surfvox browser hijack

d2thel · Jan 7, 2015

Downloaded a file, got hijacked. Tried to follow some instruction found on another forum to remove surfvox, and was able to clear it from web browsers, but not able to clear it entirely from the system.

Some steps that were suggested that I couldn't follow:
- Regedit: opens then immediately closes before I can use it
- Msconfig: wont even open
- Malwarebytes: gives an error when I try to run it, invalid path
- Adw cleaner and hitman pro: both run, but find nothing.

Thanks for any help you can give.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7-3517U CPU @ 1.90GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 4
RAM: 3981 Mb
Graphics Card: Intel(R) HD Graphics 4000, 1798 Mb
Hard Drives: C: Total - 70601 MB, Free - 3535 MB; D: Total - 144194 MB, Free - 25358 MB; E: Total - 953835 MB, Free - 68455 MB;
Motherboard: ASUSTeK COMPUTER INC., UX31A
Antivirus: avast! Antivirus, Updated and Enabled

dvk01 · Jan 8, 2015

this *should* show us what is wrong

Download to Desktop: DDS by sUBs from one of the below locations

http://download.bleepingcomputer.com/sUBs/dds.com
http://download.bleepingcomputer.com/sUBs/dds.exe

double click DDS to run it
Make sure there is a check mark in DDS txt
place a check mark in the attach.txt box and then press start

Do not select any other options unless specifically told to

When complete, DDS.txt will openand attach.txt will be minimized on your taskbar, click on it to open it

Save both reports to your desktop.
DDS.txt
Attach.txt

post the contents of both logs back here.

