Possible Infection.

[AdvancedSetup]

We're not done yet, please hold on and we'll get to that.   The Combofix program is not from or related to Comdo

 

You have drivers from this Company on the computer yet no listing from Add/Remove

 

http://www.comodo.com/home/internet-security/security-software.php

 

 

If you're not aware of them or did not install them then we'll manually remove them.   Please let me know.

[Katracho93]

We're not done yet, please hold on and we'll get to that.   The Combofix program is not from or related to Comdo

 

You have drivers from this Company on the computer yet no listing from Add/Remove

 

http://www.comodo.com/home/internet-security/security-software.php

 

 

If you're not aware of them or did not install them then we'll manually remove them.   Please let me know.

I downloaded Comodo a while ago, but I unistalled it though. I believe I downloaded the comodo firewall.

[Katracho93]

Sorry, but my brother downloaded flash player, he really needed to use it.

Once again i'm sorry. This probably mess something up.

[AdvancedSetup]

No that's fine.  Please run FRST again and post the new log and we'll use that to remove the old Comodo stuff.

 

Thanks

[Katracho93]

I'll continue with this tomorrow, since my parents don't like me using the computer at night. One thing I have noticed is that Internet Explorer seems to be running faster than Google Chrome.

[AdvancedSetup]

Okay sounds good.  Go ahead and post the new log when you can and I'll check back on you sometime tomorrow.

 

Thanks again

[Katracho93]

I wanted to paste the log, but it seems like IE11 isn't letting me paste things.

FRST.txt1.txt

[Katracho93]

Bump.

[AdvancedSetup]

Please download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

[Katracho93]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-01-2014

Ran by DELL at 2014-01-22 20:35:13 Run:2

Running from C:\Users\DELL\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

start

S1 cmdGuard; System32\DRIVERS\cmdguard.sys [x]

S1 cmdHlp; System32\DRIVERS\cmdhlp.sys [x]

TDL4: custom:26000022

end

 

*****************

 

cmdGuard => Service deleted successfully.

cmdHlp => Service deleted successfully.

 

The operation completed successfully.

The operation completed successfully.

 

==== End of Fixlog ====

[AdvancedSetup]

Please restart the computer and then run a full FRST scan again and post back the new log so I can confirm if the TDL4 entry was removed or not.

Thanks

[Katracho93]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-01-2014

Ran by DELL (administrator) on DELL-PC on 22-01-2014 20:45:31

Running from C:\Users\DELL\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(AMD) C:\Windows\System32\atiesrxx.exe

(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe

(AMD) C:\Windows\System32\atieclxx.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Malwarebytes Secure Backup) C:\Program Files (x86)\Malwarebytes Secure Backup\SAgent.Service.exe

(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Malwarebytes Secure Backup) C:\Program Files (x86)\Malwarebytes Secure Backup\SUpdateNotifier.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Secure Backup\mbsbscan.exe

(Spotify Ltd) C:\Users\DELL\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-07] (AVAST Software)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKCU\...\Run: [spotify Web Helper] - C:\Users\DELL\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-14] (Spotify Ltd)

Startup: C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x90C5A9E6E36FCC01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKCU - DefaultScope {AFD26799-2115-4194-9D0B-F7AD980EE8D7} URL = https://www.google.com/search?q={searchTerms}

SearchScopes: HKCU - {AFD26799-2115-4194-9D0B-F7AD980EE8D7} URL = https://www.google.com/search?q={searchTerms}

Toolbar: HKCU - No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File

DPF: HKLM-x32 {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinner.com/games/v50/tpir/tpir.cab

DPF: HKLM-x32 {2C153C75-8476-434B-B3C3-57B63A3D1939} http://www.worldwinner.com/games/v48/brickout/brickout.cab

DPF: HKLM-x32 {555F1BBC-6EC2-474F-84AF-633EF097FF54} http://www.worldwinner.com/games/v53/wwhearts/wwhearts.cab

DPF: HKLM-x32 {62969CF2-0F7A-433B-A221-FD8818C06C2F} http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

DPF: HKLM-x32 {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab

DPF: HKLM-x32 {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab

DPF: HKLM-x32 {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinner.com/games/v41/hangman/hangman.cab

DPF: HKLM-x32 {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinner.com/games/v52/dinerdash/dinerdash.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{0623F323-B3C0-40B5-9E82-337A905152FC}: [NameServer]8.8.8.8,8.8.4.4

 

Chrome: 

=======

CHR Plugin: (Widevine Content Decryption Module) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll ()

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()

CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File

CHR Plugin: (Java Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File

CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Google Update) - C:\Users\DELL\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

CHR Plugin: (Google Talk Plugin) - C:\Users\DELL\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\DELL\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\DELL\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

CHR Extension: (Google Drive) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-17]

CHR Extension: (YouTube) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-17]

CHR Extension: (Adblock Plus) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-08]

CHR Extension: (Google Search) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-17]

CHR Extension: (Google) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2014-01-12]

CHR Extension: (Google Wallet) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]

CHR Extension: (Gmail) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-17]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-07]

 

==================== Services (Whitelisted) =================

 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-07] (AVAST Software)

R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)

R2 sagentservice; C:\Program Files (x86)\Malwarebytes Secure Backup\SAgent.Service.exe [39832 2013-08-15] (Malwarebytes Secure Backup)

 

==================== Drivers (Whitelisted) ====================

 

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-07] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-01-07] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-07] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-07] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-07] (AVAST Software)

R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-07] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-07] ()

S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation)

R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)

S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [118872 2009-07-30] (QUALCOMM Incorporated)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-01-22 07:42 - 2014-01-22 07:42 - 00034409 _____ C:\Users\DELL\Desktop\FRST.txt1.txt

2014-01-21 17:20 - 2014-01-21 17:20 - 00028104 _____ C:\Users\DELL\Desktop\combofix.txt

