Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Whitesmoke is back this time with mixiDJ


  • This topic is locked This topic is locked
17 replies to this topic

#1 simplesimpleton

simplesimpleton

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 01 February 2014 - 10:43 AM

I got infected with the whitesmoke toolbar seemingly out of nowhere previously a couple months ago and posted on here and thought I removed it but yesterday my browser was being really slow so I decided to run CCcleaner and after that it deleted all of my extensions in chrome and when I opened it up it was saying that Whitesmoke and MixiDJ are asking to be enabled as extensions.This upset me to see it return because I don't have the faintest clue what actions of mine caused it to reemerge.After that my AVG popped up with an icon recommending i run a PC analysis and it reported back with results that almost seem suspiciously high so I have yet to act on its recommendation to fix now especially since there are 281 reported registry errors,198 junk files,25% fragmentation,and 1 broken shortcut.my computer also warned me that 3 new apps are running in my task bar and slowing down my computer.When I looked at the startup programs, most seem to be ones I'm aware of but there is one on there with no publisher simply called "NA" which concerns me.I have yet to act on anything for fear of unknowingly making changes to the registry and messing some stuff up.After my first bout with whitesmoke I also got my router tampered with and changed to an unencrypted network.The whole process of updating and fixing that also revealed to me that I may be missing some important router drivers so I'm left with a suspicion that I'm being attacked by someone or something but I really have no solid evidence for that except for my router ordeal.

 

Thanks for taking the time to hear me out and I appreciate any advice or help that is offered.



BC AdBot (Login to Remove)

 


m

#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:49 PM

Posted 01 February 2014 - 11:00 AM





Hello simplesimpleton

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 simplesimpleton

simplesimpleton
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 01 February 2014 - 02:32 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04
Ran by blazenka (administrator) on MOM on 01-02-2014 12:25:26
Running from C:\Users\blazenka\Desktop
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe\LiveComm.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
() C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe
() C:\Users\blazenka\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
() C:\Program Files (x86)\AVG\AVG2014\Tuneup\TUMicroScanner.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-14] (Hewlett-Packard)
HKU\S-1-5-21-3547577286-1312905905-4102300773-1002\...\Run: [GoogleChromeAutoLaunch_31D98E503932436E616FB2C060CD45B0] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866584 2014-01-22] (Google Inc.)
HKU\S-1-5-21-3547577286-1312905905-4102300773-1002\...\Run: [Power2GoExpress8] - NA
HKU\S-1-5-21-3547577286-1312905905-4102300773-1002\...\Run: [AVG-Secure-Search-Update_0214c] - C:\Users\blazenka\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe [2548248 2014-01-28] ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: osf-roaming - {C57E9882-B128-4E07-BA2D-FF83B8989C76} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: osf-roaming - No CLSID Value - 
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
 
FireFox:
========
FF ProfilePath: C:\Users\blazenka\AppData\Roaming\Mozilla\Firefox\Profiles\gts4z1hc.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @microsoft.com/Office on Demand;version=1 - C:\Users\blazenka\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
 
Chrome: 
=======
CHR DefaultSearchKeyword: mysearch.avg.com
CHR DefaultSearchProvider: AVG Secure Search
CHR DefaultSearchURL: http://mysearch.avg.com/search?cid={FF3DB1F2-CBB2-4898-B1C2-E8537D0E2BC5}&mid=f45608c4c34547d39d3ea50fe62e2575-84c6286726a1d468d4878c021bfa68b8b77f8690&lang=en&ds=AVG&pr=pr&d=2013-08-25 11:32:51&v=15.4.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
CHR DefaultNewTabURL: 
CHR Extension: (AdBlock) - C:\Users\blazenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-31]
CHR Extension: (Google Wallet) - C:\Users\blazenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKCU\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\blazenka\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-04-25]
CHR HKCU\...\Chrome\Extension: [ppppebhepbpibjjecehmkoipieddjeff] - C:\Users\blazenka\AppData\Local\CRE\ppppebhepbpibjjecehmkoipieddjeff.crx [2013-04-23]
CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\blazenka\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-04-25]
CHR HKLM-x32\...\Chrome\Extension: [ppppebhepbpibjjecehmkoipieddjeff] - C:\Users\blazenka\AppData\Local\CRE\ppppebhepbpibjjecehmkoipieddjeff.crx [2013-04-23]
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-13] (Advanced Micro Devices, Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-12-23] (Realtek Semiconductor)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)
S2 vToolbarUpdater17.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-12-24] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-10-21] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288328 2014-01-14] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-Packard Development Company, L.P.)
S5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-19] (Microsoft Corporation)
S4 Avgfwfd; \SystemRoot\system32\DRIVERS\avgfwd6a.sys [x]
 
