Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected after Yammm install, Can't Connect to Internet


  • This topic is locked This topic is locked
7 replies to this topic

#1 Bodum

Bodum

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 PM

Posted 26 November 2013 - 11:34 PM

Today I installed eM Client software and then Yammm (... which gives ownership priviledges for my movie files to another party to analyze and download meta data) (installed both from non-admin but needed to give admin password). Then AVG AntiVirus Free 2014 said it needed to restart to install an update. I restarted my computer and logged back in (non-admin) and I couldn't connect to the internet (I use wireless). I was worried so I logged off, switched over to my admin account, and Control Panel\All Control Panel Items\Recovery > Open System Restore. I restored it to the point where eM Client was installed. That failed... said something that it might be due to antivirus program running. I disabled AVG (which is the only one I keep running) and tried the restore again. It worked. Internet was back. AVG is running and enabled again. But I wanted to make sure there wasn't any bug.

 

Then, > msconfig to boot in safemode w/networking > restart  > run Combofix.exe.

Then realized I couldn't decipher the logs and came here for help.

 

Here are the DDS.txt followed by ComboFix.txt. Your help is greatly appreciated. I'd do this myself if I could.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer:
Run by Idy at 22:13:52 on 2013-11-26
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8140.4810 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Users\Idy\Desktop\OTL.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\notepad.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbengine.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mDefault_Page_URL = hxxp://www.google.com
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
StartupFolder: C:\Users\Idy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BDUSBI~1.LNK - C:\Users\Idy\Desktop\BDUSBImmunizerLauncher.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{1CEF2FD7-25F3-4F90-BD02-F470CB8DC407} : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{1CEF2FD7-25F3-4F90-BD02-F470CB8DC407}\07F6E696F6E6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9DB8D5CC-09B8-4E97-84C7-13786F49A1FB} : DHCPNameServer = 75.75.76.76 75.75.75.75
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Idy\AppData\Roaming\Mozilla\Firefox\Profiles\wxe1qm1d.default\
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-11-16 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-10-1 204288]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-11-18 1907896]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2011-8-9 12289472]
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-1-19 46568]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C60x64.sys [2011-3-23 76912]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-10-25 96768]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-10-25 213504]
R3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver.sys [2012-2-23 21264]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-5-30 338536]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-11-18 1255736]
.
=============== Created Last 30 ================
.
2013-11-26 22:56:30    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-11-26 22:56:28    --------    d-----w-    C:\Users\Idy\AppData\Local\temp
2013-11-26 21:04:38    --------    d-----w-    C:\ProgramData\Yammm
2013-11-26 18:23:22    --------    d-----w-    C:\Program Files (x86)\eM Client
2013-11-25 01:28:00    --------    d-----w-    C:\Users\Idy\AppData\Local\Macromedia
2013-11-24 05:57:03    --------    d-----w-    C:\Users\Idy\AppData\Local\MediaMonkey
2013-11-22 02:04:13    --------    d-----w-    C:\ProgramData\EA Core
2013-11-22 01:51:49    --------    d--h--w-    C:\Program Files (x86)\Common Files\EAInstaller
2013-11-22 01:36:46    --------    d-----w-    C:\Users\Idy\AppData\Local\Origin
2013-11-22 01:34:56    --------    d-----w-    C:\ProgramData\Electronic Arts
2013-11-22 01:34:56    --------    d-----w-    C:\Program Files (x86)\Origin Games
2013-11-22 01:34:48    --------    d-----w-    C:\Program Files (x86)\Origin
2013-11-22 01:34:38    --------    d-----w-    C:\ProgramData\Origin
2013-11-21 00:04:21    --------    d-----w-    C:\Users\Idy\AppData\Roaming\WindSolutions
2013-11-21 00:04:08    --------    d-----w-    C:\Program Files (x86)\iTunes
2013-11-20 23:49:56    --------    d-----w-    C:\ProgramData\WindSolutions
2013-11-20 23:07:43    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-20 23:07:16    --------    d-----w-    C:\Users\Idy\AppData\Local\Adobe
2013-11-20 22:44:13    --------    d-----w-    C:\Users\Idy\AppData\Roaming\MediaMonkey
2013-11-20 22:44:11    --------    d-----w-    C:\ProgramData\MediaMonkey
2013-11-20 22:44:10    --------    d-----w-    C:\Program Files (x86)\MediaMonkey
2013-11-20 17:20:03    --------    d-----w-    C:\Users\Idy\AppData\Local\Mozilla
2013-11-18 18:40:44    --------    d-----w-    C:\Program Files (x86)\Microsoft SkyDrive
2013-11-18 18:40:44    --------    d-----r-    C:\Users\Idy\SkyDrive
2013-11-18 18:37:47    566480    ----a-w-    C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-11-18 18:36:55    --------    d-----w-    C:\ProgramData\regid.1991-06.com.microsoft
2013-11-18 18:32:18    --------    d-----w-    C:\Program Files\Microsoft Office 15
2013-11-18 08:30:46    --------    d-----w-    C:\Users\Idy\AppData\Roaming\TrueCrypt
2013-11-18 08:30:25    231376    ----a-w-    C:\Windows\System32\drivers\truecrypt.sys
2013-11-18 08:30:14    --------    d-----w-    C:\Program Files\TrueCrypt
2013-11-18 06:51:33    --------    d-----w-    C:\Users\Idy\AppData\Roaming\uTorrent
2013-11-18 06:45:11    --------    d-----w-    C:\Windows\SysWow64\Wat
2013-11-18 06:45:10    --------    d-----w-    C:\Windows\System32\Wat
2013-11-18 06:44:07    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2013-11-18 06:44:07    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2013-11-18 06:44:07    52736    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2013-11-18 06:44:07    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2013-11-18 06:44:07    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2013-11-18 06:44:07    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2013-11-18 06:44:07    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2013-11-18 06:27:03    --------    d-----w-    C:\Program Files (x86)\AVG
2013-11-18 06:03:18    --------    d-----w-    C:\ProgramData\HitmanPro
2013-11-18 05:48:12    --------    d-----w-    C:\Windows\ERUNT
2013-11-18 05:20:17    --------    d-----w-    C:\Users\Idy\AppData\Roaming\Malwarebytes
2013-11-18 05:19:56    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-11-18 05:13:09    --------    d-----w-    C:\AdwCleaner
2013-11-18 04:31:09    98816    ----a-w-    C:\Windows\sed.exe
2013-11-18 04:31:09    256000    ----a-w-    C:\Windows\PEV.exe
2013-11-18 04:31:09    208896    ----a-w-    C:\Windows\MBR.exe
2013-11-18 04:21:23    --------    d-----w-    C:\Windows\pss
2013-11-17 23:42:47    --------    d-----w-    C:\ProgramData\Blizzard Entertainment
2013-11-17 23:42:47    --------    d-----w-    C:\Program Files (x86)\Diablo III
2013-11-17 23:42:47    --------    d-----w-    C:\Program Files (x86)\Common Files\Blizzard Entertainment
2013-11-17 23:41:44    --------    d-----w-    C:\ProgramData\Battle.net
2013-11-17 20:29:00    281688    ----a-w-    C:\Windows\SysWow64\PnkBstrB.xtr
2013-11-17 19:22:04    --------    d-----w-    C:\Music and Guitar Tabs
2013-11-17 19:19:18    --------    d-----w-    C:\Application Installers
2013-11-17 19:18:48    --------    d-----w-    C:\Users\Idy\AppData\Local\Programs