2014-01-21 17:19 - 2014-01-21 17:19 - 00028104 _____ C:\ComboFix.txt

2014-01-21 16:55 - 2014-01-21 17:19 - 00000000 ____D C:\Qoobox

2014-01-21 16:55 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe

2014-01-21 16:55 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe

2014-01-21 16:55 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-01-21 16:55 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-01-21 16:55 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-01-21 16:55 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe

2014-01-21 16:55 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe

2014-01-21 16:55 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe

2014-01-21 16:53 - 2014-01-21 16:53 - 05172786 ____R (Swearware) C:\Users\DELL\Desktop\ComboFix.exe

2014-01-21 16:40 - 2014-01-21 16:40 - 00004454 _____ C:\Users\DELL\Desktop\JavaRa.log

2014-01-21 16:40 - 2014-01-21 16:40 - 00004454 _____ C:\JavaRa.log

2014-01-21 16:37 - 2014-01-21 16:39 - 00000000 ____D C:\Users\DELL\Desktop\RemoveJava

2014-01-21 16:37 - 2014-01-21 16:37 - 00165483 _____ C:\Users\DELL\Desktop\JavaRa-1.16-28-5-13.zip

2014-01-21 16:09 - 2014-01-21 16:09 - 00023581 _____ C:\Users\DELL\Desktop\Addition.txt

2014-01-21 16:07 - 2014-01-22 20:45 - 00010286 _____ C:\Users\DELL\Desktop\FRST.txt

2014-01-21 16:07 - 2014-01-21 16:07 - 00000000 ____D C:\FRST

2014-01-21 16:03 - 2014-01-21 16:03 - 02077184 _____ (Farbar) C:\Users\DELL\Desktop\FRST64.exe

2014-01-21 08:33 - 2014-01-21 08:34 - 00025033 _____ C:\Users\DELL\Desktop\Result.txt

2014-01-21 08:18 - 2014-01-21 08:18 - 00760063 _____ (Farbar) C:\Users\DELL\Desktop\MiniToolBox.exe

2014-01-21 08:14 - 2014-01-21 08:14 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-21 08:14 - 2014-01-21 08:14 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Malwarebytes

2014-01-21 08:14 - 2014-01-21 08:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-01-21 08:14 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-01-21 08:13 - 2014-01-21 08:13 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\DELL\Downloads\mbam-setup-1.75.0.1300.exe

2014-01-21 08:07 - 2014-01-21 08:14 - 00000000 ____D C:\ProgramData\Malwarebytes

2014-01-21 07:51 - 2014-01-21 07:52 - 00080456 _____ (Malwarebytes Corporation) C:\Users\DELL\Desktop\mbam-clean-1.60.2.0003.exe

2014-01-21 07:36 - 2014-01-21 07:36 - 00000000 ____D C:\Users\DELL\AppData\Local\CrashDumps

2014-01-20 21:46 - 2014-01-20 21:46 - 00001814 _____ C:\Users\DELL\Desktop\AdwCleaner[s0].txt

2014-01-20 21:45 - 2014-01-22 20:43 - 00037586 _____ C:\Windows\PFRO.log

2014-01-20 21:33 - 2014-01-20 21:43 - 00000000 ____D C:\AdwCleaner

2014-01-20 21:30 - 2014-01-20 21:30 - 00001472 _____ C:\Users\DELL\Desktop\JRT.txt

2014-01-20 20:42 - 2014-01-20 20:42 - 01236282 _____ C:\Users\DELL\Desktop\AdwCleaner.exe

2014-01-20 20:40 - 2014-01-20 20:40 - 01037068 _____ (Thisisu) C:\Users\DELL\Desktop\JRT.exe

2014-01-20 20:06 - 2014-01-20 21:01 - 00000000 ____D C:\Users\DELL\Desktop\mbar

2014-01-20 20:06 - 2014-01-20 21:01 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-01-20 20:04 - 2014-01-20 20:04 - 12582688 _____ (Malwarebytes Corp.) C:\Users\DELL\Desktop\mbar-1.07.0.1008.exe

2014-01-20 19:18 - 2014-01-20 19:18 - 00002280 _____ C:\Users\DELL\Desktop\Rkill.txt1.txt

2014-01-20 19:14 - 2014-01-20 19:14 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\DELL\Desktop\iExplore.exe

2014-01-20 19:13 - 2014-01-20 19:13 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\DELL\Desktop\rkill64.exe

2014-01-20 18:01 - 2014-01-20 18:01 - 00001830 _____ C:\Users\DELL\Desktop\RKreport[0]_S_01202014_180157.txt

2014-01-20 17:59 - 2014-01-20 17:59 - 04406784 _____ C:\Users\DELL\Desktop\RogueKillerX64.exe

2014-01-20 17:57 - 2014-01-20 18:02 - 00000000 ____D C:\Users\DELL\Desktop\RK_Quarantine

2014-01-20 17:55 - 2014-01-20 17:55 - 00000928 _____ C:\Users\DELL\Desktop\NTREGOPT.lnk

2014-01-20 17:55 - 2014-01-20 17:55 - 00000909 _____ C:\Users\DELL\Desktop\ERUNT.lnk

2014-01-20 17:55 - 2014-01-20 17:55 - 00000000 ____D C:\Program Files (x86)\ERUNT

2014-01-20 17:53 - 2014-01-20 17:53 - 00791393 _____ (Lars Hederer                                                ) C:\Users\DELL\Desktop\erunt-setup.exe

2014-01-20 17:15 - 2014-01-20 17:15 - 00007351 _____ C:\Users\DELL\Desktop\attach.txt

2014-01-20 17:15 - 2014-01-20 17:14 - 00015733 _____ C:\Users\DELL\Desktop\dds.txt

2014-01-19 15:31 - 2014-01-19 15:31 - 00000000 ____D C:\ProgramData\Windows Genuine Advantage

2014-01-19 15:29 - 2014-01-19 15:30 - 00118149 _____ C:\Users\DELL\Downloads\wmpChrome.crx