========================== Drivers MD5 =======================
 
C:\Windows\System32\drivers\1394ohci.sys E890C46E4754F0DF51BAFCC8D2E07498
C:\Windows\System32\drivers\3ware.sys 4F18D4C7EA14F11A7211F60D553C03DB
C:\Windows\System32\drivers\ACPI.sys 975AABEB243B800C23626D6B652C5A9C
C:\Windows\System32\Drivers\acpiex.sys DC968C37822117E576B933F34A2D130C
C:\Windows\System32\drivers\acpipagr.sys 0CA9F7C3A78227C21A0A7854E245CFB2
C:\Windows\System32\drivers\acpipmi.sys 8EB8DA03B142D3DD1EB9ED8107A76C43
C:\Windows\System32\drivers\acpitime.sys CBCE725C5D86ABA7D2604E22951AA9B8
C:\Windows\System32\drivers\adp94xx.sys 93C6388592B99925C1D1576E465BC80F
C:\Windows\System32\drivers\adpahci.sys D27763E0247292654E7F7D16444C7C72
C:\Windows\System32\drivers\adpu320.sys 67B90070FF48F794AF19F9FCF0080D75
C:\Windows\system32\drivers\afd.sys 7C0E0EDF18D6CC565D7BFBB451709FA5
C:\Windows\System32\drivers\agp440.sys 01590377A5AB19E792528C628A2A68F9
C:\Windows\System32\drivers\amdk8.sys 5A81054B824004B1ECC04F0034A1CDF9
C:\Windows\system32\DRIVERS\atikmdag.sys 7C4F11E0AE9902A5ED3B05ED3103CA4A
C:\Windows\system32\DRIVERS\atikmpag.sys 5C07D8AE4838E6963C8E12CF47732393
C:\Windows\System32\drivers\amdppm.sys B849D453E644FAB9BC8EF6DC8CA9C4C6
C:\Windows\System32\drivers\amdsata.sys 35A0EB5AECB0FA3C41A2FB514A562304
C:\Windows\System32\drivers\amdsbs.sys 00452671904F5EE94B50BF0219C97164
C:\Windows\System32\drivers\amdxata.sys EA3FFE53E92E59C87E3ECA9BEB20D9B7
C:\Windows\System32\drivers\amd_sata.sys 0E6F9683928F99DF16E0E7924E4807D9
C:\Windows\System32\drivers\amd_xata.sys F9254DE6FA0A2782A4810726F2D677EF
C:\Windows\system32\drivers\appid.sys 83B3682CE922FB0F415734B26D9D6233
C:\Windows\System32\drivers\arc.sys E933401B392387F4BE34DE8BAF1722A7
C:\Windows\System32\drivers\arcsas.sys 07CA323EF2E8247A568AB0F3662AD644
C:\Windows\System32\DRIVERS\asyncmac.sys 74DBAEC35366C4EE7670428808715A6A
C:\Windows\System32\drivers\atapi.sys A721FF570C2387E383BDDEA9632863C9
C:\Windows\system32\DRIVERS\athw8x.sys A34167BD20D771B8E68F2C41CC85168C
C:\Windows\system32\drivers\AtihdW86.sys 005D1AA28FFAA7FB327842B3CAFF726E
C:\Windows\System32\DRIVERS\avgboota.sys 4EB2E8EE8BA47B58E08B67139C31CB41
C:\Windows\System32\DRIVERS\avgdiska.sys 27CA53E91543B800E16129BCEC3247AD
C:\Windows\System32\DRIVERS\avgidsdrivera.sys 57250DDDE2523115D0927DBBA745F9FA
C:\Windows\System32\DRIVERS\avgidsha.sys 19AD820FC44AA71EDD1BC70B6E3F36B0
C:\Windows\System32\DRIVERS\avgldx64.sys 4BE8BB177B4C2BC3564845EF6D1073F1
C:\Windows\System32\DRIVERS\avgloga.sys D3772CC086FB81F76B5A82C85E1C7C8E
C:\Windows\System32\DRIVERS\avgmfx64.sys A0BCE5DC2C1F1EE5C1CA19A33375AC23
C:\Windows\System32\DRIVERS\avgrkx64.sys 12FAAF366975B2BF2E93F1866C0E480D
C:\Windows\system32\DRIVERS\avgwfpa.sys 94DCBB875A66685C934EE6E3D71A3452
C:\Windows\System32\drivers\bxvbda.sys 87AB5BB072A3F128541D5B815F82FFDD
C:\Windows\System32\drivers\BasicDisplay.sys 81703BC5D68DEDBB086C2368FBE7B334
C:\Windows\System32\drivers\BasicRender.sys 5EC68164E14D25675C98BBB5F09E8606
C:\Windows\System32\Drivers\Beep.sys 9E7AEA59776D904607985AFFE7E5E183
C:\Windows\System32\DRIVERS\bowser.sys B17AC10B47C7FCB44D22A1F06415840E
C:\Windows\System32\drivers\BthAvrcpTg.sys 6695200F455E251F0BCC9CE4D0978D59
C:\Windows\System32\drivers\bthhfenum.sys 616EB8748C988AEE98D93DA141C3D3B4
C:\Windows\System32\drivers\BthHFHid.sys DCB4EBD928A6FB368BE6CAE522412DE1
C:\Windows\System32\drivers\bthmodem.sys 033916CE8784A848B9A3D686B7F66D97
C:\Windows\System32\DRIVERS\cdfs.sys 990B1BABE6E81FB18E65A87EBEFB1772
C:\Windows\System32\drivers\cdrom.sys 339BFF85D788268752DA8C9644B188EE
C:\Windows\System32\drivers\circlass.sys F64B7D1A37CC1D5F421D5359EEC81E2E
C:\Windows\System32\drivers\CLFS.sys 9905168708DB68849B879B5548F68AB3
C:\Windows\system32\DRIVERS\CLVirtualDrive.sys 075CCE75090786F124573A788C8656E6
C:\Windows\System32\drivers\CmBatt.sys 2DC8538A2260647484A6C921CA837313
C:\Windows\System32\Drivers\cng.sys E708BFF0473EC6B271EA46B65B16CA56
C:\Windows\System32\drivers\CompositeBus.sys 0E5B1E9E7122EDAAF1F6CE047965CA92
C:\Windows\System32\drivers\condrv.sys D9CB0782AF819548072AA45B70F8B22D
C:\Windows\System32\drivers\dam.sys FAEF4C245BE832DB41B15DAAC336AFB7
C:\Windows\system32\DRIVERS\dc3d.sys C6E1C081C0849E08FECEC18DF73B10C4
C:\Windows\System32\Drivers\dfsc.sys 09D9EB9E7898F8E6561473A20CC808B9
C:\Windows\System32\drivers\discache.sys 3C736FAE17BA6F91BA37594AAB139CD0
C:\Windows\System32\drivers\disk.sys AE3786294CC246A5403783E1B86A0168
C:\Windows\System32\drivers\dmvsc.sys 82A7C72593793FE1EADA7A305BD1567A
C:\Windows\system32\drivers\drmkaud.sys 9C7C183F937951AE17C5B8B3259CF3FF
C:\Windows\System32\drivers\dxgkrnl.sys E6AF4DF1817953D73C519B17CF849756
C:\Windows\System32\drivers\evbda.sys 5AB97B3282D7D6114949D1EB5C8598E4
C:\Windows\System32\drivers\EhStorClass.sys 66D60BD9A4C05616ABECA2A901475098
C:\Windows\System32\drivers\EhStorTcgDrv.sys A61D0F543024E458C0FE32352E1978E2
C:\Windows\System32\drivers\errdev.sys D790D058D67582DB9C84C2D33695FE6B
C:\Windows\System32\Drivers\exfat.sys 7A4D6FEB8C52B3FE855E4DCDF9107E03
C:\Windows\System32\Drivers\fastfat.sys 60996602A7111FD2D086E803F33E4282
C:\Windows\System32\drivers\fdc.sys 73B2D11DF0B6E03A0CB0323218ACB3E4
C:\Windows\System32\drivers\fileinfo.sys 88A9EBACD1058ABB237A6B4E96E7F397
C:\Windows\System32\drivers\filetrace.sys 9E4EE3A0B00FF7D5F42A4AF9744CBA02
C:\Windows\System32\drivers\flpydisk.sys B1D4C168FF7B8579E3745888658FFB1D
C:\Windows\System32\drivers\fltmgr.sys B33EC133AE4E6C1881D2302D93D2467D
C:\Windows\System32\drivers\FsDepends.sys A5F7873A39E4E9FAAAE59B7E9E36B705
C:\Windows\System32\Drivers\Fs_Rec.sys A6DD7D491F587F4BC13FB972977DC8E8
C:\Windows\System32\DRIVERS\fvevol.sys C1646A95EAC515F60CDB2A7A8A013C1E
C:\Windows\System32\drivers\fxppm.sys A969D92973DFA895E7776B4BFE36DBB2
C:\Windows\System32\drivers\gagp30kx.sys 52BC441E07A827EBAB70CDC7EAEDB28D
C:\Windows\System32\drivers\vmgencounter.sys 721F8EEF5E9747F32670DEFF7FB92541
C:\Windows\System32\Drivers\msgpioclx.sys FC2B8B06BDBD3B6457F5A3DA9AD2410E
C:\Windows\system32\drivers\HdAudio.sys 630555943E5A3FE21010CE91EC7FC84F
C:\Windows\System32\drivers\HDAudBus.sys 7D87B5B6C7188D553E11B59DC7F0B111
C:\Windows\System32\drivers\HidBatt.sys 3F76BBA53D65E85A7F53E7A71082082C
C:\Windows\System32\drivers\hidbth.sys 085F150D002B7F0153D3C06DDF33A143
C:\Windows\System32\drivers\hidi2c.sys CC4A07E51D89575CAB6F4EB590D87CD4
C:\Windows\System32\drivers\hidir.sys DC96F7DACB777CDEAEF9958A50BFDA06
C:\Windows\System32\drivers\hidusb.sys 012C354B4AB48E9A7A657DF39E3A2073
C:\Windows\System32\drivers\HpSAMD.sys 64DB7A8D97CA53DCCF93D0A1E08342CF
C:\Windows\System32\drivers\HTTP.sys F4A91D985EB9D1D2717D538F3424603C
C:\Windows\System32\drivers\hwpolicy.sys 2A98301068801700906C06649860FE94
C:\Windows\System32\drivers\hyperkbd.sys DC76901D82097C9E297F20C287CB9A27
C:\Windows\system32\DRIVERS\HyperVideo.sys 716413AB3CA12DE0A7222D28C1C9352C
C:\Windows\System32\drivers\i8042prt.sys C9E9CBF73AFFBFE3E801EFB516787BA3
C:\Windows\System32\drivers\iaStorA.sys 050F2539E14F9D5E90A4B61738EC29BD
C:\Windows\System32\drivers\iaStorV.sys 5E394EBD26FD68AA9300332C46BEDD62
C:\Windows\system32\DRIVERS\igdkmd64.sys 83915E05E168AB63B48302F7DC5D8E00
C:\Windows\System32\drivers\iirsp.sys 24847A06B84339FEEDE5CABF3D27D320
C:\Windows\system32\drivers\RTKVHD64.sys 6C7970A8E0546A4D9466E0045C7DB199
C:\Windows\System32\drivers\intelide.sys 4F37726CF764CA18A8A84F85EF3A7F24
C:\Windows\System32\drivers\intelppm.sys E15CDF68DD73423F15D4AC404793AF0D
C:\Windows\System32\DRIVERS\ipfltdrv.sys 8FCA66234A0933D796BB780B7953BAB9
C:\Windows\System32\drivers\IPMIDrv.sys 6E98A046A12AA113F8898AA5D612BD6E
C:\Windows\System32\drivers\ipnat.sys 3969B9C218DD3FAA9F4ED2FFC3651C02
C:\Windows\System32\drivers\irenum.sys 25CD7C4BB2863FFC2B0B311F0AEBF77C
C:\Windows\System32\drivers\isapnp.sys D940C5BB9DC92E588533C19ABCC3D2C2
C:\Windows\System32\drivers\msiscsi.sys 69C8BF0BC2B0EA10F130F4D3104DC2EF
C:\Windows\System32\drivers\kbdclass.sys 8FBD94B69D6423E20ABCD59D86368B21
C:\Windows\System32\drivers\kbdhid.sys E88C932ABDF8185A62C8F2FC7B051FB6
C:\Windows\system32\DRIVERS\kdnic.sys FB6C185092E18011EF49989425C2AA87
C:\Windows\System32\Drivers\ksecdd.sys DFA480F6DED551464F3A5B959F437800
C:\Windows\System32\Drivers\ksecpkg.sys 127FB0AAD232BAAD2C9BBACD374F4FC5
C:\Windows\system32\drivers\ksthunk.sys 81492FEEBF2F26455B00EE8DBAE8A1B0
C:\Windows\system32\DRIVERS\lltdio.sys CEEFD29FC551F289810B0B9381B321DC
C:\Windows\System32\drivers\lsi_sas.sys 022CDD12161B063D7852B1075BF3FFF2
C:\Windows\System32\drivers\lsi_sas2.sys 07AD59D669B996F29F91817F0ECFA34F
C:\Windows\System32\drivers\lsi_scsi.sys 216FB796AA4E252ACCE93B1BCB80B5EC
C:\Windows\System32\drivers\lsi_sss.sys 5E80530AF37102488EE980B4A92AF99F
C:\Windows\system32\drivers\luafv.sys 2BDC5D711FA61307CE6190D47C956368
C:\Windows\System32\drivers\megasas.sys 9B0D829C3BE4E7472DB9DD2B79908E3C
C:\Windows\System32\drivers\MegaSR.sys ECC3F54C7AFC318271C4F0B4606D8DB0
C:\Windows\System32\drivers\modem.sys 780098AD5DA8A4822E2563984C85EF7B
C:\Windows\System32\drivers\monitor.sys EA8EAD3F5B762F889CC7F3966625B48B
C:\Windows\System32\drivers\mouclass.sys 618446B98C79776654340CE27C73485E
C:\Windows\System32\drivers\mouhid.sys C0ADEBED913295803B579ED288936CBB
C:\Windows\System32\drivers\mountmgr.sys 89D263DBF08119CE16273991C120D6DD
C:\Windows\System32\drivers\mpsdrv.sys 4CCBBD4944777CA100B9A6C2F149A46F
C:\Windows\system32\drivers\mrxdav.sys 3D70147F55F1EC84EB9139ED7FFE48BC
C:\Windows\System32\DRIVERS\mrxsmb.sys 93179D48066918323628CB016D8C94DC
C:\Windows\System32\DRIVERS\mrxsmb10.sys 06D5F2FA3C61E8EA91648EA8E9F99FD3
C:\Windows\System32\DRIVERS\mrxsmb20.sys 5C7DD2E5759FFCCD2C7341C1B90F2B26
C:\Windows\system32\DRIVERS\bridge.sys 98487487D6B3797CA927E9D7B030AE13
C:\Windows\System32\Drivers\Msfs.sys 3886F1F2A4D2900ABAA7E4486BEEE6A2
C:\Windows\System32\drivers\msgpiowin32.sys C32A7A39B960A42BA9D4FBE47213CA03
C:\Windows\System32\drivers\mshidkmdf.sys D3857A767B91A061B408CCAB02DA4F40
C:\Windows\System32\drivers\mshidumdf.sys 839B48910FB1E887635C48F3EC11A05E
C:\Windows\System32\drivers\msisadrv.sys 55C0DB741E3AB7463242B185B1C2997C
C:\Windows\system32\drivers\MSKSSRV.sys 509809566E49F4411055864EA8D437CD
C:\Windows\system32\DRIVERS\mslldp.sys 63145201D6458E4958E572E7D6FC2604
C:\Windows\system32\drivers\MSPCLOCK.sys 99D526E803DB6D7FF290FD98B6204641
C:\Windows\system32\drivers\MSPQM.sys 06FA77C3E2A491ADCD704C5E73006269
C:\Windows\System32\Drivers\MsRPC.sys E134EC4DE11CF78CB01432D180710D84
C:\Windows\System32\drivers\mssmbios.sys B5AECF12F09DEE97C9FCAA5BA016CE1E
C:\Windows\system32\drivers\MSTEE.sys 72D66A05E0F99F2528F6C6204FD22AA1
C:\Windows\System32\drivers\MTConfig.sys 8AAAE399FC255FA105D4158CBA289001
C:\Windows\System32\Drivers\mup.sys 3BCB702F3E6CC622DCAFCAA45D7CDE0A
C:\Windows\System32\drivers\mvumis.sys 3A1E095277BBD406CEA8EA6B76950664
C:\Windows\system32\DRIVERS\nwifi.sys 43D7388A90A4C6EA346A4D6FF0377479
C:\Windows\System32\drivers\ndis.sys A10E176F3B2BF83EDE7B5C4658C93B66
C:\Windows\system32\DRIVERS\ndiscap.sys 39C8A1D9D46F5E83A016BCAB72455284
C:\Windows\system32\DRIVERS\NdisImPlatform.sys 762941932B7E4C588E48A577BA9D6440
C:\Windows\system32\DRIVERS\ndistapi.sys 7A6F8A6D0E01432EBA294EF29CDD0FA7
C:\Windows\system32\DRIVERS\ndisuio.sys 79AB68BB3FFF974AD4F41FA559F4EC67
C:\Windows\system32\DRIVERS\ndiswan.sys 62C7DBF4F9301F76CF87D4B9D8F57BF8
C:\Windows\system32\DRIVERS\ndiswan.sys 62C7DBF4F9301F76CF87D4B9D8F57BF8
C:\Windows\System32\Drivers\NDProxy.sys 3730942D7DB2F8BB5F84542B7FF6F650
C:\Windows\System32\drivers\Ndu.sys D3F60A4345FCA9C1BE68AD7D0D6DE770
C:\Windows\System32\DRIVERS\netbios.sys 7C203A76394F9AE68F69EEE5F9612C4A
C:\Windows\System32\DRIVERS\netbt.sys 7CEC25C682D319D484630B3952C31A11
C:\Windows\System32\drivers\nfrd960.sys 12DD2800E4EEA37DC9AE256AD62423B4
C:\Windows\System32\Drivers\Npfs.sys 17E19A742FB30C002F8B43575451DBE1
C:\Windows\System32\drivers\npsvctrig.sys 8ED299C30792544264E558BEA79F0947
C:\Windows\System32\drivers\nsiproxy.sys 689B3B1E95C70ABF7AFF29F9406EF1E0
C:\Windows\System32\Drivers\Ntfs.sys 76929F4A69E425911A63B407E26C2589
C:\Windows\System32\drivers\NuidFltr.sys 189B73C24B70641C0E7ECBB866E0B1E5
C:\Windows\System32\Drivers\Null.sys 4163ADE07DB51843AE31F65B94F5398D
C:\Windows\System32\drivers\nvraid.sys D6D34118263412D3AAA8348A9572B7F2
