Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Multiple dllhost.exe
Message
<blockquote data-quote="GingerBreadMan" data-source="post: 280806" data-attributes="member: 29281"><p>thanks very much for the help, heres the log as requested, is there anything else?</p><p></p><p></p><p>idk why but when i try to attach the log file it says the file is empty and idk how to fix that so im going to just copy and paste in this reply if thats fine.</p><p></p><p></p><p></p><p>ComboFix 14-10-20.01 - Dan 10/20/2014 14:00:17.1.2 - x64</p><p>Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3033.1346 [GMT -4:00]</p><p>Running from: c:\users\Dan\Downloads\ComboFix.exe</p><p>AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}</p><p>SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}</p><p>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p> * Created a new restore point</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>c:\programdata\Microsoft\Crypto\RSA64\rsa64.dll</p><p>c:\programdata\Microsoft\Crypto\RSA64\temp\tmp249E.exe</p><p>c:\users\Dan\AppData\Roaming\5400E037.reg</p><p>c:\windows\apppatch\AppLoc.exe</p><p>c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb</p><p>.</p><p>.</p><p>CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.</p><p>You should verify if current CLSID data is correct: </p><p>.</p><p>HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}</p><p> (Default) REG_SZ Thumbnail Cache Class Factory for Out of Proc Server</p><p> AppID REG_SZ {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}</p><p>.</p><p>HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32</p><p> (Default) REG_EXPAND_SZ %SYSTEMROOT%\system32\thumbcache.dll</p><p> ThreadingModel REG_SZ Apartment</p><p>.</p><p>.</p><p>((((((((((((((((((((((((( Files Created from 2014-09-20 to 2014-10-20 )))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>2014-10-20 18:21 . 2014-10-20 18:21 -------- d-----w- c:\users\Default\AppData\Local\temp</p><p>2014-10-20 16:48 . 2014-10-20 17:05 -------- d-----w- C:\FRST</p><p>2014-10-19 19:56 . 2014-10-20 17:48 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys</p><p>2014-10-19 19:56 . 2014-10-19 19:56 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware</p><p>2014-10-19 19:56 . 2014-10-19 19:56 -------- d-----w- c:\programdata\Malwarebytes</p><p>2014-10-19 19:56 . 2014-10-01 15:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys</p><p>2014-10-19 19:56 . 2014-10-01 15:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys</p><p>2014-10-19 19:56 . 2014-10-01 15:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys</p><p>2014-10-19 19:55 . 2014-10-19 19:55 -------- d-----w- c:\users\Dan\AppData\Local\Programs</p><p>2014-10-17 16:02 . 2014-10-10 02:05 276480 ----a-w- c:\windows\system32\generaltel.dll</p><p>2014-10-17 16:02 . 2014-10-10 02:05 507392 ----a-w- c:\windows\system32\aepdu.dll</p><p>2014-10-17 16:02 . 2014-10-10 02:00 424448 ----a-w- c:\windows\system32\aeinv.dll</p><p>2014-10-17 16:02 . 2014-09-29 00:58 3198976 ----a-w- c:\windows\system32\win32k.sys</p><p>2014-10-17 16:02 . 2014-06-18 22:23 1943696 ----a-w- c:\windows\system32\dfshim.dll</p><p>2014-10-17 16:02 . 2014-06-18 22:23 156312 ----a-w- c:\windows\system32\mscorier.dll</p><p>2014-10-17 16:02 . 2014-06-18 22:23 156824 ----a-w- c:\windows\SysWow64\mscorier.dll</p><p>2014-10-17 16:02 . 2014-06-18 22:23 1131664 ----a-w- c:\windows\SysWow64\dfshim.dll</p><p>2014-10-17 16:02 . 2014-06-18 22:23 73880 ----a-w- c:\windows\system32\mscories.dll</p><p>2014-10-17 16:02 . 2014-06-18 22:23 81560 ----a-w- c:\windows\SysWow64\mscories.dll</p><p>2014-10-17 16:00 . 2014-09-18 02:00 3241472 ----a-w- c:\windows\system32\msi.dll</p><p>2014-10-17 16:00 . 2014-09-18 01:32 2363904 ----a-w- c:\windows\SysWow64\msi.dll</p><p>2014-10-17 16:00 . 2014-09-04 05:23 424448 ----a-w- c:\windows\system32\rastls.dll</p><p>2014-10-17 16:00 . 2014-09-04 05:04 372736 ----a-w- c:\windows\SysWow64\rastls.dll</p><p>2014-10-17 15:56 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll</p><p>2014-10-17 15:56 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll</p><p>2014-10-11 04:16 . 