Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
The Proxy server isn't responding for Internet Explorer and Google Crome still after resetting...
Message
<blockquote data-quote="Jason Bashaw" data-source="post: 304168" data-attributes="member: 31003"><p>ComboFix 14-11-18.01 - Bashaws 11/22/2014 22:16:04.1.4 - x64</p><p>Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7667.4741 [GMT -5:00]</p><p>Running from: c:\users\Bashaws\Downloads\ComboFix.exe</p><p>AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}</p><p>SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}</p><p>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>K:\Documents.lnk</p><p>K:\Music.lnk</p><p>K:\Pictures.lnk</p><p>.</p><p>.</p><p>((((((((((((((((((((((((( Files Created from 2014-10-23 to 2014-11-23 )))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>2014-11-22 14:52 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7C2E0E34-D7EA-4852-BC37-8E2F45D4FDF1}\mpengine.dll</p><p>2014-11-21 22:20 . 2014-11-22 20:50 -------- d-----w- C:\FRST</p><p>2014-11-21 17:34 . 2014-11-21 18:19 -------- d-----w- C:\zoek_backup</p><p>2014-11-21 00:50 . 2014-09-21 13:08 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4D8092D0-6D35-4CDD-A9F7-FDF183FCA5DC}\gapaengine.dll</p><p>2014-11-21 00:50 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll</p><p>2014-11-18 23:10 . 2014-11-18 23:10 -------- d-----w- c:\program files\HitmanPro</p><p>2014-11-18 23:10 . 2014-11-18 23:33 -------- d-----w- c:\programdata\HitmanPro</p><p>2014-11-18 22:56 . 2014-11-18 22:56 -------- d-----w- c:\windows\ERUNT</p><p>2014-11-18 22:47 . 2014-11-18 22:50 -------- d-----w- C:\AdwCleaner</p><p>2014-11-18 21:47 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll</p><p>2014-11-18 21:47 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll</p><p>2014-11-18 21:47 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll</p><p>2014-11-18 21:47 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll</p><p>2014-11-17 19:39 . 2014-11-17 19:39 -------- d-----w- c:\programdata\Oracle</p><p>2014-11-17 19:35 . 2014-11-17 19:42 -------- d-----w- c:\programdata\Unchecky</p><p>2014-11-17 04:16 . 2014-11-18 00:09 552 ----a-w- c:\windows\SysWow64\schtasks.bin</p><p>2014-11-17 04:00 . 2014-11-17 04:00 -------- d-----w- c:\programdata\COMODO</p><p>2014-11-17 04:00 . 2014-11-17 04:00 -------- d-----w- c:\program files\COMODO</p><p>2014-11-17 03:56 . 2014-11-21 00:50 -------- d-----w- c:\users\Bashaws\AppData\Local\33C1FBAC-DF5D-9DDB-AE00-000000B100</p><p>2014-11-17 03:55 . 2014-11-17 03:55 -------- d-----w- C:\c3f6beae-d430-4a21-802a-4c703bc75b60</p><p>2014-11-17 03:49 . 2014-11-17 19:25 -------- d--h--w- c:\users\Public\Temp</p><p>2014-11-17 01:28 . 2014-11-17 01:28 -------- d-sh--w- c:\users\Bashaws\AppData\Local\EmieBrowserModeList</p><p>2014-11-17 01:22 . 2014-11-17 01:22 -------- d-----w- c:\users\Bashaws\AppData\Local\IsolatedStorage</p><p>2014-11-12 01:32 . 2014-11-06 03:46 580096 ----a-w- c:\windows\system32\vbscript.dll</p><p>2014-11-12 01:31 . 2014-09-19 09:42 342016 ----a-w- c:\windows\system32\schannel.dll</p><p>2014-10-25 01:31 . 2014-10-25 01:31 -------- d-----w- c:\users\Bashaws\AppData\Roaming\MathematicaPlayer</p><p>2014-10-25 01:31 . 2014-10-25 01:31 -------- d-----w- c:\users\Bashaws\AppData\Local\MathematicaPlayer</p><p>2014-10-25 01:30 . 2014-10-25 01:30 -------- d-----w- c:\program files\Common Files\Wolfram Research</p><p>2014-10-25 01:30 . 2014-10-25 01:30 -------- d-----w- c:\program files (x86)\Common Files\Wolfram Research</p><p>2014-10-25 01:30 . 2014-10-25 01:30 -------- d-----w- c:\programdata\Mathematica</p><p>2014-10-25 01:30 . 2014-10-25 01:30 -------- d-----w- c:\program files\Extras</p><p>2014-10-25 01:30 . 2014-10-25 01:30 -------- d-----w- c:\program files (x86)\Common Files\ResearchSoft</p><p>2014-10-25 01:29 . 2013-02-07 23:39 360752 ----a-w- c:\windows\SysWow64\mltcpip32.mlp</p><p>2014-10-25 01:29 . 2013-02-07 23:39 95536 ----a-w- c:\windows\SysWow64\mltcp32.mlp</p><p>2014-10-25 01:29 . 