C:\Windows\System32\drivers\nvstor.sys 27AFC428D1D32ABD04A86763A4EDDEA9
C:\Windows\System32\drivers\nv_agp.sys 051CFB5107BAAE510419BDC41F8C4036
C:\Windows\System32\drivers\parport.sys 4563DAF8C6A740AD7F501E219BD10766
C:\Windows\System32\drivers\partmgr.sys D6ACCF9F2EEEEA711C14EFD976E573F3
C:\Windows\System32\drivers\pci.sys 4A003E8F718C1E6A2050CA98CD53E3E2
C:\Windows\System32\drivers\pciide.sys F9908D274D458220F91E89B54D78D837
C:\Windows\System32\drivers\pcmcia.sys 84D19CB6102627932DCB5DFDF89FE269
C:\Windows\System32\drivers\pcw.sys CEBBAD5391C2644560C55628A40BFD27
C:\Windows\System32\drivers\pdc.sys 0698DEDEAD6A00AD0D468C687D830FBF
C:\Windows\System32\drivers\peauth.sys 61FE70659CD43E07F94DA4DC31DEC493
C:\Windows\System32\drivers\point64.sys 520D48ECB54A33821C95EE496A4235AF
C:\Windows\system32\DRIVERS\raspptp.sys 362D47E5B4D67270DE4B8606036F4ADD
C:\Windows\System32\drivers\processr.sys DD979EB6A7212F60E4AFBE96EDC7AE6D
C:\Windows\system32\DRIVERS\pacer.sys EB8034147D4820CD31BFCB11A2A652DF
C:\Windows\system32\drivers\qwavedrv.sys 13D47BB0CCA2FC51BD15F8E85C6A078E
C:\Windows\System32\DRIVERS\rasacd.sys 873C60F8178100557740A832FCE10B5F
C:\Windows\system32\DRIVERS\AgileVpn.sys 69B93F623B130976243ECA3D84CC99CA
C:\Windows\system32\DRIVERS\rasl2tp.sys A14D625C5AEE5FFE0F47D1A1D419FAAE
C:\Windows\system32\DRIVERS\raspppoe.sys 00695B9C2DB6111064499C529E90C042
C:\Windows\system32\DRIVERS\rassstp.sys A7F24D8CD1956B0A1FDCB86CC5114DE4
C:\Windows\System32\DRIVERS\rdbss.sys CA03D642ACE58E1BA54E4B383F91CD69
C:\Windows\System32\drivers\rdpbus.sys CA7DF5EC95D8DE0DD24BE7FF97369F68
C:\Windows\System32\drivers\rdpdr.sys B2A3AD74FF2E2FFA73AF2567108231B3
C:\Windows\System32\drivers\rdpvideominiport.sys 57F4787E4602A3FCA719C0A33137C6DA
C:\Windows\System32\Drivers\RDPWD.sys B3CB0721E81E30419CE7D837EF4EA151
C:\Windows\System32\drivers\rdyboost.sys 62C1F8A0685FE07E998AA296C4F697C4
C:\Windows\system32\DRIVERS\RtsP2Stor.sys 60BCF0F09DD963D0F89F571F9D1EB8C1
C:\Windows\system32\DRIVERS\rspndr.sys E04E770DD198B9399640717145E79EBF
C:\Windows\system32\DRIVERS\Rt630x64.sys D2768897FCEA8EEFAD3D69BAC9DC4180
C:\Windows\System32\drivers\vms3cap.sys 752EC7DCD2F96871A3857EEE6AFE965A
C:\Windows\System32\drivers\sbp2port.sys 9C7B28CE0D136DB226E24DB3BC817F92
C:\Windows\System32\DRIVERS\scfilter.sys 5D7733A12756B267FCA021672B26BC9E
C:\Windows\System32\drivers\sdbus.sys F58B030A0664385C707B8C1C63682041
C:\Windows\System32\drivers\sdstor.sys BB107AA9980B0DA4E19A3A90C3BD4460
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\SerCx.sys 87C46B239A7EEF30FDFDD5E9BD46130C
C:\Windows\System32\drivers\serenum.sys 7A1F9347C85FD55E39B8A76B3A25C5AD
C:\Windows\System32\drivers\serial.sys F640A0A218BBF857F1D04A15D7D939F6
C:\Windows\System32\drivers\sermouse.sys F1A5F56B2620B862CC28FF96A0A6DAAB
C:\Windows\System32\drivers\sfloppy.sys 7EE65419B29302C795714FF8073969A1
C:\Windows\System32\drivers\SiSRaid2.sys 2560721D6F16D5B611C36A3A9D28C1B2
C:\Windows\System32\drivers\sisraid4.sys 3AA8FDE1DBF65BB8B88B053529554A0D
C:\Windows\System32\drivers\Smb_driver_AMDASF.sys AF5CC3F9B88F140D78FC967ABF0F4EC7
C:\Windows\System32\drivers\Smb_driver_Intel.sys 19555D03CB179BED8B8AAA239A36BDA4
C:\Windows\System32\drivers\spaceport.sys 9110193D93960E38B8692E4519C75D72
C:\Windows\System32\drivers\SpbCx.sys 3D8679C8DF52EB26EB7583A4E0A29202
C:\Windows\System32\DRIVERS\srv.sys 0F1FCD575A03ABDE13FCA9D0ADE4DDA6
C:\Windows\System32\DRIVERS\srv2.sys 56218A571ECF8D55E0CDFF8DF2546CF1
C:\Windows\System32\DRIVERS\srvnet.sys 14FC338B80CFF7E04215133B568D15C4
C:\Windows\System32\drivers\stexstor.sys 4E85355B94CFCB67C135F6521A4895A7
C:\Windows\System32\drivers\storahci.sys B240874B2CA0CD02E8CD11E140B14C57
C:\Windows\System32\DRIVERS\vmstorfl.sys F74DBC95A57B1EE866D3732EB5F79BE2
C:\Windows\System32\drivers\storvsc.sys 543CD3CC0E05B8D8815E0D4F040B6F59
C:\Windows\System32\drivers\swenum.sys 4AFD66AAE74FFB5986BC240744DC5FC9
C:\Windows\system32\DRIVERS\SynTP.sys 1C9BC67929C728DED1091CA19C3F7D41
C:\Windows\System32\drivers\tcpip.sys 37D85E873C9531A2F88DD9C63D3F8A9E
C:\Windows\system32\DRIVERS\tcpip.sys 37D85E873C9531A2F88DD9C63D3F8A9E
C:\Windows\System32\drivers\tcpipreg.sys 8F2A13A5DF99D72FDDE87F502A66F989
C:\Windows\System32\DRIVERS\tdx.sys 73DC722CE5DF26D7638CE2446F2655C7
C:\Windows\System32\drivers\terminpt.sys F7C8AB5D8AFFAA318D6A21093D139BF4
C:\Windows\system32\drivers\tpm.sys E94F7A7B48C7638D1F3F8089344C97B7
C:\Windows\System32\drivers\tsusbflt.sys 4E7C5FB10A50435523DE0CAA37DE2BD3
C:\Windows\System32\drivers\TsUsbGD.sys 16D684A820872EE54F6370703AC0B513
C:\Windows\system32\DRIVERS\tunnel.sys 78C9EE193AC2B4CBDBC48B620314D740
C:\Windows\System32\drivers\uagp35.sys 6D4F67CA56ACA2085DFA2CD89EAFBC1A
C:\Windows\System32\drivers\uaspstor.sys 6FD6D03B7752C78712E5CFF29A305026
C:\Windows\System32\drivers\ucx01000.sys 061BA3EE0D2BE17944990544008CF190
C:\Windows\System32\DRIVERS\udfs.sys 25C50F4EDF70D0A831E0566BD181CCF2
C:\Windows\System32\drivers\uliagpkx.sys 07FEBCDF24FABA0D47B635D85A0FFB7A
C:\Windows\System32\drivers\umbus.sys 02CEB3FE6152668A7BA420B93B664860
C:\Windows\System32\drivers\umpass.sys 991EE6B5FC41EAEF99C8AF5B92F2CA09
C:\Windows\System32\drivers\usbccgp.sys C976C4306F9AE133D6BBD47FDFC3BF92
C:\Windows\System32\drivers\usbcir.sys 427B6DB8C05A5A977E8C3525370A2595
C:\Windows\System32\drivers\usbehci.sys B24FDEB1B18496F1B463782235AA3AF1
C:\Windows\system32\DRIVERS\usbfilter.sys 504901430B6E03B99EBB6BF26E0868C6
C:\Windows\System32\drivers\usbhub.sys F8C2A832DF9403F5EA8080CBDBDA95FB
C:\Windows\System32\drivers\UsbHub3.sys E5F7328B1D29BCE791862CD3C0DD382A
C:\Windows\System32\drivers\usbohci.sys 325F6179009B5A7F6118951A5BA422AB
C:\Windows\System32\drivers\usbprint.sys 9FDBA6982582A6F2354144980F641E7B
C:\Windows\System32\drivers\USBSTOR.SYS BFC7FE4AAEB61317A921871B4085EF4B
C:\Windows\System32\drivers\usbuhci.sys 1ABF657259DB57F7E5558E4DF1357C0C
C:\Windows\System32\Drivers\usbvideo.sys 9EF7C01D3ACCBC243B5CB1A95865B2FF
C:\Windows\System32\drivers\USBXHCI.SYS 8DC398D7B8E02C929A2096E74A170970
C:\Windows\System32\drivers\vdrvroot.sys BACECBFF9C97F7627A60B0E0F1FE7EE8
C:\Windows\System32\drivers\VerifierExt.sys 74FA2D4368DE6F6CE14393EDF1F342BE
C:\Windows\System32\drivers\vhdmp.sys 500BE6B2E49883720D0AE8BB859ED7A3
C:\Windows\System32\drivers\viaide.sys F5B4A14B00E89250C50982AC762DDD1D
C:\Windows\System32\drivers\vmbus.sys 78DB50F7329F6D1311658DABFFFC8BE0
C:\Windows\System32\drivers\VMBusHID.sys ECFEE2F2BA3932C7880D1A8F67D68F91
C:\Windows\System32\drivers\volmgr.sys CB60FAAED8B49B812EBBF77EB87D9B18
C:\Windows\System32\drivers\volmgrx.sys A74101DA9809251BCD0E5A26BAE0F824
C:\Windows\System32\drivers\volsnap.sys 78A5BBA3819FFFC62FFEC3E2220D102D
C:\Windows\System32\drivers\vpci.sys A8DA1C1B52ECEA3726DEBED4FF1B700D
C:\Windows\System32\drivers\vsmraid.sys 38A60CD9C009C55C6D3B5586F8E6A353
C:\Windows\System32\drivers\vstxraid.sys A0F6FE0FC2F647C22BBFD6BD4249DBCC
C:\Windows\System32\drivers\vwifibus.sys 62460A45435A26A334907E3F2EA45611
C:\Windows\system32\DRIVERS\vwififlt.sys 095E943D27025E4D588AF0A72CC2318F
C:\Windows\system32\DRIVERS\vwifimp.sys 73FA1A41A97A5C34ADC03B3577FF1A86
C:\Windows\System32\drivers\wacompen.sys 6B806E893714019969E2B50D7EF6A4D9
C:\Windows\system32\DRIVERS\wanarp.sys 61F6972FF9AC9A8D0B4D62076DC30051
C:\Windows\system32\DRIVERS\wanarp.sys 61F6972FF9AC9A8D0B4D62076DC30051
C:\Windows\System32\drivers\wd.sys B3A4D918DAB90505B6BC7B70632913CB
C:\Windows\system32\drivers\WdBoot.sys FD47DF026B32969B8A68721A0243E8EE
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\system32\drivers\WdFilter.sys 5F425D842DD6ADE9F95A51A0616AFAD7
C:\Windows\System32\DRIVERS\wfplwfs.sys 44BB9C31E6242C4BD1CE7C2B440C2533
C:\Windows\System32\drivers\wimmount.sys A3C7624A42A3447EF5EDD1ED37FE4E60
C:\Windows\System32\drivers\WirelessButtonDriver64.sys 4F2A80D65AE6F845776E2F06AE6782ED
C:\Windows\System32\drivers\wmiacpi.sys E2A596CACFC6504306CDB7B593B90084
C:\Windows\System32\DRIVERS\wpcfltr.sys C6FF953D5D6F2EAE3B8883474D5076B3
C:\Windows\System32\drivers\WpdUpFltr.sys 0346CAFC181C91C6E2330332EB332ED6
C:\Windows\system32\drivers\ws2ifsl.sys BC8B5CB336E63BB25EAD1CE8EDD34B81
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\drivers\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\system32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-01 12:25 - 2014-02-01 12:26 - 00036609 _____ () C:\Users\blazenka\Desktop\FRST.txt
2014-02-01 12:24 - 2014-02-01 12:24 - 01137152 _____ (Farbar) C:\Users\blazenka\Downloads\FRST.exe
2014-01-29 13:04 - 2014-01-29 13:04 - 00002886 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_DELETE
2014-01-29 13:04 - 2014-01-29 13:04 - 00002648 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK
2014-01-29 13:04 - 2014-01-29 13:04 - 00000402 _____ () C:\Windows\Tasks\AVG_SYS_TASK_DELETE.job
2014-01-29 13:04 - 2014-01-29 13:04 - 00000374 _____ () C:\Windows\Tasks\AVG_SYS_TASK.job
2014-01-29 13:04 - 2014-01-29 13:04 - 00000000 ____D () C:\Users\blazenka\AppData\Roaming\AVG 0214c Campaign
2014-01-29 13:03 - 2014-01-29 13:04 - 00000000 ____D () C:\ProgramData\AVG 0214c Campaign
2014-01-21 19:39 - 2014-01-21 19:39 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-21 19:39 - 2014-01-21 19:39 - 00000000 ____D () C:\Users\blazenka\AppData\Roaming\Mozilla
2014-01-21 19:39 - 2014-01-21 19:39 - 00000000 ____D () C:\Users\blazenka\AppData\Local\Mozilla
2014-01-21 19:39 - 2014-01-21 19:39 - 00000000 ____D () C:\ProgramData\Mozilla
2014-01-21 19:39 - 2014-01-21 19:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-21 19:38 - 2014-01-21 19:38 - 00282992 _____ (Mozilla) C:\Users\blazenka\Downloads\Firefox Setup Stub 26.0.exe
2014-01-20 21:21 - 2014-02-01 09:24 - 00003172 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForblazenka
2014-01-20 21:21 - 2014-02-01 09:24 - 00000352 _____ () C:\Windows\Tasks\HPCeeScheduleForblazenka.job
2014-01-17 14:56 - 2014-01-17 14:56 - 00032800 _____ () C:\Users\blazenka\Downloads\WRT54GV2_v4.21.5.cfg
2014-01-17 14:43 - 2014-01-17 14:43 - 00032800 _____ () C:\Users\blazenka\Downloads\WRT54GV2_v4.21.1 (1).cfg
2014-01-17 14:38 - 2014-01-17 14:38 - 03363840 _____ () C:\Users\blazenka\Downloads\FW_WRT54Gv4_4.21.5.000_20120220.bin
2014-01-17 14:04 - 2014-01-17 14:04 - 00032800 _____ () C:\Users\blazenka\Downloads\WRT54GV2_v4.21.1.cfg
2014-01-15 21:48 - 2013-12-06 23:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-01-15 21:48 - 2013-12-06 23:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 21:48 - 2013-12-06 22:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-01-15 21:48 - 2013-12-06 22:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-14 20:13 - 2013-10-30 22:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-01-14 20:13 - 2013-10-30 22:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2014-01-14 20:13 - 2013-10-30 21:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2014-01-14 20:13 - 2013-10-30 20:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2014-01-14 20:13 - 2013-10-27 22:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-01-14 20:13 - 2013-10-27 21:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-01-14 20:13 - 2013-10-13 13:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-01-14 20:13 - 2013-08-26 22:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-01-14 20:13 - 2013-08-26 22:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-01-14 20:13 - 2013-08-26 15:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-01-14 20:13 - 2013-08-26 15:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-01-14 11:10 - 2014-01-14 11:10 - 00001059 _____ () C:\Users\Public\Desktop\HP Quick Start.lnk
2014-01-14 11:01 - 2014-01-17 10:22 - 00000000 ____D () C:\Windows\SysWOW64\sda
2014-01-07 08:59 - 2014-01-07 08:59 - 00760032 _____ (Realtek ) C:\Windows\system32\Drivers\Rt630x64.sys
2014-01-07 08:59 - 2014-01-07 08:59 - 00074344 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-01-06 11:38 - 2014-01-06 11:38 - 00339819 _____ () C:\Users\blazenka\Downloads\watch_later (2)
2014-01-06 11:38 - 2014-01-06 11:38 - 00339819 _____ () C:\Users\blazenka\Downloads\watch_later (1)
2014-01-06 11:38 - 2014-01-06 11:38 - 00339819 _____ () C:\Users\blazenka\Downloads\watch_later
 
