I'll just post it here. The whole file because i can't find where the xxxx you said is. ComboFix 15-04-28.01 - FAELNAR 04/29/2015 17:06:11.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3271.1940 [GMT 8:00]
Running from: d:\downloads\Programs\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
C:\Documents and Settings.lnk
C:\Music.lnk
c:\program files\SAlePliuis
c:\program files\SAlePliuis\Aplikasi.lnk
c:\program files\SAlePliuis\autorun.inf
c:\program files\SAlePliuis\dekstop.ini
c:\program files\SAlePliuis\Microsoft.lnk
c:\program files\SAlePliuis\Music.lnk
c:\program files\SAlePliuis\QcfEzDFU23gQHP.dat
c:\program files\SAlePliuis\QcfEzDFU23gQHP.dll
c:\program files\SAlePliuis\QcfEzDFU23gQHP.exe
c:\program files\SAlePliuis\QcfEzDFU23gQHP.tlb
c:\program files\YoutubeAdblocker
c:\program files\YoutubeAdblocker\Aplikasi.lnk
c:\program files\youtubeadblocker\autorun.inf
c:\program files\youtubeadblocker\dekstop.ini
c:\program files\youtubeadblocker\f67OhFxKuM2CDI.dat
c:\program files\youtubeadblocker\f67OhFxKuM2CDI.dll
c:\program files\YoutubeAdblocker\f67OhFxKuM2CDI.exe
c:\program files\YoutubeAdblocker\f67OhFxKuM2CDI.tlb
c:\program files\YoutubeAdblocker\Microsoft.lnk
c:\program files\youtubeadblocker\Music.lnk
c:\programdata\4733094514238228814
c:\programdata\4733094514238228814.lnk
c:\programdata\4733094514238228814\Aplikasi.lnk
c:\programdata\4733094514238228814\autorun.inf
c:\programdata\4733094514238228814\bd6413ec2b541df2f2aee561f47c63c2.ini
c:\programdata\4733094514238228814\cd5b15e575e1c3d0f2aee561f47c63c2.ini
c:\programdata\4733094514238228814\dekstop.ini
c:\programdata\4733094514238228814\eb08bbec1c735443f2aee561f47c63c2.ini
c:\programdata\4733094514238228814\Microsoft.lnk
c:\programdata\4733094514238228814\Music.lnk
c:\programdata\Microsoft\Windows\Templates\Aplikasi.lnk
c:\programdata\Microsoft\Windows\Templates\Microsoft.lnk
c:\programdata\Microsoft\Windows\Templates\Music.lnk
c:\users\Default\Cookies.lnk
c:\users\FAELNAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdjbledkahnanmoekcemgbbpeihcgmbp
c:\users\FAELNAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdjbledkahnanmoekcemgbbpeihcgmbp\118\background.html
c:\users\FAELNAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdjbledkahnanmoekcemgbbpeihcgmbp\118\content.js
c:\users\FAELNAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdjbledkahnanmoekcemgbbpeihcgmbp\118\JRQe.js
c:\users\FAELNAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdjbledkahnanmoekcemgbbpeihcgmbp\118\lsdb.js
c:\users\FAELNAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdjbledkahnanmoekcemgbbpeihcgmbp\118\manifest.json
c:\users\FAELNAR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_efelaagnocdhjhlkmidonknipjfmgcek_0.localstorage-journal
c:\users\FAELNAR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_efelaagnocdhjhlkmidonknipjfmgcek_0.localstorage
c:\users\FAELNAR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hbojjbgonnhfgnegbgpnakmjmfijfamm_0.localstorage-journal
c:\users\FAELNAR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hbojjbgonnhfgnegbgpnakmjmfijfamm_0.localstorage
c:\users\FAELNAR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jdjbledkahnanmoekcemgbbpeihcgmbp_0.localstorage-journal
c:\users\FAELNAR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jdjbledkahnanmoekcemgbbpeihcgmbp_0.localstorage
c:\users\FAELNAR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lejfooemngidahkppcdmkbkdpbcmfppd_0.localstorage-journal
c:\users\FAELNAR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lejfooemngidahkppcdmkbkdpbcmfppd_0.localstorage
c:\users\FAELNAR\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\_ctypes.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\_elementtree.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\_hashlib.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\_multiprocessing.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\_socket.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\_ssl.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\_yappi.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\hashobjs_ext.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\pyexpat.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\pysqlite2._sqlite.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\python27.dll
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\pythoncom27.dll
