Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hello,help plz i have(dropper gen)drp


  • This topic is locked This topic is locked
66 replies to this topic

#1 kittenme

kittenme

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Egypt
  • Local time:10:22 AM

Posted 19 April 2015 - 02:00 PM

hello today i had to print some papers out my home on my flash drive

and when i got home i found my avast antivus warn that there virus

help me to remove it plz

virus1.jpg



BC AdBot (Login to Remove)

 


#2 kittenme

kittenme
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Egypt
  • Local time:10:22 AM

Posted 19 April 2015 - 02:04 PM

it keep asking me to replace folder i close it and it come again :(


Edited by kittenme, 19 April 2015 - 03:16 PM.


#3 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:22 AM

Posted 19 April 2015 - 03:29 PM

Hello kittenme/ and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
-------------------------------------------------------------------------------------------------------------------------------
Please download DDS from either of these links
LINK 1
LINK 2
and save it to your desktop.

  • Disable any antivirus programs during the scan (If you have difficulty properly disabling your protective programs, refer to this link here )
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt

Good day  :hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 kittenme

kittenme
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Egypt
  • Local time:10:22 AM

Posted 19 April 2015 - 04:09 PM

hello Yılmaz  , thanks for replying me and help this is the result

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17689  BrowserJavaVersion: 11.40.2
Run by Dell at 23:05:52 on 2015-04-19
Microsoft Windows 7 Ultimate   6.1.7601.1.1256.20.1033.18.2935.860 [GMT 2:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files (x86)\netcut\services\AIPS.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\rundll32.exe
C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows Update\Interface Manager.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [AdobeBridge] <no file>
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\Dell\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CONFIG~1.LNK - C:\Windows Update\Interface Manager.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{7FDD6D09-AC26-4B97-9399-9926F63524A8} : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\uogzaevm.default-1427603869289\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2015-3-31 65736]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2015-3-31 271200]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2015-3-31 1047320]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2015-3-31 442264]
R2 AIPS;Arp Intelligent Protection Service;C:\Program Files (x86)\netcut\services\aips.exe [2014-7-21 262144]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2015-3-31 29168]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2015-3-31 88408]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-3-31 343336]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-3-31 273824]
R3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-3-31 4030800]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2013-6-3 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-6-3 317440]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2013-10-16 200552]
S2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2015-3-31 136752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-3-29 1080120]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-2-18 315488]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-6-3 39976]
S3 cleanhlp;cleanhlp;C:\EEK\bin\cleanhlp64.sys [2015-3-29 57024]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-6-8 95544]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2015-3-29 43664]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-4-2 114688]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2015-3-29 107736]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-3-29 25816]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-3-29 63704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-3-31 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-6-3 676968]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-6-8 203320]
S3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);C:\Windows\System32\drivers\ssudobex.sys [2013-6-8 203320]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-4-1 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-11-1 1255736]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-3-29 1871160]
.
=============== Created Last 30 ================
.
2015-04-19 17:56:15    --------    d-----w-    C:\Configration
2015-04-19 17:47:39    --------    d--h--w-    C:\Windows Update
2015-04-19 07:48:34    --------    d-----w-    C:\AVAST Software
2015-04-19 07:48:19    75888    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0E197D33-04B8-44AA-AB43-4A08AED18E32}\offreg.dll
2015-04-08 11:27:58    12002392    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0E197D33-04B8-44AA-AB43-4A08AED18E32}\mpengine.dll
2015-04-08 11:05:43    968704    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2015-04-04 20:46:50    --------    d-sh--w-    C:\Users\Dell\AppData\Local\EmieUserList
2015-04-04 20:46:50    --------    d-sh--w-    C:\Users\Dell\AppData\Local\EmieSiteList
2015-04-04 20:46:50    --------    d-sh--w-    C:\Users\Dell\AppData\Local\EmieBrowserModeList
2015-04-02 03:09:37    194048    ----a-w-    C:\Windows\SysWow64\elshyph.dll
2015-04-02 01:25:12    87040    ----a-w-    C:\Windows\System32\TSWbPrxy.exe
2015-04-02 01:13:06    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2015-04-02 01:13:06    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2015-04-02 00:04:52    778416    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2015-04-02 00:04:52    142512    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-01 23:55:47    --------    d-----w-    C:\Windows\Migration
2015-04-01 23:48:44    2777088    ----a-w-    C:\Windows\System32\msmpeg2vdec.dll
2015-04-01 23:48:44    2285056    ----a-w-    C:\Windows\SysWow64\msmpeg2vdec.dll
2015-04-01 23:39:25    6584320    ----a-w-    C:\Windows\System32\mstscax.dll
2015-04-01 23:39:25    5703168    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2015-04-01 00:16:27    1424896    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2015-04-01 00:16:26    1230848    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2015-04-01 00:15:55    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2015-04-01 00:15:55    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2015-03-31 23:32:13    --------    d-s---w-    C:\Windows\SysWow64\GWX
2015-03-31 23:32:13    --------    d-s---w-    C:\Windows\System32\GWX
2015-03-31 21:42:47    19456    ----a-w-    C:\Windows\System32\drivers\rdpvideominiport.sys
2015-03-31 21:42:46    192000    ----a-w-    C:\Windows\SysWow64\rdpendp_winip.dll
2015-03-31 21:42:45    228864    ----a-w-    C:\Windows\System32\rdpendp_winip.dll
2015-03-31 21:10:43    99480    ----a-w-    C:\Windows\SysWow64\infocardapi.dll
2015-03-31 21:10:43    619672    ----a-w-    C:\Windows\SysWow64\icardagt.exe
2015-03-31 21:10:43    171160    ----a-w-    C:\Windows\System32\infocardapi.dll
2015-03-31 21:10:43    1389208    ----a-w-    C:\Windows\System32\icardagt.exe
2015-03-31 21:10:37    8856    ----a-w-    C:\Windows\SysWow64\icardres.dll
2015-03-31 21:10:37    8856    ----a-w-    C:\Windows\System32\icardres.dll
2015-03-31 21:09:57    35480    ----a-w-    C:\Windows\SysWow64\TsWpfWrp.exe
2015-03-31 21:09:57    35480    ----a-w-    C:\Windows\System32\TsWpfWrp.exe
2015-03-31 20:05:02    --------    d-----w-    C:\Users\Dell\AppData\Roaming\Dropbox
2015-03-31 20:04:31    --------    d-----w-    C:\Users\Dell\AppData\Roaming\AVAST Software
2015-03-31 20:02:39    --------    d-----w-    C:\Windows\SysWow64\vbox
2015-03-31 20:02:39    --------    d-----w-    C:\Windows\System32\vbox
2015-03-31 20:00:35    271200    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2015-03-31 20:00:35    136752    ----a-w-    C:\Windows\System32\drivers\aswStm.sys
2015-03-31 20:00:33    88408    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2015-03-31 20:00:33    65736    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2015-03-31 20:00:31    29168    ----a-w-    C:\Windows\System32\drivers\aswHwid.sys
2015-03-31 20:00:29    93528    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2015-03-31 20:00:22    1047320    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2015-03-31 20:00:16    43112    ----a-w-    C:\Windows\avastSS.scr
2015-03-31 19:33:33    --------    d-----w-    C:\Program Files\AVAST Software
2015-03-31 19:31:52    --------    d-----w-    C:\ProgramData\AVAST Software
2015-03-30 11:20:23    --------    d-----w-    C:\Program Files (x86)\VS Revo Group
2015-03-30 11:08:54    --------    d-----w-    C:\OETemp
2015-03-29 20:00:15    --------    d-----w-    C:\EEK
2015-03-29 17:23:12    35064    ----a-w-    C:\Windows\System32\drivers\TrueSight.sys
2015-03-29 17:23:07    --------    d-----w-    C:\ProgramData\RogueKiller
2015-03-29 17:03:50    950272    ----a-w-    C:\Windows\System32\perftrack.dll
2015-03-29 17:03:50    91136    ----a-w-    C:\Windows\System32\wdi.dll
2015-03-29 17:03:50    76800    ----a-w-    C:\Windows\SysWow64\wdi.dll
2015-03-29 17:03:50    29696    ----a-w-    C:\Windows\System32\powertracker.dll
2015-03-29 16:34:03    372224    ----a-w-    C:\Windows\System32\atmfd.dll
2015-03-29 16:34:02    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2015-03-29 16:34:02    41984    ----a-w-    C:\Windows\System32\lpk.dll
2015-03-29 16:34:02    299008    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2015-03-29 16:34:01    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2015-03-29 16:34:00    14336    ----a-w-    C:\Windows\System32\dciman32.dll
2015-03-29 16:33:59    10240    ----a-w-    C:\Windows\SysWow64\dciman32.dll
2015-03-29 16:33:59    100864    ----a-w-    C:\Windows\System32\fontsub.dll
2015-03-29 16:33:58    70656    ----a-w-    C:\Windows\SysWow64\fontsub.dll
2015-03-29 16:33:58    25600    ----a-w-    C:\Windows\SysWow64\lpk.dll
2015-03-29 16:33:52    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2015-03-29 16:33:51    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
2015-03-29 16:33:46    228864    ----a-w-    C:\Windows\System32\wwansvc.dll
2015-03-29 16:32:00    1719296    ----a-w-    C:\Program Files\Windows Journal\NBDoc.DLL
2015-03-29 16:31:59    1380864    ----a-w-    C:\Program Files\Windows Journal\JNTFiltr.dll
2015-03-29 16:31:58    1354240    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2015-03-29 16:31:57    1389568    ----a-w-    C:\Program Files\Windows Journal\JNWDRV.dll
2015-03-29 16:31:56    936960    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2015-03-29 16:31:49    801280    ----a-w-    C:\Windows\System32\usp10.dll
2015-03-29 16:31:48    626688    ----a-w-    C:\Windows\SysWow64\usp10.dll
2015-03-29 16:30:00    793600    ----a-w-    C:\Windows\SysWow64\TSWorkspace.dll
2015-03-29 16:30:00    1031168    ----a-w-    C:\Windows\System32\TSWorkspace.dll
2015-03-29 16:29:03    842240    ----a-w-    C:\Windows\System32\blackbox.dll
2015-03-29 16:29:03    744960    ----a-w-    C:\Windows\SysWow64\blackbox.dll
2015-03-29 16:29:02    1202176    ----a-w-    C:\Windows\System32\drmv2clt.dll
2015-03-29 16:27:58    6656    ----a-w-    C:\Windows\SysWow64\apisetschema.dll
2015-03-29 16:27:58    6656    ----a-w-    C:\Windows\System32\apisetschema.dll
2015-03-29 16:27:58    12625408    ----a-w-    C:\Windows\SysWow64\wmploc.DLL
2015-03-29 16:27:57    12625920    ----a-w-    C:\Windows\System32\wmploc.DLL
2015-03-29 16:16:34    210432    ----a-w-    C:\Windows\System32\profsvc.dll
2015-03-29 16:16:27    1943696    ----a-w-    C:\Windows\System32\dfshim.dll
2015-03-29 16:16:27    156824    ----a-w-    C:\Windows\SysWow64\mscorier.dll
2015-03-29 16:16:27    156312    ----a-w-    C:\Windows\System32\mscorier.dll