==================== One Month Modified Files and Folders =======
 
2014-02-01 12:26 - 2014-02-01 12:25 - 00036609 _____ () C:\Users\blazenka\Desktop\FRST.txt
2014-02-01 12:25 - 2013-12-29 10:06 - 00000000 ____D () C:\Users\blazenka\Desktop\FRST-OlderVersion
2014-02-01 12:25 - 2013-12-27 15:19 - 00000000 ____D () C:\FRST
2014-02-01 12:25 - 2013-12-27 15:18 - 02080256 _____ (Farbar) C:\Users\blazenka\Desktop\FRST64.exe
2014-02-01 12:24 - 2014-02-01 12:24 - 01137152 _____ (Farbar) C:\Users\blazenka\Downloads\FRST.exe
2014-02-01 12:00 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\sru
2014-02-01 11:42 - 2013-04-12 11:26 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-01 11:10 - 2013-12-23 09:31 - 01596386 _____ () C:\Windows\WindowsUpdate.log
2014-02-01 09:24 - 2014-01-20 21:21 - 00003172 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForblazenka
2014-02-01 09:24 - 2014-01-20 21:21 - 00000352 _____ () C:\Windows\Tasks\HPCeeScheduleForblazenka.job
2014-02-01 09:24 - 2013-04-04 10:59 - 00000000 ____D () C:\Users\blazenka
2014-02-01 08:26 - 2013-06-04 10:46 - 00000000 ____D () C:\ProgramData\MFAData
2014-01-31 19:42 - 2013-04-12 11:26 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-31 17:41 - 2013-04-04 11:05 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9E64A51A-DB3D-441F-A269-29863588285E}
2014-01-31 17:39 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-01-29 13:08 - 2013-04-12 11:27 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-29 13:04 - 2014-01-29 13:04 - 00002886 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_DELETE
2014-01-29 13:04 - 2014-01-29 13:04 - 00002648 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK
2014-01-29 13:04 - 2014-01-29 13:04 - 00000402 _____ () C:\Windows\Tasks\AVG_SYS_TASK_DELETE.job
2014-01-29 13:04 - 2014-01-29 13:04 - 00000374 _____ () C:\Windows\Tasks\AVG_SYS_TASK.job
2014-01-29 13:04 - 2014-01-29 13:04 - 00000000 ____D () C:\Users\blazenka\AppData\Roaming\AVG 0214c Campaign
2014-01-29 13:04 - 2014-01-29 13:03 - 00000000 ____D () C:\ProgramData\AVG 0214c Campaign
2014-01-29 13:03 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-01-21 19:39 - 2014-01-21 19:39 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-21 19:39 - 2014-01-21 19:39 - 00000000 ____D () C:\Users\blazenka\AppData\Roaming\Mozilla
2014-01-21 19:39 - 2014-01-21 19:39 - 00000000 ____D () C:\Users\blazenka\AppData\Local\Mozilla
2014-01-21 19:39 - 2014-01-21 19:39 - 00000000 ____D () C:\ProgramData\Mozilla
2014-01-21 19:39 - 2014-01-21 19:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-21 19:39 - 2013-05-04 14:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-01-21 19:38 - 2014-01-21 19:38 - 00282992 _____ (Mozilla) C:\Users\blazenka\Downloads\Firefox Setup Stub 26.0.exe
2014-01-20 21:19 - 2013-04-19 12:19 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-01-20 21:18 - 2013-04-23 10:24 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-01-18 19:19 - 2013-12-04 19:35 - 00000000 ____D () C:\Users\blazenka\AppData\Roaming\vlc
2014-01-17 14:56 - 2014-01-17 14:56 - 00032800 _____ () C:\Users\blazenka\Downloads\WRT54GV2_v4.21.5.cfg
2014-01-17 14:43 - 2014-01-17 14:43 - 00032800 _____ () C:\Users\blazenka\Downloads\WRT54GV2_v4.21.1 (1).cfg
2014-01-17 14:38 - 2014-01-17 14:38 - 03363840 _____ () C:\Users\blazenka\Downloads\FW_WRT54Gv4_4.21.5.000_20120220.bin
2014-01-17 14:04 - 2014-01-17 14:04 - 00032800 _____ () C:\Users\blazenka\Downloads\WRT54GV2_v4.21.1.cfg
2014-01-17 13:24 - 2012-07-26 00:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-01-17 13:23 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-01-17 11:16 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-17 10:22 - 2014-01-14 11:01 - 00000000 ____D () C:\Windows\SysWOW64\sda
2014-01-17 10:22 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\WinStore
2014-01-17 10:22 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\Macromed
2014-01-17 10:22 - 2012-07-25 22:38 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-01-17 10:21 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\registration
2014-01-16 17:24 - 2013-12-01 18:44 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-16 17:24 - 2012-07-25 22:26 - 00000167 _____ () C:\Windows\win.ini
2014-01-16 17:23 - 2013-08-21 17:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 17:18 - 2013-04-08 12:35 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 21:23 - 2013-05-04 17:57 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-01-14 11:36 - 2013-03-11 07:16 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-01-14 11:36 - 2012-08-03 17:02 - 00000000 ____D () C:\SWSetup
2014-01-14 11:36 - 2012-06-13 19:24 - 09889352 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsP2StorIcon.dll
2014-01-14 11:36 - 2012-06-13 19:24 - 00288328 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsP2Stor.sys
2014-01-14 11:11 - 2012-08-17 11:00 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-01-14 11:10 - 2014-01-14 11:10 - 00001059 _____ () C:\Users\Public\Desktop\HP Quick Start.lnk
2014-01-14 11:09 - 2013-04-07 06:01 - 00000000 ____D () C:\Users\blazenka\AppData\Roaming\hpqlog
2014-01-14 11:01 - 2012-08-17 11:28 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-01-09 15:43 - 2013-04-07 06:02 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3547577286-1312905905-4102300773-1002
2014-01-09 01:02 - 2013-12-04 11:54 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-09 01:02 - 2013-12-04 11:54 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-07 08:59 - 2014-01-07 08:59 - 00760032 _____ (Realtek ) C:\Windows\system32\Drivers\Rt630x64.sys
2014-01-07 08:59 - 2014-01-07 08:59 - 00074344 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-01-07 08:57 - 2013-03-11 07:16 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-01-06 11:38 - 2014-01-06 11:38 - 00339819 _____ () C:\Users\blazenka\Downloads\watch_later (2)
2014-01-06 11:38 - 2014-01-06 11:38 - 00339819 _____ () C:\Users\blazenka\Downloads\watch_later (1)
2014-01-06 11:38 - 2014-01-06 11:38 - 00339819 _____ () C:\Users\blazenka\Downloads\watch_later
2014-01-04 11:41 - 2013-05-09 14:48 - 00000000 ____D () C:\Users\blazenka\Desktop\Blazini dokumenti
2014-01-02 22:45 - 2013-12-04 19:34 - 00001030 _____ () C:\Users\Public\Desktop\VLC media player.lnk
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-01-17 18:00
 