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\PyWinTypes27.dll
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\select.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\unicodedata.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\win32api.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\win32com.shell.shell.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\win32crypt.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\win32event.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\win32file.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\win32gui.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\win32inet.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\win32pdh.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\win32pipe.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\win32process.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\win32profile.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\win32security.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\win32ts.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\windows._lib_cacheinvalidation.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\wx._animate.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\wx._controls_.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\wx._core_.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\wx._gdi_.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\wx._html2.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\wx._misc_.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\wx._windows_.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\wx._wizard.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\wxbase294u_net_vc90.dll
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\wxbase294u_vc90.dll
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\wxmsw294u_adv_vc90.dll
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\wxmsw294u_core_vc90.dll
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\wxmsw294u_html_vc90.dll
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\wxmsw294u_webview_vc90.dll
c:\users\FAELNAR\AppData\Local\Temp\1000\temp\liNDa ronstadt and james ingram - somewhere out there.exe
c:\users\FAELNAR\AppData\Local\Temp\Rpcqt.dll
c:\users\FAELNAR\AppData\Roaming\Mozilla\Firefox\Profiles\zxkqwvfy.default-1423252210021\extensions\[email protected]
c:\users\FAELNAR\AppData\Roaming\Mozilla\Firefox\Profiles\zxkqwvfy.default-1423252210021\extensions\[email protected]\bootstrap.js
c:\users\FAELNAR\AppData\Roaming\Mozilla\Firefox\Profiles\zxkqwvfy.default-1423252210021\extensions\[email protected]\chrome.manifest
c:\users\FAELNAR\AppData\Roaming\Mozilla\Firefox\Profiles\zxkqwvfy.default-1423252210021\extensions\[email protected]\content\bg.js
c:\users\FAELNAR\AppData\Roaming\Mozilla\Firefox\Profiles\zxkqwvfy.default-1423252210021\extensions\[email protected]\install.rdf
c:\users\FAELNAR\AppData\Roaming\Mozilla\Firefox\Profiles\zxkqwvfy.default-1423252210021\extensions\[email protected]
c:\users\FAELNAR\AppData\Roaming\Mozilla\Firefox\Profiles\zxkqwvfy.default-1423252210021\extensions\[email protected]\bootstrap.js
c:\users\FAELNAR\AppData\Roaming\Mozilla\Firefox\Profiles\zxkqwvfy.default-1423252210021\extensions\[email protected]\chrome.manifest
c:\users\FAELNAR\AppData\Roaming\Mozilla\Firefox\Profiles\zxkqwvfy.default-1423252210021\extensions\[email protected]\content\bg.js
c:\users\FAELNAR\AppData\Roaming\Mozilla\Firefox\Profiles\zxkqwvfy.default-1423252210021\extensions\[email protected]\install.rdf
c:\users\FAELNAR\AppData\Roaming\Mozilla\Firefox\Profiles\zxkqwvfy.default-1423252210021\extensions\[email protected]
c:\users\FAELNAR\AppData\Roaming\Mozilla\Firefox\Profiles\zxkqwvfy.default-1423252210021\extensions\[email protected]\bootstrap.js
c:\users\FAELNAR\AppData\Roaming\Mozilla\Firefox\Profiles\zxkqwvfy.default-1423252210021\extensions\[email protected]\chrome.manifest
c:\users\FAELNAR\AppData\Roaming\Mozilla\Firefox\Profiles\zxkqwvfy.default-1423252210021\extensions\[email protected]\content\bg.js
c:\users\FAELNAR\AppData\Roaming\Mozilla\Firefox\Profiles\zxkqwvfy.default-1423252210021\extensions\[email protected]\install.rdf
c:\users\FAELNAR\Cookies.lnk
c:\windows\SSCE5432.DLL
c:\windows\system32\auto.exe
c:\windows\system32\Serv60d.dll
c:\windows\Tasks\autorun.inf
D:\autorun.inf
D:\Documents.lnk
D:\Music.lnk
.