d2thel · Jan 8, 2015

Thanks for the fast reply. The text of those logs:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/23/2014 1:13:17 AM
System Uptime: 1/7/2015 1:11:32 PM (20 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | UX31A
Processor: Intel(R) Core(TM) i7-3517U CPU @ 1.90GHz | SOCKET 0 | 1896/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 69 GiB total, 4.074 GiB free.
D: is FIXED (NTFS) - 141 GiB total, 24.764 GiB free.
E: is FIXED (NTFS) - 931 GiB total, 63.23 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP200: 1/8/2015 2:29:23 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 16 NPAPI
Adobe Photoshop Lightroom 5.3 64-bit
Apple Application Support
Apple Software Update
ASUS AI Recovery
ASUS FaceLogon
ASUS LifeFrame3
ASUS Power4Gear Hybrid
ASUS PWR Option
ASUS Secure Delete
ASUS Tutor
ASUS USB Charger Plus
ASUS Virtual Touch
ASUS_Scr_ZenbookPrime
ATK Package
AutoHotkey 1.1.12.00
Avast Free Antivirus
AX88772B Windows 7 Drivers
calibre
D3DX10
Definition Update for Microsoft Office 2013 (KB2910926) 64-Bit Edition
ETDWare PS/2-X64 10.5.9.0
Evernote v. 5.8.1
Google Chrome
Google Update Helper
Google+ Auto Backup
GoPro Studio 2.0.1
InstantOn for NB
Intel PROSet Wireless
Intel(R) Dynamic Platform & Thermal Framework
Intel(R) Manageability Engine Firmware Recovery Agent
Intel(R) Management Engine Components
Intel(R) OpenCL CPU Runtime
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
Intel(R) Rapid Start Technology
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel(R) WiDi
Intel(R) Wireless Display
Intel® AT Service signup
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
Junk Mail filter update
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft Application Error Reporting
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Office 32-bit Components 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 32-bit MUI (English) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Word MUI (English) 2013
Mozilla Firefox 33.0.3 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Nuance PDF Reader
Outils de vérification linguistique 2013 de Microsoft Office*- Français
Picasa 3
QuickTime 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Reader Driver
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Excel 2013 (KB2910929) 64-Bit Edition
Security Update for Microsoft Office 2013 (KB2726958) 64-Bit Edition
Security Update for Microsoft Word 2013 (KB2910916) 64-Bit Edition
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition
Skype 7.0
Update for Microsoft Access 2013 (KB2863859) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2881083) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2910927) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760371) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition
Update for Microsoft Office 2013 (KB2837654) 64-Bit Edition
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881001) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881008) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition
Update for Microsoft Office 2013 (KB2883049) 64-Bit Edition
Update for Microsoft Office 2013 (KB2883095) 64-Bit Edition
Update for Microsoft Office 2013 (KB2889858) 64-Bit Edition
Update for Microsoft Office 2013 (KB2889938) 64-Bit Edition
Update for Microsoft Office 2013 (KB2899498) 64-Bit Edition
Update for Microsoft Office 2013 (KB2899501) 64-Bit Edition
Update for Microsoft Office 2013 (KB2899505) 64-Bit Edition
Update for Microsoft Office 2013 (KB2899522) 64-Bit Edition
Update for Microsoft Office 2013 (KB2910922) 64-Bit Edition
Update for Microsoft Office 2013 (KB2910931) 64-Bit Edition
Update for Microsoft Office 2013 (KB2920734) 64-Bit Edition
Update for Microsoft OneDrive for Business (KB2910935) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2899502) 64-Bit Edition
Update for Microsoft Outlook 2013 (KB2899504) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2910907) 64-Bit Edition
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition
VLC media player
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 )
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
WinRAR 5.01 (64-bit)
Wireless Console 3
.
==== Event Viewer Messages From Past Week ========
.
1/7/2015 5:50:30 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
1/7/2015 12:53:53 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll
1/7/2015 12:53:39 PM, Error: Service Control Manager [7034] - The Volume Shadow Copy service terminated unexpectedly. It has done this 1 time(s).
1/7/2015 12:53:39 PM, Error: Service Control Manager [7034] - The KMS Server Service service terminated unexpectedly. It has done this 1 time(s).
1/7/2015 12:53:39 PM, Error: Service Control Manager [7034] - The Intel(R) Rapid Start Technology Service service terminated unexpectedly. It has done this 1 time(s).
1/7/2015 12:53:39 PM, Error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Zero Configuration Service service terminated unexpectedly. It has done this 1 time(s).
1/7/2015 12:53:39 PM, Error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
1/7/2015 12:53:39 PM, Error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
1/7/2015 12:53:39 PM, Error: Service Control Manager [7034] - The Intel(R) ME Service service terminated unexpectedly. It has done this 1 time(s).
1/7/2015 12:53:39 PM, Error: Service Control Manager [7034] - The Intel(R) Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).
1/7/2015 12:53:39 PM, Error: Service Control Manager [7034] - The Intel(R) Dynamic Platform & Thermal Framework Processor Participant Service Application service terminated unexpectedly. It has done this 1 time(s).
1/7/2015 12:53:39 PM, Error: Service Control Manager [7034] - The Intel(R) Dynamic Platform & Thermal Framework Config TDP Service Application service terminated unexpectedly. It has done this 1 time(s).
1/7/2015 12:53:39 PM, Error: Service Control Manager [7034] - The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).
1/7/2015 12:53:39 PM, Error: Service Control Manager [7034] - The Bluetooth OBEX Service service terminated unexpectedly. It has done this 1 time(s).
1/7/2015 12:53:39 PM, Error: Service Control Manager [7034] - The Bluetooth Media Service service terminated unexpectedly. It has done this 1 time(s).
1/7/2015 12:53:39 PM, Error: Service Control Manager [7034] - The Bluetooth Device Monitor service terminated unexpectedly. It has done this 1 time(s).
1/7/2015 12:53:39 PM, Error: Service Control Manager [7034] - The ATKGFNEX Service service terminated unexpectedly. It has done this 1 time(s).
1/7/2015 12:53:39 PM, Error: Service Control Manager [7034] - The ASUS InstantOn Service service terminated unexpectedly. It has done this 1 time(s).
1/7/2015 12:53:39 PM, Error: Service Control Manager [7034] - The ASLDR Service service terminated unexpectedly. It has done this 1 time(s).
1/7/2015 12:53:39 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/7/2015 12:53:39 PM, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/7/2015 12:53:39 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/7/2015 12:53:39 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
1/7/2015 12:53:39 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/7/2015 12:53:39 PM, Error: Service Control Manager [7031] - The Intel® Centrino® Wireless Bluetooth® + High Speed Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/7/2015 12:53:39 PM, Error: Service Control Manager [7031] - The Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
