for pareng Bodieph and all concern and marunong bumasa ng log:
ComboFix 15-05-13.01 - user 05/16/2015 15:38:02.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1935.879 [GMT 8:00]
Running from: d:\users\user\Downloads\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\users\user\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
D:\WindowsUpdate
d:\windowsupdate\woipd.dat
.
.
((((((((((((((((((((((((( Files Created from 2015-04-16 to 2015-05-16 )))))))))))))))))))))))))))))))
.
.
2015-05-16 00:44 . 2015-05-16 00:44 -------- d-----w- d:\programdata\BSD
2015-05-15 22:59 . 2015-05-16 04:12 -------- d-----w- d:\programdata\TweakBit
2015-05-15 22:59 . 2015-05-16 04:30 -------- d-----w- d:\program files\TweakBit
2015-05-13 21:58 . 2015-05-13 21:58 -------- d-----w- d:\program files\Opera
2015-05-13 21:57 . 2015-05-13 21:57 -------- d-----w- d:\windows\system32\config\systemprofile\AppData\Local\LavasoftTcpService
2015-05-13 21:57 . 2015-04-30 02:50 347976 ----a-w- d:\windows\system32\LavasoftTcpService.dll
2015-05-13 21:53 . 2015-05-13 21:54 -------- d-----w- d:\programdata\Innovative Solutions
2015-05-13 21:53 . 2015-05-13 21:54 -------- d-----w- d:\users\user\AppData\Local\Innovative Solutions
2015-05-13 21:53 . 2015-05-13 21:53 -------- d-----w- d:\program files\Common Files\Innovative Solutions
2015-05-13 21:53 . 2014-03-07 02:25 42496 ----a-w- d:\windows\system32\AdvUninstCPL.cpl
2015-05-13 21:53 . 2015-05-13 21:53 -------- d-----w- d:\users\user\AppData\Roaming\RHEng
2015-05-13 21:53 . 2015-05-13 21:53 -------- d-----w- d:\program files\Innovative Solutions
2015-05-09 22:20 . 2015-05-09 22:20 -------- d-----w- d:\users\user\AppData\Local\AskPartnerNetwork
2015-05-09 22:20 . 2015-05-09 22:20 -------- d-----w- d:\programdata\AskPartnerNetwork
2015-05-09 22:20 . 2015-05-09 22:20 -------- d-----w- d:\program files\AskPartnerNetwork
2015-05-09 22:20 . 2015-05-09 22:20 -------- d-----w- d:\programdata\APN
2015-05-09 22:18 . 2015-05-09 22:16 146432 ----a-w- d:\windows\system32\javacpl.cpl
2015-05-05 19:15 . 2015-05-05 19:15 -------- d-----w- d:\program files\McAfee Security Scan
2015-05-02 09:10 . 2015-05-02 09:10 -------- d-----w- d:\windows\system32\config\systemprofile\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-09 22:16 . 2014-03-18 07:25 96352 ----a-w- d:\windows\system32\WindowsAccessBridge.dll
2015-05-05 10:43 . 2014-05-05 00:55 37896 ----a-w- d:\windows\system32\drivers\avkmgr.sys
2015-05-05 10:43 . 2014-05-05 00:55 136216 ----a-w- d:\windows\system32\drivers\avipbb.sys
2015-05-05 10:43 . 2014-05-05 00:55 107400 ----a-w- d:\windows\system32\drivers\avgntflt.sys
2015-05-02 22:51 . 2014-05-05 00:55 37896 ----a-w- d:\windows\system32\drivers\avnetflt.sys
2015-05-02 11:09 . 2014-03-18 18:37 778416 ----a-w- d:\windows\system32\FlashPlayerApp.exe
2015-05-02 11:09 . 2014-03-18 18:37 142512 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "d:\program files\Yahoo!\Companion\Installs\cpn1\yt.dll" [2014-02-11 1565464]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="d:\users\user\AppData\Roaming\mjusbsp\cdloader2.exe" [2014-07-04 51592]
"Messenger (Yahoo!)"="d:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-24 6595928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"HDAudDeck"="d:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-21 1681408]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2015-05-05 728312]
"Avira Systray"="d:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2015-03-16 129272]
"ApnTBMon"="d:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2015-01-30 1934744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AntiVirMailService;Avira Mail Protection;d:\program files\Avira\AntiVir Desktop\avmailc7.exe [2015-05-05 827640]
