Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
dll host consume ram
Message
<blockquote data-quote="jikugawa" data-source="post: 184396" data-attributes="member: 21163"><p>ComboFix 14-04-12.01 - user 04/15/2014 22:19:49.2.8 - x64</p><p>Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16324.770 [GMT 7:00]</p><p>Running from: c:\users\user\Desktop\ComboFix.exe</p><p>Command switches used :: c:\users\user\Desktop\CFScript.txt</p><p>AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}</p><p>SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}</p><p>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>c:\program files (x86)\Conduit</p><p>c:\program files (x86)\Conduit\Community Alerts\Alert.dll</p><p>c:\program files (x86)\SNT</p><p>c:\program files (x86)\Webfuii</p><p>c:\program files (x86)\Webfuii\7za.exe</p><p>c:\program files (x86)\Webfuii\bin\7za.exe</p><p>c:\program files (x86)\Webfuii\bin\BrowserAdapterS.7z</p><p>c:\program files (x86)\Webfuii\bin\FilterApp_C64.exe</p><p>c:\program files (x86)\Webfuii\bin\plugins\Webfuii.Bromon.dll</p><p>c:\program files (x86)\Webfuii\bin\plugins\Webfuii.BrowserAdapterS.dll</p><p>c:\program files (x86)\Webfuii\bin\plugins\Webfuii.CompatibilityChecker.dll</p><p>c:\program files (x86)\Webfuii\bin\plugins\Webfuii.PurBrowse.dll</p><p>c:\program files (x86)\Webfuii\bin\utilWebfuii.exe</p><p>c:\program files (x86)\Webfuii\bin\utilWebfuii.InstallState</p><p>c:\program files (x86)\Webfuii\bin\Webfuii.BrowserAdapter.exe</p><p>c:\program files (x86)\Webfuii\bin\WebfuiiBA.dll</p><p>c:\program files (x86)\Webfuii\bin\WebfuiiBAApp.dll</p><p>c:\program files (x86)\Webfuii\updateWebfuii.exe</p><p>c:\program files (x86)\Webfuii\updateWebfuii.InstallState</p><p>c:\program files (x86)\Webfuii\Webfuii.ico</p><p>c:\program files (x86)\Webfuii\WebfuiiUninstall.exe</p><p>c:\programdata\Conduit</p><p>c:\programdata\Conduit\IE\CT2504091\configutaion.json</p><p>c:\programdata\Conduit\IE\CT2504091\SetupIcon.ico</p><p>c:\programdata\Conduit\IE\CT2504091\UninstallerUI.exe</p><p>c:\programdata\Conduit\Multi\CT2504091\configutaion.json</p><p>c:\programdata\Conduit\Multi\CT2504091\SetupIcon.ico</p><p>c:\programdata\Conduit\Multi\CT2504091\UninstallerUI.exe</p><p>c:\programdata\e8bfc10261579107</p><p>c:\programdata\e8bfc10261579107\{4820778D-AB0D-6D18-C316-52A6A0E1D507}</p><p>c:\programdata\e8bfc10261579107\{7DD5E91C-3864-77EC-7635-D14910C2A03E}</p><p>c:\programdata\e8bfc10261579107\{7DD5E91C-3864-77EC-7635-D14910C2A03E}.old</p><p>c:\programdata\e8bfc10261579107\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}</p><p>c:\programdata\e8bfc10261579107\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}</p><p>c:\programdata\e8bfc10261579107\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}.old</p><p>c:\programdata\InstallMate</p><p>c:\programdata\InstallMate\{2ED2A577-3552-413F-A3D4-7D70F5318781}\_Setup.dll</p><p>c:\programdata\InstallMate\{2ED2A577-3552-413F-A3D4-7D70F5318781}\20140410200737.log</p><p>c:\programdata\InstallMate\{2ED2A577-3552-413F-A3D4-7D70F5318781}\Custom.dll</p><p>c:\programdata\InstallMate\{2ED2A577-3552-413F-A3D4-7D70F5318781}\Readme.txt</p><p>c:\programdata\InstallMate\{2ED2A577-3552-413F-A3D4-7D70F5318781}\Setup.dat</p><p>c:\programdata\InstallMate\{2ED2A577-3552-413F-A3D4-7D70F5318781}\Setup.exe</p><p>c:\programdata\InstallMate\{2ED2A577-3552-413F-A3D4-7D70F5318781}\Setup.ico</p><p>c:\programdata\InstallMate\{2ED2A577-3552-413F-A3D4-7D70F5318781}\TsuDll.dll</p><p>c:\programdata\save Neti</p><p>c:\programdata\SNT</p><p>c:\programdata\SuperbApp</p><p>c:\programdata\YoutubeAdblocker</p><p>c:\programdata\YoutubeAdblocker\n9w.dat</p><p>c:\programdata\YoutubeAdblocker\n9w.exe</p><p>c:\users\user\AppData\Local\Conduit</p><p>c:\users\user\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll</p><p>c:\users\user\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll</p><p>c:\users\user\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll</p><p>c:\users\user\AppData\Local\Conduit\Chrome\CT2504091\CHUninstaller.exe</p><p>c:\users\user\AppData\Local\Conduit\Chrome\CT2504091\configutaion.json</p><p>c:\users\user\AppData\Local\Conduit\Chrome\CT2504091\Uninstaller.ico</p><p>c:\users\user\AppData\Local\Conduit\Chrome\CT2504091\UninstallerUI.exe</p><p>c:\users\user\AppData\Local\Conduit\CT2504091\Vuze_RemoteAutoUpdateHelper.exe</p><p>c:\users\user\AppData\Local\FilesFrog Update Checker</p><p>c:\users\user\AppData\Local\FilesFrog Update Checker\uninstall.exe</p><p>c:\users\user\AppData\Local\FilesFrog Update Checker\update_checker.exe</p><p>c:\users\user\AppData\Local\Torch</p><p>c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem\2.1\background.html</p><p>c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem\2.1\content.js</p><p>c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem\2.1\KUr61eXXZ.js</p><p>c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem\2.1\lsdb.js</p><p>c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem\2.1\manifest.json</p><p>c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem\2.1\newtab.html</p><p>c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\124\background.html</p><p>c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\124\content.js</p><p>c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\124\lsdb.js</p><p>c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\124\manifest.json</p><p>c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\124\UJ1VktsAa.js</p><p>c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd\5.14\background.html</p><p>c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd\5.14\content.js</p><p>c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd\5.14\lsdb.js</p><p>c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd\5.14\manifest.json</p><p>c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd\5.14\RDJ.js</p><p>c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic\1.0\background.html</p><p>c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic\1.0\content.js</p><p>c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic\1.0\csle.js</p><p>c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic\1.0\lsdb.js</p><p>c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic\1.0\manifest.json</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>-------\Legacy_BPROTECTEX</p><p>-------\Service_BprotectEx</p><p>-------\Service_Update Webfuii</p><p>-------\Service_Util Webfuii</p><p>.</p><p>.</p><p>((((((((((((((((((((((((( Files Created from 2014-03-15 to 2014-04-15 )))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>2014-04-15 15:27 . 2014-04-15 15:27 -------- d-----w- c:\users\Default\AppData\Local\temp</p><p>2014-04-15 14:11 . 2014-04-15 14:15 -------- d-----w- C:\FRST</p><p>2014-04-15 14:01 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5B374E8A-15F5-4218-BF8C-2769E0C970B7}\mpengine.dll</p><p>2014-04-15 08:47 . 2014-04-15 08:47 -------- d-sh--w- c:\users\user\AppData\Local\EmieUserList</p><p>2014-04-15 08:47 . 2014-04-15 08:47 -------- d-sh--w- c:\users\user\AppData\Local\EmieSiteList</p><p>2014-04-15 08:47 . 2014-04-15 08:47 -------- d-----w- c:\program files\Recuva</p><p>2014-04-15 08:14 . 2014-04-15 08:14 -------- d-----w- c:\program files (x86)\iCare Data Recovery Standard</p><p>2014-04-15 07:56 . 2014-04-15 07:56 -------- d-----w- c:\program files (x86)\4Card Recovery</p><p>2014-04-14 22:29 . 2010-11-21 03:23 38912 ----a-w- c:\windows\system32\drivers\CompositeBus.sys</p><p>2014-04-14 21:53 . 2014-04-14 21:53 -------- d-----w- c:\users\user\AppData\Local\ElevatedDiagnostics</p><p>2014-04-14 04:19 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll</p><p>2014-04-12 18:59 . 