2014-01-18 20:08 - 2014-01-18 20:08 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Mozilla

2014-01-17 08:35 - 2013-11-26 20:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2014-01-17 08:35 - 2013-11-26 20:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2014-01-17 08:35 - 2013-11-26 20:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2014-01-17 08:35 - 2013-11-26 20:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2014-01-17 08:35 - 2013-11-26 20:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

2014-01-17 08:35 - 2013-11-26 20:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys

2014-01-17 08:35 - 2013-11-26 20:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2014-01-17 08:35 - 2013-11-26 06:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys

2014-01-17 08:35 - 2013-11-26 05:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-01-17 07:44 - 2014-01-17 07:46 - 00005175 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log

2014-01-13 18:41 - 2014-01-22 20:44 - 00002308 _____ C:\Windows\setupact.log

2014-01-13 18:41 - 2014-01-13 18:41 - 00000000 _____ C:\Windows\setuperr.log

2014-01-13 11:51 - 2014-01-13 11:52 - 04645232 _____ (Piriform Ltd) C:\Users\DELL\Downloads\ccsetup409.exe

2014-01-11 22:15 - 2014-01-11 22:16 - 18101704 _____ (Adobe Systems Inc.) C:\Users\DELL\Downloads\AdobeAIRInstaller.exe

2014-01-09 12:49 - 2014-01-09 12:49 - 04328880 _____ (Asoftech                                                    ) C:\Users\DELL\Downloads\adr.exe

2014-01-09 12:42 - 2014-01-09 12:42 - 01217992 _____ (Glarysoft.com                                               ) C:\Users\DELL\Downloads\gunsetup.exe

2014-01-09 12:36 - 2014-01-09 12:36 - 00000000 ____D C:\New folder

2014-01-09 12:22 - 2014-01-09 12:22 - 00000000 ____D C:\ProgramData\Licenses

2014-01-09 12:22 - 2009-02-12 15:11 - 00026024 _____ (EldoS Corporation) C:\Windows\system32\Drivers\rsdrvx64.sys

2014-01-09 12:19 - 2014-01-09 12:20 - 18826784 _____ (Remo Software                                               ) C:\Users\DELL\Downloads\remo-recover-windows.exe

2014-01-09 11:40 - 2014-01-09 11:40 - 00000000 ____D C:\Users\DELL\Documents\Updater

2014-01-08 21:51 - 2014-01-08 21:51 - 00000000 __HDC C:\ProgramData\{CBCE2F73-24E4-481F-84B2-1A5EB720D187}

2014-01-08 21:50 - 2014-01-08 21:50 - 00000000 ____D C:\Program Files\Dell

2014-01-08 21:47 - 2014-01-08 21:48 - 13419112 _____ (Stardock Corporation                                                                                                                                                                                                                                                                                        ) C:\Users\DELL\Downloads\DellDock16a_setup_ENG.exe

2014-01-07 21:47 - 2014-01-07 21:47 - 00000000 ____D C:\Users\DELL\AppData\Roaming\AVAST Software

2014-01-07 21:46 - 2014-01-07 21:46 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2014-01-07 21:46 - 2014-01-07 21:46 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys

2014-01-07 21:46 - 2014-01-07 21:46 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys

2014-01-07 21:46 - 2014-01-07 21:46 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2014-01-07 21:46 - 2014-01-07 21:46 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys

2014-01-07 21:46 - 2014-01-07 21:46 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2014-01-07 21:46 - 2014-01-07 21:46 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys

2014-01-07 21:46 - 2014-01-07 21:46 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-01-07 21:44 - 2014-01-07 21:44 - 00000000 ____D C:\Program Files\AVAST Software

2014-01-07 21:41 - 2014-01-07 21:42 - 00000000 ____D C:\ProgramData\AVAST Software

2014-01-07 21:39 - 2014-01-07 21:40 - 91412976 _____ (AVAST Software) C:\Users\DELL\Downloads\avast_free_antivirus_setup.exe

2014-01-07 12:43 - 2014-01-07 12:43 - 00688992 ____R (Swearware) C:\Users\DELL\Downloads\dds.scr

2014-01-02 22:20 - 2014-01-22 20:42 - 00579193 _____ C:\Windows\WindowsUpdate.log

2013-12-27 09:59 - 2013-11-26 06:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-12-27 09:59 - 2013-11-26 05:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-12-27 09:59 - 2013-11-26 05:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2013-12-27 09:59 - 2013-11-26 04:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-12-27 09:59 - 2013-11-26 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2013-12-27 09:59 - 2013-11-26 04:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-12-27 09:59 - 2013-11-26 04:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-12-27 09:59 - 2013-11-26 04:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-12-27 09:59 - 2013-11-26 04:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-12-27 09:59 - 2013-11-26 04:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-12-27 09:59 - 2013-11-26 04:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2013-12-27 09:59 - 2013-11-26 04:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2013-12-27 09:59 - 2013-11-26 03:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-12-27 09:59 - 2013-11-26 03:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-12-27 09:59 - 2013-11-26 03:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-12-27 09:59 - 2013-11-26 03:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2013-12-27 09:59 - 2013-11-26 01:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2013-12-27 09:59 - 2013-11-26 01:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2013-12-27 09:58 - 2013-11-26 05:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-12-27 09:58 - 2013-11-26 04:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-12-27 09:58 - 2013-11-26 03:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-12-27 09:58 - 2013-11-26 03:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-12-27 09:58 - 2013-11-26 03:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-12-27 09:58 - 2013-11-26 03:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-12-27 09:58 - 2013-11-26 02:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-12-27 09:58 - 2013-11-26 02:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-12-27 09:58 - 2013-11-26 02:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-12-27 09:58 - 2013-11-26 02:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-12-27 09:58 - 2013-11-26 01:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-12-27 09:58 - 2013-11-26 01:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-12-27 09:58 - 2013-11-26 01:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