2014-10-11 04:16 -------- d-----w- c:\users\Dan\jagexcache2</p><p>2014-10-03 17:59 . 2014-10-03 17:59 -------- d-----w- c:\users\Dan\AppData\Local\Crisis_Point_Extinction</p><p>2014-10-01 16:03 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll</p><p>2014-10-01 16:03 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll</p><p>2014-09-27 22:58 . 2014-09-27 22:58 -------- d-----w- c:\users\Dan\AppData\Local\calibre-cache</p><p>2014-09-27 22:58 . 2014-09-27 23:00 -------- d-----w- c:\users\Dan\AppData\Roaming\calibre</p><p>2014-09-27 22:57 . 2014-09-27 22:57 -------- d-----w- c:\program files (x86)\Calibre2</p><p>2014-09-25 05:19 . 2014-10-19 01:54 -------- d-----w- c:\program files (x86)\Youtube Movie Maker</p><p>2014-09-25 05:18 . 2014-09-25 05:18 -------- d-----w- c:\users\Dan\AppData\Local\Downloaded Installations</p><p>2014-09-24 19:04 . 2014-10-14 14:58 43064 ----a-w- c:\windows\system32\drivers\avnetflt.sys</p><p>2014-09-24 16:59 . 2014-09-24 16:59 -------- d-----w- c:\users\Dan\AppData\Roaming\Avira</p><p>2014-09-24 16:57 . 2014-10-14 14:58 131608 ----a-w- c:\windows\system32\drivers\avipbb.sys</p><p>2014-09-24 16:57 . 2014-10-14 14:58 119272 ----a-w- c:\windows\system32\drivers\avgntflt.sys</p><p>2014-09-24 16:57 . 2014-07-23 17:29 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys</p><p>2014-09-24 16:57 . 2014-09-24 16:57 -------- d-----w- c:\programdata\Avira</p><p>2014-09-24 16:57 . 2014-09-24 16:57 -------- d-----w- c:\program files (x86)\Avira</p><p>2014-09-23 21:14 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{17B8E69C-E120-4451-A26F-414B3A6512B7}\mpengine.dll</p><p>2014-09-23 21:13 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll</p><p>2014-09-23 21:13 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll</p><p>.</p><p>.</p><p>.</p><p>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>2014-09-24 16:20 . 2013-06-05 15:31 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl</p><p>2014-09-24 16:20 . 2013-06-05 15:31 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe</p><p>2014-09-15 13:06 . 2013-06-05 04:53 278152 ------w- c:\windows\system32\MpSigStub.exe</p><p>2014-08-23 02:07 . 2014-08-27 17:59 404480 ----a-w- c:\windows\system32\gdi32.dll</p><p>2014-08-23 01:45 . 2014-08-27 17:59 311808 ----a-w- c:\windows\SysWow64\gdi32.dll</p><p>2014-08-01 11:53 . 2014-09-09 23:14 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll</p><p>2014-08-01 11:35 . 2014-09-09 23:14 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll</p><p>2014-07-25 16:55 . 2014-08-23 05:22 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll</p><p>2014-07-25 06:35 . 2014-07-25 06:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll</p><p>2014-07-25 03:47 . 2014-07-25 03:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>*Note* empty entries & legit default entries are not shown </p><p>REGEDIT4</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]</p><p>"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]</p><p>"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]</p><p>"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-10-14 703736]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</p><p>"ConsentPromptBehaviorAdmin"= 5 (0x5)</p><p>"ConsentPromptBehaviorUser"= 3 (0x3)</p><p>"EnableUIADesktopToggle"= 0 (0x0)</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]</p><p>"Userinit"="userinit.exe"</p><p>.</p><p>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]</p><p>R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]</p><p>R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]</p><p>R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]</p><p>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]</p><p>R4 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]</p><p>R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]</p><p>S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]</p><p>S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]</p><p>S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]</p><p>S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]</p><p>S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]</p><p>S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]</p><p>.