2013-11-17 19:18:33    --------    d-----w-    C:\Users\Idy\AppData\Roaming\Foxit Software
2013-11-17 19:18:32    --------    d-----w-    C:\Program Files (x86)\Foxit Software
2013-11-17 10:38:32    189248    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2013-11-17 10:38:32    189248    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2013-11-17 10:38:31    75136    ----a-w-    C:\Windows\SysWow64\PnkBstrA.exe
2013-11-17 10:15:59    506728    ----a-w-    C:\Windows\System32\d3dx10_34.dll
2013-11-17 05:02:44    --------    d-----w-    C:\Users\Idy\AppData\Roaming\Origin
2013-11-17 04:07:33    --------    d-----w-    C:\Users\Idy\AppData\Roaming\IDT
2013-11-17 03:49:38    90624    ----a-w-    C:\Windows\System32\AESTCo64.dll
2013-11-17 03:48:59    --------    d-----w-    C:\Program Files\IDT
2013-11-17 03:02:02    --------    d-----w-    C:\Program Files (x86)\VideoLAN
2013-11-17 02:25:23    --------    d-----w-    C:\Program Files\HP
2013-11-17 02:25:23    --------    d-----w-    C:\Program Files (x86)\HP
2013-11-17 02:24:48    --------    d-----w-    C:\Users\Idy\AppData\Local\HP
2013-11-17 01:53:34    --------    d-----w-    C:\DriversNew
2013-11-16 05:57:34    --------    dc----r-    C:\_TD
2013-11-16 04:44:09    2560    ----a-w-    C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-11-16 04:26:16    4096    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-11-16 03:59:20    87040    ----a-w-    C:\Windows\System32\drivers\WUDFPf.sys
2013-11-16 03:59:20    84992    ----a-w-    C:\Windows\System32\WUDFSvc.dll
2013-11-16 03:59:20    198656    ----a-w-    C:\Windows\System32\drivers\WUDFRd.sys
2013-11-16 03:59:20    194048    ----a-w-    C:\Windows\System32\WUDFPlatform.dll
2013-11-16 03:59:19    744448    ----a-w-    C:\Windows\System32\WUDFx.dll
2013-11-16 03:59:19    45056    ----a-w-    C:\Windows\System32\WUDFCoinstaller.dll
2013-11-16 03:59:19    229888    ----a-w-    C:\Windows\System32\WUDFHost.exe
2013-11-16 03:56:21    --------    d-----w-    C:\Windows\System32\MRT
2013-11-16 03:52:26    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-11-16 03:52:26    5120    ----a-w-    C:\Windows\SysWow64\wmi.dll
2013-11-16 03:52:26    5120    ----a-w-    C:\Windows\System32\wmi.dll
2013-11-16 03:52:26    23408    ----a-w-    C:\Windows\System32\drivers\fs_rec.sys
2013-11-16 03:52:26    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-11-16 03:46:30    70144    ----a-w-    C:\Windows\System32\appinfo.dll
2013-11-16 03:46:30    111448    ----a-w-    C:\Windows\System32\consent.exe
2013-11-16 03:46:25    3717632    ----a-w-    C:\Windows\System32\mstscax.dll
2013-11-16 03:46:24    44032    ----a-w-    C:\Windows\System32\tsgqec.dll
2013-11-16 03:46:24    36864    ----a-w-    C:\Windows\SysWow64\tsgqec.dll
2013-11-16 03:46:24    3217408    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2013-11-16 03:46:24    158720    ----a-w-    C:\Windows\System32\aaclient.dll
2013-11-16 03:46:24    131584    ----a-w-    C:\Windows\SysWow64\aaclient.dll
2013-11-16 03:46:16    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2013-11-16 03:46:15    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2013-11-16 03:46:15    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2013-11-16 03:44:59    936448    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-11-16 03:43:59    197120    ----a-w-    C:\Windows\System32\credui.dll
2013-11-16 03:42:52    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2013-11-16 03:42:52    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2013-11-16 03:42:52    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2013-11-16 03:42:52    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2013-11-16 03:42:52    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2013-11-16 03:42:51    461312    ----a-w-    C:\Windows\System32\scavengeui.dll
2013-11-16 03:29:16    77312    ----a-w-    C:\Windows\System32\packager.dll
2013-11-16 03:29:16    67072    ----a-w-    C:\Windows\SysWow64\packager.dll
2013-11-16 03:24:45    --------    d-----w-    C:\Users\Idy\AppData\Roaming\Synaptics
2013-11-16 03:24:45    --------    d-----w-    C:\ProgramData\Synaptics
2013-11-16 03:22:30    --------    d-----w-    C:\Program Files\Synaptics
2013-11-16 02:35:15    --------    d-----w-    C:\Users\Idy\AppData\Roaming\AVG2014
2013-11-16 02:34:39    --------    d-----w-    C:\Users\Idy\AppData\Roaming\TuneUp Software
2013-11-16 02:34:22    --------    d-----w-    C:\ProgramData\AVG2014
2013-11-16 02:31:41    --------    d-sh--w-    C:\Windows\Installer
2013-11-16 02:31:30    --------    d--h--w-    C:\ProgramData\Common Files
2013-11-16 02:31:30    --------    d-----w-    C:\Users\Idy\AppData\Local\MFAData
2013-11-16 02:31:30    --------    d-----w-    C:\Users\Idy\AppData\Local\Avg2014
2013-11-16 02:31:30    --------    d-----w-    C:\ProgramData\MFAData
2013-11-16 02:27:50    2622464    ----a-w-    C:\Windows\System32\wucltux.dll
2013-11-16 02:27:44    99840    ----a-w-    C:\Windows\System32\wudriver.dll
2013-11-16 02:27:30    36864    ----a-w-    C:\Windows\System32\wuapp.exe
2013-11-16 02:27:30    186752    ----a-w-    C:\Windows\System32\wuwebv.dll
2013-11-16 02:11:27    0    ----a-w-    C:\Windows\ativpsrm.bin
2013-11-16 01:52:49    --------    d-----w-    C:\Users\Idy\AppData\Local\Microsoft Games
2013-11-15 22:01:37    --------    d-----w-    C:\ProgramData\Western Digital
2013-11-15 21:34:22    --------    d-----w-    C:\Users\Idy\AppData\Local\ElevatedDiagnostics
2013-11-15 21:33:12    --------    d-----w-    C:\Users\Idy\AppData\Local\Diagnostics
2013-11-15 21:16:45    --------    d-----r-    C:\Boot
2013-11-15 20:52:43    --------    d-----w-    C:\Windows\Panther
2013-11-06 03:55:48    150808    ----a-w-    C:\Windows\System32\drivers\avgdiska.sys
2013-11-05 03:52:42    240920    ----a-w-    C:\Windows\System32\drivers\avgidsdrivera.sys
2013-11-01 05:00:18    212280    ----a-w-    C:\Windows\System32\drivers\avgldx64.sys
2013-11-01 04:49:46    294712    ----a-w-    C:\Windows\System32\drivers\avgloga.sys
.
==================== Find3M  ====================
.
2013-11-16 04:26:16    4096    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-25 04:25:58    194872    ----a-w-    C:\Windows\System32\drivers\avgidsha.sys
2013-10-05 20:25:35    1474048    ----a-w-    C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25    1168384    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31    190464    ----a-w-    C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:24:49    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-10-04 01:58:50    152576    ----a-w-    C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25    168960    ----a-w-    C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-10-01 06:52:08    123704    ----a-w-    C:\Windows\System32\drivers\avgmfx64.sys
2013-09-28 01:09:10    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40    154560    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33    28672    ----a-w-    C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33    135680    ----a-w-    C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01    28160    ----a-w-    C:\Windows\System32\secur32.dll
2013-09-25 02:22:59    340992    ----a-w-    C:\Windows\System32\schannel.dll
2013-09-25 02:21:50    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07    1447936    ----a-w-    C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24    30720    ----a-w-    C:\Windows\System32\lsass.exe
2013-09-10 06:43:02    31544    ----a-w-    C:\Windows\System32\drivers\avgrkx64.sys
2013-09-08 02:30:37    1903552    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14    327168    ----a-w-    C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58    231424    ----a-w-    C:\Windows\SysWow64\mswsock.dll
.
============= FINISH: 22:14:15.16 ===============
 