 

==================== One Month Modified Files and Folders =======

 

2014-01-22 20:46 - 2014-01-21 16:07 - 00010286 _____ C:\Users\DELL\Desktop\FRST.txt

2014-01-22 20:44 - 2014-01-13 18:41 - 00002308 _____ C:\Windows\setupact.log

2014-01-22 20:44 - 2013-04-01 16:43 - 00000490 _____ C:\Windows\Tasks\Online Backup Update Notifier.job

2014-01-22 20:44 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2014-01-22 20:43 - 2014-01-20 21:45 - 00037586 _____ C:\Windows\PFRO.log

2014-01-22 20:42 - 2014-01-02 22:20 - 00579193 _____ C:\Windows\WindowsUpdate.log

2014-01-22 19:50 - 2013-02-07 16:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-01-22 18:46 - 2011-11-25 22:15 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6401CACE-1730-4458-9705-316AF4F23AF0}

2014-01-22 07:42 - 2014-01-22 07:42 - 00034409 _____ C:\Users\DELL\Desktop\FRST.txt1.txt

2014-01-21 19:35 - 2013-02-07 16:28 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-01-21 19:35 - 2012-03-30 22:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-01-21 19:35 - 2011-09-10 13:21 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-01-21 19:34 - 2011-09-10 13:21 - 00000000 ____D C:\Users\DELL\AppData\Local\Adobe

2014-01-21 17:20 - 2014-01-21 17:20 - 00028104 _____ C:\Users\DELL\Desktop\combofix.txt

2014-01-21 17:19 - 2014-01-21 17:19 - 00028104 _____ C:\ComboFix.txt

2014-01-21 17:19 - 2014-01-21 16:55 - 00000000 ____D C:\Qoobox

2014-01-21 17:14 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini

2014-01-21 16:55 - 2013-01-25 21:01 - 00000000 ____D C:\Windows\erdnt

2014-01-21 16:53 - 2014-01-21 16:53 - 05172786 ____R (Swearware) C:\Users\DELL\Desktop\ComboFix.exe

2014-01-21 16:43 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-01-21 16:43 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-01-21 16:40 - 2014-01-21 16:40 - 00004454 _____ C:\Users\DELL\Desktop\JavaRa.log

2014-01-21 16:40 - 2014-01-21 16:40 - 00004454 _____ C:\JavaRa.log

2014-01-21 16:39 - 2014-01-21 16:37 - 00000000 ____D C:\Users\DELL\Desktop\RemoveJava

2014-01-21 16:37 - 2014-01-21 16:37 - 00165483 _____ C:\Users\DELL\Desktop\JavaRa-1.16-28-5-13.zip

2014-01-21 16:36 - 2012-11-11 20:38 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2014-01-21 16:09 - 2014-01-21 16:09 - 00023581 _____ C:\Users\DELL\Desktop\Addition.txt

2014-01-21 16:07 - 2014-01-21 16:07 - 00000000 ____D C:\FRST

2014-01-21 16:03 - 2014-01-21 16:03 - 02077184 _____ (Farbar) C:\Users\DELL\Desktop\FRST64.exe

2014-01-21 08:34 - 2014-01-21 08:33 - 00025033 _____ C:\Users\DELL\Desktop\Result.txt

2014-01-21 08:18 - 2014-01-21 08:18 - 00760063 _____ (Farbar) C:\Users\DELL\Desktop\MiniToolBox.exe

2014-01-21 08:14 - 2014-01-21 08:14 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-21 08:14 - 2014-01-21 08:14 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Malwarebytes

2014-01-21 08:14 - 2014-01-21 08:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-01-21 08:14 - 2014-01-21 08:07 - 00000000 ____D C:\ProgramData\Malwarebytes

2014-01-21 08:13 - 2014-01-21 08:13 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\DELL\Downloads\mbam-setup-1.75.0.1300.exe

2014-01-21 07:52 - 2014-01-21 07:51 - 00080456 _____ (Malwarebytes Corporation) C:\Users\DELL\Desktop\mbam-clean-1.60.2.0003.exe

2014-01-21 07:36 - 2014-01-21 07:36 - 00000000 ____D C:\Users\DELL\AppData\Local\CrashDumps

2014-01-20 21:47 - 2011-09-10 13:03 - 00111376 _____ C:\Users\DELL\AppData\Local\GDIPFONTCACHEV1.DAT

2014-01-20 21:46 - 2014-01-20 21:46 - 00001814 _____ C:\Users\DELL\Desktop\AdwCleaner[s0].txt

2014-01-20 21:46 - 2009-07-13 23:45 - 05042776 _____ C:\Windows\system32\FNTCACHE.DAT

2014-01-20 21:43 - 2014-01-20 21:33 - 00000000 ____D C:\AdwCleaner

2014-01-20 21:30 - 2014-01-20 21:30 - 00001472 _____ C:\Users\DELL\Desktop\JRT.txt

2014-01-20 21:01 - 2014-01-20 20:06 - 00000000 ____D C:\Users\DELL\Desktop\mbar

2014-01-20 21:01 - 2014-01-20 20:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-01-20 20:42 - 2014-01-20 20:42 - 01236282 _____ C:\Users\DELL\Desktop\AdwCleaner.exe

2014-01-20 20:40 - 2014-01-20 20:40 - 01037068 _____ (Thisisu) C:\Users\DELL\Desktop\JRT.exe

2014-01-20 20:04 - 2014-01-20 20:04 - 12582688 _____ (Malwarebytes Corp.) C:\Users\DELL\Desktop\mbar-1.07.0.1008.exe

2014-01-20 19:18 - 2014-01-20 19:18 - 00002280 _____ C:\Users\DELL\Desktop\Rkill.txt1.txt

2014-01-20 19:14 - 2014-01-20 19:14 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\DELL\Desktop\iExplore.exe