2015-03-29 16:16:27    1131664    ----a-w-    C:\Windows\SysWow64\dfshim.dll
2015-03-29 16:16:26    81560    ----a-w-    C:\Windows\SysWow64\mscories.dll
2015-03-29 16:16:26    73880    ----a-w-    C:\Windows\System32\mscories.dll
2015-03-29 16:09:35    43664    ----a-w-    C:\Windows\System32\drivers\hitmanpro37.sys
2015-03-29 16:07:51    484864    ----a-w-    C:\Windows\System32\wer.dll
2015-03-29 16:07:51    381440    ----a-w-    C:\Windows\SysWow64\wer.dll
2015-03-29 16:07:45    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2015-03-29 16:07:45    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2015-03-29 16:07:34    1903552    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2015-03-29 16:07:33    288192    ----a-w-    C:\Windows\System32\drivers\FWPKCLNT.SYS
2015-03-29 16:07:32    376768    ----a-w-    C:\Windows\System32\drivers\netio.sys
2015-03-29 16:05:31    683520    ----a-w-    C:\Windows\System32\termsrv.dll
2015-03-29 16:03:11    52224    ----a-w-    C:\Windows\SysWow64\nlaapi.dll
2015-03-29 16:03:11    303616    ----a-w-    C:\Windows\System32\nlasvc.dll
2015-03-29 16:03:11    156672    ----a-w-    C:\Windows\SysWow64\ncsi.dll
2015-03-29 16:03:08    2048    ----a-w-    C:\Windows\SysWow64\msxml6r.dll
2015-03-29 16:03:08    2048    ----a-w-    C:\Windows\System32\msxml6r.dll
2015-03-29 16:03:08    2002432    ----a-w-    C:\Windows\System32\msxml6.dll
2015-03-29 16:03:08    1389056    ----a-w-    C:\Windows\SysWow64\msxml6.dll
2015-03-29 16:01:47    215552    ----a-w-    C:\Windows\System32\ubpm.dll
2015-03-29 16:00:00    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2015-03-29 16:00:00    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2015-03-29 16:00:00    53248    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2015-03-29 16:00:00    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2015-03-29 16:00:00    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2015-03-29 15:59:59    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2015-03-29 15:59:59    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2015-03-29 15:59:53    624128    ----a-w-    C:\Windows\System32\qedit.dll
2015-03-29 15:59:52    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2015-03-29 15:56:41    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2015-03-29 15:19:17    --------    d-----w-    C:\ProgramData\HitmanPro
2015-03-29 15:18:07    20    ----a-w-    C:\Users\Dell\AppData\Roaming\appdataFr3.bin
2015-03-29 14:01:49    119296    ----a-w-    C:\Windows\System32\drivers\tdx.sys
2015-03-29 13:59:16    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2015-03-29 13:58:44    861696    ----a-w-    C:\Windows\System32\oleaut32.dll
2015-03-29 13:58:44    571904    ----a-w-    C:\Windows\SysWow64\oleaut32.dll
2015-03-29 13:58:07    241152    ----a-w-    C:\Windows\System32\pku2u.dll
2015-03-29 13:58:06    186880    ----a-w-    C:\Windows\SysWow64\pku2u.dll
2015-03-29 13:57:24    27584    ----a-w-    C:\Windows\System32\drivers\Diskdump.sys
2015-03-29 13:57:24    274880    ----a-w-    C:\Windows\System32\drivers\msiscsi.sys
2015-03-29 13:57:24    2048    ----a-w-    C:\Windows\SysWow64\iologmsg.dll
2015-03-29 13:57:24    2048    ----a-w-    C:\Windows\System32\iologmsg.dll
2015-03-29 13:57:24    190912    ----a-w-    C:\Windows\System32\drivers\storport.sys
2015-03-29 13:54:58    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2015-03-29 13:54:58    2048    ----a-w-    C:\Windows\System32\tzres.dll
2015-03-29 13:53:46    77824    ----a-w-    C:\Windows\System32\packager.dll
2015-03-29 13:53:46    67584    ----a-w-    C:\Windows\SysWow64\packager.dll
2015-03-29 13:53:33    455168    ----a-w-    C:\Windows\System32\winlogon.exe
2015-03-29 13:53:31    235520    ----a-w-    C:\Windows\System32\winsta.dll
2015-03-29 13:53:31    212480    ----a-w-    C:\Windows\System32\drivers\rdpwd.sys
2015-03-29 13:53:31    157696    ----a-w-    C:\Windows\SysWow64\winsta.dll
2015-03-29 13:53:31    150528    ----a-w-    C:\Windows\System32\rdpcorekmts.dll
2015-03-29 13:53:30    39936    ----a-w-    C:\Windows\System32\drivers\tssecsrv.sys
2015-03-29 13:50:05    243712    ----a-w-    C:\Windows\System32\wow64.dll
2015-03-29 13:50:04    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2015-03-29 13:50:04    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2015-03-29 13:50:04    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2015-03-29 13:50:04    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2015-03-29 13:50:04    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2015-03-29 13:50:01    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2015-03-29 13:50:01    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2015-03-29 13:50:01    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2015-03-29 13:49:52    3204096    ----a-w-    C:\Windows\System32\win32k.sys
2015-03-29 13:49:45    1684928    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2015-03-29 13:49:40    406528    ----a-w-    C:\Windows\System32\scesrv.dll
2015-03-29 13:49:38    308224    ----a-w-    C:\Windows\SysWow64\scesrv.dll
2015-03-29 13:49:28    3241984    ----a-w-    C:\Windows\System32\msi.dll
2015-03-29 13:49:27    2363904    ----a-w-    C:\Windows\SysWow64\msi.dll
2015-03-29 13:49:27    1941504    ----a-w-    C:\Windows\System32\authui.dll
2015-03-29 13:49:27    1805824    ----a-w-    C:\Windows\SysWow64\authui.dll
2015-03-29 13:49:26    504320    ----a-w-    C:\Windows\System32\msihnd.dll
2015-03-29 13:49:26    337408    ----a-w-    C:\Windows\SysWow64\msihnd.dll
2015-03-29 13:49:26    112064    ----a-w-    C:\Windows\System32\consent.exe
2015-03-29 13:48:31    202752    ----a-w-    C:\Windows\System32\scrrun.dll
2015-03-29 13:48:31    168960    ----a-w-    C:\Windows\System32\wscript.exe
2015-03-29 13:48:31    156160    ----a-w-    C:\Windows\System32\cscript.exe
2015-03-29 13:48:31    150016    ----a-w-    C:\Windows\System32\wshom.ocx
2015-03-29 13:48:31    141824    ----a-w-    C:\Windows\SysWow64\wscript.exe
2015-03-29 13:48:31    121856    ----a-w-    C:\Windows\SysWow64\wshom.ocx
2015-03-29 13:48:30    163840    ----a-w-    C:\Windows\SysWow64\scrrun.dll
2015-03-29 13:48:30    126976    ----a-w-    C:\Windows\SysWow64\cscript.exe
2015-03-29 13:46:10    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2015-03-29 13:46:10    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2015-03-29 13:37:43    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2015-03-29 13:37:42    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2015-03-29 13:37:42    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2015-03-29 13:37:42    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2015-03-29 13:37:42    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2015-03-29 13:13:50    1216000    ----a-w-    C:\Windows\System32\rpcrt4.dll
2015-03-29 13:13:49    664064    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2015-03-29 08:10:18    --------    d-----w-    C:\KVRT_Data
2015-03-29 06:15:42    2620928    ----a-w-    C:\Windows\System32\wucltux.dll
2015-03-29 06:15:17    97792    ----a-w-    C:\Windows\System32\wudriver.dll
2015-03-29 06:15:17    92672    ----a-w-    C:\Windows\SysWow64\wudriver.dll
2015-03-29 06:14:36    179656    ----a-w-    C:\Windows\SysWow64\wuwebv.dll
2015-03-29 06:14:35    36864    ----a-w-    C:\Windows\System32\wuapp.exe
2015-03-29 06:14:35    33792    ----a-w-    C:\Windows\SysWow64\wuapp.exe
2015-03-29 06:14:35    198600    ----a-w-    C:\Windows\System32\wuwebv.dll
2015-03-29 05:00:03    --------    d-sh--w-    C:\Windows\SysWow64\%APPDATA%
2015-03-29 00:59:10    136408    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-03-29 00:48:57    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2015-03-29 00:48:57    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2015-03-29 00:48:57    107736    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2015-03-29 00:48:57    --------    d-----w-    C:\ProgramData\Malwarebytes
2015-03-29 00:48:57    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
.
==================== Find3M  ====================
.
2015-03-15 13:19:25    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-03-06 05:56:10    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2015-03-06 05:56:10    155576    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2015-03-06 05:42:39    210944    ----a-w-    C:\Windows\System32\wdigest.dll
2015-03-06 05:42:36    86528    ----a-w-    C:\Windows\System32\TSpkg.dll
2015-03-06 05:42:35    29184    ----a-w-    C:\Windows\System32\sspisrv.dll
2015-03-06 05:42:35    136192    ----a-w-    C:\Windows\System32\sspicli.dll
2015-03-06 05:42:33    341504    ----a-w-    C:\Windows\System32\schannel.dll
2015-03-06 05:42:33    28160    ----a-w-    C:\Windows\System32\secur32.dll
2015-03-06 05:42:29    314880    ----a-w-    C:\Windows\System32\msv1_0.dll
2015-03-06 05:42:29    309760    ----a-w-    C:\Windows\System32\ncrypt.dll
2015-03-06 05:42:27    1461760    ----a-w-    C:\Windows\System32\lsasrv.dll
2015-03-06 05:42:20    22016    ----a-w-    C:\Windows\System32\credssp.dll
2015-03-06 05:41:46    31232    ----a-w-    C:\Windows\System32\lsass.exe
2015-03-06 05:41:31    64000    ----a-w-    C:\Windows\System32\auditpol.exe
2015-03-06 05:39:16    60416    ----a-w-    C:\Windows\System32\msobjs.dll
2015-03-06 05:38:57    146432    ----a-w-    C:\Windows\System32\msaudite.dll
2015-03-06 05:36:56    686080    ----a-w-    C:\Windows\System32\adtschema.dll
2015-03-06 05:10:34    172032    ----a-w-    C:\Windows\SysWow64\wdigest.dll
2015-03-06 05:10:30    65536    ----a-w-    C:\Windows\SysWow64\TSpkg.dll
2015-03-06 05:10:26    248832    ----a-w-    C:\Windows\SysWow64\schannel.dll
2015-03-06 05:10:26    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2015-03-06 05:10:22    259584    ----a-w-    C:\Windows\SysWow64\msv1_0.dll
2015-03-06 05:10:22    221184    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2015-03-06 05:10:18    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2015-03-06 05:10:11    17408    ----a-w-    C:\Windows\SysWow64\credssp.dll
2015-03-06 05:09:31    50176    ----a-w-    C:\Windows\SysWow64\auditpol.exe
2015-03-06 05:09:19    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2015-03-06 05:07:50    60416    ----a-w-    C:\Windows\SysWow64\msobjs.dll
2015-03-06 05:07:43    146432    ----a-w-    C:\Windows\SysWow64\msaudite.dll
2015-03-06 05:06:20    686080    ----a-w-    C:\Windows\SysWow64\adtschema.dll
2015-02-24 02:17:24    295552    ------w-    C:\Windows\System32\MpSigStub.exe
2015-02-03 03:34:39    693176    ----a-w-    C:\Windows\System32\winload.efi
2015-02-03 03:34:38    5554104    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2015-02-03 03:34:36    94656    ----a-w-    C:\Windows\System32\drivers\mountmgr.sys
2015-02-03 03:33:29    616360    ----a-w-    C:\Windows\System32\winresume.efi
2015-02-03 03:30:58    631808    ----a-w-    C:\Windows\System32\evr.dll
2015-02-03 03:29:19    8704    ----a-w-    C:\Windows\System32\pcaevts.dll
2015-02-03 03:28:49    2048    ----a-w-    C:\Windows\System32\mferror.dll
2015-02-03 03:19:12    663552    ----a-w-    C:\Windows\System32\drivers\PEAuth.sys
2015-02-03 03:16:31    3973048    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2015-02-03 03:16:31    3917760    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2015-02-03 03:11:55    50176    ----a-w-    C:\Windows\SysWow64\rrinstaller.exe
2015-02-03 03:11:48    23040    ----a-w-    C:\Windows\SysWow64\mfpmp.exe
2015-02-03 03:09:03    2048    ----a-w-    C:\Windows\SysWow64\mferror.dll
2015-02-03 02:32:25    61440    ----a-w-    C:\Windows\System32\drivers\appid.sys
2015-01-31 03:48:54    3179520    ----a-w-    C:\Windows\System32\rdpcorets.dll
2015-01-31 03:48:54    16384    ----a-w-    C:\Windows\System32\RdpGroupPolicyExtension.dll
2015-01-30 23:56:52    243200    ----a-w-    C:\Windows\System32\rdpudd.dll
2015-01-30 23:56:51    459336    ----a-w-    C:\Windows\System32\drivers\cng.sys
.
============= FINISH: 23:07:30.82 ===============
 


