ComboFix 14-02-20.01 - Jessica 02/20/2014 18:50:48.1.4 - x64
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3546.1998 [GMT -5:00]
Running from: c:\users\Jessica\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-01-21 to 2014-02-21 )))))))))))))))))))))))))))))))
.
.
2014-02-21 00:01 . 2014-02-21 00:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-19 19:31 . 2014-02-19 19:31 -------- d-----w- c:\windows\ERUNT
2014-02-17 15:39 . 2013-12-04 23:43 583680 ----a-w- c:\windows\system32\msdrm.dll
2014-02-17 15:39 . 2013-12-04 23:37 451072 ----a-w- c:\windows\SysWow64\msdrm.dll
2014-02-17 05:07 . 2013-03-05 17:01 91712 ----a-w- c:\windows\system32\drivers\CLVirtualDrive.sys
2014-02-17 05:07 . 2014-02-17 05:07 -------- d-----w- c:\program files (x86)\Common Files\CyberLink
2014-02-17 05:06 . 2013-11-01 05:53 2232664 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-02-17 05:05 . 2013-11-25 23:17 83968 ----a-w- c:\windows\system32\drivers\hidclass.sys
2014-02-17 05:03 . 2014-02-01 09:18 2648576 ----a-w- c:\windows\system32\iertutil.dll
2014-02-17 05:03 . 2014-02-01 09:18 3960320 ----a-w- c:\windows\system32\jscript9.dll
2014-02-17 05:03 . 2014-02-01 07:57 2877952 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-02-17 05:03 . 2014-02-01 07:57 108032 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll
2014-02-17 05:02 . 2013-11-20 00:15 3842560 ----a-w- c:\windows\system32\d2d1.dll
2014-02-17 05:02 . 2014-01-12 23:30 2238976 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-17 05:02 . 2013-11-19 23:57 3288576 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-02-17 05:02 . 2014-01-12 23:30 2032640 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-02-10 17:43 . 2014-02-10 17:51 -------- d-----w- C:\AdwCleaner
2014-02-10 17:36 . 2014-02-10 17:36 -------- d-----w- c:\program files\CCleaner
2014-02-10 14:03 . 2014-02-10 14:03 -------- d-----w- c:\users\Jessica\AppData\Roaming\Malwarebytes
2014-02-10 14:02 . 2014-02-10 14:02 -------- d-----w- c:\programdata\Malwarebytes
2014-02-10 14:02 . 2014-02-10 14:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-10 14:02 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-10 13:57 . 2014-02-10 13:57 -------- d-----w- c:\programdata\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-01-23 16:53 . 2014-01-23 22:15 -------- d-----w- c:\users\Jessica\AppData\Local\FluxSoftware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-20 21:16 . 2013-09-18 10:51 65536 ----a-w- c:\windows\system32\spu_storage.bin
2014-02-18 14:32 . 2013-12-09 21:51 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-01-30 21:10 . 2012-07-26 08:14 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-30 21:10 . 2012-07-26 08:14 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-13 05:22 . 2014-01-13 05:23 2810072 ----a-w- c:\windows\system32\RtPgEx64.dll
2014-01-13 05:22 . 2014-01-13 05:23 3692632 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2014-01-13 05:22 . 2014-01-13 05:23 617176 ----a-w- c:\windows\system32\RtDataProc64.dll
2014-01-13 05:22 . 2014-01-13 05:23 2587352 ----a-w- c:\windows\system32\RtkAPO64.dll
2014-01-13 05:22 . 2014-01-13 05:23 1021656 ----a-w- c:\windows\system32\RtkApi64.dll
2014-01-13 05:22 . 2014-01-13 05:23 1286360 ----a-w- c:\windows\system32\RTCOM64.dll
2014-01-13 05:22 . 2014-01-13 05:23 37850112 ----a-w- c:\windows\system32\RCoRes64.dat
2014-01-13 05:22 . 2014-01-13 05:23 151256 ----a-w- c:\windows\system32\RCoInstII64.dll
2014-01-13 05:21 . 2014-01-13 05:23 113576 ----a-w- c:\windows\system32\CONEQMSAPOGUILibrary.dll
2014-01-13 05:21 . 2014-01-13 05:23 209096 ----a-w- c:\windows\system32\AERTAC64.dll
2014-01-13 05:21 . 2013-09-18 10:54 2080472 ----a-w- c:\windows\RtlExUpd.dll
2014-01-13 05:12 . 2014-01-13 05:13 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2014-01-13 05:12 . 2014-01-13 05:13 421616 ----a-w- c:\windows\system32\SynTPCo19.dll
2014-01-13 05:12 . 2014-01-13 05:13 169712 ----a-w- c:\windows\SysWow64\SynTPCom.dll
2014-01-13 05:12 . 2014-01-13 05:13 524016 ----a-w- c:\windows\system32\drivers\SynTP.sys
2014-01-13 05:12 . 2014-01-13 05:13 251632 ----a-w- c:\windows\system32\SynTPAPI.dll
2014-01-13 05:12 . 2014-01-13 05:13 722160 ----a-w- c:\windows\system32\SynCOM.dll
2014-01-13 05:12 . 2014-01-13 05:13 400112 ----a-w- c:\windows\SysWow64\SynCom.dll
2013-12-30 07:07 . 2013-09-18 10:53 290008 ----a-w- c:\windows\system32\drivers\RtsP2Stor.sys
2013-12-30 07:07 . 2013-09-18 10:53 9889352 ----a-w- c:\windows\SysWow64\RtsP2StorIcon.dll