2014-01-20 19:13 - 2014-01-20 19:13 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\DELL\Desktop\rkill64.exe

2014-01-20 19:02 - 2011-09-10 13:21 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Adobe

2014-01-20 19:02 - 2011-09-10 13:21 - 00000000 ____D C:\Program Files (x86)\Adobe

2014-01-20 18:02 - 2014-01-20 17:57 - 00000000 ____D C:\Users\DELL\Desktop\RK_Quarantine

2014-01-20 18:01 - 2014-01-20 18:01 - 00001830 _____ C:\Users\DELL\Desktop\RKreport[0]_S_01202014_180157.txt

2014-01-20 17:59 - 2014-01-20 17:59 - 04406784 _____ C:\Users\DELL\Desktop\RogueKillerX64.exe

2014-01-20 17:55 - 2014-01-20 17:55 - 00000928 _____ C:\Users\DELL\Desktop\NTREGOPT.lnk

2014-01-20 17:55 - 2014-01-20 17:55 - 00000909 _____ C:\Users\DELL\Desktop\ERUNT.lnk

2014-01-20 17:55 - 2014-01-20 17:55 - 00000000 ____D C:\Program Files (x86)\ERUNT

2014-01-20 17:53 - 2014-01-20 17:53 - 00791393 _____ (Lars Hederer                                                ) C:\Users\DELL\Desktop\erunt-setup.exe

2014-01-20 17:15 - 2014-01-20 17:15 - 00007351 _____ C:\Users\DELL\Desktop\attach.txt

2014-01-20 17:14 - 2014-01-20 17:15 - 00015733 _____ C:\Users\DELL\Desktop\dds.txt

2014-01-19 15:31 - 2014-01-19 15:31 - 00000000 ____D C:\ProgramData\Windows Genuine Advantage

2014-01-19 15:30 - 2014-01-19 15:29 - 00118149 _____ C:\Users\DELL\Downloads\wmpChrome.crx

2014-01-19 15:01 - 2012-10-26 09:23 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Spotify

2014-01-19 11:19 - 2012-10-26 09:26 - 00000000 ____D C:\Users\DELL\AppData\Local\Spotify

2014-01-18 20:08 - 2014-01-18 20:08 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Mozilla

2014-01-17 09:28 - 2009-07-14 00:13 - 00782462 _____ C:\Windows\system32\PerfStringBackup.INI

2014-01-17 08:44 - 2011-09-10 13:44 - 00000000 ____D C:\ProgramData\Microsoft Help

2014-01-17 08:41 - 2013-07-12 09:18 - 00000000 ____D C:\Windows\system32\MRT

2014-01-17 08:38 - 2012-08-04 02:01 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-01-17 07:47 - 2013-11-15 13:38 - 00000000 ____D C:\ProgramData\Oracle

2014-01-17 07:46 - 2014-01-17 07:44 - 00005175 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log

2014-01-17 07:46 - 2011-09-10 13:29 - 00000000 ____D C:\Program Files (x86)\Java

2014-01-13 18:41 - 2014-01-13 18:41 - 00000000 _____ C:\Windows\setuperr.log

2014-01-13 11:52 - 2014-01-13 11:51 - 04645232 _____ (Piriform Ltd) C:\Users\DELL\Downloads\ccsetup409.exe

2014-01-13 11:52 - 2012-10-13 14:34 - 00000000 ____D C:\Program Files\CCleaner

2014-01-11 22:16 - 2014-01-11 22:15 - 18101704 _____ (Adobe Systems Inc.) C:\Users\DELL\Downloads\AdobeAIRInstaller.exe

2014-01-09 15:56 - 2011-12-14 17:51 - 00000000 ____D C:\Windows\Minidump

2014-01-09 12:49 - 2014-01-09 12:49 - 04328880 _____ (Asoftech                                                    ) C:\Users\DELL\Downloads\adr.exe

2014-01-09 12:42 - 2014-01-09 12:42 - 01217992 _____ (Glarysoft.com                                               ) C:\Users\DELL\Downloads\gunsetup.exe

2014-01-09 12:36 - 2014-01-09 12:36 - 00000000 ____D C:\New folder

2014-01-09 12:22 - 2014-01-09 12:22 - 00000000 ____D C:\ProgramData\Licenses

2014-01-09 12:20 - 2014-01-09 12:19 - 18826784 _____ (Remo Software                                               ) C:\Users\DELL\Downloads\remo-recover-windows.exe

2014-01-09 11:40 - 2014-01-09 11:40 - 00000000 ____D C:\Users\DELL\Documents\Updater

2014-01-08 21:51 - 2014-01-08 21:51 - 00000000 __HDC C:\ProgramData\{CBCE2F73-24E4-481F-84B2-1A5EB720D187}

2014-01-08 21:51 - 2013-05-25 17:15 - 00000000 ___RD C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-01-08 21:50 - 2014-01-08 21:50 - 00000000 ____D C:\Program Files\Dell

2014-01-08 21:48 - 2014-01-08 21:47 - 13419112 _____ (Stardock Corporation                                                                                                                                                                                                                                                                                        ) C:\Users\DELL\Downloads\DellDock16a_setup_ENG.exe

2014-01-07 21:47 - 2014-01-07 21:47 - 00000000 ____D C:\Users\DELL\AppData\Roaming\AVAST Software

2014-01-07 21:47 - 2009-08-25 01:52 - 00001945 _____ C:\Windows\epplauncher.mif

2014-01-07 21:46 - 2014-01-07 21:46 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2014-01-07 21:46 - 2014-01-07 21:46 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys

2014-01-07 21:46 - 2014-01-07 21:46 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys

2014-01-07 21:46 - 2014-01-07 21:46 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2014-01-07 21:46 - 2014-01-07 21:46 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys

2014-01-07 21:46 - 2014-01-07 21:46 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2014-01-07 21:46 - 2014-01-07 21:46 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys

2014-01-07 21:46 - 2014-01-07 21:46 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-01-07 21:46 - 2012-11-11 20:37 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2014-01-07 21:44 - 2014-01-07 21:44 - 00000000 ____D C:\Program Files\AVAST Software

2014-01-07 21:42 - 2014-01-07 21:41 - 00000000 ____D C:\ProgramData\AVAST Software

2014-01-07 21:40 - 2014-01-07 21:39 - 91412976 _____ (AVAST Software) C:\Users\DELL\Downloads\avast_free_antivirus_setup.exe

2014-01-07 12:43 - 2014-01-07 12:43 - 00688992 ____R (Swearware) C:\Users\DELL\Downloads\dds.scr

2014-01-02 22:35 - 2011-09-10 16:47 - 00000000 ____D C:\Windows\Panther

2014-01-02 22:19 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Speech

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-01-19 00:19

 

==================== End Of Log ============================

[AdvancedSetup]

Great, that looks good but now we should double-check with a couple other tools before we finish up here.

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.

PC Winvids - How to run Kaspersky TDSSKiller

If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.

[Katracho93]

Here you go.

TDSSKiller.3.0.0.19_22.01.2014_21.06.52_log.txt

[AdvancedSetup]

Okay please run it again but this time go ahead and tell the program to cure it

[Katracho93]

So delete it?

[AdvancedSetup]

Which ever choice it gives you. It should be cure it I think, but if it says delete/remove then yes do so and reboot.

Then run it one more time to make sure it comes back clean and post the last log showing that it's clean now.

[Katracho93]

.

TDSSKiller.3.0.0.19_22.01.2014_21.28.02_log.txt

[AdvancedSetup]

Good, good. Okay, now run combofix one more time and post back it's new log.

[Katracho93]

ComboFix 14-01-22.01 - DELL 01/22/2014  21:49:33.7.1 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1791.501 [GMT -5:00]

Running from: c:\users\DELL\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((   Files Created from 2013-12-23 to 2014-01-23  )))))))))))))))))))))))))))))))

.

.

2014-01-23 03:06 . 2014-01-23 03:06 -------- d-----w- c:\users\Public\AppData\Local\temp

2014-01-23 03:06 . 2014-01-23 03:06 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-01-23 02:22 . 2014-01-23 02:22 -------- d-----w- C:\TDSSKiller_Quarantine

2014-01-21 21:07 . 2014-01-21 21:07 -------- d-----w- C:\FRST

2014-01-21 13:14 . 2014-01-21 13:14 -------- d-----w- c:\users\DELL\AppData\Roaming\Malwarebytes

2014-01-21 13:14 . 2014-01-21 13:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2014-01-21 13:14 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-01-21 13:07 . 2014-01-21 13:14 -------- d-----w- c:\programdata\Malwarebytes

2014-01-21 12:36 . 2014-01-21 12:36 -------- d-----w- c:\users\DELL\AppData\Local\CrashDumps

2014-01-21 02:33 . 2014-01-21 02:43 -------- d-----w- C:\AdwCleaner

2014-01-21 01:06 . 2014-01-21 02:01 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2014-01-20 22:55 . 2014-01-20 22:55 -------- d-----w- c:\program files (x86)\ERUNT

2014-01-17 13:44 . 2013-12-16 06:54 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A8A470F5-A118-4C8D-99A5-F3810392C2B5}\mpengine.dll

2014-01-17 13:35 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2014-01-17 13:35 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2014-01-17 13:35 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys

2014-01-17 13:35 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2014-01-17 13:35 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2014-01-17 13:35 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2014-01-17 13:35 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys

2014-01-17 13:35 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys

2014-01-17 13:35 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys

2014-01-09 17:50 . 2002-08-02 07:20 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iscript.dll

2014-01-09 17:50 . 2002-08-02 07:20 151552 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iuser.dll

2014-01-09 17:50 . 2002-08-05 15:46 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\ctor.dll

2014-01-09 17:50 . 2002-08-02 08:10 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\DotNetInstaller.exe

2014-01-09 17:50 . 2002-08-02 07:20 634880 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iKernel.dll

2014-01-09 17:50 . 2014-01-09 17:50 270468 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\Setup.dll

2014-01-09 17:50 . 2014-01-09 17:50 159876 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\IGdi.dll

2014-01-09 17:36 . 2014-01-09 17:36 -------- d-----w- C:\New folder

2014-01-09 17:22 . 2014-01-09 17:22 -------- d-----w- c:\programdata\Licenses

2014-01-09 17:22 . 2009-02-12 20:11 26024 ----a-w- c:\windows\system32\drivers\rsdrvx64.sys

2014-01-09 02:51 . 2014-01-09 02:51 -------- dc-h--w- c:\programdata\{CBCE2F73-24E4-481F-84B2-1A5EB720D187}

2014-01-09 02:50 . 2014-01-09 02:50 -------- d-----w- c:\program files\Dell

2014-01-08 02:47 . 2014-01-08 02:47 -------- d-----w- c:\users\DELL\AppData\Roaming\AVAST Software

2014-01-08 02:46 . 2014-01-08 02:46 79672 ----a-w- c:\windows\system32\drivers\aswstm.sys

2014-01-08 02:46 . 2014-01-08 02:46 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2014-01-08 02:46 . 2014-01-08 02:46 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2014-01-08 02:46 . 2014-01-08 02:46 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2014-01-08 02:46 . 2014-01-08 02:46 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2014-01-08 02:46 . 2014-01-08 02:46 422216 ----a-w- c:\windows\system32\drivers\aswSP.sys

2014-01-08 02:46 . 2014-01-08 02:46 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2014-01-08 02:46 . 2014-01-08 02:46 43152 ----a-w- c:\windows\avastSS.scr

2014-01-08 02:44 . 2014-01-08 02:44 -------- d-----w- c:\program files\AVAST Software

2014-01-08 02:41 . 2014-01-08 02:42 -------- d-----w- c:\programdata\AVAST Software