COMBOFIX.txt

 

ComboFix 13-11-23.02 - Idy 11/26/2013  16:48:18.3.8 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8140.6909 [GMT -6:00]
Running from: c:\users\Idy\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-26 to 2013-11-26  )))))))))))))))))))))))))))))))
.
.
2013-11-26 22:54 . 2013-11-26 22:54    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-11-26 22:54 . 2013-11-26 22:54    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-11-26 21:47 . 2013-11-26 22:07    --------    d-----w-    c:\program files\Windows Media Player
2013-11-26 21:04 . 2013-11-26 21:04    --------    d-----w-    c:\programdata\Yammm
2013-11-26 18:23 . 2013-11-26 22:37    --------    d-----w-    c:\program files (x86)\eM Client
2013-11-22 02:04 . 2013-11-22 02:04    --------    d-----w-    c:\programdata\EA Core
2013-11-22 01:51 . 2013-11-22 01:51    --------    d--h--w-    c:\program files (x86)\Common Files\EAInstaller
2013-11-22 01:34 . 2013-11-22 02:04    --------    d-----w-    c:\programdata\Electronic Arts
2013-11-22 01:34 . 2013-11-22 01:43    --------    d-----w-    c:\program files (x86)\Origin Games
2013-11-22 01:34 . 2013-11-22 01:41    --------    d-----w-    c:\program files (x86)\Origin
2013-11-22 01:34 . 2013-11-22 01:40    --------    d-----w-    c:\programdata\Origin
2013-11-21 00:04 . 2013-11-21 00:10    --------    d-----w-    c:\program files (x86)\iTunes
2013-11-21 00:01 . 2013-11-21 15:37    --------    d-----w-    c:\program files (x86)\Common Files\Apple
2013-11-20 23:49 . 2013-11-20 23:57    --------    d-----w-    c:\programdata\WindSolutions
2013-11-20 23:07 . 2013-11-20 23:07    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-20 23:07 . 2013-11-20 23:07    --------    d-----w-    c:\windows\SysWow64\Macromed
2013-11-20 23:07 . 2013-11-20 23:07    --------    d-----w-    c:\windows\system32\Macromed
2013-11-20 22:44 . 2013-11-20 22:44    --------    d-----w-    c:\programdata\MediaMonkey
2013-11-20 22:44 . 2013-11-20 22:44    --------    d-----w-    c:\program files (x86)\MediaMonkey
2013-11-20 17:19 . 2013-11-20 17:19    --------    d-----w-    c:\program files (x86)\Mozilla Maintenance Service
2013-11-18 18:40 . 2013-11-18 18:40    --------    d-----w-    c:\program files (x86)\Microsoft SkyDrive
2013-11-18 18:40 . 2013-11-19 02:24    --------    d-----w-    c:\program files (x86)\Microsoft.NET
2013-11-18 18:37 . 2013-11-18 18:54    566480    ----a-w-    c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-11-18 18:36 . 2013-11-18 18:40    --------    d-----w-    c:\programdata\regid.1991-06.com.microsoft
2013-11-18 18:32 . 2013-11-18 18:52    --------    d-----w-    c:\program files\Microsoft Office 15
2013-11-18 08:30 . 2013-11-18 08:30    231376    ----a-w-    c:\windows\system32\drivers\truecrypt.sys
2013-11-18 08:30 . 2013-11-18 08:30    --------    d-----w-    c:\program files\TrueCrypt
2013-11-18 06:45 . 2013-11-18 06:45    --------    d-----w-    c:\windows\SysWow64\Wat
2013-11-18 06:45 . 2013-11-18 06:45    --------    d-----w-    c:\windows\system32\Wat
2013-11-18 06:44 . 2013-09-04 12:12    343040    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2013-11-18 06:44 . 2013-09-04 12:11    325120    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-11-18 06:44 . 2013-09-04 12:11    99840    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-11-18 06:44 . 2013-09-04 12:11    52736    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2013-11-18 06:44 . 2013-09-04 12:11    30720    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2013-11-18 06:44 . 2013-09-04 12:11    25600    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2013-11-18 06:44 . 2013-09-04 12:11    7808    ----a-w-    c:\windows\system32\drivers\usbd.sys
2013-11-18 06:27 . 2013-11-18 06:27    --------    d-----w-    c:\program files (x86)\AVG
2013-11-18 06:03 . 2013-11-18 06:11    --------    d-----w-    c:\programdata\HitmanPro
2013-11-18 05:48 . 2013-11-18 05:48    --------    d-----w-    c:\windows\ERUNT
2013-11-18 05:19 . 2013-11-18 05:19    --------    d-----w-    c:\programdata\Malwarebytes
2013-11-18 05:13 . 2013-11-24 23:51    --------    d-----w-    C:\AdwCleaner
2013-11-17 23:42 . 2013-11-18 00:40    --------    d-----w-    c:\program files (x86)\Diablo III
2013-11-17 23:42 . 2013-11-18 00:02    --------    d-----w-    c:\programdata\Blizzard Entertainment
2013-11-17 23:42 . 2013-11-18 00:02    --------    d-----w-    c:\program files (x86)\Common Files\Blizzard Entertainment
2013-11-17 23:41 . 2013-11-17 23:41    --------    d-----w-    c:\programdata\Battle.net
2013-11-17 20:29 . 2013-11-22 00:02    281688    ----a-w-    c:\windows\SysWow64\PnkBstrB.xtr
2013-11-17 19:31 . 2013-11-26 22:37    --------    d-----w-    c:\users\The Use
2013-11-17 19:22 . 2013-11-20 22:25    --------    d-----w-    C:\Music and Guitar Tabs
2013-11-17 19:19 . 2013-11-18 18:23    --------    d-----w-    C:\Application Installers
2013-11-17 19:18 . 2013-11-17 19:18    --------    d-----w-    c:\program files (x86)\Foxit Software
2013-11-17 10:38 . 2013-11-22 01:51    189248    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2013-11-17 10:38 . 2013-11-22 01:51    189248    ----a-w-    c:\windows\SysWow64\PnkBstrB.ex0
2013-11-17 10:38 . 2013-11-22 01:51    75136    ----a-w-    c:\windows\SysWow64\PnkBstrA.exe
2013-11-17 10:20 . 2013-11-17 10:20    --------    d-----w-    c:\program files (x86)\Reference Assemblies
2013-11-17 10:20 . 2013-11-17 10:20    --------    d-----w-    c:\program files (x86)\MSBuild
2013-11-17 10:20 . 2013-11-17 10:20    --------    d-----w-    c:\program files\Reference Assemblies
2013-11-17 10:20 . 2013-11-17 10:20    --------    d-----w-    c:\program files\MSBuild
2013-11-17 10:15 . 2007-10-22 11:37    17928    ----a-w-    c:\windows\SysWow64\X3DAudio1_2.dll
2013-11-17 10:09 . 2013-11-17 10:30    --------    d-----w-    c:\program files (x86)\Ubisoft
2013-11-17 04:05 . 2013-11-17 04:05    --------    d-----w-    c:\windows\system32\2C0A
2013-11-17 03:49 . 2012-01-04 08:37    6344704    ----a-w-    c:\windows\system32\IDTNGUI.exe
2013-11-17 03:48 . 2013-11-17 10:30    --------    d--h--w-    c:\program files (x86)\InstallShield Installation Information
2013-11-17 03:48 . 2013-11-17 03:50    --------    d-----w-    c:\program files\IDT
2013-11-17 03:44 . 2013-11-17 03:44    --------    d-----w-    c:\program files (x86)\Hewlett-Packard
2013-11-17 03:02 . 2013-11-17 03:02    --------    d-----w-    c:\program files (x86)\VideoLAN
2013-11-17 02:25 . 2013-11-17 02:25    --------    d-----w-    c:\programdata\HP
2013-11-17 02:25 . 2013-11-17 03:44    --------    d-----w-    c:\program files (x86)\HP
2013-11-17 02:25 . 2013-11-17 02:25    --------    d-----w-    c:\program files\HP
2013-11-17 01:53 . 2013-11-17 06:11    --------    d-----w-    C:\DriversNew
2013-11-16 05:57 . 2013-11-17 03:30    --------    dc----r-    C:\_TD