</p><p>.</p><p>--- Other Services/Drivers In Memory ---</p><p>.</p><p>*NewlyCreated* - MBAMSWISSARMY</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]</p><p>2014-10-20 11:12 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe</p><p>.</p><p>Contents of the 'Scheduled Tasks' folder</p><p>.</p><p>2014-10-20 c:\windows\Tasks\Adobe Flash Player Updater.job</p><p>- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-05 16:20]</p><p>.</p><p>2014-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-06 08:09]</p><p>.</p><p>2014-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-06 08:09]</p><p>.</p><p>.</p><p>--------- X64 Entries -----------</p><p>.</p><p>.</p><p>------- Supplementary Scan -------</p><p>.</p><p>uLocal Page = c:\windows\system32\blank.htm</p><p>uStart Page = hxxp://<a href="http://www.google.com/" target="_blank">www.google.com/</a></p><p>mDefault_Search_URL = about:blank</p><p>mDefault_Page_URL = about:blank</p><p>mStart Page = about:blank</p><p>mLocal Page = c:\windows\SysWOW64\blank.htm</p><p>mSearch Page = about:blank</p><p>TCP: DhcpNameServer = 192.168.5.1</p><p>TCP: Interfaces\{2A740D97-842B-4AB4-B437-6248D5B98DFA}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8</p><p>TCP: Interfaces\{9CCC839A-CDC6-48E4-B98C-9A18C85B7D9D}: NameServer = 8.8.8.8,8.8.8.8</p><p>.</p><p>- - - - ORPHANS REMOVED - - - -</p><p>.</p><p>Wow6432Node-HKCU-Run-ktbsbmsjoqap - (no file)</p><p>Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe</p><p>c:\users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dcomcnfg.lnk - c:\users\Dan\AppData\Roaming\Microsoft\Windows\IEUpdate\dcomcnfg.exe</p><p>c:\users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mcbuilder.lnk - c:\users\Dan\AppData\Roaming\Microsoft\Windows\IEUpdate\mcbuilder.exe</p><p>c:\users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vssadmin.lnk - c:\users\Dan\AppData\Roaming\Microsoft\Windows\IEUpdate\vssadmin.exe</p><p>HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start</p><p>.</p><p>.</p><p>.</p><p>--------------------- LOCKED REGISTRY KEYS ---------------------</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="FlashBroker"</p><p>"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]</p><p>"Enabled"=dword:00000001</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]</p><p>@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="IFlashBroker6"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]</p><p>@="{00020424-0000-0000-C000-000000000046}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>"Version"="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="FlashBroker"</p><p>"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]</p><p>"Enabled"=dword:00000001</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="Shockwave Flash Object"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"</p><p>"ThreadingModel"="Apartment"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]</p><p>@="0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]</p><p>@="ShockwaveFlash.ShockwaveFlash.15"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]</p><p>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]</p><p>@="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</p><p>@="ShockwaveFlash.ShockwaveFlash"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="Macromedia Flash Factory Object"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"</p><p>"ThreadingModel"="Apartment"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]</p><p>@="FlashFactory.FlashFactory.1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]</p><p>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]</p><p>@="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</p><p>@="FlashFactory.FlashFactory"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="IFlashBroker6"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]</p><p>@="{00020424-0000-0000-C000-000000000046}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>"Version"="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]</p><p>@Denied: (Full) (Everyone)</p><p>.</p><p>Completion time: 2014-10-20 14:34:47</p><p>ComboFix-quarantined-files.txt 2014-10-20 18:34</p><p>.</p><p>Pre-Run: 101,982,322,688 bytes free</p><p>Post-Run: 105,722,728,448 bytes free</p><p>.</p><p>- - End Of File - - 81C32BA83D603CD5511176C9F7CB1B1B</p><p>A36C5E4F47E84449FF07ED3517B43A31</p></blockquote><p></p>