2013-02-07 23:39 88368 ----a-w- c:\windows\SysWow64\mlshm32.mlp</p><p>2014-10-25 01:29 . 2013-02-07 23:39 173360 ----a-w- c:\windows\SysWow64\mlmodule32.dll</p><p>2014-10-25 01:29 . 2013-02-07 23:39 78128 ----a-w- c:\windows\SysWow64\mlmap32.mlp</p><p>2014-10-25 01:29 . 2013-02-07 23:39 369968 ----a-w- c:\windows\SysWow64\ml32i3.dll</p><p>2014-10-25 01:29 . 2013-02-07 23:39 258864 ----a-w- c:\windows\SysWow64\ml32i2.dll</p><p>2014-10-25 01:29 . 2013-02-07 23:39 252720 ----a-w- c:\windows\SysWow64\ml32i1.dll</p><p>2014-10-25 01:28 . 2014-10-25 01:28 -------- d-----w- c:\program files (x86)\Wolfram Research</p><p>2014-10-25 01:07 . 2014-10-25 01:07 57344 ----a-r- c:\users\Bashaws\AppData\Roaming\Microsoft\Installer\{D31032BD-B70C-4E1E-8BE3-0B870A910983}\NewShortcut2_004CA6CE20F84A5EAA175F820D52B1AC.exe</p><p>2014-10-25 01:07 . 2014-10-25 01:07 53248 ----a-r- c:\users\Bashaws\AppData\Roaming\Microsoft\Installer\{D31032BD-B70C-4E1E-8BE3-0B870A910983}\ARPPRODUCTICON.exe</p><p>2014-10-25 01:06 . 2014-10-25 01:06 57344 ----a-r- c:\users\Bashaws\AppData\Roaming\Microsoft\Installer\{74870974-832F-42D3-8047-D87A5A722CC3}\NewShortcut11_98798AFA4B0B41FAA9B8FF8835A64952.exe</p><p>2014-10-25 01:06 . 2014-10-25 01:06 57344 ----a-r- c:\users\Bashaws\AppData\Roaming\Microsoft\Installer\{74870974-832F-42D3-8047-D87A5A722CC3}\NewShortcut1_3F3768693B314C7692F69858832BE52C.exe</p><p>2014-10-25 01:06 . 2014-10-25 01:06 53248 ----a-r- c:\users\Bashaws\AppData\Roaming\Microsoft\Installer\{74870974-832F-42D3-8047-D87A5A722CC3}\ARPPRODUCTICON.exe</p><p>.</p><p>.</p><p>.</p><p>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>2014-11-23 03:01 . 2014-07-03 21:40 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys</p><p>2014-11-12 20:35 . 2012-08-15 11:22 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe</p><p>2014-11-12 20:35 . 2012-05-19 20:59 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl</p><p>2014-11-12 04:31 . 2012-08-15 00:28 103374192 ----a-w- c:\windows\system32\MRT.exe</p><p>2014-11-10 09:46 . 2014-11-10 09:46 233280 ----a-w- c:\windows\apppatch\AppPatch64\VCLdr64.dll</p><p>2014-10-30 11:25 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe</p><p>2014-10-02 18:23 . 2014-10-02 18:23 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx</p><p>2014-10-02 18:23 . 2014-10-02 18:23 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts</p><p>2014-10-01 16:11 . 2014-07-03 11:06 63704 ----a-w- c:\windows\system32\drivers\mwac.sys</p><p>2014-10-01 16:11 . 2014-07-03 11:06 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys</p><p>2014-10-01 16:11 . 2012-11-22 14:21 25816 ----a-w- c:\windows\system32\drivers\mbam.sys</p><p>2014-09-25 02:08 . 2014-10-05 14:25 371712 ----a-w- c:\windows\system32\qdvd.dll</p><p>2014-09-25 01:40 . 2014-10-05 14:25 519680 ----a-w- c:\windows\SysWow64\qdvd.dll</p><p>2014-09-21 13:08 . 2012-11-29 01:46 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll</p><p>2014-09-12 21:37 . 2014-09-12 21:37 122584 ----a-w- c:\windows\system32\drivers\48C2376A.sys</p><p>2014-09-09 22:11 . 2014-09-25 12:33 2048 ----a-w- c:\windows\system32\tzres.dll</p><p>2014-09-09 21:47 . 2014-09-25 12:33 2048 ----a-w- c:\windows\SysWow64\tzres.dll</p><p>2014-09-04 05:23 . 2014-10-15 01:55 424448 ----a-w- c:\windows\system32\rastls.dll</p><p>2014-09-04 05:04 . 2014-10-15 01:55 372736 ----a-w- c:\windows\SysWow64\rastls.dll</p><p>2014-08-29 00:26 . 2011-03-29 01:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>*Note* empty entries & legit default entries are not shown</p><p>REGEDIT4</p><p>.</p><p>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"Spotify Web Helper"="c:\users\Bashaws\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-10-12 1514040]</p><p>"Spotify"="c:\users\Bashaws\AppData\Roaming\Spotify\Spotify.exe" [2014-10-12 6553144]</p><p>"MotoCast"="c:\program files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2013-11-11 2057]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]</p><p>"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]</p><p>"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]</p><p>"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-08-12 658424]</p><p>"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]</p><p>"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]</p><p>"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]</p><p>"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]</p><p>"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]</p><p>.