R3 McComponentHostService;McAfee Security Scan Component Host Service;d:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 235696]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;d:\windows\system32\drivers\viahduaa.sys [2009-09-17 1086976]
R4 AntiVirWebService;Avira Web Protection;d:\program files\Avira\AntiVir Desktop\avwebg7.exe [2015-05-05 1185584]
S1 avkmgr;avkmgr;d:\windows\system32\DRIVERS\avkmgr.sys [2015-05-05 37896]
S2 AntiVirSchedulerService;Avira Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [2015-05-05 434424]
S2 APNMCP;Ask Update Service;d:\program files\AskPartnerNetwork\Toolbar\apnmcp.exe [2015-01-30 177560]
S2 Avira.OE.ServiceHost;Avira Service Host;d:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe [2015-03-16 201008]
S2 avnetflt;avnetflt;d:\windows\system32\DRIVERS\avnetflt.sys [2015-05-02 37896]
S3 InnovativeSolutions_monitor;Innovative Solutions Service Monitor;d:\program files\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [2015-04-17 1064552]
S3 RTL8167;Realtek 8167 NT Driver;d:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-13 09:18 988488 ----a-w- d:\program files\Google\Chrome\Application\42.0.2311.152\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-05-16 d:\windows\Tasks\Adobe Flash Player Updater.job
- d:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-18 11:09]
.
2015-05-16 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2014-05-14 15:27]
.
2015-05-16 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2014-05-14 15:27]
.
2015-05-15 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1621603786-198938528-1512119546-1000Core.job
- d:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-27 16:36]
.
2015-05-15 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1621603786-198938528-1512119546-1000UA.job
- d:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-27 16:36]
.
2015-05-16 d:\windows\Tasks\Health-Check-auto.job
- d:\program files\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe [2015-05-13 04:13]
.
2015-05-13 d:\windows\Tasks\Health-Check-deep.job
- d:\program files\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe [2015-05-13 04:13]
.
2015-05-15 d:\windows\Tasks\Health-Check.job
- d:\program files\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe [2015-05-13 04:13]
.
2015-05-16 d:\windows\Tasks\UninstallMonitor.job
- d:\program files\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe [2015-05-13 04:13]
.
.
------- Supplementary Scan -------
.
uStart Page =
https://ph.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10099_swoc_campaign_150513__yaiemStart Page = hxxp://www.yahoo.com/?ilc=8
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - d:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\h4gpv7f2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mkg030&p=
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - d:\program files\Java\jre1.8.0_45\bin\jusched.exe
AddRemove-Microsoft .NET Framework 4 Client Profile - d:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3648)
d:\windows\System32\Actioncenter.dll
.
------------------------ Other Running Processes ------------------------
.
d:\windows\system32\AUDIODG.EXE
d:\program files\Avira\AntiVir Desktop\avguard.exe
d:\windows\system32\taskhost.exe
d:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
d:\program files\Avira\AntiVir Desktop\avshadow.exe
d:\windows\system32\sppsvc.exe
d:\windows\system32\conhost.exe
d:\windows\system32\wbem\unsecapp.exe
d:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2015-05-16 15:45:37 - machine was rebooted
ComboFix-quarantined-files.txt 2015-05-16 07:45
.
Pre-Run: 276,966,293,504 bytes free
Post-Run: 276,868,288,512 bytes free
.
- - End Of File - - 1E974EB0FCF0601E12C2FCE4F6BA1271
A36C5E4F47E84449FF07ED3517B43A31