==================== End Of Log ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2014 04
Ran by blazenka at 2014-02-01 12:27:13
Running from C:\Users\blazenka\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.5.635 - Adobe Systems, Inc.)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2013.0313.2330.40379 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2013.0313.2330.40379 - Advanced Micro Devices, Inc.) Hidden
AVG 2014 (Version: 14.0.3684 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (Version: 2014.0.4259 - AVG Technologies)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0313.2330.40379 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0313.2330.40379 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0313.2330.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0313.2330.40379 - Advanced Micro Devices, Inc.) Hidden
CCleaner (Version: 4.04 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Combined Community Codec Pack 2013-11-27 (x32 Version: 2013.11.27.0 - CCCP Project)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (x32 Version: 2.5.3.6326 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3.6326 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.4.2928 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.4.2928 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (x32 Version: 8.0.3.2527 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.3.2527 - CyberLink Corp.) Hidden
CyberLink PowerDVD (x32 Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.6.4319 - CyberLink Corp.) Hidden
CyberLink YouCam (x32 Version: 3.5.4.5527 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.4.5527 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (x32 Version:  - Microsoft)
Energy Star (Version: 1.0.8 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (x32 Version: 32.0.1700.102 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (x32 Version: 1.1.1.0 - Hewlett-Packard)
HP Games (x32 Version: 1.0.3.0 - WildTangent)
HP MyRoom (x32 Version: 9.0.0.0 - Hewlett-Packard Company)
HP Postscript Converter (Version: 3.1.3554 - Hewlett-Packard) Hidden
HP Quick Launch (x32 Version: 3.0.6 - Hewlett-Packard Company)
HP Quick Start (x32 Version: 1.0.4660.30220 - Hewlett-Packard)
HP Recovery Manager (x32 Version: 7.00 - Hewlett-Packard) Hidden
HP Registration Service (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (x32 Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (x32 Version: 7.0.32.44 - Hewlett-Packard Company)
HP Utility Center (x32 Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (x32 Version: 1.1.2.1 - Hewlett-Packard Company)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Access MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Office 365 Home Premium - en-us (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft Office 64-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office on Demand Browser Add-ons (HKCU Version: 15.0.4481.1510 - Microsoft Corporation)
Microsoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 17.0.2006.0314 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
OEM Application Profile (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Driver Installation Program (x32 Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (x32 Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6937 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (x32 Version: 6.2.9200.29053 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (x32 Version: 1.95 - VS Revo Group)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Secure Download Manager (x32 Version: 3.1.40 - Kivuto Solutions Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 16.6.1.3 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update for Microsoft Access 2013 (KB2768008) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Access 2013 (KB2827233) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft InfoPath 2013 (KB2837648) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2817678) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2738038) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760242) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760267) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760539) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760553) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2767845) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817314) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817316) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817490) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817626) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826004) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827225) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827230) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827239) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837626) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837637) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837638) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837655) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2850066) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2850063) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2850061) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2767850) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Project 2013 (KB2727085) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2837635) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft SkyDrive Pro (KB2817495) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft SkyDrive Pro (KB2837652) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio 2013 (KB2817306) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2768338) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2837647) 32-Bit Edition (x32 Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.2 (x32 Version: 2.1.2 - VideoLAN)
WildTangent Games (x32 Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Restore Points  =========================
 
17-01-2014 17:11:06 Restore Operation
01-02-2014 15:21:41 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
2012-07-25 22:26 - 2013-12-22 09:03 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {064B1C53-8D5F-4957-9CDF-7AA5C4CB22E5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {07CF10EA-97C3-43FC-99F9-136F4B0DDFD6} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-16] (Synaptics Incorporated)
Task: {13E2A74E-B5F4-476D-99E3-B3F221CFB67E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-12] (Google Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1B4DB13F-3E16-43DE-A04E-D8FE74D32A1D} - System32\Tasks\AVG_SYS_TASK_DELETE => C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe [2014-01-28] ()
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2FBE1480-2158-447F-847B-BFA1D42B2865} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {37256328-6945-4550-B158-F666C563453B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {3FBA4838-9B86-41B1-B028-71061D06B546} - System32\Tasks\AVG_SYS_TASK => C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe [2014-01-28] ()
Task: {460ADC9D-9AFB-4A09-8E20-F23E62CC9144} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {4821A592-76BA-4792-B607-CD597F4D2026} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {4E750D12-E315-40C4-9DBF-B82D7C979D02} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {58864CA7-8712-4847-9940-C4A9E85EE624} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {5A7EC231-8580-4873-B3B4-2AC30D56A019} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {71729CA1-33D2-4B76-A1A6-1102BD409D8E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2012-08-10] (Hewlett-Packard Company)
Task: {77EFB97C-3DD8-411D-9387-B3B28C0C584F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-12] (Google Inc.)
Task: {85789984-D608-4035-B401-DFC1C1B9A0AE} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-15] (Microsoft Corporation)
Task: {9754D551-0A56-45D5-A6D7-4EAC572F46A3} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {97F70C08-A099-4704-9473-58B9712AF455} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {A4B6FCF5-E837-4191-8FB1-87F6B228E6AE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {A657821D-E230-4177-9C36-AA07A4E2F309} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2013-12-23] (Realtek Semiconductor)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {ABF72A05-BC31-4B6B-B80D-84AF05B3E4F7} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-01-15] (Microsoft Corporation)
Task: {B3A5F703-25A7-4614-9709-4F446A980A37} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3547577286-1312905905-4102300773-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {B85B8F58-245F-49F6-9A17-AA6D0EB92D8E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D408DAB0-87F3-4379-9311-F6C8B24093EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {E469516B-9F24-4872-83D3-8CC6689D4047} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {E87E942B-FB77-45D4-ACF4-27709171E050} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {E987C23F-DF34-4F01-858D-3E58A7AE21A7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-09-23] (Hewlett-Packard Company)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EF846AE5-8442-4996-A6BE-DC22D39D5F0C} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3547577286-1312905905-4102300773-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {F789C97A-5C93-420B-93C1-1301FCFB7E88} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {F9EDC11E-C2D3-4F69-8C23-AFC372CBACC4} - System32\Tasks\HPCeeScheduleForblazenka => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {FACFFB68-7298-42B4-ADE4-AFE317AFA0D6} - \DSite No Task File
Task: C:\Windows\Tasks\AVG_SYS_TASK.job => C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_DELETE.job => C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForblazenka.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-01-15 21:20 - 2014-01-15 21:20 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-04-08 10:33 - 2013-04-08 10:34 - 00176024 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-12-23 23:54 - 2012-06-07 20:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-08-01 16:01 - 2013-08-01 16:01 - 05208416 _____ () C:\Program Files (x86)\AVG\AVG2014\Tuneup\TuneUpCore.bpl
2013-08-20 22:48 - 2013-08-20 22:48 - 00075616 _____ () C:\Program Files (x86)\AVG\AVG2014\Tuneup\TuneUpAPI32.dll
2013-08-20 22:48 - 2013-08-20 22:48 - 00593760 _____ () C:\Program Files (x86)\AVG\AVG2014\Tuneup\RegistryCleaner.dll
2013-08-20 22:48 - 2013-08-20 22:48 - 00350048 _____ () C:\Program Files (x86)\AVG\AVG2014\Tuneup\GainDiskSpace.dll
2013-08-20 22:48 - 2013-08-20 22:48 - 00427360 _____ () C:\Program Files (x86)\AVG\AVG2014\Tuneup\DriveDefrag32.dll
2013-08-20 22:48 - 2013-08-20 22:48 - 00461664 _____ () C:\Program Files (x86)\AVG\AVG2014\Tuneup\ShortcutCleaner.dll
2014-01-29 13:07 - 2014-01-22 22:56 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libglesv2.dll
2014-01-29 13:07 - 2014-01-22 22:56 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libegl.dll
2014-01-29 13:07 - 2014-01-22 22:56 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll
2014-01-29 13:07 - 2014-01-22 22:57 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
2014-01-29 13:07 - 2014-01-22 22:55 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Could not start eventlog service, could not read events.
 
The requested service has already been started.
 
More help is available by typing NET HELPMSG 2182.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 48%
Total physical RAM: 3682.26 MB
Available physical RAM: 1902.17 MB
Total Pagefile: 4402.26 MB
Available Pagefile: 1854.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:273.93 GB) (Free:205.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:23.39 GB) (Free:2.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (ACACIA_TAI_CHI_QI_GONG) (CDROM) (Total:6.73 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: C2C9F703)
 
Partition: GPT Partition Type
==================== End Of Log ============================
 


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:49 PM

Posted 01 February 2014 - 05:10 PM



Hello simplesimpleton

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 simplesimpleton

simplesimpleton
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 04 February 2014 - 07:28 PM

# AdwCleaner v3.018 - Report created 04/02/2014 at 17:00:48
# Updated 28/01/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : blazenka - MOM
# Running from : C:\Users\blazenka\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
[x] Not Deleted : HKCU\Software\AVG Secure Search
[x] Not Deleted : [x64] HKCU\Software\AVG Secure Search
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
 
-\\ Mozilla Firefox v26.0 (en-US)
 
[ File : C:\Users\blazenka\AppData\Roaming\Mozilla\Firefox\Profiles\gts4z1hc.default\prefs.js ]
 
 
-\\ Google Chrome v32.0.1700.102
 
[ File : C:\Users\blazenka\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R1].txt - [978 octets] - [04/02/2014 16:57:52]
AdwCleaner[S1].txt - [908 octets] - [04/02/2014 17:00:48]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [967 octets] ##########
 
 
 
 
 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 8 x64
Ran by blazenka on Tue 02/04/2014 at 17:09:51.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\pc1data"
Successfully deleted: [Folder] "C:\Users\blazenka\appdata\local\cre"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/04/2014 at 17:25:43.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:49 PM

Posted 04 February 2014 - 09:20 PM


Hello simplesimpleton

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 simplesimpleton

simplesimpleton
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 06 February 2014 - 08:59 PM