2013-12-14 03:17 . 2013-12-14 03:17 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-12-14 03:17 . 2013-12-14 03:17 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-14 03:17 . 2013-12-14 03:17 409832 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-12-14 03:17 . 2013-12-14 03:17 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-14 03:17 . 2013-12-14 03:17 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-14 03:17 . 2013-12-14 03:17 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-12-14 03:17 . 2013-12-14 03:17 334648 ----a-w- c:\windows\system32\aswBoot.exe
2013-12-14 03:17 . 2013-12-14 03:17 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-12-14 03:17 . 2013-12-14 03:17 43152 ----a-w- c:\windows\avastSS.scr
2013-12-07 21:37 . 2013-12-07 21:37 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-07 18:00 . 2013-12-07 18:00 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-12-07 06:37 . 2014-01-15 13:37 688640 ----a-w- c:\windows\system32\WSShared.dll
2013-12-07 06:37 . 2014-01-15 13:37 163840 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-07 05:15 . 2014-01-15 13:37 562688 ----a-w- c:\windows\SysWow64\WSShared.dll
2013-12-07 05:15 . 2014-01-15 13:37 124928 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-07 02:52 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-11-23 06:43 . 2013-12-12 11:32 420864 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-23 05:05 . 2013-12-12 11:32 368640 ----a-w- c:\windows\SysWow64\WMPhoto.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_6C112C83343D2B64
D49383DF78ACF1FC"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-02-01 866632]
"Power2GoExpress8"="c:\program files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe" [2013-08-05 1713416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-17 642656]
"AccelerometerSysTrayApplet"="c:\program files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe" [2013-03-01 77088]
"YouCam Service"="c:\program files (x86)\CyberLink\YouCam\YouCamService.exe" [2013-05-22 267224]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-14 3568312]
"HPMessageService"="c:\program files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe" [2013-10-08 1045304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe
R3 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys
R3 SmbDrvI;SmbDrvI;c:\windows\System32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys
S0 amd_sata;amd_sata;c:\windows\System32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys
S0 amd_xata;amd_xata;c:\windows\System32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys
S0 aswRvrt;avast! Revert;
S0 aswVmm;avast! VM Monitor;
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys
S2 AdaptiveSleepService;AdaptiveSleepService;c:\program files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe;c:\program files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys
S2 DACoreService;Dragon Notes Core;c:\program files (x86)\Nuance\Dragon Notes\Core\DACore.exe;c:\program files (x86)\Nuance\Dragon Notes\Core\DACore.exe
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe
S3 AmdAS4;AmdAS4 service;c:\windows\System32\drivers\AmdAS4.sys;c:\windows\SYSNATIVE\drivers\AmdAS4.sys
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ apphostsvc
iissvcs REG_MULTI_SZ w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 19:13 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2297949839-4153486618-4028779629-1002Core.job
- c:\users\Jessica\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-26 23:23]
.
2014-02-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2297949839-4153486618-4028779629-1002UA.job
- c:\users\Jessica\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-26 23:23]
.
2014-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-07 03:58]
.
2014-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-07 03:58]
.
2014-02-20 c:\windows\Tasks\HPCeeScheduleForJessica.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 09:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-14 03:17 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-01-13 7203032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-01-29 21720]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2014-02-20 19:06:38
ComboFix-quarantined-files.txt 2014-02-21 00:06
.
Pre-Run: 664,627,826,688 bytes free
Post-Run: 664,688,353,280 bytes free
.
- - End Of File - - E121A1DD61ABA788750B3D28C8FFDA41
5FB38429D5D77768867C76DCBDB35194