0039
Service: 
.
Class GUID: 
Description: HP LaserJet 1022n
Device ID: ROOT\MULTIFUNCTION\0011
Manufacturer: 
Name: HP LaserJet 1022n
PNP Device ID: ROOT\MULTIFUNCTION\0011
Service: 
.
Class GUID: 
Description: HP LaserJet 1022n
Device ID: ROOT\MULTIFUNCTION\0040
Manufacturer: 
Name: HP LaserJet 1022n
PNP Device ID: ROOT\MULTIFUNCTION\0040
Service: 
.
Class GUID: 
Description: HP LaserJet 1022n
Device ID: ROOT\MULTIFUNCTION\0012
Manufacturer: 
Name: HP LaserJet 1022n
PNP Device ID: ROOT\MULTIFUNCTION\0012
Service: 
.
Class GUID: 
Description: HP LaserJet 1022n
Device ID: ROOT\MULTIFUNCTION\0041
Manufacturer: 
Name: HP LaserJet 1022n
PNP Device ID: ROOT\MULTIFUNCTION\0041
Service: 
.
Class GUID: 
Description: HP LaserJet 1022n
Device ID: ROOT\MULTIFUNCTION\0013
Manufacturer: 
Name: HP LaserJet 1022n
PNP Device ID: ROOT\MULTIFUNCTION\0013
Service: 
.
Class GUID: 
Description: HP LaserJet 1022n
Device ID: ROOT\MULTIFUNCTION\0042
Manufacturer: 
Name: HP LaserJet 1022n
PNP Device ID: ROOT\MULTIFUNCTION\0042
Service: 
.
Class GUID: 
Description: HP LaserJet 1022n
Device ID: ROOT\MULTIFUNCTION\0014
Manufacturer: 
Name: HP LaserJet 1022n
PNP Device ID: ROOT\MULTIFUNCTION\0014
Service: 
.
Class GUID: 
Description: HP LaserJet 1022n
Device ID: ROOT\MULTIFUNCTION\0043
Manufacturer: 
Name: HP LaserJet 1022n
PNP Device ID: ROOT\MULTIFUNCTION\0043
Service: 
.
Class GUID: 
Description: HP LaserJet 1022n
Device ID: ROOT\MULTIFUNCTION\0015
Manufacturer: 
Name: HP LaserJet 1022n
PNP Device ID: ROOT\MULTIFUNCTION\0015
Service: 
.
Class GUID: 
Description: HP LaserJet 1022n
Device ID: ROOT\MULTIFUNCTION\0044
Manufacturer: 
Name: HP LaserJet 1022n
PNP Device ID: ROOT\MULTIFUNCTION\0044
Service: 
.
Class GUID: 
Description: HP LaserJet 1022n
Device ID: ROOT\MULTIFUNCTION\0016
Manufacturer: 
Name: HP LaserJet 1022n
PNP Device ID: ROOT\MULTIFUNCTION\0016
Service: 
.
Class GUID: 
Description: HP LaserJet 1022n
Device ID: ROOT\MULTIFUNCTION\0045
Manufacturer: 
Name: HP LaserJet 1022n
PNP Device ID: ROOT\MULTIFUNCTION\0045
Service: 
.
Class GUID: 
Description: HP LaserJet 1022n
Device ID: ROOT\MULTIFUNCTION\0017
Manufacturer: 
Name: HP LaserJet 1022n
PNP Device ID: ROOT\MULTIFUNCTION\0017
Service: 
.
==== System Restore Points ===================
.
RP129: 12/24/2013 9:52:37 AM - Windows Update
RP130: 12/27/2013 12:30:08 PM - Windows Update
RP131: 12/31/2013 12:48:29 PM - Windows Update
RP132: 1/1/2014 6:05:11 PM - avast! antivirus system restore point
RP133: 1/1/2014 6:08:28 PM - Device Driver Package Install: Avast Network Service
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Accidental Damage Services Agreement
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X MUI
Adobe Shockwave Player 11.6
Advanced Audio FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Bluetooth Suite (64)
Audacity 2.0.3
avast! Internet Security
Banctec Service Agreement
Battle.net
Blio
Bonjour
ChheapMe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cockatrice
Complete Care Business Service Agreement
Consumer In-Home Service Agreement
Counter-Strike: Source
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Digital Delivery
Dell Edoc Viewer
Dell Getting Started Guide
Dell Home Systems Service Agreement
Dell MusicStage
Dell PhotoStage
Dell Product Registration
Dell Stage
Dell Stage Remote
Dell Support Center
Dell Touchpad
Dell VideoStage 
Dell Webcam Central
Dell WLAN and Bluetooth Client Installation
DocProc
Facebook Video Calling 1.2.0.287
Free Window Registry Repair
Fun22Saave
GameFly
Google Chrome
Google Talk Plugin
Google Update Helper
GPBaseService2
GS Supporter 1.80
Hearthstone
Home
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
IDT Audio
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Java 7 Update 10
Java Auto Updater
Junk Mail filter update
Magic The Gathering Online 
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NCH EN Toolbar
Nero 10 Movie ThemePack Basic
Nero Blu-ray Player
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
OCR Software by I.R.I.S. 13.0
PlanetSide 2
PlayReady PC Runtime x86
Premium Service Agreement
QualxServ Service Agreement
Quickset64
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
RuneScape Launcher 1.2.3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Serious Sam 3: BFE
Serious Sam HD: The First Encounter
Serious Sam HD: The Second Encounter
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype Click to Call
Skype Voice Changer
Skype™ 6.11
SmartWebPrinting
SolutionCenter
Spotify
StarCraft II
Steam
STORM O.I.C. Missile Launcher
swMSM
SyncUP
Team Fortress 2
The Walking Dead
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Virtual DJ Toolbar
VirtualDJ Home FREE
Voxal Voice Changer
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (32-bit)
Zinio Reader 4
.
==== Event Viewer Messages From Past Week ========
.
12/31/2013 7:54:21 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ZAtheros Wlan Agent service.
12/31/2013 12:42:45 PM, Error: NetBT [4311]  - Initialization failed because the driver device could not be created. Use the string "2AEDB971EDFB" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the  Globally Unique Interface Identifier (GUID) if NetBT was unable to  map from GUID to MAC address. If neither the MAC address nor the GUID were  available, the string represents a cluster device name. 
12/30/2013 10:26:12 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
12/29/2013 6:41:35 PM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 252.
12/29/2013 1:34:25 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
12/28/2013 12:41:10 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.
12/28/2013 12:41:10 PM, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
12/28/2013 12:41:10 PM, Error: Service Control Manager [7000]  - The Application Virtualization Client service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12/27/2013 8:09:36 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
1/1/2014 9:39:19 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {9BA05972-F6A8-11CF-A442-00A0C90A8F39}  and APPID  {9BA05972-F6A8-11CF-A442-00A0C90A8F39}  to the user Hagen-PC\Hagen SID (S-1-5-21-2708970971-2996176623-2557602974-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/1/2014 8:12:01 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ZAtheros Bt&Wlan Coex Agent service.
1/1/2014 8:12:01 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.
1/1/2014 8:12:01 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
1/1/2014 12:05:59 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
1/1/2014 11:20:34 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

Hello haghild and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall the following applications:

Free Window Registry Repair

Fun22Saave

NCH EN Toolbar

Virtual DJ Toolbar

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • Step 3

    Please download AdwCleaner by Xplode onto your desktop.