[QUOTE="GingerBreadMan, post: 280806, member: 29281"] thanks very much for the help, heres the log as requested, is there anything else? idk why but when i try to attach the log file it says the file is empty and idk how to fix that so im going to just copy and paste in this reply if thats fine. ComboFix 14-10-20.01 - Dan 10/20/2014 14:00:17.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3033.1346 [GMT -4:00] Running from: c:\users\Dan\Downloads\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859} SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Microsoft\Crypto\RSA64\rsa64.dll c:\programdata\Microsoft\Crypto\RSA64\temp\tmp249E.exe c:\users\Dan\AppData\Roaming\5400E037.reg c:\windows\apppatch\AppLoc.exe c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb . . CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed. You should verify if current CLSID data is correct: . HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} (Default) REG_SZ Thumbnail Cache Class Factory for Out of Proc Server AppID REG_SZ {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} . HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32 (Default) REG_EXPAND_SZ %SYSTEMROOT%\system32\thumbcache.dll ThreadingModel REG_SZ Apartment . . ((((((((((((((((((((((((( Files Created from 2014-09-20 to 2014-10-20 ))))))))))))))))))))))))))))))) . . 2014-10-20 18:21 . 2014-10-20 18:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-10-20 16:48 . 2014-10-20 17:05 -------- d-----w- C:\FRST 2014-10-19 19:56 . 2014-10-20 17:48 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-10-19 19:56 . 2014-10-19 19:56 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-10-19 19:56 . 2014-10-19 19:56 -------- d-----w- c:\programdata\Malwarebytes 2014-10-19 19:56 . 2014-10-01 15:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-10-19 19:56 . 2014-10-01 15:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-10-19 19:56 . 2014-10-01 15:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-10-19 19:55 . 2014-10-19 19:55 -------- d-----w- c:\users\Dan\AppData\Local\Programs 2014-10-17 16:02 . 2014-10-10 02:05 276480 ----a-w- c:\windows\system32\generaltel.dll 2014-10-17 16:02 . 2014-10-10 02:05 507392 ----a-w- c:\windows\system32\aepdu.dll 2014-10-17 16:02 . 2014-10-10 02:00 424448 ----a-w- c:\windows\system32\aeinv.dll 2014-10-17 16:02 . 2014-09-29 00:58 3198976 ----a-w- c:\windows\system32\win32k.sys 2014-10-17 16:02 . 2014-06-18 22:23 1943696 ----a-w- c:\windows\system32\dfshim.dll 2014-10-17 16:02 . 2014-06-18 22:23 156312 ----a-w- c:\windows\system32\mscorier.dll 2014-10-17 16:02 . 2014-06-18 22:23 156824 ----a-w- c:\windows\SysWow64\mscorier.dll 2014-10-17 16:02 . 2014-06-18 22:23 1131664 ----a-w- c:\windows\SysWow64\dfshim.dll 2014-10-17 16:02 . 2014-06-18 22:23 73880 ----a-w- c:\windows\system32\mscories.dll 2014-10-17 16:02 . 2014-06-18 22:23 81560 ----a-w- c:\windows\SysWow64\mscories.dll 2014-10-17 16:00 . 2014-09-18 02:00 3241472 ----a-w- c:\windows\system32\msi.dll 2014-10-17 16:00 . 2014-09-18 01:32 2363904 ----a-w- c:\windows\SysWow64\msi.dll 2014-10-17 16:00 . 2014-09-04 05:23 424448 ----a-w- c:\windows\system32\rastls.dll 2014-10-17 16:00 . 2014-09-04 05:04 372736 ----a-w- c:\windows\SysWow64\rastls.dll 2014-10-17 15:56 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll 2014-10-17 15:56 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll 2014-10-11 04:16 . 2014-10-11 04:16 -------- d-----w- c:\users\Dan\jagexcache2 2014-10-03 17:59 . 2014-10-03 17:59 -------- d-----w- c:\users\Dan\AppData\Local\Crisis_Point_Extinction 2014-10-01 16:03 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll 2014-10-01 16:03 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll 2014-09-27 22:58 . 2014-09-27 22:58 -------- d-----w- c:\users\Dan\AppData\Local\calibre-cache 2014-09-27 22:58 . 