2013-12-27 14:58 . 2013-11-26 09:16 1836544 ----a-w- c:\program files\Internet Explorer\MemoryAnalyzer.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-01-22 00:35 . 2012-03-31 03:13 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-01-22 00:35 . 2011-09-10 18:21 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-01-17 13:38 . 2012-08-04 07:01 86054176 ----a-w- c:\windows\system32\MRT.exe

2014-01-08 02:46 . 2012-11-12 01:37 334136 ----a-w- c:\windows\system32\aswBoot.exe

2013-12-21 02:32 . 2013-12-21 02:32 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-12-21 02:32 . 2013-12-21 02:32 194048 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-12-21 02:32 . 2013-12-21 02:32 235008 ----a-w- c:\windows\system32\elshyph.dll

2013-12-21 02:32 . 2013-12-21 02:32 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll

2013-12-21 02:32 . 2013-12-21 02:32 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2013-12-21 02:32 . 2013-12-21 02:32 182272 ----a-w- c:\windows\SysWow64\msls31.dll

2013-12-21 02:32 . 2013-12-21 02:32 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll

2013-12-21 02:31 . 2013-12-21 02:31 62464 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-12-21 02:31 . 2013-12-21 02:31 337408 ----a-w- c:\windows\SysWow64\html.iec

2013-12-21 02:31 . 2013-12-21 02:31 61952 ----a-w- c:\windows\SysWow64\iesetup.dll

2013-12-21 02:31 . 2013-12-21 02:31 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-12-21 02:31 . 2013-12-21 02:31 151552 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-12-21 02:31 . 2013-12-21 02:31 139264 ----a-w- c:\windows\SysWow64\wextract.exe

2013-12-21 02:31 . 2013-12-21 02:31 454656 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-12-21 02:31 . 2013-12-21 02:31 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-12-21 02:31 . 2013-12-21 02:31 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll

2013-12-21 02:31 . 2013-12-21 02:31 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll

2013-12-21 02:31 . 2013-12-21 02:31 36352 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-12-21 02:31 . 2013-12-21 02:31 13312 ----a-w- c:\windows\SysWow64\mshta.exe

2013-12-21 02:31 . 2013-12-21 02:31 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-12-21 02:31 . 2013-12-21 02:31 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll

2013-12-21 02:31 . 2013-12-21 02:31 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-12-21 02:31 . 2013-12-21 02:31 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-12-21 02:31 . 2013-12-21 02:31 942592 ----a-w- c:\windows\system32\jsIntl.dll

2013-12-21 02:31 . 2013-12-21 02:31 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-12-21 02:31 . 2013-12-21 02:31 247808 ----a-w- c:\windows\system32\msls31.dll

2013-12-21 02:31 . 2013-12-21 02:31 195584 ----a-w- c:\windows\system32\msrating.dll

2013-12-21 02:31 . 2013-12-21 02:31 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-12-21 02:31 . 2013-12-21 02:31 13312 ----a-w- c:\windows\system32\msfeedssync.exe

2013-12-21 02:31 . 2013-12-21 02:31 131072 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-12-21 02:31 . 2013-12-21 02:31 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-12-21 02:31 . 2013-12-21 02:31 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-12-21 02:31 . 2013-12-21 02:31 105984 ----a-w- c:\windows\system32\iesysprep.dll

2013-12-21 02:31 . 2013-12-21 02:31 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-12-21 02:31 . 2013-12-21 02:31 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll

2013-12-21 02:31 . 2013-12-21 02:31 413696 ----a-w- c:\windows\system32\html.iec

2013-12-21 02:31 . 2013-12-21 02:31 296960 ----a-w- c:\windows\system32\dxtrans.dll

2013-12-21 02:31 . 2013-12-21 02:31 453120 ----a-w- c:\windows\system32\dxtmsft.dll

2013-12-21 02:31 . 2013-12-21 02:31 81408 ----a-w- c:\windows\system32\icardie.dll

2013-12-21 02:31 . 2013-12-21 02:31 616104 ----a-w- c:\windows\system32\ieapfltr.dat

2013-12-21 02:31 . 2013-12-21 02:31 235520 ----a-w- c:\windows\system32\url.dll

2013-12-21 02:31 . 2013-12-21 02:31 263376 ----a-w- c:\windows\system32\iedkcs32.dll

2013-12-21 02:31 . 2013-12-21 02:31 243200 ----a-w- c:\windows\system32\webcheck.dll

2013-12-21 02:31 . 2013-12-21 02:31 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-12-21 02:31 . 2013-12-21 02:31 30208 ----a-w- c:\windows\system32\licmgr10.dll

2013-12-21 02:31 . 2013-12-21 02:31 84992 ----a-w- c:\windows\system32\mshtmled.dll

2013-12-21 02:31 . 2013-12-21 02:31 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-12-21 02:31 . 2013-12-21 02:31 143872 ----a-w- c:\windows\system32\wextract.exe

2013-12-21 02:31 . 2013-12-21 02:31 101376 ----a-w- c:\windows\system32\inseng.dll

2013-12-21 02:31 . 2013-12-21 02:31 626176 ----a-w- c:\windows\system32\msfeeds.dll

2013-12-21 02:31 . 2013-12-21 02:31 548352 ----a-w- c:\windows\system32\vbscript.dll

2013-12-21 02:31 . 2013-12-21 02:31 62464 ----a-w- c:\windows\system32\pngfilt.dll

2013-12-21 02:31 . 2013-12-21 02:31 147968 ----a-w- c:\windows\system32\occache.dll

2013-12-21 02:31 . 2013-12-21 02:31 774144 ----a-w- c:\windows\system32\jscript.dll

2013-12-21 02:31 . 2013-12-21 02:31 13824 ----a-w- c:\windows\system32\mshta.exe

2013-12-21 02:31 . 2013-12-21 02:31 83968 ----a-w- c:\windows\system32\MshtmlDac.dll