</p><p>c:\users\Bashaws\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\</p><p>Verizon Wireless Software Utility Application for Android – Samsung.lnk - c:\users\Bashaws\AppData\Roaming\VERIZON\UA_ar\UA.exe [2014-10-14 1235264]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</p><p>"ConsentPromptBehaviorAdmin"= 5 (0x5)</p><p>"ConsentPromptBehaviorUser"= 3 (0x3)</p><p>"EnableUIADesktopToggle"= 0 (0x0)</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]</p><p>"LoadAppInit_DLLs"=1 (0x1)</p><p>.</p><p>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]</p><p>BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]</p><p>@=""</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]</p><p>@=""</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]</p><p>@=""</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]</p><p>@=""</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]</p><p>@="Service"</p><p>.</p><p>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]</p><p>R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]</p><p>R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]</p><p>R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]</p><p>R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]</p><p>R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]</p><p>R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]</p><p>R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]</p><p>R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]</p><p>R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]</p><p>R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]</p><p>R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]</p><p>R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]</p><p>R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]</p><p>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]</p><p>R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]</p><p>S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]</p><p>S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]</p><p>S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]</p><p>S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]</p><p>S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [x]</p><p>S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]</p><p>S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]</p><p>S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]</p><p>S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]</p><p>S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]</p><p>S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]</p><p>S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]</p><p>S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]</p><p>S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]</p><p>S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]</p><p>S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]</p><p>S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]</p><p>S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]</p><p>S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]</p><p>S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]</p><p>S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]</p><p>S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]</p><p>S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]</p><p>S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]</p><p>S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]</p><p>S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]</p><p>S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]</p><p>S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys;c:\windows\SYSNATIVE\drivers\usbfilter.sys [x]</p><p>S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]</p><p>S4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]</p><p>.