.
((((((((((((((((((((((((( Files Created from 2015-03-28 to 2015-04-29 )))))))))))))))))))))))))))))))
.
.
2015-04-29 08:55 . 2015-04-29 08:55 7247 ----a-w- c:\windows\system32\radDF328.tmp
2015-04-29 03:24 . 2015-04-29 03:24 7247 ----a-w- c:\windows\system32\radFA28C.tmp
2015-04-29 00:01 . 2015-04-29 00:01 7247 ----a-w- c:\windows\system32\rad30D82.tmp
2015-04-28 23:58 . 2015-04-28 23:58 7247 ----a-w- c:\windows\system32\rad17F34.tmp
2015-04-28 21:28 . 2015-04-28 21:28 7247 ----a-w- c:\windows\system32\rad3AC38.tmp
2015-04-28 09:08 . 2015-04-28 09:08 7247 ----a-w- c:\windows\system32\rad4402B.tmp
2015-04-28 03:47 . 2015-04-28 03:47 7247 ----a-w- c:\windows\system32\rad1E6B9.tmp
2015-04-28 03:44 . 2015-04-28 21:30 -------- d-----w- c:\programdata\ce1964c3000045f4
2015-04-28 02:45 . 2015-04-28 02:45 7247 ----a-w- c:\windows\system32\rad77676.tmp
2015-04-28 00:45 . 2015-04-28 00:45 7247 ----a-w- c:\windows\system32\rad9E73A.tmp
2015-04-28 00:41 . 2015-04-28 00:41 7247 ----a-w- c:\windows\system32\rad1A513.tmp
2015-04-28 00:40 . 2015-04-28 00:40 7247 ----a-w- c:\windows\system32\radC95AE.tmp
2015-04-28 00:37 . 2015-04-28 00:37 7247 ----a-w- c:\windows\system32\radE116D.tmp
2015-04-28 00:30 . 2015-04-28 00:30 7247 ----a-w- c:\windows\system32\rad28CAA.tmp
2015-04-28 00:16 . 2015-04-28 00:16 7247 ----a-w- c:\windows\system32\radD2269.tmp
2015-04-27 23:14 . 2015-04-04 06:39 9201616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{90EF4447-F997-4FA7-8B7F-D9ABFD17C00E}\mpengine.dll
2015-04-27 20:02 . 2015-04-27 20:02 7247 ----a-w- c:\windows\system32\rad0504D.tmp
2015-04-27 13:24 . 2015-04-27 13:24 7247 ----a-w- c:\windows\system32\rad851CC.tmp
2015-04-27 08:53 . 2015-04-27 08:53 7247 ----a-w- c:\windows\system32\radA9036.tmp
2015-04-27 07:25 . 2015-04-28 21:30 -------- d-----w- c:\programdata\Mini - Adblocker
2015-04-27 06:25 . 2015-04-27 06:25 7247 ----a-w- c:\windows\system32\rad759CD.tmp
2015-04-27 04:19 . 2015-04-27 04:19 7247 ----a-w- c:\windows\system32\rad17458.tmp
2015-04-27 03:41 . 2015-04-27 03:41 -------- d-----w- c:\users\FAELNAR\AppData\Roaming\Vgstorm.com
2015-04-27 03:15 . 2006-02-04 10:30 11330 --sha-r- c:\windows\system32\radFE6C9.tmp
2015-04-27 03:15 . 2015-04-29 03:26 -------- d-----w- c:\program files\VGStorm.com
2015-04-26 23:28 . 2015-04-26 23:28 7247 ----a-w- c:\windows\system32\rad6517E.tmp
2015-04-26 21:21 . 2015-04-26 21:21 7247 ----a-w- c:\windows\system32\rad64669.tmp
2015-04-26 13:39 . 2015-04-26 13:39 7247 ----a-w- c:\windows\system32\rad695DC.tmp
2015-04-26 13:20 . 2015-04-26 13:20 7247 ----a-w- c:\windows\system32\rad0D0B6.tmp
2015-04-26 11:29 . 2015-04-26 11:29 7247 ----a-w- c:\windows\system32\rad4068E.tmp
2015-04-26 11:29 . 2015-04-26 11:29 7247 ----a-w- c:\windows\system32\rad9A0E0.tmp
2015-04-26 11:29 . 2015-04-26 11:29 7247 ----a-w- c:\windows\system32\rad867FF.tmp
