Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91521 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Walmart, the Russians, and my wife [Solved]


  • This topic is locked This topic is locked
28 replies to this topic

#16 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,115 posts

Posted 31 January 2014 - 12:04 AM

How do things seem to be running now?


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

    Advertisements

Register to Remove


#17 Wheelbig

Wheelbig

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 31 January 2014 - 06:20 PM

Everything seems to be working fine.  No more Avast warnings and mbam scan was clean.  One odd thing though, every time I open Firefox it opens a "welcome to firefox" tab and a tab for every addon I have installed as if I just installed it.  Like the profile isn't beijing saved.



#18 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,115 posts

Posted 31 January 2014 - 07:14 PM

Interesting.  I'm not seeing anything in your logs that I can for sure would account for that.  The infection we removed did try to "hook" Internet explorer and perhaps it effected Firefox also.  Your firefox profile wasn't removed.  I run a no script add on for firefox that opens a tab every time I start firefox.  I have always assumed there is some setting I need to "adjust" to make it stop but I'm to lazy to check it out.  I do most of my "work" here from home on my laptop and seldom ever shut firefox off.   Other than that, the only time I can think of that I get the Welcome to firefox message is firefox is updated.

 

How about you run me a set of DDS logs for me to give a last look over.


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#19 Wheelbig

Wheelbig

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 01 February 2014 - 01:07 PM