    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Scan button. Wait until is finished.
    • Click on Clean.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
    Step 4
    • Launch Malwarebytes' Anti-Malware
    • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
    • Go to Scanner tab and select Perform Quick Scan, then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

    In your next reply, post the following log files:

    • Junkware Removal Tool log
    • AdwCleaner log
    • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.16428

Run by Hagen at 13:40:24 on 2014-01-02

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4004.1579 [GMT -8:00]

.

AV: avast! Internet Security *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: avast! Internet Security *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

FW: avast! Internet Security *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\WLANExt.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Program Files\AVAST Software\Avast\afwServ.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\windows\system32\rundll32.exe

C:\windows\SysWOW64\rundll32.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe

C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\svchost.exe -k bthsvcs

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Windows\System32\igfxpers.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\DellTPad\Apoint.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Users\Hagen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Users\Hagen\AppData\Local\Facebook\Update\FacebookUpdate.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Users\Hagen\AppData\Local\VNT\vntldr.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\windows\system32\taskeng.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll

mURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll

mWinlogon: Userinit = userinit.exe,

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB: NCH EN Toolbar: {37483B40-C254-4A72-BDA4-22EE90182C1E} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll

TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - 

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - 

uRun: [spotify Web Helper] "C:\Users\Hagen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [Google Update] "C:\Users\Hagen\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Facebook Update] "C:\Users\Hagen\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"

mRun: [VNT] C:\Program Files (x86)\VNT\vntldr.exe

mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - 

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com


TCP: NameServer = 192.168.20.1

TCP: Interfaces\{9DEB627B-0431-403E-BF24-FA1233703AE7} : DHCPNameServer = 192.168.20.1

TCP: Interfaces\{9DEB627B-0431-403E-BF24-FA1233703AE7}\377796D6D65627 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{9DEB627B-0431-403E-BF24-FA1233703AE7}\5454D275C414E4 : DHCPNameServer = 192.168.241.222 192.168.244.222

TCP: Interfaces\{9DEB627B-0431-403E-BF24-FA1233703AE7}\84F4D454D283130323 : DHCPNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{9DEB627B-0431-403E-BF24-FA1233703AE7}\C696E6B6379737 : DHCPNameServer = 192.168.10.1

TCP: Interfaces\{9DEB627B-0431-403E-BF24-FA1233703AE7}\D4363416272716E60275966496 : DHCPNameServer = 207.14.235.234 205.171.3.65 205.171.2.65

TCP: Interfaces\{9DEB627B-0431-403E-BF24-FA1233703AE7}\D49636861656C6026416D696C6970284F6D65602E4564777F627B6 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{9DEB627B-0431-403E-BF24-FA1233703AE7}\E4544574541425 : DHCPNameServer = 192.168.10.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs= c:\progra~2\gssupp~1\browsafe.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: ChheapMe: {8EA156F4-D3C6-8045-FB48-4AAA52CC03D3} - 

x64-BHO: Fun22Saave: {C0B3B33C-25F2-9ED2-07FF-B7614464B10A} - 

x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe

x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2013-3-6 65776]

R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2013-3-6 207904]

R1 aswKbd;aswKbd;C:\windows\System32\drivers\aswKbd.sys [2012-12-4 28184]

R1 aswNdisFlt;Avast! Firewall Driver;C:\windows\System32\drivers\aswNdisFlt.sys [2013-3-6 439648]

R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2012-12-4 1034464]

R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2012-12-4 422216]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-5-20 89600]

R2 APNMCP;Ask Update Service;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-12-16 166352]

R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2012-12-4 78648]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2012-3-8 107648]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-1-1 50344]

R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-1-1 113704]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]

R2 e9f32388;GS Supporter;C:\windows\System32\rundll32.exe [2009-7-13 45568]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-20 13336]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-1 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-1 701512]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-20 2656280]

R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2012-3-8 159360]

R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2012-5-20 77824]

R3 aswStm;aswStm;C:\windows\System32\drivers\aswstm.sys [2014-1-1 79672]

R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\System32\drivers\btath_flt.sys [2012-3-8 36480]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\drivers\btath_a2dp.sys [2012-3-8 340096]

R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\windows\System32\drivers\btath_avdt.sys [2012-3-8 111232]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\System32\drivers\btath_bus.sys [2012-3-8 30848]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\drivers\btath_hcrp.sys [2012-3-8 168064]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\drivers\btath_lwflt.sys [2012-3-8 68736]

R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\drivers\btath_rcp.sys [2012-3-8 281472]

R3 BtFilter;BtFilter;C:\windows\System32\drivers\btfilter.sys [2012-3-8 551552]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2012-5-20 176096]

R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-5-20 317440]

R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-1-1 25928]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-5-20 533096]

R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]

R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]

R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]

R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]

R3 voxaldriver;Voxal Filter Driver 2.00.00;C:\windows\System32\drivers\voxaldriverx64.sys [2013-1-12 32024]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2013-12-11 111616]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-5-20 250984]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-12-25 1255736]

S4 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-3-8 166912]

S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]

S4 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]

S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-5-20 1695040]

S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-3-19 3289208]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2014-01-02 15:30:01 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C39C323E-62DE-48F1-9717-E3C0E9625EC3}\offreg.dll

2014-01-02 05:40:18 -------- d-----w- C:\Users\Hagen\AppData\Roaming\Malwarebytes

2014-01-02 05:40:11 -------- d-----w- C:\ProgramData\Malwarebytes

2014-01-02 05:40:10 25928 ----a-w- C:\windows\System32\drivers\mbam.sys

2014-01-02 05:40:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-01-02 05:18:58 -------- d-----w- C:\Users\Hagen\AppData\Roaming\AVAST Software