2015-04-26 11:29 . 2015-04-26 11:29 7247 ----a-w- c:\windows\system32\rad9CFDE.tmp
2015-04-26 05:47 . 2015-04-26 05:47 7247 ----a-w- c:\windows\system32\rad57CCB.tmp
2015-04-26 01:59 . 2015-04-26 01:59 7247 ----a-w- c:\windows\system32\rad14C30.tmp
2015-04-25 21:55 . 2015-04-25 21:55 7247 ----a-w- c:\windows\system32\rad9C50C.tmp
2015-04-25 19:23 . 2015-04-25 19:23 7247 ----a-w- c:\windows\system32\rad08EF8.tmp
2015-04-25 13:31 . 2015-04-25 13:31 7247 ----a-w- c:\windows\system32\radFC1B6.tmp
2015-04-25 13:15 . 2015-04-25 13:15 7247 ----a-w- c:\windows\system32\radC707A.tmp
2015-04-25 04:32 . 2015-04-25 04:32 7247 ----a-w- c:\windows\system32\rad26ED7.tmp
2015-04-24 23:43 . 2015-04-24 23:43 7247 ----a-w- c:\windows\system32\radA07A6.tmp
2015-04-24 23:39 . 2015-04-25 19:25 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2015-04-24 23:39 . 2015-04-25 19:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2015-04-24 22:01 . 2015-04-24 22:01 7247 ----a-w- c:\windows\system32\rad68A46.tmp
2015-04-24 15:03 . 2015-04-24 15:03 7247 ----a-w- c:\windows\system32\rad3CC2E.tmp
2015-04-24 14:51 . 2015-04-24 14:51 7247 ----a-w- c:\windows\system32\rad93341.tmp
2015-04-24 14:49 . 2006-02-04 10:30 11330 --sha-r- c:\windows\system32\radE4D6E.tmp
2015-04-24 14:49 . 2006-02-04 10:30 11330 --sha-r- c:\windows\system32\radB8571.tmp
2015-04-24 14:49 . 2006-02-04 10:30 11330 --sha-r- c:\windows\system32\radAC353.tmp
2015-04-24 14:49 . 2006-02-04 10:30 11330 --sha-r- c:\windows\system32\radA8060.tmp
2015-04-24 14:49 . 2006-02-04 10:30 11330 --sha-r- c:\windows\system32\radF0371.tmp
2015-04-24 14:49 . 2006-02-04 10:30 11330 --sha-r- c:\windows\system32\rad394D5.tmp
2015-04-24 14:49 . 2006-02-04 10:30 11330 --sha-r- c:\windows\system32\rad2E1A9.tmp
2015-04-24 14:49 . 2006-02-04 10:30 11330 --sha-r- c:\windows\system32\rad756AC.tmp
2015-04-24 14:48 . 2015-04-24 14:48 7247 ----a-w- c:\windows\system32\rad5E5F1.tmp
2015-04-22 02:12 . 2015-04-28 03:44 -------- d-----w- c:\program files\TrimInstance
2015-04-22 02:12 . 2015-04-25 19:24 -------- d-----w- c:\program files\SaleePluss
2015-04-22 02:11 . 2015-04-25 19:24 -------- d-----w- c:\programdata\dpdicfeepahjjoekbeagfdjonkjjfopb
2015-04-21 23:02 . 2015-04-25 19:24 -------- d-----w- c:\program files\LinkMonitor
2015-04-21 22:59 . 2015-04-25 19:24 -------- d-----w- c:\programdata\ochjmlpemmmhgmodakchpjfnbhbjacmk
2015-04-21 06:21 . 2006-02-04 10:30 11330 --sha-r- c:\windows\system32\rad87052.tmp
2015-04-21 06:21 . 2006-02-04 10:30 11330 --sha-r- c:\windows\system32\rad57B55.tmp
2015-04-21 06:21 . 2006-02-04 10:30 11330 --sha-r- c:\windows\system32\rad4B9B3.tmp
2015-04-21 06:21 . 2006-02-04 10:30 11330 --sha-r- c:\windows\system32\rad0C56D.tmp
2015-04-18 08:41 . 2015-04-25 19:25 -------- d-----w- c:\programdata\{fef66e65-f563-6a2d-fef6-66e65f56b997}