1/7/2015 12:53:39 PM, Error: Service Control Manager [7031] - The Intel(R) Capability Licensing Service Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/7/2015 12:38:20 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/7/2015 12:30:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service Bluetooth Device Monitor with arguments "" in order to run the server: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}
1/7/2015 12:29:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/7/2015 12:29:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/7/2015 12:29:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswRvrt aswSnx aswSP aswVmm ATKWMIACPIIO cdrom DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
1/7/2015 12:29:23 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/7/2015 12:29:23 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/7/2015 12:29:23 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/7/2015 12:29:23 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/7/2015 12:29:23 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/7/2015 12:29:23 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
1/7/2015 12:29:23 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/7/2015 12:29:23 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/7/2015 12:29:23 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/7/2015 12:29:23 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/7/2015 1:11:45 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
1/7/2015 1:10:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/7/2015 1:10:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/7/2015 1:10:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/7/2015 1:10:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/7/2015 1:10:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service Bluetooth Media Service with arguments "" in order to run the server: {9AC233E9-AC75-4DB5-85C4-DAB13A484FEA}
1/7/2015 1:06:31 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
1/7/2015 1:06:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswRvrt aswSnx aswSP aswVmm ATKWMIACPIIO cdrom discache spldr Wanarpv6
.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496
Run by Dave at 9:52:49 on 2015-01-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3982.1192 [GMT -3:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\SysWOW64\DptfParticipantProcessorService.exe
C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\SysWOW64\irstrtsv.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Windows\KMSServerService\KMS Server Service.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\ProgramData\nvxasync\cvxasync.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Dave\AppData\Roaming\nvxasync\nvxasync.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Dave\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Dave\AppData\Roaming\nvxasync\nvxasync.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Elantech\ETDGesture.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Windows\AsScrPro.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uWinlogon: Shell = C:\ProgramData\nvxasync\cvxasync.exe
mWinlogon: Userinit = userinit.exe
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [GoogleChromeAutoLaunch_C62251D359A8F5B5CC8EADB510991ABB] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [uTorrent] "C:\Users\Dave\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [nvxasync] C:\Users\Dave\AppData\Roaming\nvxasync\nvxasync.exe
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
StartupFolder: C:\Users\Dave\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NEWAUT~1.LNK - C:\Users\Dave\Documents\scripts\New AutoHotkey Script.ahk
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
TCP: NameServer = 200.42.4.204 200.49.130.41
TCP: Interfaces\{0B5C48A0-6FDC-4DFE-8E5F-EE9B6AF1851F} : DHCPNameServer = 200.42.4.204 200.49.130.41
TCP: Interfaces\{0B5C48A0-6FDC-4DFE-8E5F-EE9B6AF1851F}\05F63716461613 : DHCPNameServer = 200.51.211.7 200.51.212.7
TCP: Interfaces\{0B5C48A0-6FDC-4DFE-8E5F-EE9B6AF1851F}\74562756E6369616 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0B5C48A0-6FDC-4DFE-8E5F-EE9B6AF1851F}\84F62796A7F6E647560246F6370224F627261637 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{0B5C48A0-6FDC-4DFE-8E5F-EE9B6AF1851F}\84F6374716C6021427165736F60233 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{0B5C48A0-6FDC-4DFE-8E5F-EE9B6AF1851F}\C41602341637F6E61602465602F44696C656 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{0B5C48A0-6FDC-4DFE-8E5F-EE9B6AF1851F}\C4F63702659616A65627F637 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{4B778718-1CC4-432B-A2FA-003F907C4A2A} : DHCPNameServer = 15.0.0.5
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [DptfPolicyLpmServiceHelper] C:\Windows\SysWOW64\DptfPolicyLpmServiceHelper.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\nsh4gmn2.default-1420681634607\
.
============= SERVICES / DRIVERS ===============
.
R0 assd;assd;C:\Windows\System32\drivers\assd.sys [2013-7-15 27056]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-1-22 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-1-22 267632]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-4-30 19224]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-1-22 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-1-22 436624]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-1-9 659968]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-4-13 277120]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-8-4 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-1-22 83280]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-22 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-1-7 50344]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-6-1 1014128]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-6-1 1104240]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-1-17 135952]
R2 DptfParticipantProcessorService;Intel(R) Dynamic Platform & Thermal Framework Processor Participant Service Application;C:\Windows\SysWOW64\DptfParticipantProcessorService.exe [2012-4-30 18944]
R2 DptfPolicyConfigTDPService;Intel(R) Dynamic Platform & Thermal Framework Config TDP Service Application;C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe [2012-4-30 19968]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-7-15 129856]
R2 irstrtsv;Intel(R) Rapid Start Technology Service;C:\Windows\SysWOW64\irstrtsv.exe [2013-7-15 193536]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-7-15 166720]
R2 KMSServerService;KMS Server Service;C:\Windows\KMSServerService\KMS Server Service.exe DefaultPort RandomKMSPID DefaultActivationInterval DefaultRenewalInterval KillProcessOnPort --> C:\Windows\KMSServerService\KMS Server Service.exe DefaultPort RandomKMSPID DefaultActivationInterval DefaultRenewalInterval KillProcessOnPort [?]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-7-15 365376]
R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-1-7 271752]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-3-29 2669840]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2013-7-15 17152]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]
R3 AsusVBus;AsusVBus;C:\Windows\System32\drivers\AsusVBus.sys [2011-12-21 35968]