2014-04-12 18:59 -------- d-----w- c:\program files (x86)\AGEIA Technologies</p><p>2014-04-12 18:59 . 2014-03-04 11:32 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe</p><p>2014-04-12 17:10 . 2014-03-21 19:43 40392 ----a-w- c:\windows\system32\drivers\nvvad64v.sys</p><p>2014-04-12 17:10 . 2014-03-21 19:43 33568 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll</p><p>2014-04-10 13:10 . 2014-04-10 13:36 -------- d-----w- c:\program files (x86)\save Neti</p><p>2014-04-10 13:10 . 2014-04-10 13:10 -------- d-----w- c:\users\user\AppData\Local\Packages</p><p>2014-04-10 13:09 . 2014-04-10 13:09 -------- d-----w- c:\users\user\AppData\Local\Comodo</p><p>2014-04-10 13:09 . 2014-04-10 13:09 -------- d-----w- c:\users\HomeGroupUser$</p><p>2014-04-10 13:09 . 2014-04-10 13:09 -------- d-----w- c:\users\Guest</p><p>2014-04-10 13:09 . 2014-04-10 13:09 -------- d-----w- c:\users\Administrator</p><p>2014-04-09 07:21 . 2014-01-24 02:37 1684928 ----a-w- c:\windows\system32\drivers\ntfs.sys</p><p>2014-04-09 06:59 . 2014-02-04 02:35 190912 ----a-w- c:\windows\system32\drivers\storport.sys</p><p>2014-04-09 06:59 . 2014-02-04 02:35 274880 ----a-w- c:\windows\system32\drivers\msiscsi.sys</p><p>2014-04-09 06:59 . 2014-02-04 02:35 27584 ----a-w- c:\windows\system32\drivers\Diskdump.sys</p><p>2014-04-09 06:59 . 2014-02-04 02:28 2048 ----a-w- c:\windows\system32\iologmsg.dll</p><p>2014-04-09 06:59 . 2014-02-04 02:00 2048 ----a-w- c:\windows\SysWow64\iologmsg.dll</p><p>2014-04-09 06:58 . 2014-03-04 09:44 362496 ----a-w- c:\windows\system32\wow64win.dll</p><p>2014-04-09 06:58 . 2014-03-04 09:44 243712 ----a-w- c:\windows\system32\wow64.dll</p><p>2014-04-09 06:58 . 2014-03-04 09:44 13312 ----a-w- c:\windows\system32\wow64cpu.dll</p><p>2014-04-09 06:58 . 2014-03-04 09:44 16384 ----a-w- c:\windows\system32\ntvdm64.dll</p><p>2014-04-09 06:58 . 2014-03-04 09:44 1163264 ----a-w- c:\windows\system32\kernel32.dll</p><p>2014-04-09 06:58 . 2014-03-04 09:17 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll</p><p>2014-04-09 06:58 . 2014-03-04 09:16 25600 ----a-w- c:\windows\SysWow64\setup16.exe</p><p>2014-04-09 06:58 . 2014-03-04 09:16 5120 ----a-w- c:\windows\SysWow64\wow32.dll</p><p>2014-04-09 06:58 . 2014-03-04 08:09 7680 ----a-w- c:\windows\SysWow64\instnm.exe</p><p>2014-04-09 06:58 . 2014-03-04 08:09 2048 ----a-w- c:\windows\SysWow64\user.exe</p><p>2014-04-05 18:06 . 2014-04-12 17:11 -------- d-----w- c:\users\user\AppData\Local\NVIDIA Corporation</p><p>2014-04-05 18:05 . 2014-04-05 18:08 -------- d-----w- c:\users\user\AppData\Local\NVIDIA</p><p>2014-04-05 13:44 . 2014-04-02 13:27 1081112 ----a-w- c:\windows\SysWow64\nvspcap.dll</p><p>2014-04-05 13:44 . 2014-04-02 13:27 1225920 ----a-w- c:\windows\system32\nvspcap64.dll</p><p>2014-04-05 13:42 . 2014-03-21 19:43 37320 ----a-w- c:\windows\system32\nvaudcap64v.dll</p><p>2014-04-05 13:42 . 2013-01-29 08:35 1510176 ----a-w- c:\windows\system32\nvhdagenco64.dll</p><p>2014-04-05 13:42 . 2013-10-23 10:30 1884448 ----a-w- c:\windows\system32\nvdispco6433165.dll</p><p>2014-04-05 13:42 . 2013-10-23 10:30 1511712 ----a-w- c:\windows\system32\nvdispgenco6433165.dll</p><p>2014-04-04 12:35 . 2014-04-05 18:10 -------- d-----w- c:\program files (x86)\Common Files\Steam</p><p>2014-04-04 03:17 . 2014-02-05 14:47 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F96F5EE-6689-46FD-B462-752295B59C48}\gapaengine.dll</p><p>2014-03-29 13:36 . 2014-04-14 18:46 -------- d-----w- c:\users\user\AppData\Roaming\vlc</p><p>2014-03-29 02:37 . 2014-04-10 13:37 -------- d-----w- c:\programdata\Log</p><p>2014-03-26 09:43 . 2014-03-26 09:43 -------- d-----w- C:\found.000</p><p>2014-03-24 22:26 . 2014-03-24 22:26 -------- d-----w- c:\windows\id</p><p>2014-03-24 22:26 . 2014-03-24 22:26 -------- d-----w- c:\windows\en</p><p>2014-03-24 22:26 . 2014-03-24 22:26 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition</p><p>2014-03-24 22:25 . 2014-03-24 22:26 -------- d-----w- c:\program files (x86)\Windows Live</p><p>2014-03-24 22:24 . 2014-03-24 22:32 -------- d-----w- c:\users\user\AppData\Local\Windows Live</p><p>2014-03-24 22:23 . 2014-03-24 22:23 -------- d-----w- c:\program files (x86)\Common Files\Windows Live</p><p>2014-03-24 22:22 . 2014-03-24 22:22 -------- d-----w- c:\program files\Microsoft Silverlight</p><p>2014-03-24 22:22 . 2014-03-24 22:22 -------- d-----w- c:\program files (x86)\Microsoft Silverlight</p><p>2014-03-23 10:44 . 2014-03-23 10:44 -------- d-----w- c:\program files (x86)\Vuze</p><p>2014-03-23 10:36 . 2014-03-27 01:26 -------- d-----w- c:\users\user\AppData\Roaming\.minecraft</p><p>2014-03-23 08:32 . 2014-03-23 08:32 -------- d-----w- c:\users\user\AppData\Roaming\Oracle</p><p>2014-03-23 08:31 . 2014-03-23 08:31 -------- d-----w- c:\programdata\Oracle</p><p>2014-03-23 08:31 . 2014-03-23 08:31 -------- d-----w- c:\program files (x86)\Common Files\Java</p><p>2014-03-23 08:31 . 2014-03-23 08:31 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll</p><p>2014-03-23 08:31 . 2014-03-23 08:31 -------- d-----w- c:\program files (x86)\Java</p><p>2014-03-23 05:08 . 2014-03-23 05:08 -------- d-----w- c:\program files (x86)\Autodesk</p><p>2014-03-23 05:08 . 2014-03-23 05:08 -------- d-----w- c:\users\user\AppData\Local\backburner</p><p>2014-03-23 02:19 . 2014-04-15 11:09 -------- d-----w- c:\users\user\AppData\Local\Akamai</p><p>2014-03-23 02:19 . 2014-03-23 02:19 -------- d-----w- c:\programdata\Applications</p><p>2014-03-23 02:07 . 2014-03-23 02:07 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl</p><p>2014-03-23 02:07 . 2014-03-23 02:07 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe</p><p>2014-03-23 02:07 . 2014-03-23 02:07 -------- d-----w- c:\windows\SysWow64\Macromed</p><p>2014-03-23 02:07 . 2014-03-23 02:07 -------- d-----w- c:\windows\system32\Macromed</p><p>2014-03-22 17:07 . 2014-03-23 05:24 -------- d-----w- c:\programdata\FLEXnet</p><p>2014-03-22 17:07 . 2014-03-23 02:20 -------- d-----w- c:\users\user\AppData\Local\Autodesk</p><p>2014-03-22 16:52 . 2014-03-22 16:52 -------- d-----w- c:\program files\Common Files\Macrovision Shared</p><p>2014-03-22 16:51 . 2014-03-23 05:08 -------- d-----w- c:\program files\Common Files\Autodesk Shared</p><p>2014-03-22 16:51 . 2014-03-23 05:07 -------- d-----w- c:\program files\Autodesk</p><p>2014-03-22 16:49 . 2008-07-10 04:00 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll</p><p>2014-03-22 16:44 . 2014-03-22 16:44 -------- d-----w- C:\Autodesk</p><p>2014-03-22 16:41 . 2014-04-05 18:05 -------- d-----w- c:\program files\CCleaner</p><p>2014-03-22 04:39 . 2014-03-22 04:39 61112 ----a-w- c:\windows\system32\drivers\wStLib64.sys</p><p>2014-03-21 15:40 . 2014-03-21 15:40 172032 ----a-w- c:\windows\SysWow64\AniGIF.ocx</p><p>2014-03-21 14:18 . 2014-03-21 15:43 -------- d-----w- c:\users\user\AppData\Local\Installer</p><p>2014-03-21 14:06 . 2014-03-21 14:06 -------- d-----w- c:\users\user\AppData\Local\CrashRpt</p><p>2014-03-21 14:01 . 2010-05-26 04:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll</p><p>2014-03-21 14:01 . 2010-05-26 04:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll</p><p>2014-03-21 14:01 . 2010-05-26 04:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll</p><p>2014-03-21 14:01 . 2010-05-26 04:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll</p><p>2014-03-21 14:01 . 2010-05-26 04:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll</p><p>2014-03-21 14:01 . 2010-05-26 04:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll</p><p>2014-03-21 14:01 . 2010-05-26 04:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll</p><p>2014-03-21 14:01 . 2010-05-26 04:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll</p><p>2014-03-21 14:01 . 2006-03-31 05:41 3927248 ----a-w- c:\windows\system32\d3dx9_30.dll</p><p>2014-03-21 13:59 . 