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 6/3/2013 6:56:39 PM
System Uptime: 4/19/2015 8:28:39 PM (3 hours ago)
.
Motherboard: Dell Inc. |  | 0WXY9J
Processor: Intel® Core™ i3 CPU       M 380  @ 2.53GHz | CPU 1 | 2527/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 146 GiB total, 79.538 GiB free.
D: is FIXED (NTFS) - 319 GiB total, 266.197 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP82: 3/30/2015 2:01:55 AM - Windows Update
RP83: 3/30/2015 1:21:06 PM - Revo Uninstaller's restore point - Google Chrome
RP84: 3/30/2015 1:21:33 PM - Revo Uninstaller's restore point - Google Chrome
RP85: 3/30/2015 3:49:04 PM - Removed Adobe Community Help
RP86: 3/31/2015 9:33:08 PM - avast! antivirus system restore point
RP87: 3/31/2015 11:07:27 PM - Windows Update
RP88: 4/1/2015 2:17:32 AM - Windows Update
RP89: 4/2/2015 1:47:04 AM - Windows Update
RP90: 4/2/2015 3:26:26 AM - Windows Update
RP91: 4/2/2015 4:58:31 AM - Windows Update
RP92: 4/8/2015 1:21:03 PM - Windows Update
RP93: 4/11/2015 3:30:20 PM - Installed Adobe PDF iFilter 11 for 64-bit platforms
RP94: 4/11/2015 3:38:43 PM - Removed Adobe Reader XI (11.0.10).
RP95: 4/11/2015 3:40:25 PM - Removed Adobe PDF iFilter 11 for 64-bit platforms
.
==== Installed Programs ======================
.
Adobe Acrobat Reader DC
Adobe AIR
Adobe Community Help
Adobe Flash Player 17 NPAPI
Adobe Media Player
Adobe Photoshop CS5
Avast Free Antivirus
CCleaner
D3DX10
Eudemons Online
Firestorm-Releasex64 x64
Firestorm SecondLife and OpenSim viewer
Intel® Processor Graphics
Java 8 Update 40
Java Auto Updater
K-Lite Codec Pack 10.0.0 Full
Malwarebytes Anti-Malware version 2.1.4.1018
Microsoft .NET Framework 4.5.2
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Movie Maker
Movie Maker 6.0 for Windows 7 (64-bit)
Mozilla Firefox 37.0.1 (x86 en-US)
MSVCRT
MSVCRT110
MSVCRT110_amd64
PDF Settings CS5
Photo Common
Photo Gallery
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Sandboxie 4.06 (64-bit)
Security Update for Microsoft .NET Framework 4.5.2 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.2 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.2 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.2 (KB2979578v2)
Singularity (64 bit) (remove only)
Skype Click to Call
Skype™ 7.3
SmartSound Quicktracks Plugin
System Requirements Lab for Intel
WIDCOMM Bluetooth Software
Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth  (03/24/2010 6.3.0.2501)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 5.21 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
4/19/2015 9:52:02 AM, Error: Service Control Manager [7000]  - The AvastVBox COM Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
4/19/2015 9:52:02 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service AvastVBoxSvc with arguments "" in order to run the server: {F319F1B8-7587-4146-AF9C-0D6D77819BF1}
4/19/2015 9:51:59 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the AvastVBox COM Service service to connect.
4/19/2015 9:48:59 AM, Error: Service Control Manager [7043]  - The Windows Update service did not shut down properly after receiving a preshutdown control.
4/19/2015 9:37:14 AM, Error: BTHUSB [17]  - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
4/19/2015 8:30:17 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  PCLEPCI
4/19/2015 8:28:47 PM, Error: Application Popup [1060]  - \??\C:\Windows\SysWow64\drivers\pclepci.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
4/19/2015 7:45:25 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR2.
.
==== End Of File ===========================
 



#5 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:22 AM

Posted 19 April 2015 - 05:17 PM

Hi kittenme,
 
Step 1:
Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 2:
ComboFix run:

Please be sure to run our tools with administrator rights.
 
* IMPORTANT : 1   Place ComboFix.exe on your Desktop
* IMPORTANT : 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.
 
Have a nice day.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 kittenme

kittenme
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Egypt
  • Local time:10:22 AM

Posted 19 April 2015 - 05:31 PM

sorry what is MBAM?



#7 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:22 AM

Posted 19 April 2015 - 05:37 PM

MBAM is Malwarebytes Anti-Malware


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 kittenme

kittenme
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Egypt
  • Local time:10:22 AM

Posted 19 April 2015 - 06:10 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/20/2015
Scan Time: 12:26:28 AM
Logfile:
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.04.19.05
Rootkit Database: v2015.03.31.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dell

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 344737
Time Elapsed: 20 min, 3 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
Trojan.Spyeyes, C:\Recycle.Bin, Quarantined, [99d8a8c69eec2610a50875155fa445bb],

Files: 7
Trojan.Spyeyes, C:\Recycle.Bin\M111.exe, Quarantined, [9cd5313d82081c1a860dbefcd13355ab],
Trojan.Spyeyes, C:\Recycle.Bin\acc.txt, Quarantined, [99d8a8c69eec2610a50875155fa445bb],
Trojan.Spyeyes, C:\Recycle.Bin\data.txt, Quarantined, [99d8a8c69eec2610a50875155fa445bb],
Trojan.Spyeyes, C:\Recycle.Bin\data.zip, Quarantined, [99d8a8c69eec2610a50875155fa445bb],
Trojan.Spyeyes, C:\Recycle.Bin\done.txt, Quarantined, [99d8a8c69eec2610a50875155fa445bb],
Trojan.Spyeyes, C:\Recycle.Bin\first_in.txt, Quarantined, [99d8a8c69eec2610a50875155fa445bb],
Trojan.Spyeyes, C:\Recycle.Bin\minerd.exe, Quarantined, [99d8a8c69eec2610a50875155fa445bb],

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

going to do compo fix now



#9 kittenme

kittenme
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Egypt
  • Local time:10:22 AM