2015-04-06 12:46 . 2015-04-10 04:26 -------- d-----w- c:\users\FAELNAR\AppData\Roaming\stw
2015-04-06 12:46 . 2015-04-25 19:24 -------- d-----w- c:\program files\Sam Tupy
2015-04-02 17:25 . 2015-04-25 19:24 -------- d-----w- c:\program files\Set New Tab To Google
2015-04-02 17:24 . 2015-04-25 19:24 -------- d-----w- c:\program files\SalePlus
2015-04-02 17:24 . 2015-04-25 19:24 -------- d-----w- c:\program files\SalePlUss
2015-04-02 17:23 . 2015-04-25 19:24 -------- d-----w- c:\programdata\klhcjfkgnlaehhkjaldjjelccmiagoga
2015-04-02 17:11 . 2015-04-25 19:25 -------- d-----w- c:\programdata\{eae0ff25-bac1-1247-eae0-0ff25bacfc96}
2015-04-02 13:54 . 2015-03-27 00:10 122432 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2015-04-02 05:00 . 2015-04-25 19:24 -------- d-----w- c:\program files\reality software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-29 09:15 . 2015-04-29 09:15 7247 ----a-w- c:\windows\system32\rad50CEE.tmp
2015-04-29 08:57 . 2015-04-25 19:25 722 ----a-w- c:\windows\Fonts\Music.lnk
2015-04-29 08:57 . 2015-04-24 14:48 730 ----a-w- c:\windows\Fonts\Microsoft.lnk
2015-04-28 13:40 . 2014-08-07 12:21 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2015-04-28 13:36 . 2015-04-24 22:03 728 ----a-w- c:\windows\Fonts\Aplikasi.lnk
2015-04-24 14:48 . 2015-04-24 14:48 246 --sha-r- c:\windows\Fonts\autorun.inf
2015-04-15 11:55 . 2014-08-15 12:11 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-04-15 11:55 . 2014-08-15 12:11 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-23 20:23 . 2014-08-25 21:12 246920 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-10-03 11:24 578240 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-02-19 06:24 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-02-19 06:24 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-02-19 06:24 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-02-19 06:24 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-02-19 06:24 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\users\FAELNAR\AppData\Roaming\BitTorrent\BitTorrent.exe" [2015-04-28 1443160]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2014-03-21 3829328]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2015-02-19 26232152]
"Df5serv"="Wscript.exe" [2009-07-14 141824]
"Explorer"="Wscript.exe" [2009-07-14 141824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2013-10-22 6336216]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" [2014-04-01 748256]
"JAWS"="c:\program files\Freedom Scientific\JAWS\14.0\jfw.exe" [2013-01-18 7126528]
"Freedom Import Printer printing agent"="c:\program files\Freedom Scientific\Shared\Freedom Import Printer\fipagent.exe" [2011-08-05 94208]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-10-03 4085896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-10-14 157480]
"WinUpdate"="Wscript.exe" [2009-07-14 141824]
.