2013-11-16 04:44 . 2012-07-26 04:47    2560    ----a-w-    c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-11-16 04:26 . 2013-11-16 04:26    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-11-16 03:59 . 2012-07-26 03:08    84992    ----a-w-    c:\windows\system32\WUDFSvc.dll
2013-11-16 03:59 . 2012-07-26 03:08    194048    ----a-w-    c:\windows\system32\WUDFPlatform.dll
2013-11-16 03:59 . 2012-07-26 02:26    87040    ----a-w-    c:\windows\system32\drivers\WUDFPf.sys
2013-11-16 03:59 . 2012-07-26 02:26    198656    ----a-w-    c:\windows\system32\drivers\WUDFRd.sys
2013-11-16 03:59 . 2012-07-26 03:08    229888    ----a-w-    c:\windows\system32\WUDFHost.exe
2013-11-16 03:59 . 2012-07-26 03:08    744448    ----a-w-    c:\windows\system32\WUDFx.dll
2013-11-16 03:59 . 2012-07-26 03:08    45056    ----a-w-    c:\windows\system32\WUDFCoinstaller.dll
2013-11-16 03:56 . 2013-11-16 03:56    --------    d-----w-    c:\windows\system32\MRT
2013-11-16 03:52 . 2012-03-01 06:46    23408    ----a-w-    c:\windows\system32\drivers\fs_rec.sys
2013-11-16 03:52 . 2012-03-01 06:33    81408    ----a-w-    c:\windows\system32\imagehlp.dll
2013-11-16 03:52 . 2012-03-01 06:28    5120    ----a-w-    c:\windows\system32\wmi.dll
2013-11-16 03:52 . 2012-03-01 05:33    159232    ----a-w-    c:\windows\SysWow64\imagehlp.dll
2013-11-16 03:52 . 2012-03-01 05:29    5120    ----a-w-    c:\windows\SysWow64\wmi.dll
2013-11-16 03:46 . 2013-02-27 06:02    111448    ----a-w-    c:\windows\system32\consent.exe
2013-11-16 03:46 . 2013-02-27 05:47    70144    ----a-w-    c:\windows\system32\appinfo.dll
2013-11-16 03:46 . 2013-02-15 06:06    3717632    ----a-w-    c:\windows\system32\mstscax.dll
2013-11-16 03:46 . 2013-02-15 06:08    44032    ----a-w-    c:\windows\system32\tsgqec.dll
2013-11-16 03:46 . 2013-02-15 06:02    158720    ----a-w-    c:\windows\system32\aaclient.dll
2013-11-16 03:46 . 2013-02-15 04:37    3217408    ----a-w-    c:\windows\SysWow64\mstscax.dll
2013-11-16 03:46 . 2013-02-15 04:34    131584    ----a-w-    c:\windows\SysWow64\aaclient.dll
2013-11-16 03:46 . 2013-02-15 03:25    36864    ----a-w-    c:\windows\SysWow64\tsgqec.dll
2013-11-16 03:46 . 2012-11-30 05:45    362496    ----a-w-    c:\windows\system32\wow64win.dll
2013-11-16 03:46 . 2012-11-30 05:45    13312    ----a-w-    c:\windows\system32\wow64cpu.dll
2013-11-16 03:46 . 2012-11-30 05:43    16384    ----a-w-    c:\windows\system32\ntvdm64.dll
2013-11-16 03:44 . 2013-04-10 05:46    1367040    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-11-16 03:43 . 2013-10-04 02:28    190464    ----a-w-    c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-16 03:42 . 2013-10-12 02:30    830464    ----a-w-    c:\windows\system32\nshwfp.dll
2013-11-16 03:42 . 2013-10-12 02:29    859648    ----a-w-    c:\windows\system32\IKEEXT.DLL
2013-11-16 03:42 . 2013-10-12 02:29    324096    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2013-11-16 03:42 . 2013-10-12 02:03    656896    ----a-w-    c:\windows\SysWow64\nshwfp.dll
2013-11-16 03:42 . 2013-10-12 02:01    216576    ----a-w-    c:\windows\SysWow64\FWPUCLNT.DLL
2013-11-16 03:42 . 2013-08-28 01:12    461312    ----a-w-    c:\windows\system32\scavengeui.dll
2013-11-16 03:29 . 2011-11-19 14:58    77312    ----a-w-    c:\windows\system32\packager.dll
2013-11-16 03:29 . 2011-11-19 14:01    67072    ----a-w-    c:\windows\SysWow64\packager.dll
2013-11-16 03:24 . 2013-11-16 03:24    --------    d-----w-    c:\programdata\Synaptics
2013-11-16 03:22 . 2013-11-16 03:22    --------    d-----w-    c:\program files\Synaptics
2013-11-16 03:04 . 2013-11-26 22:41    --------    d-----w-    c:\users\Rudolph
2013-11-16 02:34 . 2013-11-18 06:29    --------    d-----w-    c:\programdata\AVG2014
2013-11-16 02:31 . 2013-11-26 18:19    --------    d-sh--w-    c:\windows\Installer
2013-11-16 02:31 . 2013-11-26 18:19    --------    d-----w-    c:\programdata\MFAData
2013-11-16 02:31 . 2013-11-16 02:31    --------    d--h--w-    c:\programdata\Common Files
2013-11-16 02:27 . 2012-06-02 22:19    2428952    ----a-w-    c:\windows\system32\wuaueng.dll
2013-11-16 02:27 . 2012-06-02 22:19    57880    ----a-w-    c:\windows\system32\wuauclt.exe
2013-11-16 02:27 . 2012-06-02 22:19    44056    ----a-w-    c:\windows\system32\wups2.dll
2013-11-16 02:27 . 2012-06-02 22:15    2622464    ----a-w-    c:\windows\system32\wucltux.dll
2013-11-16 02:27 . 2012-06-02 22:19    38424    ----a-w-    c:\windows\system32\wups.dll
2013-11-16 02:27 . 2012-06-02 22:19    701976    ----a-w-    c:\windows\system32\wuapi.dll
2013-11-16 02:27 . 2012-06-02 22:15    99840    ----a-w-    c:\windows\system32\wudriver.dll
2013-11-16 02:27 . 2012-06-02 23:19    186752    ----a-w-    c:\windows\system32\wuwebv.dll
2013-11-16 02:27 . 2012-06-02 23:15    36864    ----a-w-    c:\windows\system32\wuapp.exe
2013-11-16 02:11 . 2013-11-16 02:11    0    ----a-w-    c:\windows\ativpsrm.bin
2013-11-15 22:01 . 2013-11-15 22:01    --------    d-----w-    c:\programdata\Western Digital
2013-11-15 21:28 . 2013-11-26 22:37    --------    d-----w-    c:\users\Idy
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-25 04:25 . 2013-10-25 04:25    194872    ----a-w-    c:\windows\system32\drivers\avgidsha.sys
2013-10-01 06:52 . 2013-10-01 06:52    123704    ----a-w-    c:\windows\system32\drivers\avgmfx64.sys
2013-09-10 06:43 . 2013-09-10 06:43    31544    ----a-w-    c:\windows\system32\drivers\avgrkx64.sys
2013-08-29 01:48 . 2013-11-16 03:45    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-11-08 4956176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
c:\users\Idy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Send to OneNote.lnk - c:\program files\Microsoft Office 15\root\office15\ONENOTEM.EXE /tsr [2013-11-18 194224]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BDUSBImmunizerLauncher.exe - Shortcut.lnk - c:\users\Idy\Desktop\BDUSBImmunizerLauncher.exe [2013-11-18 4071672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
R2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
R3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C60x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-11-18 18:55    2328776    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-11-18 18:55    2328776    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-11-18 18:55    2328776    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-04 1425408]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-21 1832760]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Idy\AppData\Roaming\Mozilla\Firefox\Profiles\wxe1qm1d.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-26  16:56:26
ComboFix-quarantined-files.txt  2013-11-26 22:56
ComboFix2.txt  2013-11-18 04:38
.
Pre-Run: 583,035,396,096 bytes free
Post-Run: 583,084,470,272 bytes free
.
- - End Of File - - 562388B5C2394FC345886EB7E9A2451F
A36C5E4F47E84449FF07ED3517B43A31
 