2014-01-02 02:08:09 82744 ----a-w- C:\windows\System32\drivers\aswstm.sys.1388676860

2014-01-02 02:08:09 79672 ----a-w- C:\windows\System32\drivers\aswstm.sys

2013-12-31 20:49:31 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C39C323E-62DE-48F1-9717-E3C0E9625EC3}\mpengine.dll

2013-12-30 08:26:28 -------- d-----w- C:\ProgramData\ChheapMe

2013-12-30 08:26:27 -------- d-----w- C:\ProgramData\fdklbhmhchijodciienjabcgagmcmfkk

2013-12-30 08:26:20 -------- d-----w- C:\Users\Hagen\AppData\Local\Packages

2013-12-30 08:26:13 -------- d-----w- C:\ProgramData\4d09ce8d5400296d

2013-12-30 08:26:06 -------- d-----w- C:\ProgramData\Fun22Saave

2013-12-29 03:10:51 -------- d-----w- C:\ProgramData\QuickSet

2013-12-29 03:10:15 -------- d-----w- C:\Program Files (x86)\GS Supporter

2013-12-29 03:08:04 -------- d-----w- C:\ProgramData\InstallMate

2013-12-12 06:02:57 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe

2013-12-12 06:02:57 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

2013-12-12 06:02:56 12625920 ----a-w- C:\windows\System32\wmploc.DLL

2013-12-12 06:02:55 12625408 ----a-w- C:\windows\SysWow64\wmploc.DLL

2013-12-12 04:52:54 335360 ----a-w- C:\windows\System32\msieftp.dll

.

==================== Find3M  ====================

.

2014-01-02 07:20:43 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-01-02 07:20:43 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2014-01-02 02:07:51 78648 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys

2014-01-02 02:07:51 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys

2014-01-02 02:07:51 207904 ----a-w- C:\windows\System32\drivers\aswVmm.sys

2014-01-02 02:07:51 1034464 ----a-w- C:\windows\System32\drivers\aswSnx.sys

2014-01-02 02:07:50 92544 ----a-w- C:\windows\System32\drivers\aswRdr2.sys

2014-01-02 02:07:49 43152 ----a-w- C:\windows\avastSS.scr

2014-01-02 02:07:39 28184 ----a-w- C:\windows\System32\drivers\aswKbd.sys

2014-01-02 02:07:33 439648 ----a-w- C:\windows\System32\drivers\aswNdisFlt.sys

2013-12-19 13:11:26 270824 ----a-w- C:\windows\System32\drivers\aswNdis2.sys

2013-12-19 13:11:24 131232 ----a-w- C:\windows\System32\drivers\aswFW.sys

2013-12-01 08:53:53 0 ----a-w- C:\windows\SysWow64\shoD39.tmp

2013-11-26 10:19:07 2724864 ----a-w- C:\windows\System32\mshtml.tlb

2013-11-26 10:18:23 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll

2013-11-26 09:48:07 66048 ----a-w- C:\windows\System32\iesetup.dll

2013-11-26 09:46:25 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll

2013-11-26 09:23:02 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb

2013-11-26 09:18:39 139264 ----a-w- C:\windows\System32\ieUnatt.exe

2013-11-26 09:18:09 111616 ----a-w- C:\windows\System32\ieetwcollector.exe

2013-11-26 09:16:57 708608 ----a-w- C:\windows\System32\jscript9diag.dll

2013-11-26 08:35:02 5769216 ----a-w- C:\windows\System32\jscript9.dll

2013-11-26 08:28:16 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll

2013-11-26 08:16:12 4243968 ----a-w- C:\windows\SysWow64\jscript9.dll

2013-11-26 08:02:16 1995264 ----a-w- C:\windows\System32\inetcpl.cpl

2013-11-26 07:32:06 1928192 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2013-11-26 07:07:57 2334208 ----a-w- C:\windows\System32\wininet.dll

2013-11-26 06:33:33 1820160 ----a-w- C:\windows\SysWow64\wininet.dll

2013-11-23 18:26:20 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll

2013-11-23 17:47:34 465920 ----a-w- C:\windows\System32\WMPhoto.dll

2013-11-19 11:33:38 267936 ------w- C:\windows\System32\MpSigStub.exe

2013-11-18 05:53:46 0 ----a-w- C:\windows\SysWow64\shoB834.tmp

2013-11-17 08:55:05 0 ----a-w- C:\windows\SysWow64\sho6776.tmp

2013-11-12 02:23:09 2048 ----a-w- C:\windows\System32\tzres.dll

2013-11-12 02:07:29 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2013-10-30 02:19:52 301568 ----a-w- C:\windows\SysWow64\msieftp.dll

2013-10-30 01:24:31 3155968 ----a-w- C:\windows\System32\win32k.sys

2013-10-19 02:18:57 81408 ----a-w- C:\windows\System32\imagehlp.dll

2013-10-19 01:36:59 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll

2013-10-12 02:32:04 150016 ----a-w- C:\windows\System32\wshom.ocx

2013-10-12 02:31:04 202752 ----a-w- C:\windows\System32\scrrun.dll

2013-10-12 02:30:42 830464 ----a-w- C:\windows\System32\nshwfp.dll

2013-10-12 02:29:21 859648 ----a-w- C:\windows\System32\IKEEXT.DLL

2013-10-12 02:29:08 324096 ----a-w- C:\windows\System32\FWPUCLNT.DLL

2013-10-12 02:04:36 121856 ----a-w- C:\windows\SysWow64\wshom.ocx

2013-10-12 02:03:31 163840 ----a-w- C:\windows\SysWow64\scrrun.dll

2013-10-12 02:03:08 656896 ----a-w- C:\windows\SysWow64\nshwfp.dll

2013-10-12 02:01:25 216576 ----a-w- C:\windows\SysWow64\FWPUCLNT.DLL

2013-10-12 01:33:39 156160 ----a-w- C:\windows\System32\cscript.exe

2013-10-12 01:33:26 168960 ----a-w- C:\windows\System32\wscript.exe

2013-10-12 01:15:48 141824 ----a-w- C:\windows\SysWow64\wscript.exe

2013-10-12 01:15:48 126976 ----a-w- C:\windows\SysWow64\cscript.exe

2013-10-09 05:08:06 0 ----a-w- C:\windows\SysWow64\sho2034.tmp

2013-10-05 20:25:35 1474048 ----a-w- C:\windows\System32\crypt32.dll

2013-10-05 19:57:25 1168384 ----a-w- C:\windows\SysWow64\crypt32.dll

.