R3 AsusVTouch;AsusVTouch;C:\Windows\System32\drivers\AsusVTouch.sys [2011-11-7 16512]
R3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-1-7 4012248]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-6-1 1304944]
R3 DptfDevDram;DptfDevDram;C:\Windows\System32\drivers\DptfDevDram.sys [2012-4-30 107288]
R3 DptfDevFan;DptfDevFan;C:\Windows\System32\drivers\DptfDevFan.sys [2012-4-30 42776]
R3 DptfDevGen;DptfDevGen;C:\Windows\System32\drivers\DptfDevGen.sys [2012-4-30 64792]
R3 DptfDevPch;DptfDevPch;C:\Windows\System32\drivers\DptfDevPch.sys [2012-4-30 96024]
R3 DptfDevProc;DptfDevProc;C:\Windows\System32\drivers\DptfDevProc.sys [2012-4-30 220952]
R3 DptfManager;DptfManager;C:\Windows\System32\drivers\DptfManager.sys [2012-4-30 357656]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2012-4-30 200488]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-4-30 331264]
R3 irstrtdv;Intel(R) Rapid Start Technology Driver;C:\Windows\System32\drivers\irstrtdv.sys [2013-7-15 26504]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-4-30 356632]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-4-30 789272]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-1-26 25496]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\rtsuvstor.sys [2013-7-15 311400]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]
S3 AX88772B;ASIX AX88772B USB2.0 to Fast Ethernet Adapter;C:\Windows\System32\drivers\ax88772b.sys [2012-4-5 110592]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2012-2-13 95232]
S3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2012-2-13 747008]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-8-28 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2012-3-21 60928]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-11 114688]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-1-26 34200]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-3-29 273168]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-1-23 19456]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-1-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-1-23 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-1-22 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-01-08 05:21:05 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D859FE3B-DA63-4CB8-91A2-5C8A2F87E89E}\offreg.dll
2015-01-08 02:03:13 -------- d-----w- C:\ProgramData\HitmanPro
2015-01-07 15:49:06 -------- d-----w- C:\AdwCleaner
2015-01-07 15:44:01 -------- d-----w- C:\Windows\SysWow64\vbox
2015-01-07 15:44:01 -------- d-----w- C:\Windows\System32\vbox
2015-01-07 15:15:20 -------- d-sha-r- C:\ProgramData\nvxasync
2015-01-07 15:15:04 -------- d-----w- C:\Users\Dave\AppData\Roaming\chportu
2015-01-07 15:14:35 -------- d-sha-r- C:\Users\Dave\AppData\Roaming\nvxasync
2015-01-07 04:47:43 43152 ----a-w- C:\Windows\avastSS.scr
2015-01-06 19:26:12 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D859FE3B-DA63-4CB8-91A2-5C8A2F87E89E}\mpengine.dll
2014-12-24 18:39:06 -------- d-----w- C:\Users\Dave\Tracing
2014-12-19 01:07:23 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-12-19 01:07:22 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-12-13 23:19:41 -------- d-----w- C:\Program Files (x86)\Fallout
2014-12-13 21:35:57 -------- d-----w- C:\Users\Dave\AppData\Roaming\GetRightToGo
2014-12-11 20:33:50 -------- d-sh--w- C:\Users\Dave\AppData\Local\EmieUserList
2014-12-11 20:33:50 -------- d-sh--w- C:\Users\Dave\AppData\Local\EmieSiteList
2014-12-11 20:33:50 -------- d-sh--w- C:\Users\Dave\AppData\Local\EmieBrowserModeList
2014-12-11 17:25:01 3231832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dcompiler_46.dll
2014-12-10 16:36:28 -------- d-----w- C:\Windows\System32\appraiser
2014-12-10 05:29:21 55808 ----a-w- C:\Windows\System32\rrinstaller.exe
2014-12-10 05:29:21 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
2014-12-10 05:29:21 4121600 ----a-w- C:\Windows\System32\mf.dll
2014-12-10 05:29:21 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2014-12-10 05:29:21 24576 ----a-w- C:\Windows\System32\mfpmp.exe
2014-12-10 05:29:21 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
2014-12-10 05:29:21 206848 ----a-w- C:\Windows\System32\mfps.dll
2014-12-10 05:29:21 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
2014-12-10 05:29:21 2048 ----a-w- C:\Windows\System32\mferror.dll
2014-12-10 05:29:21 103424 ----a-w- C:\Windows\SysWow64\mfps.dll
2014-12-10 05:00:24 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-10 05:00:24 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-10 05:00:24 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-10 05:00:24 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-12-10 05:00:24 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-10 05:00:22 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-10 05:00:22 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-10 05:00:22 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-10 04:05:30 -------- d-----w- C:\Users\Dave\AppData\Local\Adobe
2014-12-10 02:02:22 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-12-10 02:02:22 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-12-10 02:02:14 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-12-10 01:34:51 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-12-10 01:34:51 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-12-10 01:34:46 346624 ----a-w- C:\Windows\System32\WSManMigrationPlugin.dll
2014-12-10 01:34:46 310272 ----a-w- C:\Windows\System32\WsmWmiPl.dll
2014-12-10 01:34:46 266240 ----a-w- C:\Windows\System32\WSManHTTPConfig.exe
2014-12-10 01:34:46 2020352 ----a-w- C:\Windows\System32\WsmSvc.dll
2014-12-10 01:34:46 1177088 ----a-w- C:\Windows\SysWow64\WsmSvc.dll
2014-12-10 01:34:45 248832 ----a-w- C:\Windows\SysWow64\WSManMigrationPlugin.dll
2014-12-10 01:34:45 214016 ----a-w- C:\Windows\SysWow64\WsmWmiPl.dll
2014-12-10 01:34:45 198656 ----a-w- C:\Windows\SysWow64\WSManHTTPConfig.exe
2014-12-10 01:34:45 181248 ----a-w- C:\Windows\System32\WsmAuto.dll
2014-12-10 01:34:45 145920 ----a-w- C:\Windows\SysWow64\WsmAuto.dll
2014-12-10 01:29:17 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-12-10 01:29:17 2048 ----a-w- C:\Windows\System32\tzres.dll
.
==================== Find3M ====================
.
2015-01-07 04:49:26 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2015-01-07 04:47:44 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2015-01-07 04:47:44 83280 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2015-01-07 04:47:44 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2015-01-07 04:47:44 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2015-01-07 04:47:44 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2015-01-07 04:47:44 116728 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-12-11 15:28:08 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-11 15:28:08 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-24 17:04:56 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-18 23:47:50 1691816 ----a-w- C:\Windows\System32\FM20.DLL
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-03 11:43:10 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2014-11-03 11:43:10 1490656 ----a-w- C:\Windows\System32\drivers\WdfCoInstaller01007.dll
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
.
============= FINISH: 9:53:09.19 ===============