2014-09-27 23:00 -------- d-----w- c:\users\Dan\AppData\Roaming\calibre 2014-09-27 22:57 . 2014-09-27 22:57 -------- d-----w- c:\program files (x86)\Calibre2 2014-09-25 05:19 . 2014-10-19 01:54 -------- d-----w- c:\program files (x86)\Youtube Movie Maker 2014-09-25 05:18 . 2014-09-25 05:18 -------- d-----w- c:\users\Dan\AppData\Local\Downloaded Installations 2014-09-24 19:04 . 2014-10-14 14:58 43064 ----a-w- c:\windows\system32\drivers\avnetflt.sys 2014-09-24 16:59 . 2014-09-24 16:59 -------- d-----w- c:\users\Dan\AppData\Roaming\Avira 2014-09-24 16:57 . 2014-10-14 14:58 131608 ----a-w- c:\windows\system32\drivers\avipbb.sys 2014-09-24 16:57 . 2014-10-14 14:58 119272 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2014-09-24 16:57 . 2014-07-23 17:29 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2014-09-24 16:57 . 2014-09-24 16:57 -------- d-----w- c:\programdata\Avira 2014-09-24 16:57 . 2014-09-24 16:57 -------- d-----w- c:\program files (x86)\Avira 2014-09-23 21:14 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{17B8E69C-E120-4451-A26F-414B3A6512B7}\mpengine.dll 2014-09-23 21:13 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll 2014-09-23 21:13 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-09-24 16:20 . 2013-06-05 15:31 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-09-24 16:20 . 2013-06-05 15:31 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-09-15 13:06 . 2013-06-05 04:53 278152 ------w- c:\windows\system32\MpSigStub.exe 2014-08-23 02:07 . 2014-08-27 17:59 404480 ----a-w- c:\windows\system32\gdi32.dll 2014-08-23 01:45 . 2014-08-27 17:59 311808 ----a-w- c:\windows\SysWow64\gdi32.dll 2014-08-01 11:53 . 2014-09-09 23:14 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll 2014-08-01 11:35 . 2014-09-09 23:14 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll 2014-07-25 16:55 . 2014-08-23 05:22 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-07-25 06:35 . 2014-07-25 06:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll 2014-07-25 03:47 . 2014-07-25 03:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-10-14 703736] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="userinit.exe" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x] R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x] S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMSWISSARMY . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-10-20 11:12 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-10-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-05 16:20] . 2014-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-06 08:09] . 2014-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-06 08:09] . . --------- X64 Entries ----------- . . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://[url="http://www.google.com/"]www.google.com/[/url] mDefault_Search_URL = about:blank mDefault_Page_URL = about:blank mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = about:blank TCP: DhcpNameServer = 192.168.5.1 TCP: Interfaces\{2A740D97-842B-4AB4-B437-6248D5B98DFA}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8 TCP: Interfaces\{9CCC839A-CDC6-48E4-B98C-9A18C85B7D9D}: NameServer = 8.8.8.8,8.8.8.8 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-ktbsbmsjoqap - (no file) Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe c:\users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dcomcnfg.lnk - c:\users\Dan\AppData\Roaming\Microsoft\Windows\IEUpdate\dcomcnfg.exe c:\users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mcbuilder.lnk - c:\users\Dan\AppData\Roaming\Microsoft\Windows\IEUpdate\mcbuilder.exe c:\users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vssadmin.lnk - c:\users\Dan\AppData\Roaming\Microsoft\Windows\IEUpdate\vssadmin.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.15" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-10-20 14:34:47 ComboFix-quarantined-files.txt 2014-10-20 18:34 . Pre-Run: 101,982,322,688 bytes free Post-Run: 105,722,728,448 bytes free . - - End Of File - - 81C32BA83D603CD5511176C9F7CB1B1B A36C5E4F47E84449FF07ED3517B43A31 [/QUOTE]
Insert quotes…
Verification
Post reply
Top