 

 

 

 

Attached File  attach.txt   7.71KB   0 downloads



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:32 PM

Posted 01 December 2013 - 11:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/515528 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Bodum

Bodum
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 PM

Posted 02 December 2013 - 10:52 AM

Hey Helpbot,
 
I gave a detailed description in my first post, but basically I was hoping someone could help me read the combofix.txt file and let me know if I have anything to worry about. I haven't done much except virus scans and backups since posting. The dds log is below and I've attached the attach.txt file. I do not have my original windows CD. I have a USB drive with windows7.iso on it for reinstall. And... I think that's all you ask for. Here's the DDS
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer:
Run by Idy at 9:34:37 on 2013-12-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8140.5260 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTE.EXE
C:\Program Files\Microsoft Office 15\Root\Office15\ONENOTEM.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\msiexec.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\eM Client\MailClient.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mDefault_Page_URL = hxxp://www.google.com
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BDUSBI~1.LNK - C:\Users\Idy\Desktop\BDUSBImmunizerLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{1CEF2FD7-25F3-4F90-BD02-F470CB8DC407} : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{1CEF2FD7-25F3-4F90-BD02-F470CB8DC407}\07F6E696F6E6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1CEF2FD7-25F3-4F90-BD02-F470CB8DC407}\758494455484F4553554 : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{9DB8D5CC-09B8-4E97-84C7-13786F49A1FB} : DHCPNameServer = 75.75.76.76 75.75.75.75
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Idy\AppData\Roaming\Mozilla\Firefox\Profiles\wxe1qm1d.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-11-16 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-10-1 204288]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-27 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-27 701512]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-11-18 1907896]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-11-4 1228504]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2011-8-9 12289472]
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-1-19 46568]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C60x64.sys [2011-3-23 76912]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-11-27 25928]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-10-25 96768]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-10-25 213504]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-11-4 18456]
R3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver.sys [2012-2-23 21264]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-5-30 338536]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-11-18 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2013-12-02 15:33:38    --------    d-----w-    C:\Users\Idy\AppData\Roaming\eM Client
2013-11-27 22:23:38    --------    d-----w-    C:\Program Files (x86)\GPU-Z
2013-11-27 22:22:52    --------    d-----w-    C:\Program Files (x86)\HD Tune
2013-11-27 22:17:04    --------    d-----w-    C:\Program Files\CPUID
2013-11-27 19:14:19    1643520    ----a-w-    C:\Windows\System32\DWrite.dll
2013-11-27 19:14:19    1247744    ----a-w-    C:\Windows\SysWow64\DWrite.dll
2013-11-27 18:59:34    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-11-27 18:59:34    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-27 17:56:08    --------    d-----w-    C:\Windows\Migration
2013-11-27 09:30:22    --------    d-----w-    C:\Users\Idy\AppData\Local\CrashDumps
2013-11-27 08:13:21    --------    d-----w-    C:\Program Files (x86)\VS Revo Group
2013-11-27 06:59:51    --------    d-----w-    C:\Users\Idy\AppData\Local\Secunia PSI
2013-11-27 06:59:40    --------    d-----w-    C:\Program Files (x86)\Secunia
2013-11-26 22:56:30    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-11-26 22:56:28    --------    d-----w-    C:\Users\Idy\AppData\Local\temp
2013-11-26 21:04:38    --------    d-----w-    C:\ProgramData\Yammm
2013-11-26 18:23:22    --------    d-----w-    C:\Program Files (x86)\eM Client
2013-11-25 01:28:00    --------    d-----w-    C:\Users\Idy\AppData\Local\Macromedia
2013-11-24 05:57:03    --------    d-----w-    C:\Users\Idy\AppData\Local\MediaMonkey
2013-11-22 02:04:13    --------    d-----w-    C:\ProgramData\EA Core
2013-11-22 01:51:49    --------    d--h--w-    C:\Program Files (x86)\Common Files\EAInstaller
2013-11-22 01:36:46    --------    d-----w-    C:\Users\Idy\AppData\Local\Origin
2013-11-22 01:34:56    --------    d-----w-    C:\ProgramData\Electronic Arts
2013-11-22 01:34:56    --------    d-----w-    C:\Program Files (x86)\Origin Games
2013-11-22 01:34:48    --------    d-----w-    C:\Program Files (x86)\Origin
2013-11-22 01:34:38    --------    d-----w-    C:\ProgramData\Origin
2013-11-21 00:04:21    --------    d-----w-    C:\Users\Idy\AppData\Roaming\WindSolutions
2013-11-21 00:04:08    --------    d-----w-    C:\Program Files (x86)\iTunes
2013-11-20 23:49:56    --------    d-----w-    C:\ProgramData\WindSolutions
2013-11-20 23:07:43    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-20 23:07:16    --------    d-----w-    C:\Users\Idy\AppData\Local\Adobe
2013-11-20 22:44:13    --------    d-----w-    C:\Users\Idy\AppData\Roaming\MediaMonkey
2013-11-20 22:44:11    --------    d-----w-    C:\ProgramData\MediaMonkey
2013-11-20 22:44:10    --------    d-----w-    C:\Program Files (x86)\MediaMonkey