dvk01 · Jan 8, 2015

Delete any existing version of ComboFix you might already have sitting on your desktop or in downloads folder

Please read and follow all these instructions very carefully
Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Hereto your Desktop or your downloads folder.

**Note: It is important that it is saved directly to your desktop or downloads folder and run from either the desktop or the downloads folder and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all

Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.

Remember to re enable the protection again after combofix has finished

--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running

Double click on combofix.exe & follow the prompts.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues

*EXTRA NOTES*

If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.

If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal

If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

d2thel · Jan 8, 2015

I ran combofix. I can now open regedit and msconfig. I think that the surfox is gone. Please let me know if there's anything more I should do. Thanks!

ComboFix 15-01-08.01 - Dave 01/08/2015 10:51:50.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3982.2269 [GMT -3:00]
Running from: c:\users\Dave\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Dave\AppData\Roaming\nvxasync\nvxasync.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-12-08 to 2015-01-08 )))))))))))))))))))))))))))))))
.
.
2015-01-08 13:56 . 2015-01-08 13:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-08 05:21 . 2015-01-08 05:21 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D859FE3B-DA63-4CB8-91A2-5C8A2F87E89E}\offreg.dll
2015-01-08 02:03 . 2015-01-08 02:07 -------- d-----w- c:\programdata\HitmanPro
2015-01-07 15:49 . 2015-01-08 02:00 -------- d-----w- C:\AdwCleaner
2015-01-07 15:44 . 2015-01-07 15:44 -------- d-----w- c:\windows\SysWow64\vbox
2015-01-07 15:44 . 2015-01-07 15:44 -------- d-----w- c:\windows\system32\vbox
2015-01-07 15:15 . 2015-01-07 15:15 -------- d-sha-r- c:\programdata\nvxasync
2015-01-07 15:15 . 2015-01-07 15:15 -------- d-----w- c:\users\Dave\AppData\Roaming\chportu
2015-01-07 15:14 . 2015-01-08 13:55 -------- d-sha-r- c:\users\Dave\AppData\Roaming\nvxasync
2015-01-07 04:47 . 2015-01-07 04:47 364512 ----a-w- c:\windows\system32\aswBoot.exe
2015-01-07 04:47 . 2015-01-07 04:47 43152 ----a-w- c:\windows\avastSS.scr
2015-01-06 19:26 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D859FE3B-DA63-4CB8-91A2-5C8A2F87E89E}\mpengine.dll
2014-12-24 18:39 . 2014-12-24 18:39 -------- d-----w- c:\users\Dave\Tracing
2014-12-19 01:07 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-19 01:07 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-13 23:19 . 2014-12-13 23:20 -------- d-----w- c:\program files (x86)\Fallout
2014-12-13 21:35 . 2014-12-13 23:20 -------- d-----w- c:\users\Dave\AppData\Roaming\GetRightToGo
2014-12-11 20:33 . 2014-12-11 20:33 -------- d-sh--w- c:\users\Dave\AppData\Local\EmieUserList
2014-12-11 20:33 . 2014-12-11 20:33 -------- d-sh--w- c:\users\Dave\AppData\Local\EmieSiteList
2014-12-11 20:33 . 2014-12-11 20:33 -------- d-sh--w- c:\users\Dave\AppData\Local\EmieBrowserModeList
2014-12-11 15:28 . 2014-12-11 15:28 -------- d-----w- c:\programdata\McAfee
2014-12-10 16:36 . 2014-12-10 16:36 -------- d-----w- c:\windows\system32\appraiser
2014-12-10 05:29 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll
2014-12-10 05:29 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2014-12-10 05:29 . 2014-07-07 02:06 206848 ----a-w- c:\windows\system32\mfps.dll
2014-12-10 05:29 . 2014-07-07 02:06 55808 ----a-w- c:\windows\system32\rrinstaller.exe
2014-12-10 05:29 . 2014-07-07 02:06 24576 ----a-w- c:\windows\system32\mfpmp.exe
2014-12-10 05:29 . 2014-07-07 02:02 2048 ----a-w- c:\windows\system32\mferror.dll
2014-12-10 05:29 . 2014-07-07 01:40 103424 ----a-w- c:\windows\SysWow64\mfps.dll
2014-12-10 05:29 . 2014-07-07 01:39 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe
2014-12-10 05:29 . 2014-07-07 01:39 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe
2014-12-10 05:29 . 2014-07-07 01:37 2048 ----a-w- c:\windows\SysWow64\mferror.dll
2014-12-10 05:00 . 2014-12-04 02:50 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-10 05:00 . 2014-12-04 02:50 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-10 05:00 . 2014-12-04 02:44 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-10 05:00 . 2014-12-01 23:28 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-12-10 05:00 . 2014-12-04 02:50 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-10 05:00 . 2014-12-04 02:50 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-10 05:00 . 2014-12-04 02:50 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-10 04:05 . 2014-12-11 15:35 -------- d-----w- c:\users\Dave\AppData\Local\Adobe
2014-12-10 02:02 . 2014-11-11 03:09 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-12-10 02:02 . 2014-11-11 02:44 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-12-10 02:02 . 2014-11-11 01:46 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-12-10 01:34 . 2014-10-30 02:03 165888 ----a-w- c:\windows\system32\charmap.exe
2014-12-10 01:34 . 2014-10-30 01:45 155136 ----a-w- c:\windows\SysWow64\charmap.exe
2014-12-10 01:34 . 2014-10-03 02:12 310272 ----a-w- c:\windows\system32\WsmWmiPl.dll
2014-12-10 01:34 . 2014-10-03 02:12 2020352 ----a-w- c:\windows\system32\WsmSvc.dll
2014-12-10 01:34 . 2014-10-03 02:12 346624 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2014-12-10 01:34 . 2014-10-03 02:11 266240 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2014-12-10 01:34 . 2014-10-03 01:45 1177088 ----a-w- c:\windows\SysWow64\WsmSvc.dll
2014-12-10 01:34 . 2014-10-03 02:12 181248 ----a-w- c:\windows\system32\WsmAuto.dll
2014-12-10 01:34 . 2014-10-03 01:45 248832 ----a-w- c:\windows\SysWow64\WSManMigrationPlugin.dll
2014-12-10 01:34 . 2014-10-03 01:45 214016 ----a-w- c:\windows\SysWow64\WsmWmiPl.dll
2014-12-10 01:34 . 2014-10-03 01:45 145920 ----a-w- c:\windows\SysWow64\WsmAuto.dll
2014-12-10 01:34 . 2014-10-03 01:44 198656 ----a-w- c:\windows\SysWow64\WSManHTTPConfig.exe
2014-12-10 01:29 . 2014-11-08 03:16 2048 ----a-w- c:\windows\system32\tzres.dll
2014-12-10 01:29 . 2014-11-08 02:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-07 04:49 . 2014-01-22 23:29 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2015-01-07 04:47 . 2014-08-04 22:30 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-01-07 04:47 . 2014-01-22 23:29 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-01-07 04:47 . 2014-01-22 23:29 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-01-07 04:47 . 2014-01-22 23:29 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-01-07 04:47 . 2014-01-22 23:29 436624 ----a-w- c:\windows\system32\drivers\aswsp.sys
2015-01-07 04:47 . 2014-01-22 23:29 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-01-07 04:47 . 2014-01-22 23:29 116728 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-12-11 15:28 . 2014-01-27 01:26 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-11 15:28 . 2014-01-27 01:26 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-11 03:44 . 2014-01-22 23:43 112710672 ----a-w- c:\windows\system32\MRT.exe
2014-11-24 17:04 . 2014-01-22 23:02 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-11-18 23:47 . 2014-11-18 23:47 1691816 ----a-w- c:\windows\system32\FM20.DLL
2014-11-11 03:08 . 2014-11-19 16:03 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 16:03 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-11-19 16:03 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 16:03 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-03 11:43 . 2014-11-03 11:43 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2014-11-03 11:43 . 2014-11-03 11:43 1490656 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2014-10-25 01:57 . 2014-11-11 21:07 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-11 21:07 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-11 20:50 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-11 20:50 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16 . 2014-11-12 02:39 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-12 02:39 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-12 01:40 3241984 ----a-w- c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-12 02:39 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-12 02:39 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-12 02:39 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-12 02:39 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-12 01:40 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-12 02:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-12 02:39 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-12 02:39 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 20:19 1729744 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 20:19 1729744 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 20:19 1729744 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"GoogleChromeAutoLaunch_C62251D359A8F5B5CC8EADB510991ABB"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-12-06 856904]
"uTorrent"="c:\users\Dave\AppData\Roaming\uTorrent\uTorrent.exe" [2014-11-21 1385808]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30877280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-08-28 2984688]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2013-07-16 3058304]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-07 5226600]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-06-25 322208]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2012-06-19 174752]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
.
c:\users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
New AutoHotkey Script - Shortcut.lnk - c:\users\Dave\Documents\scripts\New AutoHotkey Script.ahk [2014-1-28 374]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMSServerService;KMS Server Service;c:\windows\KMSServerService\KMS Server Service.exe DefaultPort RandomKMSPID DefaultActivationInterval DefaultRenewalInterval KillProcessOnPort;c:\windows\KMSServerService\KMS Server Service.exe DefaultPort RandomKMSPID DefaultActivationInterval DefaultRenewalInterval KillProcessOnPort [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 AX88772B;ASIX AX88772B USB2.0 to Fast Ethernet Adapter;c:\windows\system32\DRIVERS\ax88772b.sys;c:\windows\SYSNATIVE\DRIVERS\ax88772b.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 assd;assd; [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 DptfParticipantProcessorService;Intel(R) Dynamic Platform & Thermal Framework Processor Participant Service Application;c:\windows\SysWOW64\DptfParticipantProcessorService.exe;c:\windows\SysWOW64\DptfParticipantProcessorService.exe [x]
S2 DptfPolicyConfigTDPService;Intel(R) Dynamic Platform & Thermal Framework Config TDP Service Application;c:\windows\SysWOW64\DptfPolicyConfigTDPService.exe;c:\windows\SysWOW64\DptfPolicyConfigTDPService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 irstrtsv;Intel(R) Rapid Start Technology Service;c:\windows\SysWOW64\irstrtsv.exe;c:\windows\SysWOW64\irstrtsv.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 AsusVBus;AsusVBus;c:\windows\system32\DRIVERS\AsusVBus.sys;c:\windows\SYSNATIVE\DRIVERS\AsusVBus.sys [x]
S3 AsusVTouch;AsusVTouch;c:\windows\system32\DRIVERS\AsusVTouch.sys;c:\windows\SYSNATIVE\DRIVERS\AsusVTouch.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 DptfDevDram;DptfDevDram;c:\windows\system32\DRIVERS\DptfDevDram.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevDram.sys [x]
S3 DptfDevFan;DptfDevFan;c:\windows\system32\DRIVERS\DptfDevFan.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevFan.sys [x]
S3 DptfDevGen;DptfDevGen;c:\windows\system32\DRIVERS\DptfDevGen.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevGen.sys [x]
S3 DptfDevPch;DptfDevPch;c:\windows\system32\DRIVERS\DptfDevPch.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevPch.sys [x]
S3 DptfDevProc;DptfDevProc;c:\windows\system32\DRIVERS\DptfDevProc.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevProc.sys [x]
S3 DptfManager;DptfManager;c:\windows\system32\DRIVERS\DptfManager.sys;c:\windows\SYSNATIVE\DRIVERS\DptfManager.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 irstrtdv;Intel(R) Rapid Start Technology Driver;c:\windows\system32\DRIVERS\irstrtdv.sys;c:\windows\SYSNATIVE\DRIVERS\irstrtdv.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-11 20:38 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-27 15:28]
.
2015-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22 22:52]
.
2015-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22 22:52]
.
2015-01-07 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2015-01-08 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 20:17 2334928 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 20:17 2334928 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 20:17 2334928 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-01-07 04:47 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-02 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-02 398616]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-06-01 11406640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-02 439064]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 200.42.4.204 200.49.130.41
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\nsh4gmn2.default-1420681634607\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-nvxasync - c:\users\Dave\AppData\Roaming\nvxasync\nvxasync.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-DptfPolicyLpmServiceHelper - c:\windows\SysWOW64\DptfPolicyLpmServiceHelper.exe
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-01-08 10:58:11
ComboFix-quarantined-files.txt 2015-01-08 13:58
.
Pre-Run: 6,900,715,520 bytes free
Post-Run: 6,909,231,104 bytes free
.
- - End Of File - - 76AAA49A93EB4B4DFAC84C1661D7E544