2014-03-23 05:09 -------- d-----w- c:\programdata\Autodesk</p><p>2014-03-21 13:59 . 2014-03-22 17:16 -------- d-----w- c:\users\user\AppData\Roaming\Autodesk</p><p>2014-03-21 13:52 . 2014-03-21 13:52 -------- d-----w- c:\program files (x86)\Common Files\EZB Systems</p><p>2014-03-21 13:52 . 2014-03-21 13:52 -------- d-----w- c:\program files (x86)\UltraISO</p><p>2014-03-20 02:51 . 2014-04-04 12:04 -------- d-----w- c:\users\user\AppData\Roaming\Baidu Security</p><p>2014-03-20 02:48 . 2014-04-04 12:04 -------- d-----w- c:\program files (x86)\Baidu Security</p><p>2014-03-20 02:48 . 2014-04-03 02:46 -------- d-----w- c:\programdata\Baidu Security</p><p>.</p><p>.</p><p>.</p><p>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>2014-04-09 05:35 . 2014-03-11 12:35 90655440 ----a-w- c:\windows\system32\MRT.exe</p><p>2014-03-24 22:25 . 2012-07-17 07:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll</p><p>2014-03-14 16:43 . 2014-03-14 15:58 135736 ----a-w- c:\windows\system32\vpncmd.exe</p><p>2014-03-14 16:05 . 2014-03-14 16:05 28768 ----a-w- c:\windows\system32\drivers\Neo_0009.sys</p><p>2014-03-14 16:04 . 2014-03-14 16:04 38240 ----a-w- c:\windows\system32\drivers\see.sys</p><p>2014-03-11 02:52 . 2013-09-27 02:53 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys</p><p>2014-03-06 20:01 . 2014-03-06 20:01 194048 ----a-w- c:\windows\SysWow64\elshyph.dll</p><p>2014-03-06 20:01 . 2014-03-06 20:01 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll</p><p>2014-03-06 20:01 . 2014-03-06 20:01 235008 ----a-w- c:\windows\system32\elshyph.dll</p><p>2014-03-06 20:01 . 2014-03-06 20:01 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe</p><p>2014-03-06 20:01 . 2014-03-06 20:01 942592 ----a-w- c:\windows\system32\jsIntl.dll</p><p>2014-03-06 20:01 . 2014-03-06 20:01 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe</p><p>2014-03-06 20:01 . 2014-03-06 20:01 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll</p><p>2014-03-06 20:01 . 2014-03-06 20:01 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe</p><p>2014-03-06 20:01 . 2014-03-06 20:01 81408 ----a-w- c:\windows\system32\icardie.dll</p><p>2014-03-06 20:01 . 2014-03-06 20:01 77312 ----a-w- c:\windows\system32\tdc.ocx</p><p>2014-03-06 20:01 . 2014-03-06 20:01 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe</p><p>2014-03-06 20:01 . 2014-03-06 20:01 62464 ----a-w- c:\windows\SysWow64\tdc.ocx</p><p>2014-03-06 20:01 . 2014-03-06 20:01 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll</p><p>2014-03-06 20:01 . 2014-03-06 20:01 616104 ----a-w- c:\windows\system32\ieapfltr.dat</p><p>2014-03-06 20:01 . 2014-03-06 20:01 52224 ----a-w- c:\windows\system32\msfeedsbs.dll</p><p>2014-03-06 20:01 . 2014-03-06 20:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll</p><p>2014-03-06 20:01 . 2014-03-06 20:01 48640 ----a-w- c:\windows\system32\mshtmler.dll</p><p>2014-03-06 20:01 . 2014-03-06 20:01 413696 ----a-w- c:\windows\system32\html.iec</p><p>2014-03-06 20:01 . 2014-03-06 20:01 36352 ----a-w- c:\windows\SysWow64\imgutil.dll</p><p>2014-03-06 20:01 . 2014-03-06 20:01 337408 ----a-w- c:\windows\SysWow64\html.iec</p><p>2014-03-06 20:01 . 2014-03-06 20:01 247808 ----a-w- c:\windows\system32\msls31.dll</p><p>2014-03-06 20:01 . 2014-03-06 20:01 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll</p><p>2014-03-06 20:01 . 2014-03-06 20:01 182272 ----a-w- c:\windows\SysWow64\msls31.dll</p><p>2014-03-06 20:01 . 2014-03-06 20:01 151552 ----a-w- c:\windows\SysWow64\iexpress.exe</p><p>2014-03-06 20:01 . 2014-03-06 20:01 139264 ----a-w- c:\windows\SysWow64\wextract.exe</p><p>2014-03-06 20:01 . 2014-03-06 20:01 13312 ----a-w- c:\windows\SysWow64\mshta.exe</p><p>2014-03-06 20:01 . 2014-03-06 20:01 13312 ----a-w- c:\windows\system32\msfeedssync.exe</p><p>2014-03-06 20:01 . 2014-03-06 20:01 131072 ----a-w- c:\windows\system32\IEAdvpack.dll</p><p>2014-03-06 20:01 . 2014-03-06 20:01 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll</p><p>2014-03-06 20:01 . 2014-03-06 20:01 105984 ----a-w- c:\windows\system32\iesysprep.dll</p><p>2014-03-06 20:01 . 2014-03-06 20:01 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll</p><p>2014-03-06 20:01 . 2014-03-06 20:01 84992 ----a-w- c:\windows\system32\mshtmled.dll</p><p>2014-03-06 20:01 . 2014-03-06 20:01 83968 ----a-w- c:\windows\system32\MshtmlDac.dll</p><p>2014-03-06 20:01 . 2014-03-06 20:01 774144 ----a-w- c:\windows\system32\jscript.dll</p><p>2014-03-06 20:01 . 2014-03-06 20:01 62464 ----a-w- c:\windows\system32\pngfilt.dll</p><p>2014-03-06 20:01 . 2014-03-06 20:01 48128 ----a-w- c:\windows\system32\imgutil.dll</p><p>2014-03-06 20:01 . 2014-03-06 20:01 30208 ----a-w- c:\windows\system32\licmgr10.dll</p><p>2014-03-06 20:01 . 2014-03-06 20:01 263376 ----a-w- c:\windows\system32\iedkcs32.dll</p><p>2014-03-06 20:01 . 2014-03-06 20:01 243200 ----a-w- c:\windows\system32\webcheck.dll</p><p>2014-03-06 20:01 . 2014-03-06 20:01 235520 ----a-w- c:\windows\system32\url.dll</p><p>2014-03-06 20:01 . 2014-03-06 20:01 167424 ----a-w- c:\windows\system32\iexpress.exe</p><p>2014-03-06 20:01 . 2014-03-06 20:01 147968 ----a-w- c:\windows\system32\occache.dll</p><p>2014-03-06 20:01 . 2014-03-06 20:01 143872 ----a-w- c:\windows\system32\wextract.exe</p><p>2014-03-06 20:01 . 2014-03-06 20:01 13824 ----a-w- c:\windows\system32\mshta.exe</p><p>2014-03-06 20:01 . 2014-03-06 20:01 135680 ----a-w- c:\windows\system32\iepeers.dll</p><p>2014-03-06 20:01 . 2014-03-06 20:01 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll</p><p>2014-03-06 20:01 . 2014-03-06 20:01 101376 ----a-w- c:\windows\system32\inseng.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 648192 ----a-w- c:\windows\system32\d3d10level9.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 363008 ----a-w- c:\windows\system32\dxgi.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 333312 ----a-w- c:\windows\system32\d3d10_1core.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 296960 ----a-w- c:\windows\system32\d3d10core.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 293376 ----a-w- c:\windows\SysWow64\dxgi.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 221184 ----a-w- c:\windows\system32\UIAnimation.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 194560 ----a-w- c:\windows\system32\d3d10_1.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 1682432 ----a-w- c:\windows\system32\XpsPrint.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 1643520 ----a-w- c:\windows\system32\DWrite.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 1238528 ----a-w- c:\windows\system32\d3d10.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 1175552 ----a-w- c:\windows\system32\FntCache.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll</p><p>2014-03-06 13:36 . 2014-03-06 13:36 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll</p><p>2014-03-06 11:08 . 2014-03-06 11:08 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll</p><p>2014-03-06 11:08 . 2014-03-06 11:08 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll</p><p>2014-03-04 14:35 . 2014-02-05 14:26 62408 ----a-w- c:\windows\system32\OpenCL.dll</p><p>2014-03-04 14:35 . 2014-02-05 14:26 54216 ----a-w- c:\windows\SysWow64\OpenCL.dll</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>*Note* empty entries & legit default entries are not shown </p><p>REGEDIT4</p><p>.</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]</p><p>"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2013-11-06 226592]</p><p>.