2013-12-21 02:31 . 2013-12-21 02:31 48128 ----a-w- c:\windows\system32\imgutil.dll

2013-12-21 02:31 . 2013-12-21 02:31 135680 ----a-w- c:\windows\system32\iepeers.dll

2013-12-10 19:50 . 2013-12-10 19:50 9272200 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2013-11-26 17:25 . 2011-09-10 18:10 267936 ------w- c:\windows\system32\MpSigStub.exe

2013-11-23 18:26 . 2013-12-17 18:27 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-11-23 17:47 . 2013-12-17 18:27 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2013-11-12 02:23 . 2013-12-17 18:27 2048 ----a-w- c:\windows\system32\tzres.dll

2013-11-12 02:07 . 2013-12-17 18:27 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2013-10-30 02:32 . 2013-12-17 18:26 335360 ----a-w- c:\windows\system32\msieftp.dll

2013-10-30 02:19 . 2013-12-17 18:26 301568 ----a-w- c:\windows\SysWow64\msieftp.dll

2013-10-28 23:02 . 2013-10-28 23:02 66264 ----a-w- c:\windows\system32\btwdi.dll

2013-10-28 23:02 . 2013-10-28 23:02 2255064 ----a-w- c:\windows\system32\BtwRSupportService.exe

2013-10-28 23:02 . 2013-10-28 23:02 166104 ----a-w- c:\windows\system32\drivers\btwampfl.sys

2013-10-28 23:02 . 2013-10-28 23:02 2232024 ----a-w- c:\windows\system32\BcmBtRSupport.dll

2013-10-28 23:02 . 2013-10-28 23:02 170712 ----a-w- c:\windows\system32\drivers\bcbtums.sys

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2013-07-24 17:11 220632 ----a-w- c:\users\DELL\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2013-07-24 17:11 220632 ----a-w- c:\users\DELL\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2013-07-24 17:11 220632 ----a-w- c:\users\DELL\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spotify Web Helper"="c:\users\DELL\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-01-14 1171968]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-08 3764024]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

.

c:\users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux5"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]

R3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]

R3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]

R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys;c:\windows\SYSNATIVE\DRIVERS\HtcVComV64.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]

S0 aswRvrt;avast! Revert; [x]

S0 aswVmm;avast! VM Monitor; [x]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]

S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrvx64.sys;c:\windows\SYSNATIVE\drivers\rsdrvx64.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]

S2 sagentservice;Online Backup Service;c:\program files (x86)\Malwarebytes Secure Backup\SAgent.Service.exe;c:\program files (x86)\Malwarebytes Secure Backup\SAgent.Service.exe [x]

S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]

S3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\Drivers\OA002Afx.sys;c:\windows\SYSNATIVE\Drivers\OA002Afx.sys [x]

S3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\DRIVERS\OA002Ufd.sys;c:\windows\SYSNATIVE\DRIVERS\OA002Ufd.sys [x]

S3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\DRIVERS\OA002Vid.sys;c:\windows\SYSNATIVE\DRIVERS\OA002Vid.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 46483053

*Deregistered* - 46483053

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-01-16 23:01 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-01-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 00:35]

.

2014-01-23 c:\windows\Tasks\Online Backup Update Notifier.job

- c:\program files (x86)\Malwarebytes Secure Backup\SUpdateNotifier.exe [2013-08-15 20:40]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2013-07-24 17:11 244696 ----a-w- c:\users\DELL\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2013-07-24 17:11 244696 ----a-w- c:\users\DELL\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2013-07-24 17:11 244696 ----a-w- c:\users\DELL\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2014-01-08 02:46 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

Trusted Zone: vizzed.com\www

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{0623F323-B3C0-40B5-9E82-337A905152FC}: NameServer = 8.8.8.8,8.8.4.4

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-97697926.sys

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:34,fb,4f,cd,9a,89,cd,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d5,73,04,0b,4a,20,e2,40,b8,59,12,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d5,73,04,0b,4a,20,e2,40,b8,59,12,\

.

[HKEY_USERS\S-1-5-21-1507826893-2881169027-2658402105-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-1507826893-2881169027-2658402105-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_38_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_38_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2014-01-22  22:11:02

ComboFix-quarantined-files.txt  2014-01-23 03:11

ComboFix2.txt  2014-01-21 22:19

.

Pre-Run: 168,078,946,304 bytes free

Post-Run: 168,007,376,896 bytes free

.

- - End Of File - - 5D58D1F07131A8AD3E2888B6D0D3795B

A36C5E4F47E84449FF07ED3517B43A31

[AdvancedSetup]

Please download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• If you get Unsupported operating system. Aborting now, just reboot and try again.
• A Notepad document should open automatically called checkup.txt.
• Please Post the contents of that document.
• Do Not Attach It!!!
  

 

[Katracho93]

Results of screen317's Security Check version 0.99.79  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

avast! Antivirus   

 Antivirus out of date!  

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

  Adobe Flash Player 12.0.0.43 Flash Player out of Date!  

 Adobe Reader XI  

 Google Chrome 31.0.1650.63  

 Google Chrome 32.0.1700.76  

````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Secure Backup SAgent.Service.exe   

 Malwarebytes Secure Backup mbsbscan.exe   

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast AvastUI.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 0% 

````````````````````End of Log`````````````````````` 

[AdvancedSetup]

Okay, that looks good except you need to possibly check and update your avast antivirus.

 

How is the computer running now?

Are there any other issues at this time?

[Katracho93]

It's a bit better, chrome is quite slow though.

What about flash player?

[AdvancedSetup]

The Flash Player shows it's installed and you said your Brother already installed it.   Security Check just has not been updated to account for the 12.x version as it just came out.

 

You can try backing up your Chrome bookmarks and then uninstall Chrome, reboot the computer and reinstall Chrome if you want.

 

Is that it?