</p><p>.</p><p>--- Other Services/Drivers In Memory ---</p><p>.</p><p>*NewlyCreated* - MBAMSWISSARMY</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]</p><p>2014-11-22 15:39 1087304 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.65\Installer\chrmstp.exe</p><p>.</p><p>Contents of the 'Scheduled Tasks' folder</p><p>.</p><p>2014-11-23 c:\windows\Tasks\Adobe Flash Player Updater.job</p><p>- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 20:35]</p><p>.</p><p>2014-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-16 15:28]</p><p>.</p><p>2014-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-16 15:28]</p><p>.</p><p>2014-11-22 c:\windows\Tasks\HPCeeScheduleForBashaws.job</p><p>- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]</p><p>.</p><p>.</p><p>--------- X64 Entries -----------</p><p>.</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]</p><p>"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]</p><p>"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]</p><p>"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]</p><p>"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-10-22 21720]</p><p>.</p><p>------- Supplementary Scan -------</p><p>.</p><p>uLocal Page = c:\windows\system32\blank.htm</p><p>mLocal Page = c:\windows\SysWOW64\blank.htm</p><p>TCP: DhcpNameServer = 192.168.1.254</p><p>TCP: Interfaces\{5D400110-9F0C-4111-90C7-8FEB0C45831E}: NameServer = 31.168.224.100,5.135.12.56</p><p>TCP: Interfaces\{F8C8F553-85B0-4F3F-A7A3-B1B290D45052}: NameServer = 31.168.224.100,5.135.12.56</p><p>FF - ProfilePath - c:\users\Bashaws\AppData\Roaming\Mozilla\Firefox\Profiles\yu4mr6zw.default-1416276520975\</p><p>FF - prefs.js: browser.search.defaulturl - hxxp://<a href="http://www.google.com/search?btnG=Google+Search&q=" target="_blank">www.google.com/search?btnG=Google+Search&q=</a></p><p>FF - prefs.js: browser.search.selectedEngine - Google</p><p>FF - prefs.js: browser.startup.homepage - hxxp://<a href="http://www.google.com" target="_blank">www.google.com</a></p><p>FF - prefs.js: keyword.URL - hxxp://<a href="http://www.google.com/search?btnG=Google+Search&q=" target="_blank">www.google.com/search?btnG=Google+Search&q=</a></p><p>FF - prefs.js: network.proxy.type - 0</p><p>.</p><p>- - - - ORPHANS REMOVED - - - -</p><p>.</p><p>Wow6432Node-HKCU-Run-PCKeeper2 - c:\program files\Kromtech\PCKeeper Live\PCKeeper.exe</p><p>Wow6432Node-HKLM-Run-<NO NAME> - (no file)</p><p>HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start</p><p>HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec</p><p>AddRemove-Flash Player Pro_is1 - c:\program files (x86)\Flash Player Pro\unins000.exe</p><p>AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{E0A9340B-C01B-42C1-9910-C307D7BE4756}\WeatherBugSetup.exe</p><p>AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe</p><p>.</p><p>.</p><p>.</p><p>[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]</p><p>"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"</p><p>.</p><p>--------------------- LOCKED REGISTRY KEYS ---------------------</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="FlashBroker"</p><p>"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe,-101"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]</p><p>"Enabled"=dword:00000001</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]</p><p>@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="IFlashBroker6"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]</p><p>@="{00020424-0000-0000-C000-000000000046}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>"Version"="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="FlashBroker"</p><p>"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]</p><p>"Enabled"=dword:00000001</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]</p><p>@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="Shockwave