</p><p>[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{858A5679-DEDC-97F1-7504-9897F99E8A08}]</p><p>c:\program files (x86)\YoutubeAdblocker\Tk.dll [BU]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]</p><p>2013-11-06 16:53 226592 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F6C07882-D703-4DD5-905A-2C4E815A5066}]</p><p>c:\users\user\AppData\Roaming\D394D188-BAC7-4e03-8FAF-389A4D7EC6F4\Shopping Suggestion.dll [BU]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]</p><p>"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2013-11-06 226592]</p><p>.</p><p>[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]</p><p>.</p><p>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"Akamai NetSession Interface"="c:\users\user\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]</p><p>"CGFLoader"="d:\calibrize\CalibrizeLoader.exe" [2007-11-26 1961984]</p><p>"CalibrizeResume"="d:\calibrize\CalibrizeResume.exe" [2007-11-26 413696]</p><p>"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]</p><p>"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]</p><p>"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2013-12-21 3478392]</p><p>"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2014-03-06 295512]</p><p>"VideoUsage"="c:\program files (x86)\DoubleOptMedia\VideoUsage.exe" [2014-02-26 1284736]</p><p>"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]</p><p>"ADSK DLMSession"="c:\program files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe" [2014-02-05 1627032]</p><p>"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]</p><p>.</p><p>c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\</p><p>SoftEther VPN Client Manager Startup.lnk - c:\program files\SoftEther VPN Client\vpncmgr_x64.exe /startup [2014-3-29 4489784]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</p><p>"ConsentPromptBehaviorAdmin"= 5 (0x5)</p><p>"ConsentPromptBehaviorUser"= 3 (0x3)</p><p>"EnableUIADesktopToggle"= 0 (0x0)</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]</p><p>"LoadAppInit_DLLs"=1 (0x1)</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]</p><p>@="Service"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\security center]</p><p>"AutoUpdateDisableNotify"=dword:00000001</p><p>.</p><p>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]</p><p>R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]</p><p>R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]</p><p>R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]</p><p>R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]</p><p>R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]</p><p>R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]</p><p>R3 PCFApiUtil;PCFApiUtil;c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys;c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [x]</p><p>R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]</p><p>R3 SEE;SoftEther Ethernet Layer Driver;c:\windows\system32\drivers\see.sys;c:\windows\SYSNATIVE\drivers\see.sys [x]</p><p>R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]</p><p>R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]</p><p>R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]</p><p>R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]</p><p>R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]</p><p>R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]</p><p>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]</p><p>S1 wStLib64;wStLib64;c:\windows\system32\drivers\wStLib64.sys;c:\windows\SYSNATIVE\drivers\wStLib64.sys [x]</p><p>S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [x]</p><p>S2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;c:\program files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe;c:\program files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [x]</p><p>S2 mi-raysat_3dsmax2014_64;mental ray Satellite for Autodesk 3ds Max 2014 64-bit;c:\program files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe;c:\program files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [x]</p><p>S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]</p><p>S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]</p><p>S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]</p><p>S2 SEVPNCLIENT;SoftEther VPN Client;c:\program files\SoftEther VPN Client\vpnclient_x64.exe;c:\program files\SoftEther VPN Client\vpnclient_x64.exe [x]</p><p>S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]</p><p>S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x]</p><p>S3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]</p><p>S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]</p><p>S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]</p><p>S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0009.sys;c:\windows\SYSNATIVE\DRIVERS\Neo_0009.sys [x]</p><p>S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]</p><p>S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]</p><p>S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]</p><p>S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]</p><p>.</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]</p><p>2014-04-10 12:27 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe</p><p>.</p><p>Contents of the 'Scheduled Tasks' folder</p><p>.</p><p>2014-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job</p><p>- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-23 02:07]</p><p>.</p><p>2014-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-06 11:06]</p><p>.</p><p>2014-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-06 11:06]</p><p>.</p><p>.</p><p>--------- X64 Entries -----------</p><p>.</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]</p><p>"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]</p><p>"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]</p><p>"SoftEther VPN Client UI Helper"="c:\program files\SoftEther VPN Client\vpnclient_x64.exe" [2014-03-29 4298808]</p><p>"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [BU]</p><p>"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-04-02 1225920]</p><p>"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-02 2201032]</p><p>.</p><p>------- Supplementary Scan -------</p><p>.</p><p>uLocal Page = c:\windows\system32\blank.htm</p><p>uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN10359633551056513&UM=1&ctid=CT2504091</p><p>mStart Page = hxxp://websearch.amaizingsearches.info/?pid=512&r=2014/04/10&hid=955109179370552787&lg=EN&cc=ID&unqvl=51</p><p>mLocal Page = c:\windows\SysWOW64\blank.htm</p><p>uInternet Settings,ProxyOverride = <local></p><p>IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html</p><p>IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html</p><p>IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html</p><p>IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html</p><p>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000</p><p>IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105</p><p>TCP: Interfaces\{778C38D1-4DB0-402E-B4E6-7CFF11A6BC98}: NameServer = 10.3.3.55,10.30.30.55</p><p>.</p><p>- - - - ORPHANS REMOVED - - - -</p><p>.</p><p>Wow6432Node-HKLM-Run-<NO NAME> - (no file)</p><p>WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)</p><p>AddRemove-04f4037c-6788-4042-857f-b8f41decfe2b - c:\progra~3\INSTAL~1\{2ED2A~1\Setup.exe</p><p>AddRemove-FilesFrog Update Checker - c:\users\user\AppData\Local\FilesFrog Update Checker\uninstall.exe</p><p>AddRemove-IECT2504091 - c:\programdata\Conduit\IE\CT2504091\UninstallerUI.exe</p><p>AddRemove-{4820778D-AB0D-6D18-C316-52A6A0E1D507} - c:\programdata\YoutubeAdblocker\n9w.exe</p><p>.</p><p>.</p><p>.