Dds.txt and attach.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by Superuser at 12:57:30 on 2014-02-01
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3948.2374 [GMT -6:00]
.
AV: avast! Internet Security *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Internet Security *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Dolby PCEE4\pcee4.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
c:\program files (x86)\teamviewer\version9\TeamViewer_Desktop.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=MAGW
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{DF49C52B-53F5-401C-B859-02C3076734ED} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DF49C52B-53F5-401C-B859-02C3076734ED}\145727F627167457563747 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{DF49C52B-53F5-401C-B859-02C3076734ED}\25F49514C4E45445 : DHCPNameServer = 10.0.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages =  scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [Power Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Superuser\AppData\Roaming\Mozilla\Firefox\Profiles\f7pbzpk1.default\
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
.
============= SERVICES / DRIVERS ===============
.
R?2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-31 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-31 207904]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-1-10 28184]
R1 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswndisflt.sys [2013-3-31 439648]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-1-10 1034464]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-1-10 422216]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-1-10 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-12-21 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2013-12-21 113704]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2012-3-7 198784]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-9-22 353360]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2012-3-7 872552]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2011-1-17 39528]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-22 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-9-22 2375168]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2011-9-22 244624]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [2011-3-9 257344]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-11-26 1225312]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-1-24 5341536]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-7 2656280]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2013-12-21 79672]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-9-22 185128]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-9-22 317440]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-6-21 25496]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-9-22 76912]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-9-22 335464]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-11-26 659040]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2012-3-7 620072]
S3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\System32\drivers\btwdpan.sys [2012-3-7 89640]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-3-7 39976]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-1-10 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-6-21 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-31 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-2-24 31800]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-31 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-31 30208]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-2 1255736]
.
=============== Created Last 30 ================
.
2014-01-31 14:18:50    10315576    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9008B666-248B-4816-AF4E-5045F9183678}\mpengine.dll
2014-01-31 00:45:21    --------    d-----w-    C:\AdwCleaner
2014-01-31 00:11:03    --------    d-----w-    C:\Windows\ERUNT
2014-01-30 22:21:59    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-01-30 22:21:56    --------    d-----w-    C:\Users\Superuser\AppData\Local\temp
2014-01-30 22:14:22    98816    ----a-w-    C:\Windows\sed.exe
2014-01-30 22:14:22    256000    ----a-w-    C:\Windows\PEV.exe
2014-01-30 22:14:22    208896    ----a-w-    C:\Windows\MBR.exe
2014-01-25 04:18:31    --------    d-----w-    C:\Program Files (x86)\TeamViewer
2014-01-25 04:17:47    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-25 04:17:47    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-15 17:24:32    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 17:24:32    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2014-01-15 17:24:32    53248    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2014-01-15 17:24:32    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2014-01-15 17:24:32    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2014-01-15 17:24:32    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 17:24:32    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2014-01-15 17:24:31    376768    ----a-w-    C:\Windows\System32\drivers\netio.sys
2014-01-15 17:24:31    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-01-11 03:26:10    --------    d-----w-    C:\Program Files (x86)\FA Davis
.
==================== Find3M  ====================
.
2014-01-08 16:02:01    439648    ----a-w-    C:\Windows\System32\drivers\aswndisflt.sys
2013-12-22 01:14:15    79672    ----a-w-    C:\Windows\System32\drivers\aswstm.sys
2013-12-22 00:13:30    92544    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2013-12-22 00:13:30    78648    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2013-12-22 00:13:30    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2013-12-22 00:13:30    207904    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2013-12-22 00:13:30    1034464    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2013-12-22 00:13:29    43152    ----a-w-    C:\Windows\avastSS.scr
2013-12-22 00:13:27    28184    ----a-w-    C:\Windows\System32\drivers\aswKbd.sys
2013-12-19 13:11:26    270824    ----a-w-    C:\Windows\System32\drivers\aswNdis2.sys
2013-12-19 13:11:24    131232    ----a-w-    C:\Windows\System32\drivers\aswFW.sys
2013-12-18 12:13:56    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-11-12 02:07:29    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 12:57:50.28 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/2/2012 1:07:22 PM
System Uptime: 2/1/2014 12:44:09 PM (0 hours ago)
.
Motherboard: Gateway |  | SJM40_HR
Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz | CPU1 | 2475/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 450 GiB total, 390.944 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP189: 12/24/2013 9:39:58 AM - Windows Update
RP190: 12/31/2013 7:15:45 PM - Windows Update
RP191: 1/7/2014 9:37:31 AM - Windows Update
RP192: 1/10/2014 10:43:20 AM - Windows Update
RP193: 1/14/2014 11:02:12 AM - Windows Update
RP194: 1/16/2014 12:00:53 PM - Windows Update
RP195: 1/21/2014 4:36:39 PM - Windows Update
RP197: 1/24/2014 10:38:49 PM - Revo Uninstaller Pro's restore point - LogMeIn
RP198: 1/28/2014 4:04:55 PM - Windows Update
RP200: 1/28/2014 9:42:11 PM - Windows Defender Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 12 Plugin
Adult-Gerontology and Family Nurse Practitioner Certification E
Adult-Gerontology and Family Nurse Practitioner Certification Examination
Agatha Christie - Death on the Nile
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
avast! Internet Security
Backup Manager V3
Bejeweled 2 Deluxe
Build-a-lot 4 - Power Source
CCleaner
Chronicles of Albian
Chuzzle Deluxe
Citrix Online Launcher
Conexant HD Audio
Cradle of Rome 2
CyberLink MediaEspresso
CyberLink PowerDVD 10
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dora's World Adventure
ETDWare PS/2-X64 10.0.6.2_WHQL
FATE: The Cursed King
Final Drive: Nitro
Gateway Games
Gateway MyBackup
Gateway Power Management
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Social Networks
Gateway Updater
GenoPro 2.5.4.1
Governor of Poker 2 Premium Edition
HomeMedia
HP Officejet 6500 E710n-z Basic Device Software
HP Officejet 6500 E710n-z Help
HP Update
I.R.I.S. OCR
Identity Card
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless WiFi Software
Intel® Rapid Storage Technology
Intel® Turbo Boost Technology Monitor 2.0
Intel® WiDi
Intel® Wireless Display
iPublishCentral Reader
Jewel Match 3
Junk Mail filter update
Launch Manager
LeapFrog Connect
LeapFrog LeapPad Explorer Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
MatchWare MindView 5.0
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Movie Maker
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 24.2.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
Mystery of Mortlake Mansion
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
NOOK for PC
PDF-Viewer
Penguins!
Photo Common
Photo Gallery
Plants vs. Zombies - Game of the Year
Polar Bowler
Polar Golfer
Realtek PCIE Card Reader
Renesas Electronics USB 3.0 Host Controller Driver
Revo Uninstaller Pro 3.0.8
Secunia PSI (3.0.0.6001)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype™ 6.3
SpywareBlaster 5.0
StyleEase for APA Style, version 3.94
TeamViewer 9
Torchlight
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Update Installer for WildTangent Games App
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
Video Web Camera
Virtual Villagers 5 - New Believers
Welcome Center
WIDCOMM Bluetooth Software
WildTangent Games App
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
2/1/2014 12:46:05 PM, Error: Service Control Manager [7022]  - The Client Virtualization Handler service hung on starting.
.
==== End Of File ===========================
 