Flash Object"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]</p><p>@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"</p><p>"ThreadingModel"="Apartment"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]</p><p>@="0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]</p><p>@="ShockwaveFlash.ShockwaveFlash.15"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</p><p>@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]</p><p>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]</p><p>@="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</p><p>@="ShockwaveFlash.ShockwaveFlash"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="Macromedia Flash Factory Object"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]</p><p>@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"</p><p>"ThreadingModel"="Apartment"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]</p><p>@="FlashFactory.FlashFactory.1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</p><p>@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]</p><p>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]</p><p>@="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</p><p>@="FlashFactory.FlashFactory"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="IFlashBroker6"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]</p><p>@="{00020424-0000-0000-C000-000000000046}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>"Version"="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]</p><p>@Denied: (A) (Users)</p><p>@Denied: (A) (Everyone)</p><p>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</p><p>"BlindDial"=dword:00000000</p><p>.</p><p>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]</p><p>@Denied: (A) (Users)</p><p>@Denied: (A) (Everyone)</p><p>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</p><p>"BlindDial"=dword:00000000</p><p>.</p><p>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]</p><p>@Denied: (Full) (Everyone)</p><p>.</p><p>Completion time: 2014-11-22 22:45:44</p><p>ComboFix-quarantined-files.txt 2014-11-23 03:45</p><p>.</p><p>Pre-Run: 859,590,483,968 bytes free</p><p>Post-Run: 859,191,455,744 bytes free</p><p>.</p><p>- - End Of File - - AAD2F104DE0609DA1CFBC4A459D9D3AF</p><p>5FB38429D5D77768867C76DCBDB35194</p></blockquote><p></p>
[QUOTE="Jason Bashaw, post: 304168, member: 31003"] ComboFix 14-11-18.01 - Bashaws 11/22/2014 22:16:04.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7667.4741 [GMT -5:00] Running from: c:\users\Bashaws\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . K:\Documents.lnk K:\Music.lnk K:\Pictures.lnk . . ((((((((((((((((((((((((( Files Created from 2014-10-23 to 2014-11-23 ))))))))))))))))))))))))))))))) . . 2014-11-22 14:52 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7C2E0E34-D7EA-4852-BC37-8E2F45D4FDF1}\mpengine.dll 2014-11-21 22:20 . 2014-11-22 20:50 -------- d-----w- C:\FRST 2014-11-21 17:34 . 2014-11-21 18:19 -------- d-----w- C:\zoek_backup 2014-11-21 00:50 . 2014-09-21 13:08 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4D8092D0-6D35-4CDD-A9F7-FDF183FCA5DC}\gapaengine.dll 2014-11-21 00:50 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-11-18 23:10 . 2014-11-18 23:10 -------- d-----w- c:\program files\HitmanPro 2014-11-18 23:10 . 2014-11-18 23:33 -------- d-----w- c:\programdata\HitmanPro 2014-11-18 22:56 . 2014-11-18 22:56 -------- d-----w- c:\windows\ERUNT 2014-11-18 22:47 . 2014-11-18 22:50 -------- d-----w- C:\AdwCleaner 2014-11-18 21:47 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll 2014-11-18 21:47 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll 2014-11-18 21:47 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll 2014-11-18 21:47 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll 2014-11-17 19:39 . 2014-11-17 19:39 -------- d-----w- c:\programdata\Oracle 2014-11-17 19:35 . 2014-11-17 19:42 -------- d-----w- c:\programdata\Unchecky 2014-11-17 04:16 . 2014-11-18 00:09 552 ----a-w- c:\windows\SysWow64\schtasks.bin 2014-11-17 04:00 . 