</p><p>--------------------- LOCKED REGISTRY KEYS ---------------------</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="FlashBroker"</p><p>"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]</p><p>"Enabled"=dword:00000001</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]</p><p>@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="IFlashBroker5"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]</p><p>@="{00020424-0000-0000-C000-000000000046}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>"Version"="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="FlashBroker"</p><p>"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]</p><p>"Enabled"=dword:00000001</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="Shockwave Flash Object"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"</p><p>"ThreadingModel"="Apartment"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]</p><p>@="0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]</p><p>@="ShockwaveFlash.ShockwaveFlash.12"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]</p><p>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]</p><p>@="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</p><p>@="ShockwaveFlash.ShockwaveFlash"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="Macromedia Flash Factory Object"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"</p><p>"ThreadingModel"="Apartment"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]</p><p>@="FlashFactory.FlashFactory.1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]</p><p>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]</p><p>@="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</p><p>@="FlashFactory.FlashFactory"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="IFlashBroker5"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]</p><p>@="{00020424-0000-0000-C000-000000000046}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>"Version"="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]</p><p>"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,</p><p> 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\</p><p>.</p><p>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]</p><p>@Denied: (Full) (Everyone)</p><p>.</p><p>------------------------ Other Running Processes ------------------------</p><p>.</p><p>c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe</p><p>c:\program files\Tablet\Pen\WacomHost.exe</p><p>.</p><p>**************************************************************************</p><p>.</p><p>Completion time: 2014-04-15 22:32:54 - machine was rebooted</p><p>ComboFix-quarantined-files.txt 2014-04-15 15:32</p><p>ComboFix2.txt 2014-04-15 13:36</p><p>.</p><p>Pre-Run: 87,014,809,600 bytes free</p><p>Post-Run: 118,559,195,136 bytes free</p><p>.</p><p>- - End Of File - - B17B0A489811DA9BBA38AAC327268859</p><p>A36C5E4F47E84449FF07ED3517B43A31</p></blockquote><p></p>
[QUOTE="jikugawa, post: 184396, member: 21163"] ComboFix 14-04-12.01 - user 04/15/2014 22:19:49.2.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16324.770 [GMT 7:00] Running from: c:\users\user\Desktop\ComboFix.exe Command switches used :: c:\users\user\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Conduit c:\program files (x86)\Conduit\Community Alerts\Alert.dll c:\program files (x86)\SNT c:\program files (x86)\Webfuii c:\program files (x86)\Webfuii\7za.exe c:\program files (x86)\Webfuii\bin\7za.exe c:\program files (x86)\Webfuii\bin\BrowserAdapterS.7z c:\program files (x86)\Webfuii\bin\FilterApp_C64.exe c:\program files (x86)\Webfuii\bin\plugins\Webfuii.Bromon.dll c:\program files (x86)\Webfuii\bin\plugins\Webfuii.BrowserAdapterS.dll c:\program files (x86)\Webfuii\bin\plugins\Webfuii.CompatibilityChecker.dll c:\program files (x86)\Webfuii\bin\plugins\Webfuii.PurBrowse.dll c:\program files (x86)\Webfuii\bin\utilWebfuii.exe c:\program files (x86)\Webfuii\bin\utilWebfuii.InstallState c:\program files (x86)\Webfuii\bin\Webfuii.BrowserAdapter.exe c:\program files (x86)\Webfuii\bin\WebfuiiBA.dll c:\program files (x86)\Webfuii\bin\WebfuiiBAApp.dll c:\program files (x86)\Webfuii\updateWebfuii.exe c:\program files (x86)\Webfuii\updateWebfuii.InstallState c:\program files (x86)\Webfuii\Webfuii.ico c:\program files (x86)\Webfuii\WebfuiiUninstall.exe c:\programdata\Conduit c:\programdata\Conduit\IE\CT2504091\configutaion.json c:\programdata\Conduit\IE\CT2504091\SetupIcon.ico c:\programdata\Conduit\IE\CT2504091\UninstallerUI.exe c:\programdata\Conduit\Multi\CT2504091\configutaion.json c:\programdata\Conduit\Multi\CT2504091\SetupIcon.ico c:\programdata\Conduit\Multi\CT2504091\UninstallerUI.exe c:\programdata\e8bfc10261579107 c:\programdata\e8bfc10261579107\{4820778D-AB0D-6D18-C316-52A6A0E1D507} c:\programdata\e8bfc10261579107\{7DD5E91C-3864-77EC-7635-D14910C2A03E} c:\programdata\e8bfc10261579107\{7DD5E91C-3864-77EC-7635-D14910C2A03E}.old c:\programdata\e8bfc10261579107\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613} c:\programdata\e8bfc10261579107\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD} c:\programdata\e8bfc10261579107\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}.old c:\programdata\InstallMate c:\programdata\InstallMate\{2ED2A577-3552-413F-A3D4-7D70F5318781}\_Setup.dll c:\programdata\InstallMate\{2ED2A577-3552-413F-A3D4-7D70F5318781}\20140410200737.log c:\programdata\InstallMate\{2ED2A577-3552-413F-A3D4-7D70F5318781}\Custom.dll c:\programdata\InstallMate\{2ED2A577-3552-413F-A3D4-7D70F5318781}\Readme.txt c:\programdata\InstallMate\{2ED2A577-3552-413F-A3D4-7D70F5318781}\Setup.dat c:\programdata\InstallMate\{2ED2A577-3552-413F-A3D4-7D70F5318781}\Setup.exe c:\programdata\InstallMate\{2ED2A577-3552-413F-A3D4-7D70F5318781}\Setup.ico c:\programdata\InstallMate\{2ED2A577-3552-413F-A3D4-7D70F5318781}\TsuDll.dll c:\programdata\save Neti c:\programdata\SNT c:\programdata\SuperbApp c:\programdata\YoutubeAdblocker c:\programdata\YoutubeAdblocker\n9w.dat c:\programdata\YoutubeAdblocker\n9w.exe c:\users\user\AppData\Local\Conduit c:\users\user\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll c:\users\user\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll c:\users\user\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll c:\users\user\AppData\Local\Conduit\Chrome\CT2504091\CHUninstaller.exe c:\users\user\AppData\Local\Conduit\Chrome\CT2504091\configutaion.json c:\users\user\AppData\Local\Conduit\Chrome\CT2504091\Uninstaller.ico c:\users\user\AppData\Local\Conduit\Chrome\CT2504091\UninstallerUI.exe c:\users\user\AppData\Local\Conduit\CT2504091\Vuze_RemoteAutoUpdateHelper.exe c:\users\user\AppData\Local\FilesFrog Update Checker c:\users\user\AppData\Local\FilesFrog Update Checker\uninstall.exe c:\users\user\AppData\Local\FilesFrog Update Checker\update_checker.exe c:\users\user\AppData\Local\Torch c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem\2.1\background.html c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem\2.1\content.js c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem\2.1\KUr61eXXZ.js c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem\2.1\lsdb.js c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem\2.1\manifest.json c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\eljhbmiemkdiokbgabkhiakoekheehem\2.1\newtab.html c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\124\background.html c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\124\content.js c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\124\lsdb.js c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\124\manifest.json c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\124\UJ1VktsAa.js c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd\5.14\background.html c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd\5.14\content.js c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd\5.14\lsdb.js c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd\5.14\manifest.json c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ieegjnlhonmhfbebgclonkadpgeljapd\5.14\RDJ.js c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic\1.0\background.html c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic\1.0\content.js c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic\1.0\csle.js c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic\1.0\lsdb.js c:\users\user\AppData\Local\Torch\User Data\Default\Extensions\ljgenmdicddcogimgmcoeohpfagjicic\1.0\manifest.json . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_BPROTECTEX -------\Service_BprotectEx -------\Service_Update Webfuii -------\Service_Util Webfuii . . ((((((((((((((((((((((((( Files Created from 2014-03-15 to 2014-04-15 ))))))))))))))))))))))))))))))) . . 2014-04-15 15:27 . 2014-04-15 15:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-04-15 14:11 . 2014-04-15 14:15 -------- d-----w- C:\FRST 2014-04-15 14:01 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5B374E8A-15F5-4218-BF8C-2769E0C970B7}\mpengine.dll 2014-04-15 08:47 . 2014-04-15 08:47 -------- d-sh--w- c:\users\user\AppData\Local\EmieUserList 2014-04-15 08:47 . 2014-04-15 08:47 -------- d-sh--w- c:\users\user\AppData\Local\EmieSiteList 2014-04-15 08:47 . 2014-04-15 08:47 -------- d-----w- c:\program files\Recuva 2014-04-15 08:14 . 2014-04-15 08:14 -------- d-----w- c:\program files (x86)\iCare Data Recovery Standard 2014-04-15 07:56 . 2014-04-15 07:56 -------- d-----w- c:\program files (x86)\4Card Recovery 2014-04-14 22:29 . 2010-11-21 03:23 38912 ----a-w- c:\windows\system32\drivers\CompositeBus.sys 2014-04-14 21:53 . 2014-04-14 21:53 -------- d-----w- c:\users\user\AppData\Local\ElevatedDiagnostics 2014-04-14 04:19 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-04-12 18:59 . 2014-04-12 18:59 -------- d-----w- c:\program files (x86)\AGEIA Technologies 2014-04-12 18:59 . 2014-03-04 11:32 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2014-04-12 17:10 . 2014-03-21 19:43 40392 ----a-w- c:\windows\system32\drivers\nvvad64v.sys 2014-04-12 17:10 . 2014-03-21 19:43 33568 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll 2014-04-10 13:10 . 2014-04-10 13:36 -------- d-----w- c:\program files (x86)\save Neti 2014-04-10 13:10 . 2014-04-10 13:10 -------- d-----w- c:\users\user\AppData\Local\Packages 2014-04-10 13:09 . 2014-04-10 13:09 -------- d-----w- c:\users\user\AppData\Local\Comodo 2014-04-10 13:09 . 2014-04-10 13:09 -------- d-----w- c:\users\HomeGroupUser$ 2014-04-10 13:09 . 2014-04-10 13:09 -------- d-----w- c:\users\Guest 2014-04-10 13:09 . 2014-04-10 13:09 -------- d-----w- c:\users\Administrator 2014-04-09 07:21 . 2014-01-24 02:37 1684928 ----a-w- c:\windows\system32\drivers\ntfs.sys 2014-04-09 06:59 . 2014-02-04 02:35 190912 ----a-w- c:\windows\system32\drivers\storport.sys 2014-04-09 06:59 . 2014-02-04 02:35 274880 ----a-w- c:\windows\system32\drivers\msiscsi.sys 2014-04-09 06:59 . 2014-02-04 02:35 27584 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2014-04-09 06:59 . 2014-02-04 02:28 2048 ----a-w- c:\windows\system32\iologmsg.dll 2014-04-09 06:59 . 2014-02-04 02:00 2048 ----a-w- c:\windows\SysWow64\iologmsg.dll 2014-04-09 06:58 . 2014-03-04 09:44 362496 ----a-w- c:\windows\system32\wow64win.dll 2014-04-09 06:58 . 2014-03-04 09:44 243712 ----a-w- c:\windows\system32\wow64.dll 2014-04-09 06:58 . 2014-03-04 09:44 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2014-04-09 06:58 . 2014-03-04 09:44 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2014-04-09 06:58 . 2014-03-04 09:44 1163264 ----a-w- c:\windows\system32\kernel32.dll 2014-04-09 06:58 . 2014-03-04 09:17 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2014-04-09 06:58 . 2014-03-04 09:16 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2014-04-09 06:58 . 2014-03-04 09:16 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2014-04-09 06:58 . 2014-03-04 08:09 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2014-04-09 06:58 . 2014-03-04 08:09 2048 ----a-w- c:\windows\SysWow64\user.exe 2014-04-05 18:06 . 2014-04-12 17:11 -------- d-----w- c:\users\user\AppData\Local\NVIDIA Corporation 2014-04-05 18:05 . 2014-04-05 18:08 -------- d-----w- c:\users\user\AppData\Local\NVIDIA 2014-04-05 13:44 . 2014-04-02 13:27 1081112 ----a-w- c:\windows\SysWow64\nvspcap.dll 2014-04-05 13:44 . 2014-04-02 13:27 1225920 ----a-w- c:\windows\system32\nvspcap64.dll 2014-04-05 13:42 . 2014-03-21 19:43 37320 ----a-w- c:\windows\system32\nvaudcap64v.dll 2014-04-05 13:42 . 2013-01-29 08:35 1510176 ----a-w- c:\windows\system32\nvhdagenco64.dll 2014-04-05 13:42 . 2013-10-23 10:30 1884448 ----a-w- c:\windows\system32\nvdispco6433165.dll 2014-04-05 13:42 . 2013-10-23 10:30 1511712 ----a-w- c:\windows\system32\nvdispgenco6433165.dll 2014-04-04 12:35 . 2014-04-05 18:10 -------- d-----w- c:\program files (x86)\Common Files\Steam 2014-04-04 03:17 . 2014-02-05 14:47 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F96F5EE-6689-46FD-B462-752295B59C48}\gapaengine.dll 2014-03-29 13:36 . 2014-04-14 18:46 -------- d-----w- c:\users\user\AppData\Roaming\vlc 2014-03-29 02:37 . 2014-04-10 13:37 -------- d-----w- c:\programdata\Log 2014-03-26 09:43 . 2014-03-26 09:43 -------- d-----w- C:\found.000 2014-03-24 22:26 . 2014-03-24 22:26 -------- d-----w- c:\windows\id 2014-03-24 22:26 . 2014-03-24 22:26 -------- d-----w- c:\windows\en 2014-03-24 22:26 . 2014-03-24 22:26 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition 2014-03-24 22:25 . 2014-03-24 22:26 -------- d-----w- c:\program files (x86)\Windows Live 2014-03-24 22:24 . 2014-03-24 22:32 -------- d-----w- c:\users\user\AppData\Local\Windows Live 2014-03-24 22:23 . 2014-03-24 22:23 -------- d-----w- c:\program files (x86)\Common Files\Windows Live 2014-03-24 22:22 . 2014-03-24 22:22 -------- d-----w- c:\program files\Microsoft Silverlight 2014-03-24 22:22 . 2014-03-24 22:22 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2014-03-23 10:44 . 2014-03-23 10:44 -------- d-----w- c:\program files (x86)\Vuze 2014-03-23 10:36 . 2014-03-27 01:26 -------- d-----w- c:\users\user\AppData\Roaming\.minecraft 2014-03-23 08:32 . 2014-03-23 08:32 -------- d-----w- c:\users\user\AppData\Roaming\Oracle 2014-03-23 08:31 . 2014-03-23 08:31 -------- d-----w- c:\programdata\Oracle 2014-03-23 08:31 . 2014-03-23 08:31 -------- d-----w- c:\program files (x86)\Common Files\Java 2014-03-23 08:31 . 2014-03-23 08:31 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-03-23 08:31 . 2014-03-23 08:31 -------- d-----w- c:\program files (x86)\Java 2014-03-23 05:08 . 2014-03-23 05:08 -------- d-----w- c:\program files (x86)\Autodesk 2014-03-23 05:08 . 2014-03-23 05:08 -------- d-----w- c:\users\user\AppData\Local\backburner 2014-03-23 02:19 . 2014-04-15 11:09 -------- d-----w- c:\users\user\AppData\Local\Akamai 2014-03-23 02:19 . 2014-03-23 02:19 -------- d-----w- c:\programdata\Applications 2014-03-23 02:07 . 2014-03-23 02:07 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-03-23 02:07 . 2014-03-23 02:07 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-03-23 02:07 . 2014-03-23 02:07 -------- d-----w- c:\windows\SysWow64\Macromed 2014-03-23 02:07 . 2014-03-23 02:07 -------- d-----w- c:\windows\system32\Macromed 2014-03-22 17:07 . 2014-03-23 05:24 -------- d-----w- c:\programdata\FLEXnet 2014-03-22 17:07 . 2014-03-23 02:20 -------- d-----w- c:\users\user\AppData\Local\Autodesk 2014-03-22 16:52 . 2014-03-22 16:52 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2014-03-22 16:51 . 2014-03-23 05:08 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2014-03-22 16:51 . 2014-03-23 05:07 -------- d-----w- c:\program files\Autodesk 2014-03-22 16:49 . 2008-07-10 04:00 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll 2014-03-22 16:44 . 2014-03-22 16:44 -------- d-----w- C:\Autodesk 2014-03-22 16:41 . 