ComboFix 14-02-05.02 - blazenka 02/06/2014  18:34:25.3.2 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3682.2498 [GMT -7:00]
Running from: c:\users\blazenka\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-07 to 2014-02-07  )))))))))))))))))))))))))))))))
.
.
2014-02-05 00:09 . 2014-02-05 00:09 -------- d-----w- c:\windows\ERUNT
2014-02-01 03:12 . 2014-02-01 03:12 246960 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10231.bin
2014-01-29 20:04 . 2014-01-29 20:04 -------- d-----w- c:\users\blazenka\AppData\Roaming\AVG 0214c Campaign
2014-01-29 20:03 . 2014-01-29 20:04 -------- d-----w- c:\programdata\AVG 0214c Campaign
2014-01-16 04:48 . 2013-12-07 06:37 688640 ----a-w- c:\windows\system32\WSShared.dll
2014-01-16 04:48 . 2013-12-07 06:37 163840 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-16 04:48 . 2013-12-07 05:15 562688 ----a-w- c:\windows\SysWow64\WSShared.dll
2014-01-16 04:48 . 2013-12-07 05:15 124928 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 03:13 . 2013-10-31 05:56 915968 ----a-w- c:\windows\system32\MPSSVC.dll
2014-01-15 03:13 . 2013-10-31 05:56 758784 ----a-w- c:\windows\system32\FirewallAPI.dll
2014-01-15 03:13 . 2013-10-31 04:01 550400 ----a-w- c:\windows\SysWow64\FirewallAPI.dll
2014-01-15 03:13 . 2013-10-28 05:50 588288 ----a-w- c:\windows\system32\SHCore.dll
2014-01-15 03:13 . 2013-10-28 04:05 452608 ----a-w- c:\windows\SysWow64\SHCore.dll
2014-01-15 03:13 . 2013-10-13 20:49 100696 ----a-w- c:\windows\system32\drivers\disk.sys
2014-01-15 03:13 . 2013-08-27 05:21 227840 ----a-w- c:\windows\system32\WebClnt.dll
2014-01-15 03:13 . 2013-08-27 05:19 104448 ----a-w- c:\windows\system32\davclnt.dll
2014-01-15 03:13 . 2013-08-26 22:29 199168 ----a-w- c:\windows\SysWow64\WebClnt.dll
2014-01-15 03:13 . 2013-08-26 22:28 86016 ----a-w- c:\windows\SysWow64\davclnt.dll
2014-01-15 03:13 . 2013-10-31 03:42 74752 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2014-01-14 18:01 . 2014-01-17 17:22 -------- d-----w- c:\windows\SysWow64\sda
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-30 21:10 . 2013-12-04 18:54 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-30 21:10 . 2013-12-04 18:54 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-17 00:18 . 2013-04-08 19:35 86054176 ----a-w- c:\windows\system32\MRT.exe
2014-01-16 04:19 . 2013-05-05 01:02 566480 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-01-14 18:36 . 2012-06-14 02:24 9889352 ----a-w- c:\windows\SysWow64\RtsP2StorIcon.dll
2014-01-14 18:36 . 2012-06-14 02:24 288328 ----a-w- c:\windows\system32\drivers\RtsP2Stor.sys
2014-01-07 15:59 . 2014-01-07 15:59 760032 ----a-w- c:\windows\system32\drivers\Rt630x64.sys
2014-01-07 15:59 . 2014-01-07 15:59 74344 ----a-w- c:\windows\system32\RtNicProp64.dll
2013-12-24 07:00 . 2013-12-24 07:02 94208 ----a-w- c:\windows\system32\drivers\AtihdW86.sys
2013-12-24 07:00 . 2013-12-24 07:02 110080 ----a-w- c:\windows\system32\DelayAPO.dll
2013-12-24 07:00 . 2013-12-24 07:07 58536 ----a-w- c:\windows\system32\drivers\usbfilter.sys
2013-12-24 07:00 . 2013-12-24 07:02 80552 ----a-w- c:\windows\system32\drivers\amd_sata.sys
2013-12-24 07:00 . 2013-12-24 07:02 26280 ----a-w- c:\windows\system32\drivers\amd_xata.sys
2013-12-24 07:00 . 2013-12-24 07:02 76800 ----a-w- c:\windows\system32\coinst_12.102.4.dll
2013-12-24 07:00 . 2013-12-24 07:02 76288 ----a-w- c:\windows\system32\OpenVideo64.dll
2013-12-24 07:00 . 2013-12-24 07:02 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2013-12-24 07:00 . 2013-12-24 07:02 64000 ----a-w- c:\windows\system32\OVDecode64.dll
2013-12-24 07:00 . 2013-12-24 07:02 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2013-12-24 07:00 . 2013-12-24 07:02 222720 ----a-w- c:\windows\system32\clinfo.exe
2013-12-24 07:00 . 2013-12-24 07:02 118584 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2013-12-24 07:00 . 2013-12-24 07:02 120320 ----a-w- c:\windows\system32\atitmm64.dll
2013-12-24 07:00 . 2012-08-02 11:00 5972080 ----a-w- c:\windows\SysWow64\atiumdag.dll
2013-12-24 07:00 . 2012-08-02 08:55 4997736 ----a-w- c:\windows\system32\atiumd6a.dll
2013-12-24 07:00 . 2012-08-02 08:47 4448216 ----a-w- c:\windows\SysWow64\atiumdva.dll
2013-12-24 07:00 . 2012-08-02 08:20 6972216 ----a-w- c:\windows\system32\atiumd64.dll
2013-12-24 07:00 . 2012-08-02 08:08 139696 ----a-w- c:\windows\system32\atiuxp64.dll
2013-12-24 07:00 . 2012-08-02 08:08 113464 ----a-w- c:\windows\system32\atiu9p64.dll
2013-12-24 07:00 . 2012-08-02 08:08 92304 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2013-12-24 07:00 . 2013-12-24 07:02 19772416 ----a-w- c:\windows\SysWow64\atioglxx.dll
2013-12-24 07:00 . 2013-12-24 07:02 78432 ----a-w- c:\windows\system32\atimpc64.dll
2013-12-24 07:00 . 2013-12-24 07:02 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2013-12-24 07:00 . 2013-12-24 07:02 581120 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2013-12-24 07:00 . 2013-12-24 07:02 26112 ----a-w- c:\windows\system32\atimuixx.dll
2013-12-24 07:00 . 2013-12-24 07:02 23593984 ----a-w- c:\windows\system32\atio6axx.dll
2013-12-24 07:00 . 2013-12-24 07:01 11644416 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-12-24 07:00 . 2013-12-24 07:01 44032 ----a-w- c:\windows\system32\atig6txx.dll
2013-12-24 07:00 . 2013-12-24 07:01 34816 ----a-w- c:\windows\SysWow64\atigktxx.dll
2013-12-24 07:00 . 2013-12-24 07:01 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2013-12-24 07:00 . 2013-12-24 07:01 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2013-12-24 07:00 . 2013-12-24 07:01 241152 ----a-w- c:\windows\system32\atiesrxx.exe
2013-12-24 07:00 . 2013-12-24 07:01 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2013-12-24 07:00 . 2013-12-24 07:01 59392 ----a-w- c:\windows\system32\atiedu64.dll
2013-12-24 07:00 . 2013-12-24 07:01 562688 ----a-w- c:\windows\system32\atieclxx.exe
2013-12-24 07:00 . 2013-12-24 07:01 7195208 ----a-w- c:\windows\SysWow64\atidxx32.dll
2013-12-24 07:00 . 2013-12-24 07:01 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-12-24 07:00 . 2012-08-02 09:10 1151656 ----a-w- c:\windows\system32\aticfx64.dll
2013-12-24 07:00 . 2012-08-02 08:47 8209800 ----a-w- c:\windows\system32\atidxx64.dll
2013-12-24 07:00 . 2012-08-02 09:11 969376 ----a-w- c:\windows\SysWow64\aticfx32.dll
2013-12-24 07:00 . 2013-12-24 07:01 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2013-12-24 07:00 . 2013-12-24 07:01 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2013-12-24 07:00 . 2013-12-24 07:01 16082944 ----a-w- c:\windows\system32\aticaldd64.dll
2013-12-24 07:00 . 2013-12-24 07:01 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2013-12-24 07:00 . 2013-12-24 07:01 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2013-12-24 07:00 . 2013-12-24 07:01 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2013-12-24 07:00 . 2013-12-24 07:01 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2013-12-24 07:00 . 2013-12-24 07:01 635392 ----a-w- c:\windows\system32\atiadlxx.dll
2013-12-24 07:00 . 2013-12-24 07:01 54784 ----a-w- c:\windows\system32\OpenCL.dll
2013-12-24 07:00 . 2013-12-24 07:01 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2013-12-24 07:00 . 2013-12-24 07:01 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2013-12-24 07:00 . 2013-12-24 07:01 430080 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2013-12-24 07:00 . 2013-12-24 07:01 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-12-24 07:00 . 2013-12-24 07:01 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2013-12-24 07:00 . 2013-12-24 07:01 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2013-12-24 07:00 . 2013-12-24 07:01 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe
2013-12-24 07:00 . 2013-12-24 07:01 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe
2013-12-24 07:00 . 2013-12-24 07:01 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe
2013-12-24 07:00 . 2013-12-24 07:01 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe
2013-12-24 07:00 . 2013-12-24 07:01 29150208 ----a-w- c:\windows\system32\amdocl64.dll
2013-12-24 07:00 . 2013-12-24 07:01 23810560 ----a-w- c:\windows\SysWow64\amdocl.dll
2013-12-24 06:33 . 2013-12-24 06:34 2794056 ----a-w- c:\windows\system32\RtPgEx64.dll
2013-12-24 06:33 . 2013-12-24 06:34 1662024 ----a-w- c:\windows\system32\RTSnMg64.cpl
2013-12-24 06:33 . 2013-12-24 06:34 3441992 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2013-12-24 06:32 . 2013-12-24 06:34 3744328 ----a-w- c:\windows\system32\RtkAPO64.dll
2013-12-24 06:32 . 2013-12-24 06:34 1003592 ----a-w- c:\windows\system32\RtkApi64.dll
2013-12-24 06:32 . 2013-12-24 06:34 613448 ----a-w- c:\windows\system32\RtDataProc64.dll
2013-12-24 06:32 . 2013-12-24 06:34 1284680 ----a-w- c:\windows\system32\RTCOM64.dll
2013-12-24 06:32 . 2013-12-24 06:34 26987520 ----a-w- c:\windows\system32\RCoRes64.dat
2013-12-24 06:32 . 2013-12-24 06:34 142920 ----a-w- c:\windows\system32\RCoInstII64.dll
2013-12-24 06:32 . 2013-12-24 06:34 110592 ----a-w- c:\windows\system32\CONEQMSAPOGUILibrary.dll
2013-12-24 06:32 . 2013-12-24 06:34 208072 ----a-w- c:\windows\system32\AERTAC64.dll
2013-12-24 06:32 . 2013-03-11 14:16 2079816 ----a-w- c:\windows\RtlExUpd.dll
2013-11-30 18:30 . 2013-06-04 17:51 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-11-23 06:43 . 2013-12-11 04:06 420864 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-23 05:05 . 2013-12-11 04:06 368640 ----a-w- c:\windows\SysWow64\WMPhoto.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-09 20:36 222808 ----a-w- c:\users\blazenka\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-09 20:36 222808 ----a-w- c:\users\blazenka\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-09 20:36 222808 ----a-w- c:\users\blazenka\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-11-02 19:10 1727176 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-11-02 19:10 1727176 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-11-02 19:10 1727176 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress8"="NA" [X]
"GoogleChromeAutoLaunch_31D98E503932436E616FB2C060CD45B0"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-02-01 866632]
"AVG-Secure-Search-Update_0214c"="c:\users\blazenka\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe" [2014-01-28 2548248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-11-08 4956176]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-14 642656]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-09-08 581024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R0 Avgboota;AVG Early Launch Anti-Malware Driver;c:\windows\system32\DRIVERS\avgboota.sys;c:\windows\SYSNATIVE\DRIVERS\avgboota.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 vToolbarUpdater17.2.0;vToolbarUpdater17.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\System32\drivers\point64.sys;c:\windows\SYSNATIVE\drivers\point64.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 SmbDrvI;SmbDrvI;c:\windows\System32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]
S0 amd_sata;amd_sata;c:\windows\System32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\System32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgwfpa;AVG Firewall Driver;c:\windows\system32\DRIVERS\avgwfpa.sys;c:\windows\SYSNATIVE\DRIVERS\avgwfpa.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ   apphostsvc
iissvcs REG_MULTI_SZ   w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-05 02:43 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-09-05 14:04 215416 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-07 c:\windows\Tasks\AVG_SYS_TASK.job
- c:\programdata\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe [2014-01-29 19:07]
.
2014-02-05 c:\windows\Tasks\AVG_SYS_TASK_DELETE.job
- c:\programdata\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe [2014-01-29 19:07]
.
2014-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-12 18:26]
.
2014-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-12 18:26]
.
2014-02-06 c:\windows\Tasks\HPCeeScheduleForblazenka.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-09 20:37 261704 ----a-w- c:\users\blazenka\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-09 20:37 261704 ----a-w- c:\users\blazenka\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-09 20:37 261704 ----a-w- c:\users\blazenka\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-01-16 04:21 2331336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-01-16 04:21 2331336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-01-16 04:21 2331336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-01-29 21720]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf-roaming - {C57E9882-B128-4E07-BA2D-FF83B8989C76} - c:\users\blazenka\Microsoft Office 15\root\office15\MSOSB.DLL
FF - ProfilePath - c:\users\blazenka\AppData\Roaming\Mozilla\Firefox\Profiles\gts4z1hc.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
AddRemove-{B8019B54-F9BE-490A-9619-6D06F18F129F} - c:\program files (x86)\InstallShield Installation Information\{B8019B54-F9BE-490A-9619-6D06F18F129F}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2014-02-06  18:53:59
ComboFix-quarantined-files.txt  2014-02-07 01:53
.
Pre-Run: 219,685,765,120 bytes free
Post-Run: 219,221,315,584 bytes free
.
- - End Of File - - 5EB9B2CC8E6ADFDC45E5A562F7E03EB1
5FB38429D5D77768867C76DCBDB35194