============= FINISH: 13:41:15.77 ===============


# AdwCleaner v3.016 - Report created 02/01/2014 at 17:43:45

# Updated 23/12/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Hagen - HAGEN-PC

# Running from : C:\Users\Hagen\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\NCH Software

Folder Deleted : C:\ProgramData\ParetoLogic

Folder Deleted : C:\ProgramData\QuickSet

Folder Deleted : C:\Program Files (x86)\NCH Software

Folder Deleted : C:\Users\Hagen\AppData\Local\Temp\apn

Folder Deleted : C:\Users\Hagen\AppData\Roaming\NCH Software

Folder Deleted : C:\Users\Hagen\AppData\Roaming\ParetoLogic

File Deleted : C:\Users\Hagen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage

File Deleted : C:\Users\Hagen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal

File Deleted : C:\windows\System32\Tasks\NCH Software

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Deleted : HKCU\Software\NCH Software

Key Deleted : HKCU\Software\ParetoLogic

Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\Software\NCH Software

Key Deleted : HKLM\Software\ParetoLogic

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16428

 

 

-\\ Google Chrome v31.0.1650.63

 

[ File : C:\Users\Hagen\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [2717 octets] - [02/01/2014 17:30:30]

AdwCleaner[s0].txt - [2597 octets] - [02/01/2014 17:43:45]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2657 octets] ##########


Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.01.02.04

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16476

Hagen :: HAGEN-PC [administrator]

 

Protection: Enabled

 

1/2/2014 5:52:28 PM

mbam-log-2014-01-02 (17-52-28).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 237698

Time elapsed: 21 minute(s), 16 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 


Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.01.04.08

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16476

Hagen :: HAGEN-PC [administrator]

 

Protection: Enabled

 

1/4/2014 11:41:38 PM

mbam-log-2014-01-04 (23-41-38).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 238119

Time elapsed: 21 minute(s), 43 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 1

HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252} (PUP.Optional.GreatSaver.A) -> Quarantined and deleted successfully.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)
Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

ComboFix 14-01-04.03 - Hagen 01/05/2014  11:48:51.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4004.2667 [GMT -8:00]

Running from: c:\users\Hagen\Desktop\ComboFix.exe

AV: avast! Internet Security *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

FW: avast! Internet Security *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

SP: avast! Internet Security *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\RPSETUP.EXE.LOG

.

.

(((((((((((((((((((((((((   Files Created from 2013-12-05 to 2014-01-05  )))))))))))))))))))))))))))))))

.

.

2014-01-05 19:59 . 2014-01-05 19:59 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-01-05 10:30 . 2014-01-05 10:30 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F041ABAA-CCCF-4BA5-B393-7757B68D3E02}\offreg.dll

2014-01-03 19:46 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F041ABAA-CCCF-4BA5-B393-7757B68D3E02}\mpengine.dll

2014-01-03 06:20 . 2014-01-03 06:20 0 ----a-w- c:\windows\SysWow64\shoF664.tmp

2014-01-03 01:30 . 2014-01-03 01:45 -------- d-----w- C:\AdwCleaner

2014-01-03 00:35 . 2014-01-03 00:35 -------- d-----w- c:\windows\ERUNT

2014-01-02 22:47 . 2014-01-02 23:40 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2014-01-02 22:47 . 2014-01-02 22:47 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-01-02 05:40 . 2014-01-02 05:40 -------- d-----w- c:\users\Hagen\AppData\Roaming\Malwarebytes

2014-01-02 05:40 . 2014-01-02 05:40 -------- d-----w- c:\programdata\Malwarebytes

2014-01-02 05:40 . 2014-01-02 05:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2014-01-02 05:40 . 2013-04-04 22:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-01-02 05:18 . 2014-01-02 05:18 -------- d-----w- c:\users\Hagen\AppData\Roaming\AVAST Software

2014-01-02 02:08 . 2014-01-02 15:34 79672 ----a-w- c:\windows\system32\drivers\aswstm.sys

2013-12-30 08:26 . 2014-01-02 07:17 -------- d-----w- c:\programdata\ChheapMe

2013-12-30 08:26 . 2013-12-30 08:26 -------- d-----w- c:\programdata\fdklbhmhchijodciienjabcgagmcmfkk

2013-12-30 08:26 . 2013-12-30 08:26 -------- d-----w- c:\users\Hagen\AppData\Local\Packages

2013-12-30 08:26 . 2013-12-30 08:26 -------- d-----w- c:\programdata\4d09ce8d5400296d

2013-12-30 08:26 . 2014-01-02 07:17 -------- d-----w- c:\programdata\Fun22Saave

2013-12-29 03:10 . 2013-12-29 03:10 -------- d-----w- c:\program files (x86)\GS Supporter

2013-12-29 03:08 . 2013-12-29 03:08 -------- d-----w- c:\users\Guest

2013-12-29 03:08 . 2013-12-29 03:08 -------- d-----w- c:\users\Administrator

2013-12-29 03:08 . 2013-12-29 03:10 -------- d-----w- c:\programdata\InstallMate

2013-12-12 06:02 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2013-12-12 06:02 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe

2013-12-12 06:02 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL

2013-12-12 06:02 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL

2013-12-12 06:02 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll

2013-12-12 04:52 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-01-02 07:20 . 2012-05-21 01:00 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-01-02 07:20 . 2012-05-21 01:00 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-01-02 02:07 . 2013-03-06 15:56 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2014-01-02 02:07 . 2013-03-06 15:56 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2014-01-02 02:07 . 2012-12-05 04:50 422216 ----a-w- c:\windows\system32\drivers\aswSP.sys

2014-01-02 02:07 . 2012-12-05 04:49 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2014-01-02 02:07 . 2012-12-05 04:49 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2014-01-02 02:07 . 2012-12-05 04:49 334136 ----a-w- c:\windows\system32\aswBoot.exe

2014-01-02 02:07 . 2012-12-05 04:49 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2014-01-02 02:07 . 2012-12-05 04:49 43152 ----a-w- c:\windows\avastSS.scr

2014-01-02 02:07 . 2012-12-05 04:49 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2014-01-02 02:07 . 2013-03-06 15:56 439648 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys

2013-12-19 13:11 . 2012-12-05 04:49 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-12-19 13:11 . 2012-12-05 04:49 270824 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2013-12-19 13:11 . 2012-12-05 04:50 131232 ----a-w- c:\windows\system32\drivers\aswFW.sys

2013-12-15 08:20 . 2013-04-04 05:07 90708896 ----a-w- c:\windows\system32\MRT.exe

2013-11-26 06:02 . 2013-11-26 06:02 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-11-26 06:02 . 2013-11-26 06:02 194048 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-11-26 06:02 . 2013-11-26 06:02 942592 ----a-w- c:\windows\system32\jsIntl.dll

2013-11-26 06:02 . 2013-11-26 06:02 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-11-26 06:02 . 2013-11-26 06:02 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll

2013-11-26 06:02 . 2013-11-26 06:02 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-11-26 06:02 . 2013-11-26 06:02 84992 ----a-w- c:\windows\system32\mshtmled.dll

2013-11-26 06:02 . 2013-11-26 06:02 81408 ----a-w- c:\windows\system32\icardie.dll

2013-11-26 06:02 . 2013-11-26 06:02 774144 ----a-w- c:\windows\system32\jscript.dll

2013-11-26 06:02 . 2013-11-26 06:02 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-11-26 06:02 . 2013-11-26 06:02 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-11-26 06:02 . 2013-11-26 06:02 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2013-11-26 06:02 . 2013-11-26 06:02 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll

2013-11-26 06:02 . 2013-11-26 06:02 626176 ----a-w- c:\windows\system32\msfeeds.dll

2013-11-26 06:02 . 2013-11-26 06:02 62464 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-11-26 06:02 . 2013-11-26 06:02 62464 ----a-w- c:\windows\system32\pngfilt.dll

2013-11-26 06:02 . 2013-11-26 06:02 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll

2013-11-26 06:02 . 2013-11-26 06:02 61952 ----a-w- c:\windows\SysWow64\iesetup.dll

2013-11-26 06:02 . 2013-11-26 06:02 616104 ----a-w- c:\windows\system32\ieapfltr.dat

2013-11-26 06:02 . 2013-11-26 06:02 548352 ----a-w- c:\windows\system32\vbscript.dll

2013-11-26 06:02 . 2013-11-26 06:02 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-11-26 06:02 . 2013-11-26 06:02 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll

2013-11-26 06:02 . 2013-11-26 06:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-11-26 06:02 . 2013-11-26 06:02 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-11-26 06:02 . 2013-11-26 06:02 454656 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-11-26 06:02 . 2013-11-26 06:02 453120 ----a-w- c:\windows\system32\dxtmsft.dll

2013-11-26 06:02 . 2013-11-26 06:02 413696 ----a-w- c:\windows\system32\html.iec

2013-11-26 06:02 . 2013-11-26 06:02 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll

2013-11-26 06:02 . 2013-11-26 06:02 36352 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-11-26 06:02 . 2013-11-26 06:02 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll

2013-11-26 06:02 . 2013-11-26 06:02 337408 ----a-w- c:\windows\SysWow64\html.iec

2013-11-26 06:02 . 2013-11-26 06:02 30208 ----a-w- c:\windows\system32\licmgr10.dll

2013-11-26 06:02 . 2013-11-26 06:02 296960 ----a-w- c:\windows\system32\dxtrans.dll

2013-11-26 06:02 . 2013-11-26 06:02 263376 ----a-w- c:\windows\system32\iedkcs32.dll

2013-11-26 06:02 . 2013-11-26 06:02 247808 ----a-w- c:\windows\system32\msls31.dll

2013-11-26 06:02 . 2013-11-26 06:02 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-11-26 06:02 . 2013-11-26 06:02 243200 ----a-w- c:\windows\system32\webcheck.dll

2013-11-26 06:02 . 2013-11-26 06:02 235520 ----a-w- c:\windows\system32\url.dll

2013-11-26 06:02 . 2013-11-26 06:02 235008 ----a-w- c:\windows\system32\elshyph.dll

2013-11-26 06:02 . 2013-11-26 06:02 195584 ----a-w- c:\windows\system32\msrating.dll

2013-11-26 06:02 . 2013-11-26 06:02 182272 ----a-w- c:\windows\SysWow64\msls31.dll

2013-11-26 06:02 . 2013-11-26 06:02 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-11-26 06:02 . 2013-11-26 06:02 151552 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-11-26 06:02 . 2013-11-26 06:02 147968 ----a-w- c:\windows\system32\occache.dll

2013-11-26 06:02 . 2013-11-26 06:02 143872 ----a-w- c:\windows\system32\wextract.exe

2013-11-26 06:02 . 2013-11-26 06:02 139264 ----a-w- c:\windows\SysWow64\wextract.exe

2013-11-26 06:02 . 2013-11-26 06:02 13824 ----a-w- c:\windows\system32\mshta.exe

2013-11-26 06:02 . 2013-11-26 06:02 13312 ----a-w- c:\windows\SysWow64\mshta.exe

2013-11-26 06:02 . 2013-11-26 06:02 13312 ----a-w- c:\windows\system32\msfeedssync.exe

2013-11-26 06:02 . 2013-11-26 06:02 131072 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-11-26 06:02 . 2013-11-26 06:02 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-11-26 06:02 . 2013-11-26 06:02 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-11-26 06:02 . 2013-11-26 06:02 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-11-26 06:02 . 2013-11-26 06:02 105984 ----a-w- c:\windows\system32\iesysprep.dll

2013-11-26 06:02 . 2013-11-26 06:02 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-11-26 06:02 . 2013-11-26 06:02 101376 ----a-w- c:\windows\system32\inseng.dll

2013-11-26 06:02 . 2013-11-26 06:02 83968 ----a-w- c:\windows\system32\MshtmlDac.dll

2013-11-26 06:02 . 2013-11-26 06:02 48128 ----a-w- c:\windows\system32\imgutil.dll

2013-11-26 06:02 . 2013-11-26 06:02 135680 ----a-w- c:\windows\system32\iepeers.dll

2013-11-19 11:33 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe

2013-10-15 02:00 . 2013-11-26 06:04 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE

2013-10-12 02:30 . 2013-11-14 05:20 830464 ----a-w- c:\windows\system32\nshwfp.dll

2013-10-12 02:29 . 2013-11-14 05:20 859648 ----a-w- c:\windows\system32\IKEEXT.DLL

2013-10-12 02:29 . 2013-11-14 05:20 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL

2013-10-12 02:03 . 2013-11-14 05:20 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll

2013-10-12 02:01 . 2013-11-14 05:20 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spotify Web Helper"="c:\users\Hagen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-11-17 1168896]

"Facebook Update"="c:\users\Hagen\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-11-30 138096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]

"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2011-08-04 4165440]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-02 3764024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"midi2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 e9f32388;GS Supporter;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]

R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]

R4 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]

R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 aswRvrt;avast! Revert; [x]

S0 aswVmm;avast! VM Monitor; [x]

S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]

S1 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]

S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [x]

S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]

S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

S3 voxaldriver;Voxal Filter Driver 2.00.00;c:\windows\system32\DRIVERS\voxaldriverx64.sys;c:\windows\SYSNATIVE\DRIVERS\voxaldriverx64.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ   hpqcxs08

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-12-05 22:11 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-01-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2708970971-2996176623-2557602974-1001Core.job

- c:\users\Hagen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-30 06:19]

.