#20 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,115 posts

Posted 01 February 2014 - 01:50 PM

That is looking pretty good, but let's see if we can clean up some orphans.

 

Please run combofix again like you did before.


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#21 Wheelbig

Wheelbig

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 01 February 2014 - 02:18 PM

ComboFix 14-01-29.01 - Superuser 02/01/2014  14:03:39.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3948.2420 [GMT -6:00]
Running from: c:\users\Amy\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Internet Security *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Internet Security *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-01 to 2014-02-01  )))))))))))))))))))))))))))))))
.
.
2014-02-01 20:08 . 2014-02-01 20:08    --------    d-----w-    c:\users\Superuser\AppData\Local\temp
2014-02-01 20:08 . 2014-02-01 20:08    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-02-01 20:08 . 2014-02-01 20:08    --------    d-----w-    c:\users\Alpha\AppData\Local\temp
2014-02-01 00:44 . 2014-02-01 00:44    --------    d-----w-    c:\users\Amy\AppData\Roaming\MatchWare
2014-02-01 00:44 . 2014-02-01 00:44    --------    d-----w-    c:\users\Amy\AppData\Local\MatchWare
2014-01-31 14:18 . 2013-12-04 03:28    10315576    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{9008B666-248B-4816-AF4E-5045F9183678}\mpengine.dll
2014-01-31 00:45 . 2014-01-31 03:13    --------    d-----w-    C:\AdwCleaner
2014-01-31 00:11 . 2014-01-31 00:11    --------    d-----w-    c:\windows\ERUNT
2014-01-27 19:47 . 2014-01-27 19:47    --------    d-----w-    c:\users\Alpha\AppData\Roaming\AVAST Software
2014-01-25 04:18 . 2014-01-25 04:18    --------    d-----w-    c:\program files (x86)\TeamViewer
2014-01-25 04:17 . 2014-01-25 04:17    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-25 04:17 . 2014-01-25 04:17    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-25 02:43 . 2014-01-25 02:44    --------    d-----w-    c:\users\Amy\AppData\Roaming\Ledema
2014-01-24 18:56 . 2014-01-24 18:56    --------    d-----w-    c:\users\Amy\AppData\Roaming\Ygloirnu
2014-01-24 01:06 . 2014-01-24 01:06    --------    d-----w-    c:\users\Amy\AppData\Local\Broadcom
2014-01-15 17:24 . 2013-11-27 01:41    343040    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2014-01-15 17:24 . 2013-11-27 01:41    99840    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2014-01-15 17:24 . 2013-11-27 01:41    53248    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2014-01-15 17:24 . 2013-11-27 01:41    325120    ----a-w-    c:\windows\system32\drivers\usbport.sys
2014-01-15 17:24 . 2013-11-27 01:41    25600    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2014-01-15 17:24 . 2013-11-27 01:41    30720    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2014-01-15 17:24 . 2013-11-27 01:41    7808    ----a-w-    c:\windows\system32\drivers\usbd.sys
2014-01-15 17:24 . 2013-11-26 11:40    376768    ----a-w-    c:\windows\system32\drivers\netio.sys
2014-01-15 17:24 . 2013-11-26 10:32    3156480    ----a-w-    c:\windows\system32\win32k.sys
2014-01-11 03:26 . 2014-01-26 22:09    --------    d-----w-    c:\program files (x86)\Common Files\Adobe AIR
2014-01-11 03:26 . 2014-01-11 03:26    --------    d-----w-    c:\program files (x86)\FA Davis
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-16 18:01 . 2012-12-02 20:42    86054176    ----a-w-    c:\windows\system32\MRT.exe
2014-01-08 16:02 . 2013-04-01 03:48    439648    ----a-w-    c:\windows\system32\drivers\aswndisflt.sys
2013-12-22 01:14 . 2013-12-22 00:13    79672    ----a-w-    c:\windows\system32\drivers\aswstm.sys
2013-12-22 00:13 . 2013-04-01 03:48    65776    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-12-22 00:13 . 2013-04-01 03:48    207904    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-12-22 00:13 . 2013-01-11 04:07    422216    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-12-22 00:13 . 2013-01-11 04:07    92544    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-12-22 00:13 . 2013-01-11 04:07    1034464    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-12-22 00:13 . 2013-01-11 04:07    78648    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-12-22 00:13 . 2013-01-11 04:07    334136    ----a-w-    c:\windows\system32\aswBoot.exe
2013-12-22 00:13 . 2013-01-11 04:06    43152    ----a-w-    c:\windows\avastSS.scr
2013-12-22 00:13 . 2013-01-11 04:07    28184    ----a-w-    c:\windows\system32\drivers\aswKbd.sys