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:49 PM

Posted 07 February 2014 - 09:45 PM


Hello simplesimpleton

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 simplesimpleton

simplesimpleton
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 09 February 2014 - 10:35 PM

ComboFix 14-02-05.02 - blazenka 02/09/2014  20:13:23.4.2 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3682.2585 [GMT -7:00]
Running from: c:\users\blazenka\Desktop\ComboFix.exe
Command switches used :: c:\users\blazenka\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-10 to 2014-02-10  )))))))))))))))))))))))))))))))
.
.
2014-02-10 03:27 . 2014-02-10 03:27 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-02-10 03:27 . 2014-02-10 03:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-10 03:27 . 2014-02-10 03:27 -------- d-----w- c:\users\blazenka\AppData\Local\temp
2014-02-09 17:02 . 2014-02-09 17:02 240816 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10232.bin
2014-02-05 00:09 . 2014-02-05 00:09 -------- d-----w- c:\windows\ERUNT
2014-01-29 20:04 . 2014-01-29 20:04 -------- d-----w- c:\users\blazenka\AppData\Roaming\AVG 0214c Campaign
2014-01-29 20:03 . 2014-01-29 20:04 -------- d-----w- c:\programdata\AVG 0214c Campaign
2014-01-16 04:48 . 2013-12-07 06:37 688640 ----a-w- c:\windows\system32\WSShared.dll
2014-01-16 04:48 . 2013-12-07 06:37 163840 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-16 04:48 . 2013-12-07 05:15 562688 ----a-w- c:\windows\SysWow64\WSShared.dll
2014-01-16 04:48 . 2013-12-07 05:15 124928 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 03:13 . 2013-10-31 05:56 915968 ----a-w- c:\windows\system32\MPSSVC.dll
2014-01-15 03:13 . 2013-10-31 05:56 758784 ----a-w- c:\windows\system32\FirewallAPI.dll
2014-01-15 03:13 . 2013-10-31 04:01 550400 ----a-w- c:\windows\SysWow64\FirewallAPI.dll
2014-01-15 03:13 . 2013-10-28 05:50 588288 ----a-w- c:\windows\system32\SHCore.dll
2014-01-15 03:13 . 2013-10-28 04:05 452608 ----a-w- c:\windows\SysWow64\SHCore.dll
2014-01-15 03:13 . 2013-10-13 20:49 100696 ----a-w- c:\windows\system32\drivers\disk.sys
2014-01-15 03:13 . 2013-08-27 05:21 227840 ----a-w- c:\windows\system32\WebClnt.dll
2014-01-15 03:13 . 2013-08-27 05:19 104448 ----a-w- c:\windows\system32\davclnt.dll
2014-01-15 03:13 . 2013-08-26 22:29 199168 ----a-w- c:\windows\SysWow64\WebClnt.dll
2014-01-15 03:13 . 2013-08-26 22:28 86016 ----a-w- c:\windows\SysWow64\davclnt.dll
2014-01-15 03:13 . 2013-10-31 03:42 74752 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2014-01-14 18:01 . 2014-01-17 17:22 -------- d-----w- c:\windows\SysWow64\sda
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-30 21:10 . 2013-12-04 18:54 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-30 21:10 . 2013-12-04 18:54 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-17 00:18 . 2013-04-08 19:35 86054176 ----a-w- c:\windows\system32\MRT.exe
2014-01-16 04:19 . 2013-05-05 01:02 566480 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-01-14 18:36 . 2012-06-14 02:24 9889352 ----a-w- c:\windows\SysWow64\RtsP2StorIcon.dll
2014-01-14 18:36 . 2012-06-14 02:24 288328 ----a-w- c:\windows\system32\drivers\RtsP2Stor.sys
2014-01-07 15:59 . 2014-01-07 15:59 760032 ----a-w- c:\windows\system32\drivers\Rt630x64.sys
2014-01-07 15:59 . 2014-01-07 15:59 74344 ----a-w- c:\windows\system32\RtNicProp64.dll
2013-12-24 07:00 . 2013-12-24 07:02 94208 ----a-w- c:\windows\system32\drivers\AtihdW86.sys
2013-12-24 07:00 . 2013-12-24 07:02 110080 ----a-w- c:\windows\system32\DelayAPO.dll
2013-12-24 07:00 . 2013-12-24 07:07 58536 ----a-w- c:\windows\system32\drivers\usbfilter.sys
2013-12-24 07:00 . 2013-12-24 07:02 80552 ----a-w- c:\windows\system32\drivers\amd_sata.sys
2013-12-24 07:00 . 2013-12-24 07:02 26280 ----a-w- c:\windows\system32\drivers\amd_xata.sys
2013-12-24 07:00 . 2013-12-24 07:02 76800 ----a-w- c:\windows\system32\coinst_12.102.4.dll
2013-12-24 07:00 . 2013-12-24 07:02 76288 ----a-w- c:\windows\system32\OpenVideo64.dll
2013-12-24 07:00 . 2013-12-24 07:02 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2013-12-24 07:00 . 2013-12-24 07:02 64000 ----a-w- c:\windows\system32\OVDecode64.dll
2013-12-24 07:00 . 2013-12-24 07:02 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2013-12-24 07:00 . 2013-12-24 07:02 222720 ----a-w- c:\windows\system32\clinfo.exe
2013-12-24 07:00 . 2013-12-24 07:02 118584 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2013-12-24 07:00 . 2013-12-24 07:02 120320 ----a-w- c:\windows\system32\atitmm64.dll
2013-12-24 07:00 . 2012-08-02 11:00 5972080 ----a-w- c:\windows\SysWow64\atiumdag.dll
2013-12-24 07:00 . 2012-08-02 08:55 4997736 ----a-w- c:\windows\system32\atiumd6a.dll
2013-12-24 07:00 . 2012-08-02 08:47 4448216 ----a-w- c:\windows\SysWow64\atiumdva.dll
2013-12-24 07:00 . 2012-08-02 08:20 6972216 ----a-w- c:\windows\system32\atiumd64.dll
2013-12-24 07:00 . 2012-08-02 08:08 139696 ----a-w- c:\windows\system32\atiuxp64.dll
2013-12-24 07:00 . 2012-08-02 08:08 113464 ----a-w- c:\windows\system32\atiu9p64.dll
2013-12-24 07:00 . 2012-08-02 08:08 92304 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2013-12-24 07:00 . 2013-12-24 07:02 19772416 ----a-w- c:\windows\SysWow64\atioglxx.dll
2013-12-24 07:00 . 2013-12-24 07:02 78432 ----a-w- c:\windows\system32\atimpc64.dll
2013-12-24 07:00 . 2013-12-24 07:02 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2013-12-24 07:00 . 2013-12-24 07:02 581120 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2013-12-24 07:00 . 2013-12-24 07:02 26112 ----a-w- c:\windows\system32\atimuixx.dll
2013-12-24 07:00 . 2013-12-24 07:02 23593984 ----a-w- c:\windows\system32\atio6axx.dll
2013-12-24 07:00 . 2013-12-24 07:01 11644416 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-12-24 07:00 . 2013-12-24 07:01 44032 ----a-w- c:\windows\system32\atig6txx.dll
2013-12-24 07:00 . 2013-12-24 07:01 34816 ----a-w- c:\windows\SysWow64\atigktxx.dll
2013-12-24 07:00 . 2013-12-24 07:01 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2013-12-24 07:00 . 2013-12-24 07:01 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2013-12-24 07:00 . 2013-12-24 07:01 241152 ----a-w- c:\windows\system32\atiesrxx.exe
2013-12-24 07:00 . 2013-12-24 07:01 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2013-12-24 07:00 . 2013-12-24 07:01 59392 ----a-w- c:\windows\system32\atiedu64.dll
2013-12-24 07:00 . 2013-12-24 07:01 562688 ----a-w- c:\windows\system32\atieclxx.exe
2013-12-24 07:00 . 2013-12-24 07:01 7195208 ----a-w- c:\windows\SysWow64\atidxx32.dll
2013-12-24 07:00 . 2013-12-24 07:01 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-12-24 07:00 . 2012-08-02 09:10 1151656 ----a-w- c:\windows\system32\aticfx64.dll
2013-12-24 07:00 . 2012-08-02 08:47 8209800 ----a-w- c:\windows\system32\atidxx64.dll
2013-12-24 07:00 . 2012-08-02 09:11 969376 ----a-w- c:\windows\SysWow64\aticfx32.dll
2013-12-24 07:00 . 2013-12-24 07:01 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2013-12-24 07:00 . 2013-12-24 07:01 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2013-12-24 07:00 . 2013-12-24 07:01 16082944 ----a-w- c:\windows\system32\aticaldd64.dll
2013-12-24 07:00 . 2013-12-24 07:01 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2013-12-24 07:00 . 2013-12-24 07:01 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2013-12-24 07:00 . 2013-12-24 07:01 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2013-12-24 07:00 . 2013-12-24 07:01 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2013-12-24 07:00 . 2013-12-24 07:01 635392 ----a-w- c:\windows\system32\atiadlxx.dll
2013-12-24 07:00 . 2013-12-24 07:01 54784 ----a-w- c:\windows\system32\OpenCL.dll
2013-12-24 07:00 . 2013-12-24 07:01 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2013-12-24 07:00 . 2013-12-24 07:01 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2013-12-24 07:00 . 2013-12-24 07:01 430080 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2013-12-24 07:00 . 2013-12-24 07:01 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-12-24 07:00 . 2013-12-24 07:01 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2013-12-24 07:00 . 2013-12-24 07:01 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2013-12-24 07:00 . 2013-12-24 07:01 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe
2013-12-24 07:00 . 2013-12-24 07:01 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe
2013-12-24 07:00 . 2013-12-24 07:01 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe
2013-12-24 07:00 . 2013-12-24 07:01 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe
2013-12-24 07:00 . 2013-12-24 07:01 29150208 ----a-w- c:\windows\system32\amdocl64.dll
2013-12-24 07:00 . 2013-12-24 07:01 23810560 ----a-w- c:\windows\SysWow64\amdocl.dll
2013-12-24 06:33 . 2013-12-24 06:34 2794056 ----a-w- c:\windows\system32\RtPgEx64.dll
2013-12-24 06:33 . 2013-12-24 06:34 1662024 ----a-w- c:\windows\system32\RTSnMg64.cpl
2013-12-24 06:33 . 2013-12-24 06:34 3441992 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2013-12-24 06:32 . 2013-12-24 06:34 3744328 ----a-w- c:\windows\system32\RtkAPO64.dll
2013-12-24 06:32 . 2013-12-24 06:34 1003592 ----a-w- c:\windows\system32\RtkApi64.dll
2013-12-24 06:32 . 2013-12-24 06:34 613448 ----a-w- c:\windows\system32\RtDataProc64.dll
2013-12-24 06:32 . 2013-12-24 06:34 1284680 ----a-w- c:\windows\system32\RTCOM64.dll
2013-12-24 06:32 . 2013-12-24 06:34 26987520 ----a-w- c:\windows\system32\RCoRes64.dat
2013-12-24 06:32 . 2013-12-24 06:34 142920 ----a-w- c:\windows\system32\RCoInstII64.dll
2013-12-24 06:32 . 2013-12-24 06:34 110592 ----a-w- c:\windows\system32\CONEQMSAPOGUILibrary.dll
2013-12-24 06:32 . 2013-12-24 06:34 208072 ----a-w- c:\windows\system32\AERTAC64.dll
2013-12-24 06:32 . 2013-03-11 14:16 2079816 ----a-w- c:\windows\RtlExUpd.dll
2013-11-30 18:30 . 2013-06-04 17:51 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-11-23 06:43 . 2013-12-11 04:06 420864 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-23 05:05 . 2013-12-11 04:06 368640 ----a-w- c:\windows\SysWow64\WMPhoto.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-09 20:36 222808 ----a-w- c:\users\blazenka\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-09 20:36 222808 ----a-w- c:\users\blazenka\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-09 20:36 222808 ----a-w- c:\users\blazenka\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-11-02 19:10 1727176 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-11-02 19:10 1727176 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-11-02 19:10 1727176 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress8"="NA" [X]
"GoogleChromeAutoLaunch_31D98E503932436E616FB2C060CD45B0"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-02-01 866632]
"AVG-Secure-Search-Update_0214c"="c:\users\blazenka\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe" [2014-01-28 2548248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-11-08 4956176]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-14 642656]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-09-08 581024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R0 Avgboota;AVG Early Launch Anti-Malware Driver;c:\windows\system32\DRIVERS\avgboota.sys;c:\windows\SYSNATIVE\DRIVERS\avgboota.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 vToolbarUpdater17.2.0;vToolbarUpdater17.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\System32\drivers\point64.sys;c:\windows\SYSNATIVE\drivers\point64.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 SmbDrvI;SmbDrvI;c:\windows\System32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]
S0 amd_sata;amd_sata;c:\windows\System32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\System32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgwfpa;AVG Firewall Driver;c:\windows\system32\DRIVERS\avgwfpa.sys;c:\windows\SYSNATIVE\DRIVERS\avgwfpa.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ   apphostsvc
iissvcs REG_MULTI_SZ   w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-05 02:43 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-09-05 14:04 215416 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-07 c:\windows\Tasks\AVG_SYS_TASK.job
- c:\programdata\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe [2014-01-29 19:07]
.
2014-02-05 c:\windows\Tasks\AVG_SYS_TASK_DELETE.job
- c:\programdata\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe [2014-01-29 19:07]
.
2014-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-12 18:26]
.
2014-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-12 18:26]
.
2014-02-06 c:\windows\Tasks\HPCeeScheduleForblazenka.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-09 20:37 261704 ----a-w- c:\users\blazenka\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-09 20:37 261704 ----a-w- c:\users\blazenka\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-09 20:37 261704 ----a-w- c:\users\blazenka\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-01-16 04:21 2331336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-01-16 04:21 2331336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-01-16 04:21 2331336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-01-29 21720]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf-roaming - {C57E9882-B128-4E07-BA2D-FF83B8989C76} - c:\users\blazenka\Microsoft Office 15\root\office15\MSOSB.DLL
FF - ProfilePath - c:\users\blazenka\AppData\Roaming\Mozilla\Firefox\Profiles\gts4z1hc.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
AddRemove-{B8019B54-F9BE-490A-9619-6D06F18F129F} - c:\program files (x86)\InstallShield Installation Information\{B8019B54-F9BE-490A-9619-6D06F18F129F}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2014-02-09  20:33:16
ComboFix-quarantined-files.txt  2014-02-10 03:33
ComboFix2.txt  2014-02-07 01:54
.
Pre-Run: 218,937,085,952 bytes free
Post-Run: 218,840,199,168 bytes free
.
- - End Of File - - 752B002E9BF5ADAAF8CBCD336447B730
5FB38429D5D77768867C76DCBDB35194
 