Posted 19 April 2015 - 06:53 PM

ComboFix 15-04-16.01 - Dell 04/20/2015   2:08.2.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1256.20.1033.18.2935.1617 [GMT 2:00]
Running from: c:\users\Dell\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dell\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll
.
.
(((((((((((((((((((((((((   Files Created from 2015-03-20 to 2015-04-20  )))))))))))))))))))))))))))))))
.
.
2015-04-20 00:25 . 2015-04-20 00:25    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Local\temp
2015-04-20 00:25 . 2015-04-20 00:25    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-04-20 00:01 . 2015-04-20 00:06    --------    d-----w-    C:\Settings
2015-04-19 17:56 . 2015-04-19 17:56    --------    d-----w-    C:\Configration
2015-04-19 07:48 . 2015-04-19 07:48    --------    d-----w-    C:\AVAST Software
2015-04-08 20:17 . 2015-04-08 20:17    --------    d-----w-    c:\program files (x86)\Common Files\Skype
2015-04-08 11:05 . 2015-02-20 02:26    968704    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2015-04-04 20:46 . 2015-04-04 20:46    --------    d-sh--w-    c:\users\Dell\AppData\Local\EmieUserList
2015-04-04 20:46 . 2015-04-04 20:46    --------    d-sh--w-    c:\users\Dell\AppData\Local\EmieSiteList
2015-04-04 20:46 . 2015-04-04 20:46    --------    d-sh--w-    c:\users\Dell\AppData\Local\EmieBrowserModeList
2015-04-02 01:25 . 2014-12-11 17:47    87040    ----a-w-    c:\windows\system32\TSWbPrxy.exe
2015-04-02 01:13 . 2014-06-24 03:29    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2015-04-02 01:13 . 2014-06-24 02:59    1987584    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2015-04-02 01:12 . 2015-01-31 03:48    3179520    ----a-w-    c:\windows\system32\rdpcorets.dll
2015-04-02 01:12 . 2015-01-31 03:48    16384    ----a-w-    c:\windows\system32\RdpGroupPolicyExtension.dll
2015-04-02 01:12 . 2015-01-30 23:56    243200    ----a-w-    c:\windows\system32\rdpudd.dll
2015-04-02 01:12 . 2014-07-09 02:03    7168    ----a-w-    c:\windows\system32\KBDYAK.DLL
2015-04-02 01:12 . 2014-07-09 02:03    7168    ----a-w-    c:\windows\system32\KBDTAT.DLL
2015-04-02 01:12 . 2014-07-09 02:03    7168    ----a-w-    c:\windows\system32\KBDRU1.DLL
2015-04-02 01:12 . 2014-07-09 02:03    6656    ----a-w-    c:\windows\system32\KBDRU.DLL
2015-04-02 01:12 . 2014-07-09 02:03    7168    ----a-w-    c:\windows\system32\KBDBASH.DLL
2015-04-02 01:12 . 2013-11-26 08:16    3419136    ----a-w-    c:\windows\SysWow64\d2d1.dll
2015-04-02 01:12 . 2013-11-22 22:48    3928064    ----a-w-    c:\windows\system32\d2d1.dll
2015-04-02 00:04 . 2015-04-19 07:55    778416    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-02 00:04 . 2015-04-19 07:55    142512    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-01 23:55 . 2015-04-01 23:55    --------    d-----w-    c:\windows\Migration
2015-04-01 23:48 . 2014-06-27 02:08    2777088    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2015-04-01 23:39 . 2014-09-05 02:11    6584320    ----a-w-    c:\windows\system32\mstscax.dll
2015-04-01 00:16 . 2015-02-03 03:31    1424896    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2015-04-01 00:15 . 2015-02-04 03:16    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2015-03-31 23:32 . 2015-03-31 23:46    --------    d-s---w-    c:\windows\system32\GWX
2015-03-31 23:32 . 2015-03-31 23:32    --------    d-s---w-    c:\windows\SysWow64\GWX
2015-03-31 22:16 . 2013-10-02 01:10    44544    ----a-w-    c:\windows\system32\TsUsbGDCoInstaller.dll
2015-03-31 22:16 . 2013-10-02 04:38    3072    ----a-w-    c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2015-03-31 22:16 . 2013-10-02 02:11    13824    ----a-w-    c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-03-31 22:16 . 2013-10-02 02:08    12800    ----a-w-    c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-03-31 22:16 . 2013-10-02 02:22    56832    ----a-w-    c:\windows\system32\drivers\TsUsbFlt.sys
2015-03-31 22:16 . 2013-10-02 01:48    56832    ----a-w-    c:\windows\system32\MsRdpWebAccess.dll
2015-03-31 22:16 . 2013-10-02 01:48    18944    ----a-w-    c:\windows\system32\wksprtPS.dll
2015-03-31 22:16 . 2013-10-02 01:29    62976    ----a-w-    c:\windows\system32\tsgqec.dll
2015-03-31 22:16 . 2013-10-02 00:01    420864    ----a-w-    c:\windows\system32\wksprt.exe
2015-03-31 22:16 . 2013-10-01 23:31    1147392    ----a-w-    c:\windows\system32\mstsc.exe
2015-03-31 22:16 . 2013-10-02 00:15    1057280    ----a-w-    c:\windows\system32\rdvidcrl.dll
2015-03-31 21:42 . 2012-08-23 14:10    19456    ----a-w-    c:\windows\system32\drivers\rdpvideominiport.sys
2015-03-31 21:42 . 2012-08-23 10:51    228864    ----a-w-    c:\windows\system32\rdpendp_winip.dll
2015-03-31 21:10 . 2014-03-09 21:48    171160    ----a-w-    c:\windows\system32\infocardapi.dll
2015-03-31 21:10 . 2014-03-09 21:48    1389208    ----a-w-    c:\windows\system32\icardagt.exe
2015-03-31 21:10 . 2014-03-09 21:47    99480    ----a-w-    c:\windows\SysWow64\infocardapi.dll
2015-03-31 21:10 . 2014-03-09 21:47    619672    ----a-w-    c:\windows\SysWow64\icardagt.exe
2015-03-31 21:10 . 2014-06-30 22:24    8856    ----a-w-    c:\windows\system32\icardres.dll
2015-03-31 21:10 . 2014-06-30 22:14    8856    ----a-w-    c:\windows\SysWow64\icardres.dll
2015-03-31 21:09 . 2014-06-06 06:12    35480    ----a-w-    c:\windows\system32\TsWpfWrp.exe
2015-03-31 20:05 . 2015-03-31 20:06    --------    d-----w-    c:\users\Dell\AppData\Roaming\Dropbox
2015-03-31 20:04 . 2015-03-31 20:04    --------    d-----w-    c:\users\Dell\AppData\Roaming\AVAST Software
2015-03-31 20:02 . 2015-03-31 20:03    --------    d-----w-    c:\windows\system32\vbox
2015-03-31 20:00 . 2015-03-31 20:00    271200    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2015-03-31 20:00 . 2015-03-31 20:00    136752    ----a-w-    c:\windows\system32\drivers\aswStm.sys
2015-03-31 20:00 . 2015-03-31 20:00    442264    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2015-03-31 20:00 . 2015-03-31 20:00    88408    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2015-03-31 20:00 . 2015-03-31 20:00    65736    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2015-03-31 20:00 . 2015-03-31 20:00    29168    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2015-03-31 20:00 . 2015-03-31 20:00    93528    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2015-03-31 20:00 . 2015-03-31 20:00    1047320    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2015-03-31 20:00 . 2015-03-31 20:00    364472    ----a-w-    c:\windows\system32\aswBoot.exe
2015-03-31 20:00 . 2015-03-31 20:00    43112    ----a-w-    c:\windows\avastSS.scr
2015-03-31 19:33 . 2015-03-31 19:33    --------    d-----w-    c:\program files\AVAST Software
2015-03-31 19:31 . 2015-03-31 19:31    --------    d-----w-    c:\programdata\AVAST Software
2015-03-30 11:20 . 2015-04-03 04:37    --------    d-----w-    c:\program files (x86)\VS Revo Group
2015-03-30 11:08 . 2015-03-30 11:08    --------    d-----w-    C:\OETemp
2015-03-30 02:16 . 2013-10-14 16:00    28368    ----a-w-    c:\windows\system32\IEUDINIT.EXE
2015-03-29 22:22 . 2015-03-29 22:22    --------    d-----w-    c:\program files\Microsoft Silverlight
2015-03-29 22:22 . 2015-03-29 22:22    --------    d-----w-    c:\program files (x86)\Microsoft Silverlight
2015-03-29 20:00 . 2015-03-29 20:03    --------    d-----w-    C:\EEK
2015-03-29 17:23 . 2015-03-29 17:23    35064    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2015-03-29 17:23 . 2015-03-29 18:54    --------    d-----w-    c:\programdata\RogueKiller
2015-03-29 17:03 . 2015-01-09 03:14    91136    ----a-w-    c:\windows\system32\wdi.dll
2015-03-29 17:03 . 2015-01-09 03:14    950272    ----a-w-    c:\windows\system32\perftrack.dll
2015-03-29 17:03 . 2015-01-09 03:14    29696    ----a-w-    c:\windows\system32\powertracker.dll
2015-03-29 16:34 . 2015-02-20 03:29    372224    ----a-w-    c:\windows\system32\atmfd.dll
2015-03-29 16:34 . 2015-02-20 04:41    41984    ----a-w-    c:\windows\system32\lpk.dll
2015-03-29 16:34 . 2015-02-20 04:40    46080    ----a-w-    c:\windows\system32\atmlib.dll
2015-03-29 16:34 . 2015-02-20 03:09    299008    ----a-w-    c:\windows\SysWow64\atmfd.dll
2015-03-29 16:34 . 2015-02-20 04:13    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
2015-03-29 16:34 . 2015-02-20 04:40    14336    ----a-w-    c:\windows\system32\dciman32.dll
2015-03-29 16:33 . 2015-02-20 04:40    100864    ----a-w-    c:\windows\system32\fontsub.dll
2015-03-29 16:33 . 2015-02-20 04:13    10240    ----a-w-    c:\windows\SysWow64\dciman32.dll
2015-03-29 16:33 . 2015-02-20 04:13    70656    ----a-w-    c:\windows\SysWow64\fontsub.dll
2015-03-29 16:33 . 2013-10-30 02:32    335360    ----a-w-    c:\windows\system32\msieftp.dll
2015-03-29 16:33 . 2014-01-28 02:32    228864    ----a-w-    c:\windows\system32\wwansvc.dll
2015-03-29 16:32 . 2014-06-03 10:02    1719296    ----a-w-    c:\program files\Windows Journal\NBDoc.DLL
2015-03-29 16:31 . 2014-06-03 10:02    1380864    ----a-w-    c:\program files\Windows Journal\JNTFiltr.dll
2015-03-29 16:31 . 2014-06-03 10:02    1354240    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2015-03-29 16:31 . 2014-06-03 10:02    1389568    ----a-w-    c:\program files\Windows Journal\JNWDRV.dll
2015-03-29 16:31 . 2014-06-03 09:29    936960    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2015-03-29 16:31 . 2014-04-25 02:34    801280    ----a-w-    c:\windows\system32\usp10.dll
2015-03-29 16:30 . 2014-08-01 11:53    1031168    ----a-w-    c:\windows\system32\TSWorkspace.dll
2015-03-29 16:29 . 2015-02-03 03:30    842240    ----a-w-    c:\windows\system32\blackbox.dll
2015-03-29 16:29 . 2015-02-03 03:12    744960    ----a-w-    c:\windows\SysWow64\blackbox.dll
2015-03-29 16:29 . 2015-02-03 03:30    1202176    ----a-w-    c:\windows\system32\drmv2clt.dll
2015-03-29 16:27 . 2015-02-03 03:28    6656    ----a-w-    c:\windows\system32\apisetschema.dll
2015-03-29 16:27 . 2015-02-03 03:08    6656    ----a-w-    c:\windows\SysWow64\apisetschema.dll
2015-03-29 16:27 . 2015-02-03 03:30    12625920    ----a-w-    c:\windows\system32\wmploc.DLL
2015-03-29 16:16 . 2014-12-19 03:06    210432    ----a-w-    c:\windows\system32\profsvc.dll
2015-03-29 16:16 . 2014-06-18 22:23    1943696    ----a-w-    c:\windows\system32\dfshim.dll
2015-03-29 16:16 . 2014-06-18 22:23    156312    ----a-w-    c:\windows\system32\mscorier.dll
2015-03-29 16:16 . 2014-06-18 22:23    1131664    ----a-w-    c:\windows\SysWow64\dfshim.dll
2015-03-29 16:16 . 2014-06-18 22:23    73880    ----a-w-    c:\windows\system32\mscories.dll
2015-03-29 16:09 . 2015-03-29 16:09    43664    ----a-w-    c:\windows\system32\drivers\hitmanpro37.sys
2015-03-29 16:07 . 2014-01-29 02:32    484864    ----a-w-    c:\windows\system32\wer.dll
2015-03-29 16:07 . 2013-10-19 02:18    81408    ----a-w-    c:\windows\system32\imagehlp.dll
2015-03-29 16:07 . 2013-10-19 01:36    159232    ----a-w-    c:\windows\SysWow64\imagehlp.dll