2013-12-19 13:11 . 2013-01-11 04:07    64288    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-12-19 13:11 . 2013-01-11 04:07    270824    ----a-w-    c:\windows\system32\drivers\aswNdis2.sys
2013-12-19 13:11 . 2013-01-11 04:07    131232    ----a-w-    c:\windows\system32\drivers\aswFW.sys
2013-12-18 12:13 . 2010-11-21 03:27    270496    ------w-    c:\windows\system32\MpSigStub.exe
2013-11-26 11:54 . 2013-12-11 14:35    23183360    ----a-w-    c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-11 14:36    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-11 14:36    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-11 14:36    66048    ----a-w-    c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-11 14:36    48640    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-11 14:35    2764288    ----a-w-    c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-11 14:36    53760    ----a-w-    c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-11 14:36    33792    ----a-w-    c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-11 14:36    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-11 14:36    574976    ----a-w-    c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-11 14:36    139264    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-11 14:36    111616    ----a-w-    c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-11 14:35    708608    ----a-w-    c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-11 14:36    218624    ----a-w-    c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-11 14:35    5769216    ----a-w-    c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-11 14:35    553472    ----a-w-    c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-11 14:35    4243968    ----a-w-    c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-11 14:35    1995264    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-11 14:35    12996608    ----a-w-    c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-11 14:35    1928192    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-11 14:35    2334208    ----a-w-    c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-11 14:35    1395200    ----a-w-    c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-11 14:35    817664    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-11 14:35    1820160    ----a-w-    c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-10 22:39    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-10 22:39    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-11-22 15:19 . 2013-11-22 15:19    940032    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-22 15:19 . 2013-11-22 15:19    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-11-22 15:19 . 2013-11-22 15:19    942592    ----a-w-    c:\windows\system32\jsIntl.dll
2013-11-22 15:19 . 2013-11-22 15:19    90112    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-11-22 15:19 . 2013-11-22 15:19    86016    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2013-11-22 15:19 . 2013-11-22 15:19    86016    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-11-22 15:19 . 2013-11-22 15:19    84992    ----a-w-    c:\windows\system32\mshtmled.dll
2013-11-22 15:19 . 2013-11-22 15:19    83968    ----a-w-    c:\windows\system32\MshtmlDac.dll
2013-11-22 15:19 . 2013-11-22 15:19    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-11-22 15:19 . 2013-11-22 15:19    774144    ----a-w-    c:\windows\system32\jscript.dll
2013-11-22 15:19 . 2013-11-22 15:19    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-11-22 15:19 . 2013-11-22 15:19    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-22 15:19 . 2013-11-22 15:19    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-22 15:19 . 2013-11-22 15:19    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2013-11-22 15:19 . 2013-11-22 15:19    626176    ----a-w-    c:\windows\system32\msfeeds.dll
2013-11-22 15:19 . 2013-11-22 15:19    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-11-22 15:19 . 2013-11-22 15:19    62464    ----a-w-    c:\windows\system32\pngfilt.dll
2013-11-22 15:19 . 2013-11-22 15:19    61952    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2013-11-22 15:19 . 2013-11-22 15:19    61952    ----a-w-    c:\windows\SysWow64\iesetup.dll
2013-11-22 15:19 . 2013-11-22 15:19    616104    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-11-22 15:19 . 2013-11-22 15:19    548352    ----a-w-    c:\windows\system32\vbscript.dll
2013-11-22 15:19 . 2013-11-22 15:19    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-11-22 15:19 . 2013-11-22 15:19    51200    ----a-w-    c:\windows\SysWow64\ieetwproxystub.dll