2013-11-20 17:20:03    --------    d-----w-    C:\Users\Idy\AppData\Local\Mozilla
2013-11-18 18:40:44    --------    d-----w-    C:\Program Files (x86)\Microsoft SkyDrive
2013-11-18 18:40:44    --------    d-----r-    C:\Users\Idy\SkyDrive
2013-11-18 18:37:47    566480    ----a-w-    C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-11-18 18:36:55    --------    d-----w-    C:\ProgramData\regid.1991-06.com.microsoft
2013-11-18 18:32:18    --------    d-----w-    C:\Program Files\Microsoft Office 15
2013-11-18 08:30:46    --------    d-----w-    C:\Users\Idy\AppData\Roaming\TrueCrypt
2013-11-18 08:30:25    231376    ----a-w-    C:\Windows\System32\drivers\truecrypt.sys
2013-11-18 08:30:14    --------    d-----w-    C:\Program Files\TrueCrypt
2013-11-18 06:51:33    --------    d-----w-    C:\Users\Idy\AppData\Roaming\uTorrent
2013-11-18 06:45:11    --------    d-----w-    C:\Windows\SysWow64\Wat
2013-11-18 06:45:10    --------    d-----w-    C:\Windows\System32\Wat
2013-11-18 06:44:07    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2013-11-18 06:44:07    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2013-11-18 06:44:07    52736    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2013-11-18 06:44:07    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2013-11-18 06:44:07    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2013-11-18 06:44:07    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2013-11-18 06:44:07    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2013-11-18 06:27:03    --------    d-----w-    C:\Program Files (x86)\AVG
2013-11-18 06:03:18    --------    d-----w-    C:\ProgramData\HitmanPro
2013-11-18 05:48:12    --------    d-----w-    C:\Windows\ERUNT
2013-11-18 05:20:17    --------    d-----w-    C:\Users\Idy\AppData\Roaming\Malwarebytes
2013-11-18 05:19:56    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-11-18 05:13:09    --------    d-----w-    C:\AdwCleaner
2013-11-18 04:31:09    98816    ----a-w-    C:\Windows\sed.exe
2013-11-18 04:31:09    256000    ----a-w-    C:\Windows\PEV.exe
2013-11-18 04:31:09    208896    ----a-w-    C:\Windows\MBR.exe
2013-11-18 04:21:23    --------    d-----w-    C:\Windows\pss
2013-11-17 23:42:47    --------    d-----w-    C:\ProgramData\Blizzard Entertainment
2013-11-17 23:42:47    --------    d-----w-    C:\Program Files (x86)\Diablo III
2013-11-17 23:42:47    --------    d-----w-    C:\Program Files (x86)\Common Files\Blizzard Entertainment
2013-11-17 23:41:44    --------    d-----w-    C:\ProgramData\Battle.net
2013-11-17 20:29:00    281688    ----a-w-    C:\Windows\SysWow64\PnkBstrB.xtr
2013-11-17 19:22:04    --------    d-----w-    C:\Music and Guitar Tabs
2013-11-17 19:19:18    --------    d-----w-    C:\Application Installers
2013-11-17 19:18:48    --------    d-----w-    C:\Users\Idy\AppData\Local\Programs
2013-11-17 19:18:33    --------    d-----w-    C:\Users\Idy\AppData\Roaming\Foxit Software
2013-11-17 19:18:32    --------    d-----w-    C:\Program Files (x86)\Foxit Software
2013-11-17 10:38:32    189248    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2013-11-17 10:38:32    189248    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2013-11-17 10:38:31    75136    ----a-w-    C:\Windows\SysWow64\PnkBstrA.exe
2013-11-17 10:15:59    506728    ----a-w-    C:\Windows\System32\d3dx10_34.dll
2013-11-17 05:02:44    --------    d-----w-    C:\Users\Idy\AppData\Roaming\Origin
2013-11-17 04:07:33    --------    d-----w-    C:\Users\Idy\AppData\Roaming\IDT
2013-11-17 03:49:38    90624    ----a-w-    C:\Windows\System32\AESTCo64.dll
2013-11-17 03:48:59    --------    d-----w-    C:\Program Files\IDT
2013-11-17 03:02:02    --------    d-----w-    C:\Program Files (x86)\VideoLAN
2013-11-17 02:25:23    --------    d-----w-    C:\Program Files\HP
2013-11-17 02:25:23    --------    d-----w-    C:\Program Files (x86)\HP
2013-11-17 02:24:48    --------    d-----w-    C:\Users\Idy\AppData\Local\HP
2013-11-17 01:53:34    --------    d-----w-    C:\DriversNew
2013-11-16 05:57:34    --------    dc----r-    C:\_TD
2013-11-16 04:44:09    2560    ----a-w-    C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-11-16 04:26:16    4096    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-11-16 03:59:20    87040    ----a-w-    C:\Windows\System32\drivers\WUDFPf.sys
2013-11-16 03:59:20    84992    ----a-w-    C:\Windows\System32\WUDFSvc.dll
2013-11-16 03:59:20    198656    ----a-w-    C:\Windows\System32\drivers\WUDFRd.sys
2013-11-16 03:59:20    194048    ----a-w-    C:\Windows\System32\WUDFPlatform.dll
2013-11-16 03:59:19    744448    ----a-w-    C:\Windows\System32\WUDFx.dll
2013-11-16 03:59:19    45056    ----a-w-    C:\Windows\System32\WUDFCoinstaller.dll
2013-11-16 03:59:19    229888    ----a-w-    C:\Windows\System32\WUDFHost.exe
2013-11-16 03:56:21    --------    d-----w-    C:\Windows\System32\MRT
2013-11-16 03:52:26    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-11-16 03:52:26    5120    ----a-w-    C:\Windows\SysWow64\wmi.dll
2013-11-16 03:52:26    5120    ----a-w-    C:\Windows\System32\wmi.dll
2013-11-16 03:52:26    23408    ----a-w-    C:\Windows\System32\drivers\fs_rec.sys
2013-11-16 03:52:26    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-11-16 03:46:30    70144    ----a-w-    C:\Windows\System32\appinfo.dll
2013-11-16 03:46:30    111448    ----a-w-    C:\Windows\System32\consent.exe
2013-11-16 03:46:25    3717632    ----a-w-    C:\Windows\System32\mstscax.dll
2013-11-16 03:46:24    44032    ----a-w-    C:\Windows\System32\tsgqec.dll
2013-11-16 03:46:24    36864    ----a-w-    C:\Windows\SysWow64\tsgqec.dll
2013-11-16 03:46:24    3217408    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2013-11-16 03:46:24    158720    ----a-w-    C:\Windows\System32\aaclient.dll