2014-04-05 18:05 -------- d-----w- c:\program files\CCleaner 2014-03-22 04:39 . 2014-03-22 04:39 61112 ----a-w- c:\windows\system32\drivers\wStLib64.sys 2014-03-21 15:40 . 2014-03-21 15:40 172032 ----a-w- c:\windows\SysWow64\AniGIF.ocx 2014-03-21 14:18 . 2014-03-21 15:43 -------- d-----w- c:\users\user\AppData\Local\Installer 2014-03-21 14:06 . 2014-03-21 14:06 -------- d-----w- c:\users\user\AppData\Local\CrashRpt 2014-03-21 14:01 . 2010-05-26 04:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll 2014-03-21 14:01 . 2010-05-26 04:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll 2014-03-21 14:01 . 2010-05-26 04:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll 2014-03-21 14:01 . 2010-05-26 04:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll 2014-03-21 14:01 . 2010-05-26 04:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll 2014-03-21 14:01 . 2010-05-26 04:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll 2014-03-21 14:01 . 2010-05-26 04:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll 2014-03-21 14:01 . 2010-05-26 04:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll 2014-03-21 14:01 . 2006-03-31 05:41 3927248 ----a-w- c:\windows\system32\d3dx9_30.dll 2014-03-21 13:59 . 2014-03-23 05:09 -------- d-----w- c:\programdata\Autodesk 2014-03-21 13:59 . 2014-03-22 17:16 -------- d-----w- c:\users\user\AppData\Roaming\Autodesk 2014-03-21 13:52 . 2014-03-21 13:52 -------- d-----w- c:\program files (x86)\Common Files\EZB Systems 2014-03-21 13:52 . 2014-03-21 13:52 -------- d-----w- c:\program files (x86)\UltraISO 2014-03-20 02:51 . 2014-04-04 12:04 -------- d-----w- c:\users\user\AppData\Roaming\Baidu Security 2014-03-20 02:48 . 2014-04-04 12:04 -------- d-----w- c:\program files (x86)\Baidu Security 2014-03-20 02:48 . 2014-04-03 02:46 -------- d-----w- c:\programdata\Baidu Security . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-04-09 05:35 . 2014-03-11 12:35 90655440 ----a-w- c:\windows\system32\MRT.exe 2014-03-24 22:25 . 2012-07-17 07:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2014-03-14 16:43 . 2014-03-14 15:58 135736 ----a-w- c:\windows\system32\vpncmd.exe 2014-03-14 16:05 . 2014-03-14 16:05 28768 ----a-w- c:\windows\system32\drivers\Neo_0009.sys 2014-03-14 16:04 . 2014-03-14 16:04 38240 ----a-w- c:\windows\system32\drivers\see.sys 2014-03-11 02:52 . 2013-09-27 02:53 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2014-03-06 20:01 . 2014-03-06 20:01 194048 ----a-w- c:\windows\SysWow64\elshyph.dll 2014-03-06 20:01 . 2014-03-06 20:01 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll 2014-03-06 20:01 . 2014-03-06 20:01 235008 ----a-w- c:\windows\system32\elshyph.dll 2014-03-06 20:01 . 2014-03-06 20:01 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2014-03-06 20:01 . 2014-03-06 20:01 942592 ----a-w- c:\windows\system32\jsIntl.dll 2014-03-06 20:01 . 2014-03-06 20:01 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2014-03-06 20:01 . 2014-03-06 20:01 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll 2014-03-06 20:01 . 2014-03-06 20:01 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2014-03-06 20:01 . 2014-03-06 20:01 81408 ----a-w- c:\windows\system32\icardie.dll 2014-03-06 20:01 . 2014-03-06 20:01 77312 ----a-w- c:\windows\system32\tdc.ocx 2014-03-06 20:01 . 2014-03-06 20:01 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2014-03-06 20:01 . 2014-03-06 20:01 62464 ----a-w- c:\windows\SysWow64\tdc.ocx 2014-03-06 20:01 . 2014-03-06 20:01 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll 2014-03-06 20:01 . 2014-03-06 20:01 616104 ----a-w- c:\windows\system32\ieapfltr.dat 2014-03-06 20:01 . 2014-03-06 20:01 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2014-03-06 20:01 . 2014-03-06 20:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2014-03-06 20:01 . 2014-03-06 20:01 48640 ----a-w- c:\windows\system32\mshtmler.dll 2014-03-06 20:01 . 2014-03-06 20:01 413696 ----a-w- c:\windows\system32\html.iec 2014-03-06 20:01 . 2014-03-06 20:01 36352 ----a-w- c:\windows\SysWow64\imgutil.dll 2014-03-06 20:01 . 2014-03-06 20:01 337408 ----a-w- c:\windows\SysWow64\html.iec 2014-03-06 20:01 . 2014-03-06 20:01 247808 ----a-w- c:\windows\system32\msls31.dll 2014-03-06 20:01 . 2014-03-06 20:01 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll 2014-03-06 20:01 . 2014-03-06 20:01 182272 ----a-w- c:\windows\SysWow64\msls31.dll 2014-03-06 20:01 . 2014-03-06 20:01 151552 ----a-w- c:\windows\SysWow64\iexpress.exe 2014-03-06 20:01 . 2014-03-06 20:01 139264 ----a-w- c:\windows\SysWow64\wextract.exe 2014-03-06 20:01 . 2014-03-06 20:01 13312 ----a-w- c:\windows\SysWow64\mshta.exe 2014-03-06 20:01 . 2014-03-06 20:01 13312 ----a-w- c:\windows\system32\msfeedssync.exe 2014-03-06 20:01 . 2014-03-06 20:01 131072 ----a-w- c:\windows\system32\IEAdvpack.dll 2014-03-06 20:01 . 2014-03-06 20:01 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2014-03-06 20:01 . 2014-03-06 20:01 105984 ----a-w- c:\windows\system32\iesysprep.dll 2014-03-06 20:01 . 2014-03-06 20:01 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2014-03-06 20:01 . 2014-03-06 20:01 84992 ----a-w- c:\windows\system32\mshtmled.dll 2014-03-06 20:01 . 2014-03-06 20:01 83968 ----a-w- c:\windows\system32\MshtmlDac.dll 2014-03-06 20:01 . 2014-03-06 20:01 774144 ----a-w- c:\windows\system32\jscript.dll 2014-03-06 20:01 . 2014-03-06 20:01 62464 ----a-w- c:\windows\system32\pngfilt.dll 2014-03-06 20:01 . 2014-03-06 20:01 48128 ----a-w- c:\windows\system32\imgutil.dll 2014-03-06 20:01 . 2014-03-06 20:01 30208 ----a-w- c:\windows\system32\licmgr10.dll 2014-03-06 20:01 . 2014-03-06 20:01 263376 ----a-w- c:\windows\system32\iedkcs32.dll 2014-03-06 20:01 . 2014-03-06 20:01 243200 ----a-w- c:\windows\system32\webcheck.dll 2014-03-06 20:01 . 2014-03-06 20:01 235520 ----a-w- c:\windows\system32\url.dll 2014-03-06 20:01 . 2014-03-06 20:01 167424 ----a-w- c:\windows\system32\iexpress.exe 2014-03-06 20:01 . 2014-03-06 20:01 147968 ----a-w- c:\windows\system32\occache.dll 2014-03-06 20:01 . 2014-03-06 20:01 143872 ----a-w- c:\windows\system32\wextract.exe 2014-03-06 20:01 . 2014-03-06 20:01 13824 ----a-w- c:\windows\system32\mshta.exe 2014-03-06 20:01 . 2014-03-06 20:01 135680 ----a-w- c:\windows\system32\iepeers.dll 2014-03-06 20:01 . 2014-03-06 20:01 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll 2014-03-06 20:01 . 2014-03-06 20:01 101376 ----a-w- c:\windows\system32\inseng.dll 2014-03-06 13:36 . 2014-03-06 13:36 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2014-03-06 13:36 . 2014-03-06 13:36 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2014-03-06 13:36 . 2014-03-06 13:36 648192 ----a-w- c:\windows\system32\d3d10level9.dll 2014-03-06 13:36 . 2014-03-06 13:36 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2014-03-06 13:36 . 2014-03-06 13:36 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2014-03-06 13:36 . 2014-03-06 13:36 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2014-03-06 13:36 . 2014-03-06 13:36 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2014-03-06 13:36 . 2014-03-06 13:36 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2014-03-06 13:36 . 2014-03-06 13:36 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2014-03-06 13:36 . 2014-03-06 13:36 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2014-03-06 13:36 . 2014-03-06 13:36 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2014-03-06 13:36 . 2014-03-06 13:36 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2014-03-06 13:36 . 2014-03-06 13:36 363008 ----a-w- c:\windows\system32\dxgi.dll 2014-03-06 13:36 . 2014-03-06 13:36 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2014-03-06 13:36 . 