2014-01-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2708970971-2996176623-2557602974-1001UA.job

- c:\users\Hagen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-30 06:19]

.

2014-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-13 03:37]

.

2014-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-13 03:37]

.

2014-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2708970971-2996176623-2557602974-1001Core.job

- c:\users\Hagen\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-30 01:42]

.

2014-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2708970971-2996176623-2557602974-1001UA.job

- c:\users\Hagen\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-30 01:42]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2014-01-02 02:07 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.20.1

.

- - - - ORPHANS REMOVED - - - -

.

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

BHO-{8EA156F4-D3C6-8045-FB48-4AAA52CC03D3} - c:\programdata\ChheapMe\B0AYTqNTrS.x64.dll

BHO-{C0B3B33C-25F2-9ED2-07FF-B7614464B10A} - c:\programdata\Fun22Saave\lowRU96Ku.x64.dll

AddRemove-Voxal - c:\program files (x86)\NCH Software\Voxal\voxal.exe

AddRemove-{F6C44C71-2CFE-8176-3A4D-CBD0DCE5AEFA} - c:\programdata\ChheapMe\B0AYTqNTrS.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2014-01-05  12:02:14

ComboFix-quarantined-files.txt  2014-01-05 20:02

.

Pre-Run: 313,018,564,608 bytes free

Post-Run: 325,685,583,872 bytes free

.

- - End Of File - - E8517E89A3495ED63A4C38C7485777A0
Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::

c:\programdata\ChheapMe

c:\programdata\fdklbhmhchijodciienjabcgagmcmfkk

c:\programdata\4d09ce8d5400296d

c:\programdata\Fun22Saave

c:\programdata\InstallMate

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

ComboFix 14-01-04.03 - Hagen 01/05/2014  13:28:06.2.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4004.2492 [GMT -8:00]

Running from: c:\users\Hagen\Desktop\ComboFix.exe

Command switches used :: c:\users\Hagen\Desktop\CFScript.txt

AV: avast! Internet Security *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

FW: avast! Internet Security *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

SP: avast! Internet Security *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\4d09ce8d5400296d

c:\programdata\4d09ce8d5400296d\22c3997ee7059bcba58c8d12d7e2e9de.ini

c:\programdata\4d09ce8d5400296d\91edd5c0e4a2c4a4a58c8d12d7e2e9de.ini

c:\programdata\ChheapMe

c:\programdata\ChheapMe\B0AYTqNTrS.dat

c:\programdata\ChheapMe\B0AYTqNTrS.tlb

c:\programdata\fdklbhmhchijodciienjabcgagmcmfkk

c:\programdata\fdklbhmhchijodciienjabcgagmcmfkk\background.html

c:\programdata\fdklbhmhchijodciienjabcgagmcmfkk\content.js

c:\programdata\fdklbhmhchijodciienjabcgagmcmfkk\lsdb.js

c:\programdata\fdklbhmhchijodciienjabcgagmcmfkk\manifest.json

c:\programdata\fdklbhmhchijodciienjabcgagmcmfkk\UgpjVQSRiXzV.js

c:\programdata\Fun22Saave

c:\programdata\Fun22Saave\lowRU96Ku.dat

c:\programdata\Fun22Saave\lowRU96Ku.tlb

c:\programdata\InstallMate

c:\programdata\InstallMate\{0227D60D-6385-4920-ABCB-2BA7D9C4F4FB}\_Setup.dll

c:\programdata\InstallMate\{0227D60D-6385-4920-ABCB-2BA7D9C4F4FB}\20131228190802.log

c:\programdata\InstallMate\{0227D60D-6385-4920-ABCB-2BA7D9C4F4FB}\Custom.dll

c:\programdata\InstallMate\{0227D60D-6385-4920-ABCB-2BA7D9C4F4FB}\Readme.txt

c:\programdata\InstallMate\{0227D60D-6385-4920-ABCB-2BA7D9C4F4FB}\Setup.dat

c:\programdata\InstallMate\{0227D60D-6385-4920-ABCB-2BA7D9C4F4FB}\Setup.exe

c:\programdata\InstallMate\{0227D60D-6385-4920-ABCB-2BA7D9C4F4FB}\Setup.ico

c:\programdata\InstallMate\{0227D60D-6385-4920-ABCB-2BA7D9C4F4FB}\TsuDll.dll

.

.

(((((((((((((((((((((((((   Files Created from 2013-12-05 to 2014-01-05  )))))))))))))))))))))))))))))))

.

.

2014-01-05 21:39 . 2014-01-05 21:39 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-01-03 19:46 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F041ABAA-CCCF-4BA5-B393-7757B68D3E02}\mpengine.dll

2014-01-03 06:20 . 2014-01-03 06:20 0 ----a-w- c:\windows\SysWow64\shoF664.tmp

2014-01-03 01:30 . 2014-01-03 01:45 -------- d-----w- C:\AdwCleaner

2014-01-03 00:35 . 2014-01-03 00:35 -------- d-----w- c:\windows\ERUNT

2014-01-02 22:47 . 2014-01-02 23:40 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2014-01-02 22:47 . 2014-01-02 22:47 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-01-02 05:40 . 2014-01-02 05:40 -------- d-----w- c:\users\Hagen\AppData\Roaming\Malwarebytes

2014-01-02 05:40 . 2014-01-02 05:40 -------- d-----w- c:\programdata\Malwarebytes

2014-01-02 05:40 . 2014-01-02 05:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2014-01-02 05:40 . 2013-04-04 22:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-01-02 05:18 . 2014-01-02 05:18 -------- d-----w- c:\users\Hagen\AppData\Roaming\AVAST Software