2014-11-17 04:00 -------- d-----w- c:\programdata\COMODO 2014-11-17 04:00 . 2014-11-17 04:00 -------- d-----w- c:\program files\COMODO 2014-11-17 03:56 . 2014-11-21 00:50 -------- d-----w- c:\users\Bashaws\AppData\Local\33C1FBAC-DF5D-9DDB-AE00-000000B100 2014-11-17 03:55 . 2014-11-17 03:55 -------- d-----w- C:\c3f6beae-d430-4a21-802a-4c703bc75b60 2014-11-17 03:49 . 2014-11-17 19:25 -------- d--h--w- c:\users\Public\Temp 2014-11-17 01:28 . 2014-11-17 01:28 -------- d-sh--w- c:\users\Bashaws\AppData\Local\EmieBrowserModeList 2014-11-17 01:22 . 2014-11-17 01:22 -------- d-----w- c:\users\Bashaws\AppData\Local\IsolatedStorage 2014-11-12 01:32 . 2014-11-06 03:46 580096 ----a-w- c:\windows\system32\vbscript.dll 2014-11-12 01:31 . 2014-09-19 09:42 342016 ----a-w- c:\windows\system32\schannel.dll 2014-10-25 01:31 . 2014-10-25 01:31 -------- d-----w- c:\users\Bashaws\AppData\Roaming\MathematicaPlayer 2014-10-25 01:31 . 2014-10-25 01:31 -------- d-----w- c:\users\Bashaws\AppData\Local\MathematicaPlayer 2014-10-25 01:30 . 2014-10-25 01:30 -------- d-----w- c:\program files\Common Files\Wolfram Research 2014-10-25 01:30 . 2014-10-25 01:30 -------- d-----w- c:\program files (x86)\Common Files\Wolfram Research 2014-10-25 01:30 . 2014-10-25 01:30 -------- d-----w- c:\programdata\Mathematica 2014-10-25 01:30 . 2014-10-25 01:30 -------- d-----w- c:\program files\Extras 2014-10-25 01:30 . 2014-10-25 01:30 -------- d-----w- c:\program files (x86)\Common Files\ResearchSoft 2014-10-25 01:29 . 2013-02-07 23:39 360752 ----a-w- c:\windows\SysWow64\mltcpip32.mlp 2014-10-25 01:29 . 2013-02-07 23:39 95536 ----a-w- c:\windows\SysWow64\mltcp32.mlp 2014-10-25 01:29 . 2013-02-07 23:39 88368 ----a-w- c:\windows\SysWow64\mlshm32.mlp 2014-10-25 01:29 . 2013-02-07 23:39 173360 ----a-w- c:\windows\SysWow64\mlmodule32.dll 2014-10-25 01:29 . 2013-02-07 23:39 78128 ----a-w- c:\windows\SysWow64\mlmap32.mlp 2014-10-25 01:29 . 2013-02-07 23:39 369968 ----a-w- c:\windows\SysWow64\ml32i3.dll 2014-10-25 01:29 . 2013-02-07 23:39 258864 ----a-w- c:\windows\SysWow64\ml32i2.dll 2014-10-25 01:29 . 2013-02-07 23:39 252720 ----a-w- c:\windows\SysWow64\ml32i1.dll 2014-10-25 01:28 . 2014-10-25 01:28 -------- d-----w- c:\program files (x86)\Wolfram Research 2014-10-25 01:07 . 2014-10-25 01:07 57344 ----a-r- c:\users\Bashaws\AppData\Roaming\Microsoft\Installer\{D31032BD-B70C-4E1E-8BE3-0B870A910983}\NewShortcut2_004CA6CE20F84A5EAA175F820D52B1AC.exe 2014-10-25 01:07 . 2014-10-25 01:07 53248 ----a-r- c:\users\Bashaws\AppData\Roaming\Microsoft\Installer\{D31032BD-B70C-4E1E-8BE3-0B870A910983}\ARPPRODUCTICON.exe 2014-10-25 01:06 . 2014-10-25 01:06 57344 ----a-r- c:\users\Bashaws\AppData\Roaming\Microsoft\Installer\{74870974-832F-42D3-8047-D87A5A722CC3}\NewShortcut11_98798AFA4B0B41FAA9B8FF8835A64952.exe 2014-10-25 01:06 . 2014-10-25 01:06 57344 ----a-r- c:\users\Bashaws\AppData\Roaming\Microsoft\Installer\{74870974-832F-42D3-8047-D87A5A722CC3}\NewShortcut1_3F3768693B314C7692F69858832BE52C.exe 2014-10-25 01:06 . 2014-10-25 01:06 53248 ----a-r- c:\users\Bashaws\AppData\Roaming\Microsoft\Installer\{74870974-832F-42D3-8047-D87A5A722CC3}\ARPPRODUCTICON.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-11-23 03:01 . 2014-07-03 21:40 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-11-12 20:35 . 2012-08-15 11:22 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-11-12 20:35 . 2012-05-19 20:59 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-11-12 04:31 . 2012-08-15 00:28 103374192 ----a-w- c:\windows\system32\MRT.exe 2014-11-10 09:46 . 2014-11-10 09:46 233280 ----a-w- c:\windows\apppatch\AppPatch64\VCLdr64.dll 2014-10-30 11:25 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe 2014-10-02 18:23 . 2014-10-02 18:23 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2014-10-02 18:23 . 2014-10-02 18:23 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2014-10-01 16:11 . 2014-07-03 11:06 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-10-01 16:11 . 2014-07-03 11:06 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-10-01 16:11 . 