2014-03-06 13:36 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2014-03-06 13:36 . 2014-03-06 13:36 333312 ----a-w- c:\windows\system32\d3d10_1core.dll 2014-03-06 13:36 . 2014-03-06 13:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2014-03-06 13:36 . 2014-03-06 13:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2014-03-06 13:36 . 2014-03-06 13:36 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2014-03-06 13:36 . 2014-03-06 13:36 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2014-03-06 13:36 . 2014-03-06 13:36 296960 ----a-w- c:\windows\system32\d3d10core.dll 2014-03-06 13:36 . 2014-03-06 13:36 293376 ----a-w- c:\windows\SysWow64\dxgi.dll 2014-03-06 13:36 . 2014-03-06 13:36 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2014-03-06 13:36 . 2014-03-06 13:36 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2014-03-06 13:36 . 2014-03-06 13:36 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2014-03-06 13:36 . 2014-03-06 13:36 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2014-03-06 13:36 . 2014-03-06 13:36 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2014-03-06 13:36 . 2014-03-06 13:36 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll 2014-03-06 13:36 . 2014-03-06 13:36 221184 ----a-w- c:\windows\system32\UIAnimation.dll 2014-03-06 13:36 . 2014-03-06 13:36 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll 2014-03-06 13:36 . 2014-03-06 13:36 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll 2014-03-06 13:36 . 2014-03-06 13:36 194560 ----a-w- c:\windows\system32\d3d10_1.dll 2014-03-06 13:36 . 2014-03-06 13:36 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll 2014-03-06 13:36 . 2014-03-06 13:36 1682432 ----a-w- c:\windows\system32\XpsPrint.dll 2014-03-06 13:36 . 2014-03-06 13:36 1643520 ----a-w- c:\windows\system32\DWrite.dll 2014-03-06 13:36 . 2014-03-06 13:36 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2014-03-06 13:36 . 2014-03-06 13:36 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll 2014-03-06 13:36 . 2014-03-06 13:36 1238528 ----a-w- c:\windows\system32\d3d10.dll 2014-03-06 13:36 . 2014-03-06 13:36 1175552 ----a-w- c:\windows\system32\FntCache.dll 2014-03-06 13:36 . 2014-03-06 13:36 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2014-03-06 13:36 . 2014-03-06 13:36 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll 2014-03-06 13:36 . 2014-03-06 13:36 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2014-03-06 13:36 . 2014-03-06 13:36 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2014-03-06 11:08 . 2014-03-06 11:08 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2014-03-06 11:08 . 2014-03-06 11:08 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2014-03-04 14:35 . 2014-02-05 14:26 62408 ----a-w- c:\windows\system32\OpenCL.dll 2014-03-04 14:35 . 2014-02-05 14:26 54216 ----a-w- c:\windows\SysWow64\OpenCL.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2013-11-06 226592] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{858A5679-DEDC-97F1-7504-9897F99E8A08}] c:\program files (x86)\YoutubeAdblocker\Tk.dll [BU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}] 2013-11-06 16:53 226592 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F6C07882-D703-4DD5-905A-2C4E815A5066}] c:\users\user\AppData\Roaming\D394D188-BAC7-4e03-8FAF-389A4D7EC6F4\Shopping Suggestion.dll [BU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2013-11-06 226592] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\users\user\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472] "CGFLoader"="d:\calibrize\CalibrizeLoader.exe" [2007-11-26 1961984] "CalibrizeResume"="d:\calibrize\CalibrizeResume.exe" [2007-11-26 413696] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2013-12-21 3478392] "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2014-03-06 295512] "VideoUsage"="c:\program files (x86)\DoubleOptMedia\VideoUsage.exe" [2014-02-26 1284736] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312] "ADSK DLMSession"="c:\program files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe" [2014-02-05 1627032] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ SoftEther VPN Client Manager Startup.lnk - c:\program files\SoftEther VPN Client\vpncmgr_x64.exe /startup [2014-3-29 4489784] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AutoUpdateDisableNotify"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 PCFApiUtil;PCFApiUtil;c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys;c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 SEE;SoftEther Ethernet Layer Driver;c:\windows\system32\drivers\see.sys;c:\windows\SYSNATIVE\drivers\see.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S1 wStLib64;wStLib64;c:\windows\system32\drivers\wStLib64.sys;c:\windows\SYSNATIVE\drivers\wStLib64.sys [x] S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [x] S2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;c:\program files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe;c:\program files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [x] S2 mi-raysat_3dsmax2014_64;mental ray Satellite for Autodesk 3ds Max 2014 64-bit;c:\program files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe;c:\program files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [x] S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x] S2 SEVPNCLIENT;SoftEther VPN Client;c:\program files\SoftEther VPN Client\vpnclient_x64.exe;c:\program files\SoftEther VPN Client\vpnclient_x64.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x] S3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x] S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0009.sys;c:\windows\SYSNATIVE\DRIVERS\Neo_0009.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x] S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-04-10 12:27 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-23 02:07] . 2014-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-06 11:06] . 2014-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-06 11:06] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904] "SoftEther VPN Client UI Helper"="c:\program files\SoftEther VPN Client\vpnclient_x64.exe" [2014-03-29 4298808] "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [BU] "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-04-02 1225920] "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-02 2201032] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN10359633551056513&UM=1&ctid=CT2504091 mStart Page = hxxp://websearch.amaizingsearches.info/?pid=512&r=2014/04/10&hid=955109179370552787&lg=EN&cc=ID&unqvl=51 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 TCP: Interfaces\{778C38D1-4DB0-402E-B4E6-7CFF11A6BC98}: NameServer = 10.3.3.55,10.30.30.55 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) AddRemove-04f4037c-6788-4042-857f-b8f41decfe2b - c:\progra~3\INSTAL~1\{2ED2A~1\Setup.exe AddRemove-FilesFrog Update Checker - c:\users\user\AppData\Local\FilesFrog Update Checker\uninstall.exe AddRemove-IECT2504091 - c:\programdata\Conduit\IE\CT2504091\UninstallerUI.exe AddRemove-{4820778D-AB0D-6D18-C316-52A6A0E1D507} - c:\programdata\YoutubeAdblocker\n9w.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.12" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Tablet\Pen\WacomHost.exe . ************************************************************************** . Completion time: 2014-04-15 22:32:54 - machine was rebooted ComboFix-quarantined-files.txt 2014-04-15 15:32 ComboFix2.txt 2014-04-15 13:36 . Pre-Run: 87,014,809,600 bytes free Post-Run: 118,559,195,136 bytes free . - - End Of File - - B17B0A489811DA9BBA38AAC327268859 A36C5E4F47E84449FF07ED3517B43A31 [/QUOTE]
Insert quotes…
Verification
Post reply
Top