c:\users\FAELNAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Love Affair 1994 avi.lnk - c:\programdata\{fef66e65-f563-6a2d-fef6-66e65f56b997}\Love Affair 1994 avi.exe --startup=1 [2014-4-18 374272]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistrytools"= 1 (0x1)
"DisableTaskMgr"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-08-21 16:30 959176 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 16:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
R2 Update Box Rock;Update Box Rock;c:\program files\Box Rock\updateBoxRock.exe [x]
R3 JTVNCProxy_14.0;JTVNCProxy_14.0;c:\program files\Freedom Scientific\JAWS\14.0\JTVNCProxy.exe [2012-12-07 17800]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-08-17 137472]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-08-17 8576]
R3 PowerBrl;powerBraille System Driver;c:\windows\system32\Drivers\powerbrl.sys [2012-12-07 16744]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 {0560c2c7-b36f-426f-a359-b736008b85a6}Gw;{0560c2c7-b36f-426f-a359-b736008b85a6}Gw;c:\windows\system32\drivers\{0560c2c7-b36f-426f-a359-b736008b85a6}Gw.sys [2015-01-09 43144]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-11-22 779536]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-10-03 414520]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2014-04-02 209408]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-04-01 276992]
S2 AODDriver4.3;AODDriver4.3;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2013-11-04 50432]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-10-03 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-10-03 67824]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-10-03 71944]
S2 Freedom Scientific Kernel Manager {D2B4C7A7-7605-4039-89E4-DE5CC69BBE9D};Freedom Scientific Kernel Manager;c:\windows\system32\fsKMgr.dll [2011-08-05 20512]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2015-03-27 122432]
S2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\MobileBrServ\mbbservice.exe [2013-07-23 239696]
S2 nvda;nvda;c:\program files\NVDA\nvda_service.exe [2014-11-27 40040]
S2 WindowsMangerProtect;WindowsMangerProtect Service;c:\programdata\WindowsMangerProtect\ProtectWindowsManager.exe [2015-01-10 473088]
S3 fsvidmir;fsvidmir;c:\windows\system32\DRIVERS\fsvidmir.sys [2011-08-05 2944]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2013-08-27 679128]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-14 23:48 988488 ----a-w- c:\program files\Google\Chrome\Application\42.0.2311.90\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-15 11:55]
.
2015-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-01-18 22:36]
.
2015-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-01-18 22:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bendot.co.nr
mStart Page = hxxp://websearch.goodforsearch.info/?pid=24387&r=2015/04/21&hid=17487166612002595778&lg=EN&cc=PH&unqvl=86
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\FAELNAR\AppData\Roaming\Mozilla\Firefox\Profiles\zxkqwvfy.default-1423252210021\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.goodforsearch.info/?pid=24387&r=2015/04/21&hid=17487166612002595778&lg=EN&cc=PH&unqvl=86&l=1&q=
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://websearch.goodforsearch.info/?pid=24387&r=2015/04/21&hid=17487166612002595778&lg=EN&cc=PH&unqvl=86&l=1&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
c:\users\FAELNAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\linda ronstadt and james ingram - Somewhere Out There.lnk - c:\programdata\{eae0ff25-bac1-1247-eae0-0ff25bacfc96}\linda ronstadt and james ingram - Somewhere Out There.exe --startup=1
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
AddRemove-FSReader2.0 - c:\program files\Freedom Scientific\FSReader\2.0\UninstallFSReader.exe
AddRemove-{1D23FD63-5756-428D-B03C-657FA3F54900}_is1 - d:\games\RTR\unins000.exe
AddRemove-{4820778D-AB0D-6D18-C316-52A6A0E1D507} - c:\program files\youtubeadblocker\f67OhFxKuM2CDI.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1987745807-665350631-1174593031-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):8f,1e,d5,13,85,49,28,2e,14,32,02,4d,93,c3,b3,b2,fd,10,7b,0b,af,
1b,9c,54,c6,0c,83,ca,79,41,85,77,52,17,19,d9,1d,c8,d0,82,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1987745807-665350631-1174593031-1000_Classes\CLSID\{f7d55177-c3c6-4767-88d3-8f61efc419e4}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000161
"Therad"=dword:0000001c
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3176)
c:\program files\Internet Download Manager\idmmkb.dll
c:\progra~1\MICROS~1\Office12\GR0C18~1.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\LuckyTab\LuckyTab.exe
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wscript.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\program files\Freedom Scientific\JAWS\14.0\fsATProxy.exe
c:\programdata\{fef66e65-f563-6a2d-fef6-66e65f56b997}\Love Affair 1994 avi.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\NVDA\nvda.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2015-04-29 17:20:01 - machine was rebooted
ComboFix-quarantined-files.txt 2015-04-29 09:20
.
Pre-Run: 42,275,000,320 bytes free
Post-Run: 42,930,081,792 bytes free
.
- - End Of File - - 141D240715B9326FCB0D851BE855DEA8
A36C5E4F47E84449FF07ED3517B43A31