2013-11-16 03:46:24    131584    ----a-w-    C:\Windows\SysWow64\aaclient.dll
2013-11-16 03:46:16    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2013-11-16 03:46:15    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2013-11-16 03:46:15    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2013-11-16 03:44:59    936448    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-11-16 03:43:59    197120    ----a-w-    C:\Windows\System32\credui.dll
2013-11-16 03:42:52    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2013-11-16 03:42:52    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2013-11-16 03:42:52    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2013-11-16 03:42:52    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2013-11-16 03:42:52    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2013-11-16 03:42:51    461312    ----a-w-    C:\Windows\System32\scavengeui.dll
2013-11-16 03:29:16    77312    ----a-w-    C:\Windows\System32\packager.dll
2013-11-16 03:29:16    67072    ----a-w-    C:\Windows\SysWow64\packager.dll
2013-11-16 03:24:45    --------    d-----w-    C:\Users\Idy\AppData\Roaming\Synaptics
2013-11-16 03:24:45    --------    d-----w-    C:\ProgramData\Synaptics
2013-11-16 03:22:30    --------    d-----w-    C:\Program Files\Synaptics
2013-11-16 02:35:15    --------    d-----w-    C:\Users\Idy\AppData\Roaming\AVG2014
2013-11-16 02:34:39    --------    d-----w-    C:\Users\Idy\AppData\Roaming\TuneUp Software
2013-11-16 02:34:22    --------    d-----w-    C:\ProgramData\AVG2014
2013-11-16 02:31:41    --------    d-sh--w-    C:\Windows\Installer
2013-11-16 02:31:30    --------    d--h--w-    C:\ProgramData\Common Files
2013-11-16 02:31:30    --------    d-----w-    C:\Users\Idy\AppData\Local\MFAData
2013-11-16 02:31:30    --------    d-----w-    C:\Users\Idy\AppData\Local\Avg2014
2013-11-16 02:31:30    --------    d-----w-    C:\ProgramData\MFAData
2013-11-16 02:27:50    2622464    ----a-w-    C:\Windows\System32\wucltux.dll
2013-11-16 02:27:44    99840    ----a-w-    C:\Windows\System32\wudriver.dll
2013-11-16 02:27:30    36864    ----a-w-    C:\Windows\System32\wuapp.exe
2013-11-16 02:27:30    186752    ----a-w-    C:\Windows\System32\wuwebv.dll
2013-11-16 02:11:27    0    ----a-w-    C:\Windows\ativpsrm.bin
2013-11-16 01:52:49    --------    d-----w-    C:\Users\Idy\AppData\Local\Microsoft Games
2013-11-15 22:01:37    --------    d-----w-    C:\ProgramData\Western Digital
2013-11-15 21:34:22    --------    d-----w-    C:\Users\Idy\AppData\Local\ElevatedDiagnostics
2013-11-15 21:33:12    --------    d-----w-    C:\Users\Idy\AppData\Local\Diagnostics
2013-11-15 21:16:45    --------    d-----r-    C:\Boot
2013-11-15 20:52:43    --------    d-----w-    C:\Windows\Panther
2013-11-06 03:55:48    150808    ----a-w-    C:\Windows\System32\drivers\avgdiska.sys
2013-11-05 03:52:42    240920    ----a-w-    C:\Windows\System32\drivers\avgidsdrivera.sys
2013-11-04 12:42:02    18456    ----a-w-    C:\Windows\System32\drivers\psi_mf_amd64.sys
.
==================== Find3M  ====================
.
2013-11-16 04:26:16    4096    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-11-01 05:00:18    212280    ----a-w-    C:\Windows\System32\drivers\avgldx64.sys
2013-11-01 04:49:46    294712    ----a-w-    C:\Windows\System32\drivers\avgloga.sys
2013-10-25 04:25:58    194872    ----a-w-    C:\Windows\System32\drivers\avgidsha.sys
2013-10-05 20:25:35    1474048    ----a-w-    C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25    1168384    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31    190464    ----a-w-    C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:24:49    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-10-04 01:58:50    152576    ----a-w-    C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25    168960    ----a-w-    C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-10-01 06:52:08    123704    ----a-w-    C:\Windows\System32\drivers\avgmfx64.sys
2013-09-28 01:09:10    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40    154560    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33    28672    ----a-w-    C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33    135680    ----a-w-    C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01    28160    ----a-w-    C:\Windows\System32\secur32.dll
2013-09-25 02:22:59    340992    ----a-w-    C:\Windows\System32\schannel.dll
2013-09-25 02:21:50    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07    1447936    ----a-w-    C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24    30720    ----a-w-    C:\Windows\System32\lsass.exe
2013-09-12 03:21:54    863344    ----a-w-    C:\Windows\SysWow64\msvcr110_clr0400.dll
2013-09-12 03:21:54    501872    ----a-w-    C:\Windows\SysWow64\msvcp110_clr0400.dll
2013-09-12 03:21:54    28776    ----a-w-    C:\Windows\SysWow64\aspnet_counters.dll
2013-09-12 03:21:54    18000    ----a-w-    C:\Windows\SysWow64\msvcr100_clr0400.dll
2013-09-12 01:39:06    855664    ----a-w-    C:\Windows\System32\msvcr110_clr0400.dll
2013-09-12 01:39:06    614000    ----a-w-    C:\Windows\System32\msvcp110_clr0400.dll
2013-09-12 01:39:06    30312    ----a-w-    C:\Windows\System32\aspnet_counters.dll
2013-09-12 01:39:06    18000    ----a-w-    C:\Windows\System32\msvcr100_clr0400.dll
2013-09-10 06:43:02    31544    ----a-w-    C:\Windows\System32\drivers\avgrkx64.sys
2013-09-08 02:30:37    1903552    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14    327168    ----a-w-    C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58    231424    ----a-w-    C:\Windows\SysWow64\mswsock.dll
.
============= FINISH:  9:35:14.72 ===============
Attached File  attach.txt   8.19KB   1 downloads