2015-03-29 16:07 . 2014-04-05 02:47    1903552    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2015-03-29 16:07 . 2014-04-05 02:47    288192    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2015-03-29 16:07 . 2013-11-26 11:40    376768    ----a-w-    c:\windows\system32\drivers\netio.sys
2015-03-29 16:05 . 2014-10-14 02:13    683520    ----a-w-    c:\windows\system32\termsrv.dll
2015-03-29 16:03 . 2014-12-06 04:17    303616    ----a-w-    c:\windows\system32\nlasvc.dll
2015-03-29 16:03 . 2014-03-26 14:44    2002432    ----a-w-    c:\windows\system32\msxml6.dll
2015-03-29 16:03 . 2014-03-26 14:41    2048    ----a-w-    c:\windows\system32\msxml6r.dll
2015-03-29 16:01 . 2015-02-03 03:31    215552    ----a-w-    c:\windows\system32\ubpm.dll
2015-03-29 16:01 . 2014-08-21 06:43    1882624    ----a-w-    c:\windows\system32\msxml3.dll
2015-03-29 16:01 . 2014-08-21 06:40    2048    ----a-w-    c:\windows\system32\msxml3r.dll
2015-03-29 16:01 . 2013-12-04 02:16    658432    ----a-w-    c:\windows\system32\RMActivate_isv.exe
2015-03-29 16:01 . 2013-12-04 02:16    626176    ----a-w-    c:\windows\system32\RMActivate.exe
2015-03-29 16:01 . 2013-12-04 02:16    552960    ----a-w-    c:\windows\system32\RMActivate_ssp_isv.exe
2015-03-29 16:01 . 2013-12-04 02:16    553984    ----a-w-    c:\windows\system32\RMActivate_ssp.exe
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-19 07:48 . 2015-04-19 07:48    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E197D33-04B8-44AA-AB43-4A08AED18E32}\offreg.dll
2015-04-02 03:09 . 2015-04-02 03:09    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2015-04-02 03:09 . 2015-04-02 03:09    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2015-04-02 03:09 . 2015-04-02 03:09    1888256    ----a-w-    c:\windows\SysWow64\wininet.dll
2015-04-02 03:09 . 2015-04-02 03:09    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2015-04-02 03:09 . 2015-04-02 03:09    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2015-04-02 03:09 . 2015-04-02 03:09    64000    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2015-04-02 03:09 . 2015-04-02 03:09    503296    ----a-w-    c:\windows\SysWow64\vbscript.dll
2015-04-02 03:09 . 2015-04-02 03:09    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2015-04-02 03:09 . 2015-04-02 03:09    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2015-04-02 03:09 . 2015-04-02 03:09    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2015-04-02 03:09 . 2015-04-02 03:09    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2015-04-02 03:09 . 2015-04-02 03:09    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2015-04-02 03:09 . 2015-04-02 03:09    1155072    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2015-03-15 13:19 . 2014-02-25 05:22    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-03-14 10:02 . 2015-04-08 11:27    12002392    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E197D33-04B8-44AA-AB43-4A08AED18E32}\mpengine.dll
2015-03-11 15:48 . 2013-06-04 12:09    122905856    ----a-w-    c:\windows\system32\MRT.exe
2015-03-06 05:10 . 2015-03-29 13:59    172032    ----a-w-    c:\windows\SysWow64\wdigest.dll
2015-03-06 05:10 . 2015-03-29 13:59    65536    ----a-w-    c:\windows\SysWow64\TSpkg.dll
2015-03-06 05:10 . 2015-03-29 13:59    248832    ----a-w-    c:\windows\SysWow64\schannel.dll
2015-03-06 05:10 . 2015-03-29 13:59    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2015-03-06 05:10 . 2015-03-29 13:59    259584    ----a-w-    c:\windows\SysWow64\msv1_0.dll
2015-03-06 05:10 . 2015-03-29 13:59    221184    ----a-w-    c:\windows\SysWow64\ncrypt.dll
2015-03-06 05:10 . 2015-03-29 13:59    550912    ----a-w-    c:\windows\SysWow64\kerberos.dll
2015-03-06 05:09 . 2015-03-29 13:59    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2015-03-06 05:07 . 2015-03-29 13:59    60416    ----a-w-    c:\windows\SysWow64\msobjs.dll
2015-03-06 05:07 . 2015-03-29 13:59    146432    ----a-w-    c:\windows\SysWow64\msaudite.dll
2015-02-24 02:17 . 2013-06-03 18:31    295552    ------w-    c:\windows\system32\MpSigStub.exe
2015-02-20 04:12 . 2015-03-29 16:33    25600    ----a-w-    c:\windows\SysWow64\lpk.dll
2015-02-04 02:54 . 2015-04-01 00:15    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2015-02-03 03:16 . 2015-03-29 16:28    3973048    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2015-02-03 03:16 . 2015-03-29 16:28    3917760    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2015-02-03 03:12 . 2015-03-29 16:28    617984    ----a-w-    c:\windows\SysWow64\wmdrmsdk.dll
2015-02-03 03:12 . 2015-03-29 16:28    179200    ----a-w-    c:\windows\SysWow64\wintrust.dll
2015-02-03 03:12 . 2015-04-01 00:16    1230848    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
2015-02-03 03:12 . 2015-03-29 16:01    171520    ----a-w-    c:\windows\SysWow64\ubpm.dll
2015-02-03 03:12 . 2015-03-29 16:28    43008    ----a-w-    c:\windows\SysWow64\srclient.dll
2015-02-03 03:12 . 2015-03-29 16:28    4096    ----a-w-    c:\windows\SysWow64\msdxm.ocx
2015-02-03 03:12 . 2015-03-29 16:28    519680    ----a-w-    c:\windows\SysWow64\qdvd.dll
2015-02-03 03:12 . 2015-03-29 16:28    1329664    ----a-w-    c:\windows\SysWow64\quartz.dll
2015-02-03 03:12 . 2015-03-29 16:28    8192    ----a-w-    c:\windows\SysWow64\spwmp.dll
2015-02-03 03:12 . 2015-03-29 16:28    504320    ----a-w-    c:\windows\SysWow64\msscp.dll
2015-02-03 03:12 . 2015-03-29 16:28    265216    ----a-w-    c:\windows\SysWow64\msnetobj.dll
2015-02-03 03:12 . 2015-03-29 16:28    3209728    ----a-w-    c:\windows\SysWow64\mf.dll
2015-02-03 03:12 . 2015-03-29 16:28    354816    ----a-w-    c:\windows\SysWow64\mfplat.dll
2015-02-03 03:12 . 2015-03-29 16:28    103424    ----a-w-    c:\windows\SysWow64\mfps.dll
2015-02-03 03:11 . 2015-03-29 16:28    50176    ----a-w-    c:\windows\SysWow64\rrinstaller.exe
2015-02-03 03:11 . 2015-03-29 16:28    23040    ----a-w-    c:\windows\SysWow64\mfpmp.exe
2015-02-03 03:11 . 2015-03-29 16:27    12625408    ----a-w-    c:\windows\SysWow64\wmploc.DLL
2015-02-03 03:09 . 2015-03-29 16:28    2048    ----a-w-    c:\windows\SysWow64\mferror.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-09-30 20880]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2013-10-16 759496]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-09-26 6482200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-09-30 929680]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-09-30 3508112]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-03-31 5512912]
.
c:\users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Configuration.lnk - c:\settings\Windows Interface.exe [2015-4-20 188416]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys;c:\windows\SYSNATIVE\drivers\BprotectEx.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 cleanhlp;cleanhlp;c:\eek\bin\cleanhlp64.sys;c:\eek\bin\cleanhlp64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 PCFApiUtil;PCFApiUtil;c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys;c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys;c:\windows\SYSNATIVE\DRIVERS\ssudobex.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AIPS;Arp Intelligent Protection Service;c:\program files (x86)\netcut\services\AIPS.exe;c:\program files (x86)\netcut\services\AIPS.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-02 07:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-03-31 20:00    722400    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-02-22 168944]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-02-22 394224]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-02-22 418800]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\uogzaevm.default-1427603869289\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1654346481-3145013308-632138677-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):ac,61,ca,8c,b7,71,58,ea,24,3c,eb,ef,b6,95,3a,25,64,61,72,ff,c4,
   88,bb,37,65,5c,7d,cd,fe,e3,de,fd,f8,c4,31,d1,1e,31,1d,fd,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1654346481-3145013308-632138677-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):17,88,35,ef,36,8d,75,68,10,98,fd,3e,65,8f,d1,8a,f2,71,a5,cb,50,
   e2,25,0a,f0,be,8a,a8,43,9d,86,00,75,be,fb,13,33,b9,24,1e,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1654346481-3145013308-632138677-1000_Classes\Wow6432Node\CLSID\{b2a937f7-d77d-495a-9a06-cd83baead8e6}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000043
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,9a,ce,da,ac,52,fa,bf,05,b8,22,85,9b,26,25,63,dd,fa,d8,2f,09,a7,cf,\
.
[HKEY_USERS\S-1-5-21-1654346481-3145013308-632138677-1000_Classes\Wow6432Node\CLSID\{ce40e1a1-f576-43ae-a727-e27944440e2a}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000168
"Therad"=dword:0000001b
"SpecVersion"=dword:00000070
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,18,d9,42,e3,c1,
   b8,98,e2,c8,28,51,af,b0,29,a3,98,04,c6,07,87,8b,3f,74,65,e2,63,26,f1,3f,c8,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,fb,4b,a1,b0,48,
   fe,72,ae,71,3b,04,66,8b,46,0d,96,3b,ae,5a,d6,55,9b,1b,b1,6a,9c,d6,61,af,45,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,de,af,95,5c,b6,
   56,cb,77,25,da,ec,7e,55,20,c9,26,66,d1,e9,25,a2,06,f1,78,ff,7c,85,e0,43,d4,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,7b,d9,e3,7a,00,
   b4,8b,88,3e,1e,9e,e0,57,5a,93,61,78,3a,7c,14,90,a2,c7,50,86,8c,21,01,be,91,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,bb,e9,67,94,fa,
   c2,e5,97,cd,44,cd,b9,a6,33,6c,cd,29,a8,29,68,7e,31,5b,c0,f5,1d,4d,73,a8,13,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,8a,73,f6,bb,80,
   f8,60,da,b0,18,ed,a7,3f,8d,37,a4,21,f1,f1,5e,97,c3,f0,e8,df,20,58,62,78,6b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,00,14,1a,7a,03,
   73,34,e6,31,77,e1,ba,b1,f8,68,02,0a,e1,a0,d0,87,a6,d9,33,fb,a7,78,e6,12,2f,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,6e,12,d3,d1,ba,
   6f,52,f6,83,6c,56,8b,a0,85,96,ab,b8,e2,fc,45,cb,00,a9,8c,01,3a,48,fc,e8,04,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,ae,01,cd,44,77,
   e3,03,ce,51,fa,6e,91,28,9e,14,cc,66,8f,6e,59,d4,f1,0a,b7,f6,0f,4e,58,98,5b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,72,a7,de,ff,60,
   64,f9,e4,b1,cd,45,5a,a8,c4,f8,b9,4d,a5,7a,b2,a9,e9,f2,50,3d,ce,ea,26,2d,45,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,5a,ec,d6,0d,e3,
   8e,09,72,e3,0e,66,d5,eb,bc,2f,6b,6a,90,05,09,19,7a,ab,91,2a,b7,cc,b5,b9,7f,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,e7,20,96,53,cf,
   60,6e,6a,fa,ea,66,7f,d4,3b,6b,70,95,78,ea,ed,ef,51,39,48,6c,43,2d,1e,aa,22,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
.
**************************************************************************
.
Completion time: 2015-04-20  02:36:52 - machine was rebooted
ComboFix-quarantined-files.txt  2015-04-20 00:36
ComboFix2.txt  2015-04-19 23:47
.
Pre-Run: 84,228,583,424 bytes free
Post-Run: 84,157,816,832 bytes free
.
- - End Of File - - F98D051D8E1285206E43A29332B7D1DA
A36C5E4F47E84449FF07ED3517B43A31
 