2014-01-02 02:08 . 2014-01-02 15:34 79672 ----a-w- c:\windows\system32\drivers\aswstm.sys

2013-12-30 08:26 . 2013-12-30 08:26 -------- d-----w- c:\users\Hagen\AppData\Local\Packages

2013-12-29 03:10 . 2013-12-29 03:10 -------- d-----w- c:\program files (x86)\GS Supporter

2013-12-29 03:08 . 2013-12-29 03:08 -------- d-----w- c:\users\Guest

2013-12-29 03:08 . 2013-12-29 03:08 -------- d-----w- c:\users\Administrator

2013-12-12 06:02 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2013-12-12 06:02 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe

2013-12-12 06:02 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL

2013-12-12 06:02 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL

2013-12-12 06:02 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll

2013-12-12 04:52 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-01-02 07:20 . 2012-05-21 01:00 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-01-02 07:20 . 2012-05-21 01:00 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-01-02 02:07 . 2013-03-06 15:56 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2014-01-02 02:07 . 2013-03-06 15:56 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2014-01-02 02:07 . 2012-12-05 04:50 422216 ----a-w- c:\windows\system32\drivers\aswSP.sys

2014-01-02 02:07 . 2012-12-05 04:49 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2014-01-02 02:07 . 2012-12-05 04:49 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2014-01-02 02:07 . 2012-12-05 04:49 334136 ----a-w- c:\windows\system32\aswBoot.exe

2014-01-02 02:07 . 2012-12-05 04:49 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2014-01-02 02:07 . 2012-12-05 04:49 43152 ----a-w- c:\windows\avastSS.scr

2014-01-02 02:07 . 2012-12-05 04:49 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2014-01-02 02:07 . 2013-03-06 15:56 439648 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys

2013-12-19 13:11 . 2012-12-05 04:49 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-12-19 13:11 . 2012-12-05 04:49 270824 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2013-12-19 13:11 . 2012-12-05 04:50 131232 ----a-w- c:\windows\system32\drivers\aswFW.sys

2013-12-15 08:20 . 2013-04-04 05:07 90708896 ----a-w- c:\windows\system32\MRT.exe

2013-11-26 06:02 . 2013-11-26 06:02 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-11-26 06:02 . 2013-11-26 06:02 194048 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-11-26 06:02 . 2013-11-26 06:02 942592 ----a-w- c:\windows\system32\jsIntl.dll

2013-11-26 06:02 . 2013-11-26 06:02 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-11-26 06:02 . 2013-11-26 06:02 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll

2013-11-26 06:02 . 2013-11-26 06:02 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-11-26 06:02 . 2013-11-26 06:02 84992 ----a-w- c:\windows\system32\mshtmled.dll

2013-11-26 06:02 . 2013-11-26 06:02 81408 ----a-w- c:\windows\system32\icardie.dll

2013-11-26 06:02 . 2013-11-26 06:02 774144 ----a-w- c:\windows\system32\jscript.dll

2013-11-26 06:02 . 2013-11-26 06:02 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-11-26 06:02 . 2013-11-26 06:02 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-11-26 06:02 . 2013-11-26 06:02 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2013-11-26 06:02 . 2013-11-26 06:02 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll

2013-11-26 06:02 . 2013-11-26 06:02 626176 ----a-w- c:\windows\system32\msfeeds.dll

2013-11-26 06:02 . 2013-11-26 06:02 62464 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-11-26 06:02 . 2013-11-26 06:02 62464 ----a-w- c:\windows\system32\pngfilt.dll

2013-11-26 06:02 . 2013-11-26 06:02 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll

2013-11-26 06:02 . 2013-11-26 06:02 61952 ----a-w- c:\windows\SysWow64\iesetup.dll

2013-11-26 06:02 . 2013-11-26 06:02 616104 ----a-w- c:\windows\system32\ieapfltr.dat

2013-11-26 06:02 . 2013-11-26 06:02 548352 ----a-w- c:\windows\system32\vbscript.dll

2013-11-26 06:02 . 2013-11-26 06:02 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-11-26 06:02 . 2013-11-26 06:02 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll

2013-11-26 06:02 . 2013-11-26 06:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-11-26 06:02 . 2013-11-26 06:02 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-11-26 06:02 . 2013-11-26 06:02 454656 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-11-26 06:02 . 2013-11-26 06:02 453120 ----a-w- c:\windows\system32\dxtmsft.dll

2013-11-26 06:02 . 2013-11-26 06:02 413696 ----a-w- c:\windows\system32\html.iec

2013-11-26 06:02 . 2013-11-26 06:02 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll

2013-11-26 06:02 . 2013-11-26 06:02 36352 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-11-26 06:02 . 2013-11-26 06:02 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll

2013-11-26 06:02 . 2013-11-26 06:02 337408 ----a-w- c:\windows\SysWow64\html.iec

2013-11-26 06:02 . 2013-11-26 06:02 30208 ----a-w- c:\windows\system32\licmgr10.dll

2013-11-26 06:02 . 2013-11-26 06:02 296960 ----a-w- c:\windows\system32\dxtrans.dll

2013-11-26 06:02 . 2013-11-26 06:02 263376 ----a-w- c:\windows\system32\iedkcs32.dll

2013-11-26 06:02 . 2013-11-26 06:02 247808 ----a-w- c:\windows\system32\msls31.dll

2013-11-26 06:02 . 2013-11-26 06:02 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-11-26 06:02 . 2013-11-26 06:02 243200 ----a-w- c:\windows\system32\webcheck.dll

2013-11-26 06:02 . 2013-11-26 06:02 235520 ----a-w- c:\windows\system32\url.dll

2013-11-26 06:02 . 2013-11-26 06:02 235008 ----a-w- c:\windows\system32\elshyph.dll

2013-11-26 06:02 . 2013-11-26 06:02 195584 ----a-w- c:\windows\system32\msrating.dll

2013-11-26 06:02 . 2013-11-26 06:02 182272 ----a-w- c:\windows\SysWow64\msls31.dll

2013-11-26 06:02 . 2013-11-26 06:02 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-11-26 06:02 . 2013-11-26 06:02 151552 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-11-26 06:02 . 2013-11-26 06:02 147968 ----a-w- c:\windows\system32\occache.dll

2013-11-26 06:02 . 2013-11-26 06:02 143872 ----a-w- c:\windows\system32\wextract.exe