2012-11-22 14:21 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-09-25 02:08 . 2014-10-05 14:25 371712 ----a-w- c:\windows\system32\qdvd.dll 2014-09-25 01:40 . 2014-10-05 14:25 519680 ----a-w- c:\windows\SysWow64\qdvd.dll 2014-09-21 13:08 . 2012-11-29 01:46 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2014-09-12 21:37 . 2014-09-12 21:37 122584 ----a-w- c:\windows\system32\drivers\48C2376A.sys 2014-09-09 22:11 . 2014-09-25 12:33 2048 ----a-w- c:\windows\system32\tzres.dll 2014-09-09 21:47 . 2014-09-25 12:33 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2014-09-04 05:23 . 2014-10-15 01:55 424448 ----a-w- c:\windows\system32\rastls.dll 2014-09-04 05:04 . 2014-10-15 01:55 372736 ----a-w- c:\windows\SysWow64\rastls.dll 2014-08-29 00:26 . 2011-03-29 01:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="c:\users\Bashaws\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-10-12 1514040] "Spotify"="c:\users\Bashaws\AppData\Roaming\Spotify\Spotify.exe" [2014-10-12 6553144] "MotoCast"="c:\program files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2013-11-11 2057] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-08-12 658424] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888] . c:\users\Bashaws\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Verizon Wireless Software Utility Application for Android – Samsung.lnk - c:\users\Bashaws\AppData\Roaming\VERIZON\UA_ar\UA.exe [2014-10-14 1235264] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x] R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x] S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x] S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x] S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys;c:\windows\SYSNATIVE\drivers\usbfilter.sys [x] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x] S4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMSWISSARMY . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-11-22 15:39 1087304 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.65\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-11-23 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 20:35] . 2014-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-16 15:28] . 2014-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-16 15:28] . 2014-11-22 c:\windows\Tasks\HPCeeScheduleForBashaws.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288] "IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944] "IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-10-22 21720] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{5D400110-9F0C-4111-90C7-8FEB0C45831E}: NameServer = 31.168.224.100,5.135.12.56 TCP: Interfaces\{F8C8F553-85B0-4F3F-A7A3-B1B290D45052}: NameServer = 31.168.224.100,5.135.12.56 FF - ProfilePath - c:\users\Bashaws\AppData\Roaming\Mozilla\Firefox\Profiles\yu4mr6zw.default-1416276520975\ FF - prefs.js: browser.search.defaulturl - hxxp://[url="http://www.google.com/search?btnG=Google+Search&q="]www.google.com/search?btnG=Google+Search&q=[/url] FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://[url="http://www.google.com"]www.google.com[/url] FF - prefs.js: keyword.URL - hxxp://[url="http://www.google.com/search?btnG=Google+Search&q="]www.google.com/search?btnG=Google+Search&q=[/url] FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-PCKeeper2 - c:\program files\Kromtech\PCKeeper Live\PCKeeper.exe Wow6432Node-HKLM-Run-<NO NAME> - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec AddRemove-Flash Player Pro_is1 - c:\program files (x86)\Flash Player Pro\unins000.exe AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{E0A9340B-C01B-42C1-9910-C307D7BE4756}\WeatherBugSetup.exe AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.15" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-11-22 22:45:44 ComboFix-quarantined-files.txt 2014-11-23 03:45 . Pre-Run: 859,590,483,968 bytes free Post-Run: 859,191,455,744 bytes free . - - End Of File - - AAD2F104DE0609DA1CFBC4A459D9D3AF 5FB38429D5D77768867C76DCBDB35194 [/QUOTE]
Insert quotes…
Verification
Post reply
Top