Edited by kittenme, 20 April 2015 - 01:21 AM.


#10 kittenme

kittenme
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Egypt
  • Local time:10:22 AM

Posted 20 April 2015 - 01:24 AM

i inserted my flash drive as you told me, but the virus pop up again it asking to replace a folder :(



#11 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:22 AM

Posted 20 April 2015 - 01:41 PM

i inserted my flash drive as you told me, but the virus pop up again it asking to replace a folder :(

Okay.

 

ComboFix2.txt  2015-04-19 23:47

Looks like you also have ran ComboFix at some point?  Could you post that log as well?  It should be at C:\ComboFix.txt

----------------

Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
 

c:\settings\Windows Interface.exe

C:\Windows Update\Interface Manager.exe

Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.

-------------------------------------------------------------------------------------------------------

Step 1:

  • Download and extract Malwarebytes Anti-Rootkit from here mbar-1.09.1.1004.zip and save it to your desktop.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Double-click mbar.exe inside the mbar folder then click 'Next'.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.
  • Click 'Update'.
  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
    • 'Could not load protection driver'. Click 'OK'.
    • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please zip and attach the two log files created by the tool within the folder from which it was run.

The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

 

Step 2:

 

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 kittenme

kittenme
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Egypt
  • Local time:10:22 AM

Posted 20 April 2015 - 02:17 PM

ComboFix 15-04-16.01 - Dell 04/20/2015   2:08.2.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1256.20.1033.18.2935.1617 [GMT 2:00]
Running from: c:\users\Dell\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dell\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll
.
.
(((((((((((((((((((((((((   Files Created from 2015-03-20 to 2015-04-20  )))))))))))))))))))))))))))))))
.
.
2015-04-20 00:25 . 2015-04-20 00:25    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Local\temp
2015-04-20 00:25 . 2015-04-20 00:25    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-04-20 00:01 . 2015-04-20 00:06    --------    d-----w-    C:\Settings
2015-04-19 17:56 . 2015-04-19 17:56    --------    d-----w-    C:\Configration
2015-04-19 07:48 . 2015-04-19 07:48    --------    d-----w-    C:\AVAST Software
2015-04-08 20:17 . 2015-04-08 20:17    --------    d-----w-    c:\program files (x86)\Common Files\Skype
2015-04-08 11:05 . 2015-02-20 02:26    968704    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2015-04-04 20:46 . 2015-04-04 20:46    --------    d-sh--w-    c:\users\Dell\AppData\Local\EmieUserList
2015-04-04 20:46 . 2015-04-04 20:46    --------    d-sh--w-    c:\users\Dell\AppData\Local\EmieSiteList
2015-04-04 20:46 . 2015-04-04 20:46    --------    d-sh--w-    c:\users\Dell\AppData\Local\EmieBrowserModeList
2015-04-02 01:25 . 2014-12-11 17:47    87040    ----a-w-    c:\windows\system32\TSWbPrxy.exe
2015-04-02 01:13 . 2014-06-24 03:29    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2015-04-02 01:13 . 2014-06-24 02:59    1987584    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2015-04-02 01:12 . 2015-01-31 03:48    3179520    ----a-w-    c:\windows\system32\rdpcorets.dll
2015-04-02 01:12 . 2015-01-31 03:48    16384    ----a-w-    c:\windows\system32\RdpGroupPolicyExtension.dll
2015-04-02 01:12 . 2015-01-30 23:56    243200    ----a-w-    c:\windows\system32\rdpudd.dll
2015-04-02 01:12 . 2014-07-09 02:03    7168    ----a-w-    c:\windows\system32\KBDYAK.DLL
2015-04-02 01:12 . 2014-07-09 02:03    7168    ----a-w-    c:\windows\system32\KBDTAT.DLL
2015-04-02 01:12 . 2014-07-09 02:03    7168    ----a-w-    c:\windows\system32\KBDRU1.DLL
2015-04-02 01:12 . 2014-07-09 02:03    6656    ----a-w-    c:\windows\system32\KBDRU.DLL
2015-04-02 01:12 . 2014-07-09 02:03    7168    ----a-w-    c:\windows\system32\KBDBASH.DLL
2015-04-02 01:12 . 2013-11-26 08:16    3419136    ----a-w-    c:\windows\SysWow64\d2d1.dll
2015-04-02 01:12 . 2013-11-22 22:48    3928064    ----a-w-    c:\windows\system32\d2d1.dll
2015-04-02 00:04 . 2015-04-19 07:55    778416    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-02 00:04 . 2015-04-19 07:55    142512    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-01 23:55 . 2015-04-01 23:55    --------    d-----w-    c:\windows\Migration
2015-04-01 23:48 . 2014-06-27 02:08    2777088    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2015-04-01 23:39 . 2014-09-05 02:11    6584320    ----a-w-    c:\windows\system32\mstscax.dll
2015-04-01 00:16 . 2015-02-03 03:31    1424896    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2015-04-01 00:15 . 2015-02-04 03:16    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2015-03-31 23:32 . 2015-03-31 23:46    --------    d-s---w-    c:\windows\system32\GWX
2015-03-31 23:32 . 2015-03-31 23:32    --------    d-s---w-    c:\windows\SysWow64\GWX
2015-03-31 22:16 . 2013-10-02 01:10    44544    ----a-w-    c:\windows\system32\TsUsbGDCoInstaller.dll
2015-03-31 22:16 . 2013-10-02 04:38    3072    ----a-w-    c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2015-03-31 22:16 . 2013-10-02 02:11    13824    ----a-w-    c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-03-31 22:16 . 2013-10-02 02:08    12800    ----a-w-    c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-03-31 22:16 . 2013-10-02 02:22    56832    ----a-w-    c:\windows\system32\drivers\TsUsbFlt.sys
2015-03-31 22:16 . 2013-10-02 01:48    56832    ----a-w-    c:\windows\system32\MsRdpWebAccess.dll
2015-03-31 22:16 . 2013-10-02 01:48    18944    ----a-w-    c:\windows\system32\wksprtPS.dll
2015-03-31 22:16 . 2013-10-02 01:29    62976    ----a-w-    c:\windows\system32\tsgqec.dll
2015-03-31 22:16 . 2013-10-02 00:01    420864    ----a-w-    c:\windows\system32\wksprt.exe
2015-03-31 22:16 . 2013-10-01 23:31    1147392    ----a-w-    c:\windows\system32\mstsc.exe
2015-03-31 22:16 . 2013-10-02 00:15    1057280    ----a-w-    c:\windows\system32\rdvidcrl.dll
2015-03-31 21:42 . 2012-08-23 14:10    19456    ----a-w-    c:\windows\system32\drivers\rdpvideominiport.sys
2015-03-31 21:42 . 2012-08-23 10:51    228864    ----a-w-    c:\windows\system32\rdpendp_winip.dll
2015-03-31 21:10 . 2014-03-09 21:48    171160    ----a-w-    c:\windows\system32\infocardapi.dll
2015-03-31 21:10 . 2014-03-09 21:48    1389208    ----a-w-    c:\windows\system32\icardagt.exe
2015-03-31 21:10 . 2014-03-09 21:47    99480    ----a-w-    c:\windows\SysWow64\infocardapi.dll
2015-03-31 21:10 . 2014-03-09 21:47    619672    ----a-w-    c:\windows\SysWow64\icardagt.exe
2015-03-31 21:10 . 2014-06-30 22:24    8856    ----a-w-    c:\windows\system32\icardres.dll
2015-03-31 21:10 . 2014-06-30 22:14    8856    ----a-w-    c:\windows\SysWow64\icardres.dll
2015-03-31 21:09 . 2014-06-06 06:12    35480    ----a-w-    c:\windows\system32\TsWpfWrp.exe
2015-03-31 20:05 . 2015-03-31 20:06    --------    d-----w-    c:\users\Dell\AppData\Roaming\Dropbox
2015-03-31 20:04 . 2015-03-31 20:04    --------    d-----w-    c:\users\Dell\AppData\Roaming\AVAST Software
2015-03-31 20:02 . 2015-03-31 20:03    --------    d-----w-    c:\windows\system32\vbox
2015-03-31 20:00 . 2015-03-31 20:00    271200    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2015-03-31 20:00 . 2015-03-31 20:00    136752    ----a-w-    c:\windows\system32\drivers\aswStm.sys
2015-03-31 20:00 . 2015-03-31 20:00    442264    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2015-03-31 20:00 . 2015-03-31 20:00    88408    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2015-03-31 20:00 . 2015-03-31 20:00    65736    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2015-03-31 20:00 . 2015-03-31 20:00    29168    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2015-03-31 20:00 . 2015-03-31 20:00    93528    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2015-03-31 20:00 . 2015-03-31 20:00    1047320    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2015-03-31 20:00 . 2015-03-31 20:00    364472    ----a-w-    c:\windows\system32\aswBoot.exe