2013-11-26 06:02 . 2013-11-26 06:02 139264 ----a-w- c:\windows\SysWow64\wextract.exe

2013-11-26 06:02 . 2013-11-26 06:02 13824 ----a-w- c:\windows\system32\mshta.exe

2013-11-26 06:02 . 2013-11-26 06:02 13312 ----a-w- c:\windows\SysWow64\mshta.exe

2013-11-26 06:02 . 2013-11-26 06:02 13312 ----a-w- c:\windows\system32\msfeedssync.exe

2013-11-26 06:02 . 2013-11-26 06:02 131072 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-11-26 06:02 . 2013-11-26 06:02 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-11-26 06:02 . 2013-11-26 06:02 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-11-26 06:02 . 2013-11-26 06:02 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-11-26 06:02 . 2013-11-26 06:02 105984 ----a-w- c:\windows\system32\iesysprep.dll

2013-11-26 06:02 . 2013-11-26 06:02 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-11-26 06:02 . 2013-11-26 06:02 101376 ----a-w- c:\windows\system32\inseng.dll

2013-11-26 06:02 . 2013-11-26 06:02 83968 ----a-w- c:\windows\system32\MshtmlDac.dll

2013-11-26 06:02 . 2013-11-26 06:02 48128 ----a-w- c:\windows\system32\imgutil.dll

2013-11-26 06:02 . 2013-11-26 06:02 135680 ----a-w- c:\windows\system32\iepeers.dll

2013-11-19 11:33 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe

2013-10-15 02:00 . 2013-11-26 06:04 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE

2013-10-12 02:30 . 2013-11-14 05:20 830464 ----a-w- c:\windows\system32\nshwfp.dll

2013-10-12 02:29 . 2013-11-14 05:20 859648 ----a-w- c:\windows\system32\IKEEXT.DLL

2013-10-12 02:29 . 2013-11-14 05:20 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL

2013-10-12 02:03 . 2013-11-14 05:20 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll

2013-10-12 02:01 . 2013-11-14 05:20 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spotify Web Helper"="c:\users\Hagen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-11-17 1168896]

"Facebook Update"="c:\users\Hagen\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-11-30 138096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]

"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2011-08-04 4165440]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-02 3764024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"midi2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 e9f32388;GS Supporter;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]

R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]

R4 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]

R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 aswRvrt;avast! Revert; [x]

S0 aswVmm;avast! VM Monitor; [x]

S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]

S1 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]

S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [x]

S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]

S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

S3 voxaldriver;Voxal Filter Driver 2.00.00;c:\windows\system32\DRIVERS\voxaldriverx64.sys;c:\windows\SYSNATIVE\DRIVERS\voxaldriverx64.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ   hpqcxs08

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-12-05 22:11 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-01-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2708970971-2996176623-2557602974-1001Core.job

- c:\users\Hagen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-30 06:19]

.

2014-01-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2708970971-2996176623-2557602974-1001UA.job

- c:\users\Hagen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-30 06:19]

.

2014-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-13 03:37]

.

2014-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-13 03:37]

.

2014-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2708970971-2996176623-2557602974-1001Core.job

- c:\users\Hagen\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-30 01:42]

.

2014-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2708970971-2996176623-2557602974-1001UA.job

- c:\users\Hagen\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-30 01:42]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8EA156F4-D3C6-8045-FB48-4AAA52CC03D3}]

c:\programdata\ChheapMe\B0AYTqNTrS.x64.dll [bU]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C0B3B33C-25F2-9ED2-07FF-B7614464B10A}]

c:\programdata\Fun22Saave\lowRU96Ku.x64.dll [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2014-01-02 02:07 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.20.1

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-966086b5-09b5-49e9-92de-0f17aa6ed0dc - c:\progra~3\INSTAL~2\{0227D~1\Setup.exe

AddRemove-Voxal - c:\program files (x86)\NCH Software\Voxal\voxal.exe

AddRemove-{F6C44C71-2CFE-8176-3A4D-CBD0DCE5AEFA} - c:\programdata\ChheapMe\B0AYTqNTrS.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2014-01-05  13:41:01

ComboFix-quarantined-files.txt  2014-01-05 21:41

ComboFix2.txt  2014-01-05 20:02

.

Pre-Run: 325,854,498,816 bytes free

Post-Run: 325,547,569,152 bytes free

.

- - End Of File - - 655869B901D25E7B077F0429E96B5228
Link to post
Share on other sites

Well done! :)

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

C:\Windows\SysWOW64\Adobe\Shockwave 11\gt.exe Win32/Bundled.Toolbar.Google.D application

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\ProgramData\InstallMate\{0227D60D-6385-4920-ABCB-2BA7D9C4F4FB}\Custom.dll.vir Win32/InstalleRex.M application cleaned by deleting - quarantined

C:\Users\Hagen\Documents\APNSetup.exe a variant of Win32/Bundled.Toolbar.Ask.E application cleaned by deleting - quarantined

C:\Windows\Installer\290a50.msi a variant of Win32/Bundled.Toolbar.Ask.D application deleted - quarantined

C:\Windows\System32\Adobe\Shockwave 11\gt.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantined
Link to post
Share on other sites

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

Link to post
Share on other sites

Ran once. About half way through it popped up a window asking if I wanted to remove active malware. This is the log after clicking yes and letting it complete. Ran a second time with no problems reported. Will monitor computer to see if problems still exist.

 

Status: Deleted   (events: 2)

1/6/2014 5:27:30 PM Deleted Trojan program HEUR:Trojan.Win32.Generic C:\Program Files (x86)\GS Supporter\Browsafe.dll High

1/6/2014 5:27:30 PM Deleted Trojan program HEUR:Trojan.Win32.Generic C:\Program Files (x86)\GS Supporter\Browsafe.dll High

Status: Absent   (events: 2)

1/6/2014 5:29:55 PM Not found Trojan program HEUR:Trojan.Win32.Generic c:\Program Files (x86)\GS Supporter\Browsafe.dll High

1/6/2014 5:29:55 PM Not found Trojan program HEUR:Trojan.Win32.Generic c:\Program Files (x86)\GS Supporter\Browsafe.dll High
Link to post
Share on other sites

Dad here - I will be out of town until Wednesday night so will take next steps Thursday. Still seeing unexpected popups with chrome when mouse is hovering over links. Has AdBlock button on top which looks like it might be malware. Would appreciate your feedback on this product and instructions on how to remove if you have them. We really appreciate your help on everything so far and hope this PC is close to fixed.

Link to post
Share on other sites

Take your time!

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.