dvk01 · Jan 8, 2015

A little bit still to do & a couple of folders that I want to double check the contents. I think they are part of Avast, but they are just suspicious enough from the date & time created to warrant looking at

Download the attached CFScript.txt and save it to your desktop or the same folder that you downloaded combofix to originally ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)

Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished

Close any open browsers
Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply .

Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum

d2thel · Jan 8, 2015

Here's the latest:

ComboFix 15-01-08.01 - Dave 01/08/2015 12:11:41.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3982.2344 [GMT -3:00]
Running from: c:\users\Dave\Downloads\ComboFix.exe
Command switches used :: c:\users\Dave\Downloads\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-12-08 to 2015-01-08 )))))))))))))))))))))))))))))))
.
.
2015-01-08 15:15 . 2015-01-08 15:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-08 02:03 . 2015-01-08 02:07 -------- d-----w- c:\programdata\HitmanPro
2015-01-07 15:49 . 2015-01-08 02:00 -------- d-----w- C:\AdwCleaner
2015-01-07 15:44 . 2015-01-07 15:44 -------- d-----w- c:\windows\SysWow64\vbox
2015-01-07 15:44 . 2015-01-07 15:44 -------- d-----w- c:\windows\system32\vbox
2015-01-07 04:47 . 2015-01-07 04:47 364512 ----a-w- c:\windows\system32\aswBoot.exe
2015-01-07 04:47 . 2015-01-07 04:47 43152 ----a-w- c:\windows\avastSS.scr
2015-01-06 19:26 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D859FE3B-DA63-4CB8-91A2-5C8A2F87E89E}\mpengine.dll
2014-12-24 18:39 . 2014-12-24 18:39 -------- d-----w- c:\users\Dave\Tracing
2014-12-19 01:07 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-19 01:07 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-13 23:19 . 2014-12-13 23:20 -------- d-----w- c:\program files (x86)\Fallout
2014-12-13 21:35 . 2014-12-13 23:20 -------- d-----w- c:\users\Dave\AppData\Roaming\GetRightToGo
2014-12-11 20:33 . 2014-12-11 20:33 -------- d-sh--w- c:\users\Dave\AppData\Local\EmieUserList
2014-12-11 20:33 . 2014-12-11 20:33 -------- d-sh--w- c:\users\Dave\AppData\Local\EmieSiteList
2014-12-11 20:33 . 2014-12-11 20:33 -------- d-sh--w- c:\users\Dave\AppData\Local\EmieBrowserModeList
2014-12-11 15:28 . 2014-12-11 15:28 -------- d-----w- c:\programdata\McAfee
2014-12-10 16:36 . 2014-12-10 16:36 -------- d-----w- c:\windows\system32\appraiser
2014-12-10 05:29 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll
2014-12-10 05:29 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2014-12-10 05:29 . 2014-07-07 02:06 206848 ----a-w- c:\windows\system32\mfps.dll
2014-12-10 05:29 . 2014-07-07 02:06 55808 ----a-w- c:\windows\system32\rrinstaller.exe
2014-12-10 05:29 . 2014-07-07 02:06 24576 ----a-w- c:\windows\system32\mfpmp.exe
2014-12-10 05:29 . 2014-07-07 02:02 2048 ----a-w- c:\windows\system32\mferror.dll
2014-12-10 05:29 . 2014-07-07 01:40 103424 ----a-w- c:\windows\SysWow64\mfps.dll
2014-12-10 05:29 . 2014-07-07 01:39 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe
2014-12-10 05:29 . 2014-07-07 01:39 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe
2014-12-10 05:29 . 2014-07-07 01:37 2048 ----a-w- c:\windows\SysWow64\mferror.dll
2014-12-10 05:00 . 2014-12-04 02:50 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-10 05:00 . 2014-12-04 02:50 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-10 05:00 . 2014-12-04 02:44 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-10 05:00 . 2014-12-01 23:28 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-12-10 05:00 . 2014-12-04 02:50 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-10 05:00 . 2014-12-04 02:50 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-10 05:00 . 2014-12-04 02:50 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-10 04:05 . 2014-12-11 15:35 -------- d-----w- c:\users\Dave\AppData\Local\Adobe
2014-12-10 02:02 . 2014-11-11 03:09 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-12-10 02:02 . 2014-11-11 02:44 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-12-10 02:02 . 2014-11-11 01:46 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-12-10 01:34 . 2014-10-30 02:03 165888 ----a-w- c:\windows\system32\charmap.exe
2014-12-10 01:34 . 2014-10-30 01:45 155136 ----a-w- c:\windows\SysWow64\charmap.exe
2014-12-10 01:34 . 2014-10-03 02:12 310272 ----a-w- c:\windows\system32\WsmWmiPl.dll
2014-12-10 01:34 . 2014-10-03 02:12 2020352 ----a-w- c:\windows\system32\WsmSvc.dll
2014-12-10 01:34 . 2014-10-03 02:12 346624 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2014-12-10 01:34 . 2014-10-03 02:11 266240 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2014-12-10 01:34 . 2014-10-03 01:45 1177088 ----a-w- c:\windows\SysWow64\WsmSvc.dll
2014-12-10 01:34 . 2014-10-03 02:12 181248 ----a-w- c:\windows\system32\WsmAuto.dll
2014-12-10 01:34 . 2014-10-03 01:45 248832 ----a-w- c:\windows\SysWow64\WSManMigrationPlugin.dll
2014-12-10 01:34 . 2014-10-03 01:45 214016 ----a-w- c:\windows\SysWow64\WsmWmiPl.dll
2014-12-10 01:34 . 2014-10-03 01:45 145920 ----a-w- c:\windows\SysWow64\WsmAuto.dll
2014-12-10 01:34 . 2014-10-03 01:44 198656 ----a-w- c:\windows\SysWow64\WSManHTTPConfig.exe
2014-12-10 01:29 . 2014-11-08 03:16 2048 ----a-w- c:\windows\system32\tzres.dll
2014-12-10 01:29 . 2014-11-08 02:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-07 04:49 . 2014-01-22 23:29 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2015-01-07 04:47 . 2014-08-04 22:30 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-01-07 04:47 . 2014-01-22 23:29 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-01-07 04:47 . 2014-01-22 23:29 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-01-07 04:47 . 2014-01-22 23:29 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-01-07 04:47 . 2014-01-22 23:29 436624 ----a-w- c:\windows\system32\drivers\aswsp.sys
2015-01-07 04:47 . 2014-01-22 23:29 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-01-07 04:47 . 2014-01-22 23:29 116728 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-12-11 15:28 . 2014-01-27 01:26 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-11 15:28 . 2014-01-27 01:26 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-11 03:44 . 2014-01-22 23:43 112710672 ----a-w- c:\windows\system32\MRT.exe
2014-11-24 17:04 . 2014-01-22 23:02 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-11-18 23:47 . 2014-11-18 23:47 1691816 ----a-w- c:\windows\system32\FM20.DLL
2014-11-11 03:08 . 2014-11-19 16:03 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 16:03 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-11-19 16:03 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 16:03 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-03 11:43 . 2014-11-03 11:43 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2014-11-03 11:43 . 2014-11-03 11:43 1490656 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2014-10-25 01:57 . 2014-11-11 21:07 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-11 21:07 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-11 20:50 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-11 20:50 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16 . 2014-11-12 02:39 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-12 02:39 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-12 01:40 3241984 ----a-w- c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-12 02:39 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-12 02:39 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-12 02:39 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-12 02:39 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-12 01:40 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-12 02:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-12 02:39 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-12 02:39 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\vbox ----