2015-03-31 20:00 . 2015-03-31 20:00    43112    ----a-w-    c:\windows\avastSS.scr
2015-03-31 19:33 . 2015-03-31 19:33    --------    d-----w-    c:\program files\AVAST Software
2015-03-31 19:31 . 2015-03-31 19:31    --------    d-----w-    c:\programdata\AVAST Software
2015-03-30 11:20 . 2015-04-03 04:37    --------    d-----w-    c:\program files (x86)\VS Revo Group
2015-03-30 11:08 . 2015-03-30 11:08    --------    d-----w-    C:\OETemp
2015-03-30 02:16 . 2013-10-14 16:00    28368    ----a-w-    c:\windows\system32\IEUDINIT.EXE
2015-03-29 22:22 . 2015-03-29 22:22    --------    d-----w-    c:\program files\Microsoft Silverlight
2015-03-29 22:22 . 2015-03-29 22:22    --------    d-----w-    c:\program files (x86)\Microsoft Silverlight
2015-03-29 20:00 . 2015-03-29 20:03    --------    d-----w-    C:\EEK
2015-03-29 17:23 . 2015-03-29 17:23    35064    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2015-03-29 17:23 . 2015-03-29 18:54    --------    d-----w-    c:\programdata\RogueKiller
2015-03-29 17:03 . 2015-01-09 03:14    91136    ----a-w-    c:\windows\system32\wdi.dll
2015-03-29 17:03 . 2015-01-09 03:14    950272    ----a-w-    c:\windows\system32\perftrack.dll
2015-03-29 17:03 . 2015-01-09 03:14    29696    ----a-w-    c:\windows\system32\powertracker.dll
2015-03-29 16:34 . 2015-02-20 03:29    372224    ----a-w-    c:\windows\system32\atmfd.dll
2015-03-29 16:34 . 2015-02-20 04:41    41984    ----a-w-    c:\windows\system32\lpk.dll
2015-03-29 16:34 . 2015-02-20 04:40    46080    ----a-w-    c:\windows\system32\atmlib.dll
2015-03-29 16:34 . 2015-02-20 03:09    299008    ----a-w-    c:\windows\SysWow64\atmfd.dll
2015-03-29 16:34 . 2015-02-20 04:13    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
2015-03-29 16:34 . 2015-02-20 04:40    14336    ----a-w-    c:\windows\system32\dciman32.dll
2015-03-29 16:33 . 2015-02-20 04:40    100864    ----a-w-    c:\windows\system32\fontsub.dll
2015-03-29 16:33 . 2015-02-20 04:13    10240    ----a-w-    c:\windows\SysWow64\dciman32.dll
2015-03-29 16:33 . 2015-02-20 04:13    70656    ----a-w-    c:\windows\SysWow64\fontsub.dll
2015-03-29 16:33 . 2013-10-30 02:32    335360    ----a-w-    c:\windows\system32\msieftp.dll
2015-03-29 16:33 . 2014-01-28 02:32    228864    ----a-w-    c:\windows\system32\wwansvc.dll
2015-03-29 16:32 . 2014-06-03 10:02    1719296    ----a-w-    c:\program files\Windows Journal\NBDoc.DLL
2015-03-29 16:31 . 2014-06-03 10:02    1380864    ----a-w-    c:\program files\Windows Journal\JNTFiltr.dll
2015-03-29 16:31 . 2014-06-03 10:02    1354240    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2015-03-29 16:31 . 2014-06-03 10:02    1389568    ----a-w-    c:\program files\Windows Journal\JNWDRV.dll
2015-03-29 16:31 . 2014-06-03 09:29    936960    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2015-03-29 16:31 . 2014-04-25 02:34    801280    ----a-w-    c:\windows\system32\usp10.dll
2015-03-29 16:30 . 2014-08-01 11:53    1031168    ----a-w-    c:\windows\system32\TSWorkspace.dll
2015-03-29 16:29 . 2015-02-03 03:30    842240    ----a-w-    c:\windows\system32\blackbox.dll
2015-03-29 16:29 . 2015-02-03 03:12    744960    ----a-w-    c:\windows\SysWow64\blackbox.dll
2015-03-29 16:29 . 2015-02-03 03:30    1202176    ----a-w-    c:\windows\system32\drmv2clt.dll
2015-03-29 16:27 . 2015-02-03 03:28    6656    ----a-w-    c:\windows\system32\apisetschema.dll
2015-03-29 16:27 . 2015-02-03 03:08    6656    ----a-w-    c:\windows\SysWow64\apisetschema.dll
2015-03-29 16:27 . 2015-02-03 03:30    12625920    ----a-w-    c:\windows\system32\wmploc.DLL
2015-03-29 16:16 . 2014-12-19 03:06    210432    ----a-w-    c:\windows\system32\profsvc.dll
2015-03-29 16:16 . 2014-06-18 22:23    1943696    ----a-w-    c:\windows\system32\dfshim.dll
2015-03-29 16:16 . 2014-06-18 22:23    156312    ----a-w-    c:\windows\system32\mscorier.dll
2015-03-29 16:16 . 2014-06-18 22:23    1131664    ----a-w-    c:\windows\SysWow64\dfshim.dll
2015-03-29 16:16 . 2014-06-18 22:23    73880    ----a-w-    c:\windows\system32\mscories.dll
2015-03-29 16:09 . 2015-03-29 16:09    43664    ----a-w-    c:\windows\system32\drivers\hitmanpro37.sys
2015-03-29 16:07 . 2014-01-29 02:32    484864    ----a-w-    c:\windows\system32\wer.dll
2015-03-29 16:07 . 2013-10-19 02:18    81408    ----a-w-    c:\windows\system32\imagehlp.dll
2015-03-29 16:07 . 2013-10-19 01:36    159232    ----a-w-    c:\windows\SysWow64\imagehlp.dll
2015-03-29 16:07 . 2014-04-05 02:47    1903552    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2015-03-29 16:07 . 2014-04-05 02:47    288192    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2015-03-29 16:07 . 2013-11-26 11:40    376768    ----a-w-    c:\windows\system32\drivers\netio.sys
2015-03-29 16:05 . 2014-10-14 02:13    683520    ----a-w-    c:\windows\system32\termsrv.dll
2015-03-29 16:03 . 2014-12-06 04:17    303616    ----a-w-    c:\windows\system32\nlasvc.dll
2015-03-29 16:03 . 2014-03-26 14:44    2002432    ----a-w-    c:\windows\system32\msxml6.dll
2015-03-29 16:03 . 2014-03-26 14:41    2048    ----a-w-    c:\windows\system32\msxml6r.dll
2015-03-29 16:01 . 2015-02-03 03:31    215552    ----a-w-    c:\windows\system32\ubpm.dll
2015-03-29 16:01 . 2014-08-21 06:43    1882624    ----a-w-    c:\windows\system32\msxml3.dll
2015-03-29 16:01 . 2014-08-21 06:40    2048    ----a-w-    c:\windows\system32\msxml3r.dll
2015-03-29 16:01 . 2013-12-04 02:16    658432    ----a-w-    c:\windows\system32\RMActivate_isv.exe
2015-03-29 16:01 . 2013-12-04 02:16    626176    ----a-w-    c:\windows\system32\RMActivate.exe
2015-03-29 16:01 . 2013-12-04 02:16    552960    ----a-w-    c:\windows\system32\RMActivate_ssp_isv.exe
2015-03-29 16:01 . 2013-12-04 02:16    553984    ----a-w-    c:\windows\system32\RMActivate_ssp.exe
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-19 07:48 . 2015-04-19 07:48    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E197D33-04B8-44AA-AB43-4A08AED18E32}\offreg.dll
2015-04-02 03:09 . 2015-04-02 03:09    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2015-04-02 03:09 . 2015-04-02 03:09    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2015-04-02 03:09 . 2015-04-02 03:09    1888256    ----a-w-    c:\windows\SysWow64\wininet.dll
2015-04-02 03:09 . 2015-04-02 03:09    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2015-04-02 03:09 . 2015-04-02 03:09    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2015-04-02 03:09 . 2015-04-02 03:09    64000    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2015-04-02 03:09 . 2015-04-02 03:09    503296    ----a-w-    c:\windows\SysWow64\vbscript.dll
2015-04-02 03:09 . 2015-04-02 03:09    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2015-04-02 03:09 . 2015-04-02 03:09    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2015-04-02 03:09 . 2015-04-02 03:09    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2015-04-02 03:09 . 2015-04-02 03:09    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2015-04-02 03:09 . 2015-04-02 03:09    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2015-04-02 03:09 . 2015-04-02 03:09    1155072    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2015-03-15 13:19 . 2014-02-25 05:22    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-03-14 10:02 . 2015-04-08 11:27    12002392    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E197D33-04B8-44AA-AB43-4A08AED18E32}\mpengine.dll
2015-03-11 15:48 . 2013-06-04 12:09    122905856    ----a-w-    c:\windows\system32\MRT.exe
2015-03-06 05:10 . 2015-03-29 13:59    172032    ----a-w-    c:\windows\SysWow64\wdigest.dll
2015-03-06 05:10 . 2015-03-29 13:59    65536    ----a-w-    c:\windows\SysWow64\TSpkg.dll
2015-03-06 05:10 . 2015-03-29 13:59    248832    ----a-w-    c:\windows\SysWow64\schannel.dll
2015-03-06 05:10 . 2015-03-29 13:59    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2015-03-06 05:10 . 2015-03-29 13:59    259584    ----a-w-    c:\windows\SysWow64\msv1_0.dll
2015-03-06 05:10 . 2015-03-29 13:59    221184    ----a-w-    c:\windows\SysWow64\ncrypt.dll
2015-03-06 05:10 . 2015-03-29 13:59    550912    ----a-w-    c:\windows\SysWow64\kerberos.dll