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/15/13 3:28:24 PM
System Uptime: 12/2/13 8:55:33 AM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 1688
Processor: Intel® Core™ i7-2670QM CPU @ 2.20GHz | CPU1 | 792/1600mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 699 GiB total, 542.122 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP34: 11/26/13 12:22:51 PM - Installed eM Client
RP35: 11/26/13 3:04:21 PM - Installed Yammm (x64)
RP36: 11/26/13 3:46:36 PM - Windows Modules Installer
RP37: 11/26/13 3:51:26 PM - Windows Modules Installer
RP38: 11/26/13 4:05:00 PM - Windows Modules Installer
RP39: 11/26/13 4:07:27 PM - Windows Modules Installer
RP40: 11/26/13 4:15:12 PM - Removed Yammm (x64)
RP41: 11/26/13 4:27:27 PM - Restore Operation
RP42: 11/26/13 9:24:43 PM - Windows Backup
RP43: 11/27/13 1:54:59 AM - Windows Backup
RP44: 11/27/13 1:58:21 AM - Windows Backup
RP45: 11/27/13 11:54:29 AM - Windows Update
RP46: 11/27/13 1:14:25 PM - Windows Update
RP47: 11/27/13 1:36:33 PM - Windows Update
RP48: 12/1/13 2:50:32 PM - Removed HP Officejet 4620 series Basic Device Software
RP49: 12/2/13 9:21:01 AM - Installed eM Client
RP50: 12/2/13 9:27:22 AM - Installed eM Client
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 11 Plugin
AVG 2014
Battlefield 3™
CPUID CPU-Z 1.66
Diablo III
eM Client
Far Cry 3
Foxit Reader
HD Tune 2.55
HP Deskjet 1050 J410 series Basic Device Software
HP IDF Software
IDT Audio
Malwarebytes Anti-Malware version 1.75.0.1300
MediaMonkey 4.0
Microsoft .NET Framework 4.5.1
Microsoft Office Home and Student 2013 - en-us
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Origin
PunkBuster Services
Renesas Electronics USB 3.0 Host Controller Driver
Revo Uninstaller 1.95
Secunia PSI (3.0.0.9015)
Synaptics ClickPad Driver
TechPowerUp GPU-Z
TrueCrypt
Uplay
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VLC media player 2.1.1
.
==== Event Viewer Messages From Past Week ========
.
11/30/13 4:03:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
11/28/13 6:56:50 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.
11/27/13 3:45:02 AM, Error: Service Control Manager [7034] - The Windows Modules Installer service terminated unexpectedly. It has done this 3 time(s).
11/27/13 3:37:50 AM, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
11/27/13 3:32:27 AM, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/26/13 4:55:01 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/26/13 4:54:39 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
11/26/13 4:47:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
11/26/13 4:45:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/26/13 4:43:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/26/13 4:43:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/26/13 4:43:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/26/13 4:43:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/26/13 4:43:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgdiska AVGIDSDriver Avgldx64 discache spldr truecrypt Wanarpv6
11/26/13 4:43:35 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
11/26/13 1:38:10 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
11/25/13 4:31:25 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
11/25/13 11:31:00 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={40F0FAF0-430F-4661-98BA-3314CAA227DF}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. The requested name is valid, but no data of the requested type was found.
11/25/13 11:30:58 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={F8517509-2447-4B16-AC1B-821A77896064}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. The requested name is valid, but no data of the requested type was found.
11/25/13 11:30:57 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={4D3DACD1-C5BE-4175-BAB3-5C98CB3A8796}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. The requested name is valid, but no data of the requested type was found.
11/25/13 11:30:56 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={DD4B0E0B-0C1A-4449-86CF-A291249E2D2B}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. The requested name is valid, but no data of the requested type was found.
11/25/13 10:29:56 PM, Error: Ntfs [137] - The default transaction resource manager on volume F: encountered a non-retryable error and could not start. The data contains the error code.
11/25/13 10:22:45 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{DE23174B-05AA-47E2-9368-15871AD5F087} because another computer on the network has the same name. The server could not start.
.
==== End Of File ===========================

Edited by Oh My, 05 December 2013 - 09:54 AM.
Posted Attach log


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,962 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:32 AM

Posted 05 December 2013 - 09:52 AM

Greetings Bodum and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided and I will reply as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,962 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:32 AM

Posted 05 December 2013 - 10:04 AM

Thank you for patiently waiting for assistance. I have reviewed all the information you provided and do not see any evidence of malware. I know it has been a few days since you last posted. Any recent concerns you might have regarding your computer behavior?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Bodum

Bodum
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 PM

Posted 05 December 2013 - 11:24 AM

No recent concerns. Everything is running smootly. Thank you for looking over the information and helping me! Much appreciated.



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,962 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:32 AM

Posted 05 December 2013 - 11:38 AM

My pleasure. I will close this thread but feel free to send me a Personal Message if something comes up in the next day or two.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,962 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:32 AM

Posted 05 December 2013 - 11:38 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users