.
1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- c:\windows\system32\vbox\E1G6032E.sys
1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- c:\windows\system32\vbox\VBoxD3D9wddm.dll
1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- c:\windows\system32\vbox\VBoxDisp.dll
1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- c:\windows\system32\vbox\VBoxDispD3D.dll
1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- c:\windows\system32\vbox\VBoxGuest.sys
1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- c:\windows\system32\vbox\VBoxMouse.sys
1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- c:\windows\system32\vbox\VBoxOGL.dll
1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- c:\windows\system32\vbox\VBoxOGLarrayspu.dll
1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- c:\windows\system32\vbox\VBoxOGLcrutil.dll
1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- c:\windows\system32\vbox\VBoxOGLerrorspu.dll
1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- c:\windows\system32\vbox\VBoxOGLfeedbackspu.dll
1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- c:\windows\system32\vbox\VBoxOGLpackspu.dll
1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- c:\windows\system32\vbox\VBoxOGLpassthroughspu.dll
1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- c:\windows\system32\vbox\VBoxVideo.sys
1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- c:\windows\system32\vbox\VBoxVideoW8.sys
1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- c:\windows\system32\vbox\VBoxVideoWddm.sys
1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- c:\windows\system32\vbox\wined3dwddm.dll
.
---- Directory of c:\windows\SysWow64\vbox ----
.
2015-01-07 15:44 . 2015-01-07 04:47 87912 ----a-w- c:\windows\SysWow64\vbox\VBoxOGLpassthroughspu-x86.dll
2015-01-07 15:44 . 2015-01-07 04:47 1501608 ----a-w- c:\windows\SysWow64\vbox\VBoxOGLpackspu-x86.dll
2015-01-07 15:44 . 2015-01-07 04:47 859936 ----a-w- c:\windows\SysWow64\vbox\VBoxOGLfeedbackspu-x86.dll
2015-01-07 15:44 . 2015-01-07 04:47 128136 ----a-w- c:\windows\SysWow64\vbox\VBoxOGLerrorspu-x86.dll
2015-01-07 15:44 . 2015-01-07 04:47 1321352 ----a-w- c:\windows\SysWow64\vbox\VBoxOGLcrutil-x86.dll
2015-01-07 15:44 . 2015-01-07 04:47 561224 ----a-w- c:\windows\SysWow64\vbox\VBoxOGLarrayspu-x86.dll
2015-01-07 15:44 . 2015-01-07 04:47 1413040 ----a-w- c:\windows\SysWow64\vbox\VBoxOGL-x86.dll
2015-01-07 15:44 . 2015-01-07 04:47 872808 ----a-w- c:\windows\SysWow64\vbox\wined3dwddm-x86.dll
2015-01-07 15:44 . 2015-01-07 04:47 1163768 ----a-w- c:\windows\SysWow64\vbox\VBoxDispD3D-x86.dll
2015-01-07 15:44 . 2015-01-07 04:47 251712 ----a-w- c:\windows\SysWow64\vbox\VBoxD3D9wddm-x86.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 20:19 1729744 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 20:19 1729744 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 20:19 1729744 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"GoogleChromeAutoLaunch_C62251D359A8F5B5CC8EADB510991ABB"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-12-06 856904]
"uTorrent"="c:\users\Dave\AppData\Roaming\uTorrent\uTorrent.exe" [2014-11-21 1385808]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30877280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-08-28 2984688]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2013-07-16 3058304]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-07 5226600]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-06-25 322208]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2012-06-19 174752]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
.
c:\users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
New AutoHotkey Script - Shortcut.lnk - c:\users\Dave\Documents\scripts\New AutoHotkey Script.ahk [2014-1-28 374]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMSServerService;KMS Server Service;c:\windows\KMSServerService\KMS Server Service.exe DefaultPort RandomKMSPID DefaultActivationInterval DefaultRenewalInterval KillProcessOnPort;c:\windows\KMSServerService\KMS Server Service.exe DefaultPort RandomKMSPID DefaultActivationInterval DefaultRenewalInterval KillProcessOnPort [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
R3 AX88772B;ASIX AX88772B USB2.0 to Fast Ethernet Adapter;c:\windows\system32\DRIVERS\ax88772b.sys;c:\windows\SYSNATIVE\DRIVERS\ax88772b.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 assd;assd; [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 DptfParticipantProcessorService;Intel(R) Dynamic Platform & Thermal Framework Processor Participant Service Application;c:\windows\SysWOW64\DptfParticipantProcessorService.exe;c:\windows\SysWOW64\DptfParticipantProcessorService.exe [x]
S2 DptfPolicyConfigTDPService;Intel(R) Dynamic Platform & Thermal Framework Config TDP Service Application;c:\windows\SysWOW64\DptfPolicyConfigTDPService.exe;c:\windows\SysWOW64\DptfPolicyConfigTDPService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 irstrtsv;Intel(R) Rapid Start Technology Service;c:\windows\SysWOW64\irstrtsv.exe;c:\windows\SysWOW64\irstrtsv.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 AsusVBus;AsusVBus;c:\windows\system32\DRIVERS\AsusVBus.sys;c:\windows\SYSNATIVE\DRIVERS\AsusVBus.sys [x]
S3 AsusVTouch;AsusVTouch;c:\windows\system32\DRIVERS\AsusVTouch.sys;c:\windows\SYSNATIVE\DRIVERS\AsusVTouch.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 DptfDevDram;DptfDevDram;c:\windows\system32\DRIVERS\DptfDevDram.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevDram.sys [x]
S3 DptfDevFan;DptfDevFan;c:\windows\system32\DRIVERS\DptfDevFan.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevFan.sys [x]
S3 DptfDevGen;DptfDevGen;c:\windows\system32\DRIVERS\DptfDevGen.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevGen.sys [x]
S3 DptfDevPch;DptfDevPch;c:\windows\system32\DRIVERS\DptfDevPch.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevPch.sys [x]
S3 DptfDevProc;DptfDevProc;c:\windows\system32\DRIVERS\DptfDevProc.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevProc.sys [x]
S3 DptfManager;DptfManager;c:\windows\system32\DRIVERS\DptfManager.sys;c:\windows\SYSNATIVE\DRIVERS\DptfManager.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 irstrtdv;Intel(R) Rapid Start Technology Driver;c:\windows\system32\DRIVERS\irstrtdv.sys;c:\windows\SYSNATIVE\DRIVERS\irstrtdv.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-11 20:38 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-27 15:28]
.
2015-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22 22:52]
.
2015-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22 22:52]
.
2015-01-08 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2015-01-08 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 20:17 2334928 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 20:17 2334928 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 20:17 2334928 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-01-07 04:47 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-02 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-02 398616]
"DptfPolicyLpmServiceHelper"="c:\windows\SysWOW64\DptfPolicyLpmServiceHelper.exe" [BU]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-06-01 11406640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-02 439064]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 200.42.4.204 200.49.130.41
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\nsh4gmn2.default-1420681634607\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-01-08 12:16:47
ComboFix-quarantined-files.txt 2015-01-08 15:16
ComboFix2.txt 2015-01-08 15:04
ComboFix3.txt 2015-01-08 13:58
.
Pre-Run: 6,554,292,224 bytes free
Post-Run: 6,255,206,400 bytes free
.
- - End Of File - - F9810A248803050F3E45D927EAC81611