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:49 PM

Posted 10 February 2014 - 12:47 AM


Hello simplesimpleton

I would like to see a report that combofix makes.

extra combofix report
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 simplesimpleton

simplesimpleton
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 11 February 2014 - 08:39 PM

4 Elements II
Adobe Reader XI (11.0.06)
Adobe Shockwave Player 11.6
AMD VISION Engine Control Center
Bejeweled 3
Build-a-lot 4 - Power Source
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Combined Community Codec Pack 2013-11-27
Cradle Of Egypt Collector's Edition
Cradle of Rome 2
CyberLink LabelPrint
CyberLink Media Suite 10
CyberLink Power2Go 8
CyberLink PowerDVD
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition
Farm Frenzy
FATE: The Cursed King
Final Drive Fury
FlatOut 2
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Governor of Poker 2 Premium Edition
Hewlett-Packard ACLM.NET v1.2.0.0
Hoyle Card Games
HP Customer Experience Enhancements
HP Documentation
HP Games
HP MyRoom
HP Quick Launch
HP Quick Start
HP Recovery Manager
HP Software Framework
HP Support Assistant
HP Utility Center
HP Wireless Button Driver
Jewel Match 3
John Deere Drive Green
Luxor Evolved
Mahjongg Dimensions Deluxe: Tiles in Time
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Office on Demand Browser Add-ons
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Word MUI (English) 2013
Mortimer Beckett and the Crimson Thief Premium Edition
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
Mystery P.I. - Curious Case of Counterfeit Cove
OEM Application Profile
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Localization Component
Outils de vérification linguistique 2013 de Microsoft Office - Français
Peggle Nights
Penguins!
Polar Bowler
Polar Golfer
Qualcomm Atheros Driver Installation Program
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Revo Uninstaller 1.95
Roads of Rome 3
Secure Download Manager
Security Update for Microsoft Excel 2013 (KB2827238) 32-Bit Edition
Security Update for Microsoft Lync 2013 (KB2850057) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2768005) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2810009) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2850064) 32-Bit Edition
Security Update for Microsoft Word 2013 (KB2827224) 32-Bit Edition
Security Update for Microsoft Word 2013 (KB2863834) 32-Bit Edition
swMSM
Tales of Lagoona
Update for Microsoft Access 2013 (KB2768008) 32-Bit Edition
Update for Microsoft Access 2013 (KB2827233) 32-Bit Edition
Update for Microsoft InfoPath 2013 (KB2837648) 32-Bit Edition
Update for Microsoft Lync 2013 (KB2817678) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition
Update for Microsoft Office 2013 (KB2738038) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760242) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760267) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760539) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760553) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition
Update for Microsoft Office 2013 (KB2767845) 32-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817314) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817316) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817490) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817626) 32-Bit Edition
Update for Microsoft Office 2013 (KB2826004) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827225) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827227) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827230) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827239) 32-Bit Edition
Update for Microsoft Office 2013 (KB2837626) 32-Bit Edition
Update for Microsoft Office 2013 (KB2837637) 32-Bit Edition
Update for Microsoft Office 2013 (KB2837638) 32-Bit Edition
Update for Microsoft Office 2013 (KB2837655) 32-Bit Edition
Update for Microsoft Office 2013 (KB2850066) 32-Bit Edition
Update for Microsoft OneNote 2013 (KB2850063) 32-Bit Edition
Update for Microsoft Outlook 2013 (KB2850061) 32-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2767850) 32-Bit Edition
Update for Microsoft Project 2013 (KB2727085) 32-Bit Edition
Update for Microsoft Publisher 2013 (KB2837635) 32-Bit Edition
Update for Microsoft SkyDrive Pro (KB2817495) 32-Bit Edition
Update for Microsoft SkyDrive Pro (KB2837652) 32-Bit Edition
Update for Microsoft Visio 2013 (KB2817306) 32-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2768338) 32-Bit Edition
Update for Microsoft Word 2013 (KB2837647) 32-Bit Edition
Update Installer for WildTangent Games App
Vacation Quest™ - Australia
Visual Studio 2012 x86 Redistributables
VLC media player 2.1.2
WildTangent Games
WildTangent Games App
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:49 PM

Posted 12 February 2014 - 03:01 PM


Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. default settings are fine
    • Click Run Cleaner.
    • Close CCleaner.
: Malwarebytes' Anti-Malware :

I see that you have MBAM installed - That is great!! and at this time I would like you to update it and run me a quick scan
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Download HijackThis
  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 simplesimpleton

simplesimpleton
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 15 February 2014 - 11:56 AM

Im getting curious as to why we are running through the same process as last time and also feel it's important to let you know that the last time I ran the CC Cleaner is exactly when Whitesmoke reappeared on my browser trying to install itself as a Chrome plugin.Also I'm a little confused as to whether or not I'm updated on CC Cleaner as is now opens and recommeds to download the latest update and then I get directed to a Webpage trying to sell me CC Cleaner pro?

Im going to go ahead and run without installing the Pro.

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.15.02
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
blazenka :: MOM [administrator]
 
2/14/2014 9:52:19 PM
mbam-log-2014-02-14 (21-52-19).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215639
Time elapsed: 18 minute(s), 12 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{96A25A24-2E87-4374-8A50-CC6F943FCE4D} (PUP.Optional.RelatedSearchs.A) -> No action taken.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
 
 
 
 
 
 
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:53:58 AM, on 2/15/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\blazenka\Downloads\HijackThis (1).exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_31D98E503932436E616FB2C060CD45B0] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [Power2GoExpress8] NA
O4 - HKCU\..\Run: [AVG-Secure-Search-Update_0214c] C:\Users\blazenka\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=f45608c4c34547d39d3ea50fe62e2575-84c6286726a1d468d4878c021bfa68b8b77f8690 /CMPID=0214c
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: osf-roaming - {C57E9882-B128-4E07-BA2D-FF83B8989C76} - C:\Users\blazenka\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater17.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 10993 bytes
 


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:49 PM

Posted 15 February 2014 - 02:34 PM


Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.
  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
      O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_31D98E503932436E616FB2C060CD45B0] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
      O4 - HKCU\..\Run: [Power2GoExpress8] NA


  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.
    • NOTE**You can research each of those lines >here< and see if you want to keep them or not
      just copy the name between the brackets and paste into the search space
      O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
When the scan is complete
  • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
  • If threats were found
    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    • close program
    • copy and paste the report here
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 simplesimpleton

simplesimpleton
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 19 February 2014 - 07:35 PM

I can't activate the online scanner when i click run eset scanner button it just takes me to a  blank screen with the eset logo on the top.no other window or tab is popping up and i disabled my firewal and antivirus before doing so






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users