2015-03-06 05:09 . 2015-03-29 13:59    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2015-03-06 05:07 . 2015-03-29 13:59    60416    ----a-w-    c:\windows\SysWow64\msobjs.dll
2015-03-06 05:07 . 2015-03-29 13:59    146432    ----a-w-    c:\windows\SysWow64\msaudite.dll
2015-02-24 02:17 . 2013-06-03 18:31    295552    ------w-    c:\windows\system32\MpSigStub.exe
2015-02-20 04:12 . 2015-03-29 16:33    25600    ----a-w-    c:\windows\SysWow64\lpk.dll
2015-02-04 02:54 . 2015-04-01 00:15    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2015-02-03 03:16 . 2015-03-29 16:28    3973048    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2015-02-03 03:16 . 2015-03-29 16:28    3917760    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2015-02-03 03:12 . 2015-03-29 16:28    617984    ----a-w-    c:\windows\SysWow64\wmdrmsdk.dll
2015-02-03 03:12 . 2015-03-29 16:28    179200    ----a-w-    c:\windows\SysWow64\wintrust.dll
2015-02-03 03:12 . 2015-04-01 00:16    1230848    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
2015-02-03 03:12 . 2015-03-29 16:01    171520    ----a-w-    c:\windows\SysWow64\ubpm.dll
2015-02-03 03:12 . 2015-03-29 16:28    43008    ----a-w-    c:\windows\SysWow64\srclient.dll
2015-02-03 03:12 . 2015-03-29 16:28    4096    ----a-w-    c:\windows\SysWow64\msdxm.ocx
2015-02-03 03:12 . 2015-03-29 16:28    519680    ----a-w-    c:\windows\SysWow64\qdvd.dll
2015-02-03 03:12 . 2015-03-29 16:28    1329664    ----a-w-    c:\windows\SysWow64\quartz.dll
2015-02-03 03:12 . 2015-03-29 16:28    8192    ----a-w-    c:\windows\SysWow64\spwmp.dll
2015-02-03 03:12 . 2015-03-29 16:28    504320    ----a-w-    c:\windows\SysWow64\msscp.dll
2015-02-03 03:12 . 2015-03-29 16:28    265216    ----a-w-    c:\windows\SysWow64\msnetobj.dll
2015-02-03 03:12 . 2015-03-29 16:28    3209728    ----a-w-    c:\windows\SysWow64\mf.dll
2015-02-03 03:12 . 2015-03-29 16:28    354816    ----a-w-    c:\windows\SysWow64\mfplat.dll
2015-02-03 03:12 . 2015-03-29 16:28    103424    ----a-w-    c:\windows\SysWow64\mfps.dll
2015-02-03 03:11 . 2015-03-29 16:28    50176    ----a-w-    c:\windows\SysWow64\rrinstaller.exe
2015-02-03 03:11 . 2015-03-29 16:28    23040    ----a-w-    c:\windows\SysWow64\mfpmp.exe
2015-02-03 03:11 . 2015-03-29 16:27    12625408    ----a-w-    c:\windows\SysWow64\wmploc.DLL
2015-02-03 03:09 . 2015-03-29 16:28    2048    ----a-w-    c:\windows\SysWow64\mferror.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-09-30 20880]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2013-10-16 759496]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-09-26 6482200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-09-30 929680]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-09-30 3508112]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-03-31 5512912]
.
c:\users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Configuration.lnk - c:\settings\Windows Interface.exe [2015-4-20 188416]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys;c:\windows\SYSNATIVE\drivers\BprotectEx.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 cleanhlp;cleanhlp;c:\eek\bin\cleanhlp64.sys;c:\eek\bin\cleanhlp64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 PCFApiUtil;PCFApiUtil;c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys;c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys;c:\windows\SYSNATIVE\DRIVERS\ssudobex.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AIPS;Arp Intelligent Protection Service;c:\program files (x86)\netcut\services\AIPS.exe;c:\program files (x86)\netcut\services\AIPS.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-02 07:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-03-31 20:00    722400    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-02-22 168944]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-02-22 394224]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-02-22 418800]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\uogzaevm.default-1427603869289\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1654346481-3145013308-632138677-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):ac,61,ca,8c,b7,71,58,ea,24,3c,eb,ef,b6,95,3a,25,64,61,72,ff,c4,
   88,bb,37,65,5c,7d,cd,fe,e3,de,fd,f8,c4,31,d1,1e,31,1d,fd,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1654346481-3145013308-632138677-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):17,88,35,ef,36,8d,75,68,10,98,fd,3e,65,8f,d1,8a,f2,71,a5,cb,50,
   e2,25,0a,f0,be,8a,a8,43,9d,86,00,75,be,fb,13,33,b9,24,1e,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1654346481-3145013308-632138677-1000_Classes\Wow6432Node\CLSID\{b2a937f7-d77d-495a-9a06-cd83baead8e6}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000043
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,9a,ce,da,ac,52,fa,bf,05,b8,22,85,9b,26,25,63,dd,fa,d8,2f,09,a7,cf,\
.
[HKEY_USERS\S-1-5-21-1654346481-3145013308-632138677-1000_Classes\Wow6432Node\CLSID\{ce40e1a1-f576-43ae-a727-e27944440e2a}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000168
"Therad"=dword:0000001b
"SpecVersion"=dword:00000070
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,18,d9,42,e3,c1,
   b8,98,e2,c8,28,51,af,b0,29,a3,98,04,c6,07,87,8b,3f,74,65,e2,63,26,f1,3f,c8,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,fb,4b,a1,b0,48,
   fe,72,ae,71,3b,04,66,8b,46,0d,96,3b,ae,5a,d6,55,9b,1b,b1,6a,9c,d6,61,af,45,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,de,af,95,5c,b6,
   56,cb,77,25,da,ec,7e,55,20,c9,26,66,d1,e9,25,a2,06,f1,78,ff,7c,85,e0,43,d4,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,7b,d9,e3,7a,00,
   b4,8b,88,3e,1e,9e,e0,57,5a,93,61,78,3a,7c,14,90,a2,c7,50,86,8c,21,01,be,91,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,bb,e9,67,94,fa,
   c2,e5,97,cd,44,cd,b9,a6,33,6c,cd,29,a8,29,68,7e,31,5b,c0,f5,1d,4d,73,a8,13,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,8a,73,f6,bb,80,
   f8,60,da,b0,18,ed,a7,3f,8d,37,a4,21,f1,f1,5e,97,c3,f0,e8,df,20,58,62,78,6b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,00,14,1a,7a,03,
   73,34,e6,31,77,e1,ba,b1,f8,68,02,0a,e1,a0,d0,87,a6,d9,33,fb,a7,78,e6,12,2f,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,6e,12,d3,d1,ba,
   6f,52,f6,83,6c,56,8b,a0,85,96,ab,b8,e2,fc,45,cb,00,a9,8c,01,3a,48,fc,e8,04,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,ae,01,cd,44,77,
   e3,03,ce,51,fa,6e,91,28,9e,14,cc,66,8f,6e,59,d4,f1,0a,b7,f6,0f,4e,58,98,5b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,72,a7,de,ff,60,
   64,f9,e4,b1,cd,45,5a,a8,c4,f8,b9,4d,a5,7a,b2,a9,e9,f2,50,3d,ce,ea,26,2d,45,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,5a,ec,d6,0d,e3,
   8e,09,72,e3,0e,66,d5,eb,bc,2f,6b,6a,90,05,09,19,7a,ab,91,2a,b7,cc,b5,b9,7f,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,e7,20,96,53,cf,
   60,6e,6a,fa,ea,66,7f,d4,3b,6b,70,95,78,ea,ed,ef,51,39,48,6c,43,2d,1e,aa,22,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
.
**************************************************************************
.
Completion time: 2015-04-20  02:36:52 - machine was rebooted
ComboFix-quarantined-files.txt  2015-04-20 00:36
ComboFix2.txt  2015-04-19 23:47
.
Pre-Run: 84,228,583,424 bytes free
Post-Run: 84,157,816,832 bytes free
.
- - End Of File - - F98D051D8E1285206E43A29332B7D1DA
A36C5E4F47E84449FF07ED3517B43A31
 



#13 kittenme

kittenme
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Egypt
  • Local time:10:22 AM

Posted 20 April 2015 - 02:23 PM

i am doing the next steps thanks for waiting



#14 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:22 AM

Posted 20 April 2015 - 02:34 PM

Sorry. This is not the log.
I want the other ComboFix log.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 kittenme

kittenme
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Egypt
  • Local time:10:22 AM

Posted 20 April 2015 - 02:39 PM

the result of c:\settings\Windows Interface.exe scan is

  https://www.virustotal.com/en/file/74f1712c0bc03c42531ef84edd1e93a95c96713a7ecaab9c9970ec67f551af3c/analysis/1429557618/

 

but i didn't find this file in my computer C:\Windows Update\Interface Manager.exe

 

--------------------------------------

going to step 1  and 2   ....


Sorry. This is not the log.
I want the other ComboFix log.

how can i find it :(?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users