dvk01 · Jan 8, 2015

That looks fine now
*Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
* Click START then RUN
* Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.

This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

go here http://myonlinesecurity.co.uk/how-to-protect-yourself-and-tighten-security/ for info on how to tighten your security settings and how to help prevent future attacks.

and scan here http://secunia.com/vulnerability_scanning/personal for out of date & vulnerable common applications on your computer and update whatever it suggests.

Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us

d2thel · Jan 8, 2015

Great, thanks!

Log in or Sign up

surfvox browser hijack

d2thel Thread Starter

dvk01 Moderator Malware Specialist

d2thel Thread Starter

dvk01 Moderator Malware Specialist

d2thel Thread Starter

dvk01 Moderator Malware Specialist

Attached Files:

CFScript.txt

d2thel Thread Starter

dvk01 Moderator Malware Specialist

d2thel Thread Starter

Sponsor

Welcome to Tech Support Guy!

New Laptop plagued by browser hijacker....help!

Solved Browser changed

Log in or Sign up

surfvox browser hijack

d2thel Thread Starter

dvk01 Moderator Malware Specialist

d2thel Thread Starter

dvk01 Moderator Malware Specialist

d2thel Thread Starter

dvk01 Moderator Malware Specialist

Attached Files:

CFScript.txt

d2thel Thread Starter

dvk01 Moderator Malware Specialist

d2thel Thread Starter

Sponsor

Welcome to Tech Support Guy!

New Laptop plagued by browser hijacker....help!

Solved Browser changed

Useful Searches