2013-11-22 15:19 . 2013-11-22 15:19    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-11-22 15:19 . 2013-11-22 15:19    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-11-22 15:19 . 2013-11-22 15:19    48128    ----a-w-    c:\windows\system32\imgutil.dll
2013-11-22 15:19 . 2013-11-22 15:19    454656    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-11-22 15:19 . 2013-11-22 15:19    453120    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-11-22 15:19 . 2013-11-22 15:19    413696    ----a-w-    c:\windows\system32\html.iec
2013-11-22 15:19 . 2013-11-22 15:19    40448    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-22 15:19 . 2013-11-22 15:19    36352    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-11-22 15:19 . 2013-11-22 15:19    34816    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-22 15:19 . 2013-11-22 15:19    337408    ----a-w-    c:\windows\SysWow64\html.iec
2013-11-22 15:19 . 2013-11-22 15:19    30208    ----a-w-    c:\windows\system32\licmgr10.dll
2013-11-22 15:19 . 2013-11-22 15:19    296960    ----a-w-    c:\windows\system32\dxtrans.dll
2013-11-22 15:19 . 2013-11-22 15:19    263376    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-11-22 15:19 . 2013-11-22 15:19    247808    ----a-w-    c:\windows\system32\msls31.dll
2013-11-22 15:19 . 2013-11-22 15:19    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-11-22 15:19 . 2013-11-22 15:19    243200    ----a-w-    c:\windows\system32\webcheck.dll
2013-11-22 15:19 . 2013-11-22 15:19    235520    ----a-w-    c:\windows\system32\url.dll
2013-11-22 15:19 . 2013-11-22 15:19    235008    ----a-w-    c:\windows\system32\elshyph.dll
2013-11-22 15:19 . 2013-11-22 15:19    195584    ----a-w-    c:\windows\system32\msrating.dll
2013-11-22 15:19 . 2013-11-22 15:19    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-11-22 15:19 . 2013-11-22 15:19    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-11-22 15:19 . 2013-11-22 15:19    151552    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-11-22 15:19 . 2013-11-22 15:19    147968    ----a-w-    c:\windows\system32\occache.dll
2013-11-22 15:19 . 2013-11-22 15:19    143872    ----a-w-    c:\windows\system32\wextract.exe
2013-11-22 15:19 . 2013-11-22 15:19    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-11-22 15:19 . 2013-11-22 15:19    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-11-22 15:19 . 2013-11-22 15:19    135680    ----a-w-    c:\windows\system32\iepeers.dll
2013-11-22 15:19 . 2013-11-22 15:19    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-11-22 15:19 . 2013-11-22 15:19    13312    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-11-22 15:19 . 2013-11-22 15:19    131072    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-11-22 15:19 . 2013-11-22 15:19    1228800    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-11-22 15:19 . 2013-11-22 15:19    112128    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-11-22 15:19 . 2013-11-22 15:19    111616    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-11-22 15:19 . 2013-11-22 15:19    105984    ----a-w-    c:\windows\system32\iesysprep.dll
2013-11-22 15:19 . 2013-11-22 15:19    1051136    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" [2011-03-09 290112]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Dolby Home Theater v4"="c:\dolby pcee4\pcee4.exe" [2011-06-01 506712]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2013-02-16 298616]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-22 3764024]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-8-30 1337632]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-11-26 573024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    REG_MULTI_SZ       scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
2;2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe;c:\program files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-22 00:13    287280    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"Power Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2011-05-10 1831528]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/?pc=MAGW
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Superuser\AppData\Roaming\Mozilla\Firefox\Profiles\f7pbzpk1.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-01  14:09:57
ComboFix-quarantined-files.txt  2014-02-01 20:09
.
Pre-Run: 421,482,315,776 bytes free
Post-Run: 421,415,452,672 bytes free
.
- - End Of File - - 91AE6BC610E5BC81B44334BA0F6CE3DF
 



#22 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,115 posts

Posted 01 February 2014 - 03:40 PM

Great.  That swept out the orphans.

 

Is Firefox still acting "weird"?


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#23 Wheelbig

Wheelbig

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 01 February 2014 - 04:40 PM

I completely uninstalled it and so far it seems to be back to normal.



#24 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,115 posts

Posted 01 February 2014 - 05:19 PM

And then you reinstalled and gave it a test drive?


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#25 Wheelbig

Wheelbig

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 01 February 2014 - 05:43 PM

Yes, I no longer have "welcome to firefox' tab popping up nor tabs for all my adons every time I open firefox.  I used Revo uninstaller.  It runs the firefox uninstaller and then searches for remnants.  Make sure during the firefox uninstall that you check the box to uninstall all your settings. 


    Advertisements

Register to Remove


#26 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,115 posts

Posted 01 February 2014 - 06:05 PM

Sounds good.

 

I believe we can clean up and let you get back to your regularly scheduled life.

 

Log looks good :D


Time for some housekeeping

  • Click START then RUN
  • Now type ComboFix /Uninstall in the runbox  and click OK.
  • Note the space between the X and the U, it needs to be there.
  • Combofix_uninstall_image.jpg

The above procedure will:
  • Implement some cleanup procedures.
  • Reset System Restore.

 

Now to remove most of the tools that we have used in fixing your machine:

  • Make sure you have an Internet Connection.
  • Download OTC to your desktop and run it
  • A list of tool components used in the cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.


Please re-enable any security that was disabled.

 

If you have any tools or logs left... you can just delete them.

 

The following is my standard advice for the future.  Use what you can and pat yourself on the back for what you're already doing.

Please take time to read Preventing Malware - Tools and Practices for Safe Computing.  Very important information for your consideration is contained therein.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein


Also: "How to prevent malware" 
by miekiemoes

Please respond back that you understand the above and let me know if you have any questions.  Otherwise, this thread will be closed Resolved.  :thumbup:
 


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#27 Wheelbig

Wheelbig

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 01 February 2014 - 07:00 PM

 i did all of the above without any problems.  Thanks for all your help.  I will definitely read everything you suggested and make sure my wife does too. Thanks again!



#28 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,115 posts

Posted 01 February 2014 - 07:35 PM

You are very welcome.

 

Good luck and be Well!  :thumbup:


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#29 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,115 posts

Posted 01 February 2014 - 07:36 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users