Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
dllhost.exe, powershell stopped working, COM Surrogate, slow operating system
Message
<blockquote data-quote="Allison" data-source="post: 310818" data-attributes="member: 31491"><p>It's running so much better-- thank you!!!!!</p><p></p><p>Here is the ComboFix log:</p><p></p><p>ComboFix 14-12-04.01 - owner 12/06/2014 12:40:00.1.4 - x64</p><p>Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.1935 [GMT -8:00]</p><p>Running from: c:\users\owner\Desktop\ComboFix.exe</p><p>AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}</p><p>FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}</p><p>SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}</p><p>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>c:\windows\SysWow64\00000793.tmp</p><p>c:\windows\SysWow64\00001716.tmp</p><p>c:\windows\SysWow64\00002063.tmp</p><p>c:\windows\SysWow64\00002159.tmp</p><p>c:\windows\SysWow64\00002307.tmp</p><p>c:\windows\SysWow64\00005103.tmp</p><p>c:\windows\SysWow64\00009961.tmp</p><p>c:\windows\SysWow64\00010221.tmp</p><p>c:\windows\SysWow64\00012668.tmp</p><p>c:\windows\SysWow64\00014392.tmp</p><p>c:\windows\SysWow64\00014478.tmp</p><p>c:\windows\SysWow64\00015285.tmp</p><p>c:\windows\SysWow64\00016734.tmp</p><p>c:\windows\SysWow64\00016827.tmp</p><p>c:\windows\SysWow64\00019180.tmp</p><p>c:\windows\SysWow64\00021078.tmp</p><p>c:\windows\SysWow64\00021760.tmp</p><p>c:\windows\SysWow64\00023428.tmp</p><p>c:\windows\SysWow64\00023712.tmp</p><p>c:\windows\SysWow64\00025378.tmp</p><p>c:\windows\SysWow64\00029638.tmp</p><p>c:\windows\SysWow64\00031429.tmp</p><p>c:\windows\SysWow64\00031675.tmp</p><p>.</p><p>.</p><p>((((((((((((((((((((((((( Files Created from 2014-11-06 to 2014-12-06 )))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>2014-12-06 21:53 . 2014-12-06 21:53 -------- d-----w- c:\users\Default\AppData\Local\temp</p><p>2014-12-06 14:57 . 2014-12-06 15:46 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)</p><p>2014-12-06 01:47 . 2014-12-06 15:53 -------- d-----w- C:\FRST</p><p>2014-12-01 03:45 . 2012-10-04 00:14 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys</p><p>2014-12-01 03:45 . 2014-12-01 03:45 -------- d-----w- c:\program files\iPod</p><p>2014-12-01 03:44 . 2014-12-01 03:45 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7</p><p>2014-12-01 03:44 . 2014-12-01 03:45 -------- d-----w- c:\program files\iTunes</p><p>2014-12-01 03:31 . 2014-12-01 03:31 -------- d-----w- c:\windows\SysWow64\vbox</p><p>2014-12-01 03:31 . 2014-12-01 03:31 -------- d-----w- c:\windows\system32\vbox</p><p>2014-11-30 22:52 . 2014-11-30 22:43 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys</p><p>2014-11-30 22:49 . 2014-11-29 17:29 364512 ----a-w- c:\windows\system32\aswBoot.exe</p><p>2014-11-30 22:38 . 2014-11-30 22:38 449936 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys</p><p>2014-11-29 18:05 . 2014-12-06 18:42 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys</p><p>2014-11-29 18:05 . 2014-12-06 14:51 96472 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys</p><p>2014-11-29 18:05 . 2014-11-21 14:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys</p><p>2014-11-29 18:05 . 2014-11-21 14:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys</p><p>2014-11-29 18:04 . 2014-12-05 00:50 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware</p><p>2014-11-29 17:32 . 2014-11-29 17:32 -------- d-----w- c:\users\owner\AppData\Roaming\AVAST Software</p><p>2014-11-29 17:30 . 2014-11-29 17:30 -------- d-----w- c:\program files\Google</p><p>2014-11-29 17:30 . 2014-11-29 17:29 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys</p><p>2014-11-29 17:30 . 2014-11-29 17:29 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys</p><p>2014-11-29 17:30 . 2014-11-29 17:29 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys</p><p>2014-11-29 17:30 . 2014-11-29 17:29 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys</p><p>2014-11-29 17:30 . 2014-11-29 17:29 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys</p><p>2014-11-29 17:30 . 2014-11-29 17:29 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys</p><p>2014-11-29 17:30 . 2014-11-29 17:29 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys</p><p>2014-11-29 17:30 . 2014-11-29 17:31 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys</p><p>2014-11-29 17:29 . 2014-11-29 17:29 43152 ----a-w- c:\windows\avastSS.scr</p><p>2014-11-29 17:28 . 2014-11-29 17:28 -------- d-----w- c:\program files\AVAST Software</p><p>2014-11-26 15:23 . 2014-11-29 17:28 -------- d-----w- c:\programdata\AVAST Software</p><p>2014-11-18 19:07 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll</p><p>2014-11-18 19:07 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll</p><p>2014-11-18 19:07 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll</p><p>2014-11-18 19:07 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll</p><p>2014-11-14 01:18 . 2014-11-14 01:18 -------- d-sh--w- c:\users\owner\AppData\Local\EmieBrowserModeList</p><p>2014-11-11 20:29 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll</p><p>2014-11-11 20:29 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll</p><p>2014-11-09 02:55 . 2014-11-09 02:56 -------- d-----w- c:\programdata\SMR430</p><p>.</p><p>.</p><p>.</p><p>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>2014-11-30 17:51 . 2012-04-28 17:39 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl</p><p>2014-11-30 17:51 . 2012-04-28 17:39 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe</p><p>2014-11-12 15:21 . 2010-09-03 01:05 103374192 ----a-w- c:\windows\system32\MRT.exe</p><p>2014-10-25 02:54 . 2014-10-25 02:54 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll</p><p>2014-09-25 02:08 . 2014-10-01 02:35 371712 ----a-w- c:\windows\system32\qdvd.dll</p><p>2014-09-25 01:40 . 2014-10-01 02:35 519680 ----a-w- c:\windows\SysWow64\qdvd.dll</p><p>2014-09-09 22:11 . 2014-09-24 01:00 2048 ----a-w- c:\windows\system32\tzres.dll</p><p>2014-09-09 21:47 . 2014-09-24 01:00 2048 ----a-w- c:\windows\SysWow64\tzres.dll</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>*Note* empty entries & legit default entries are not shown</p><p>REGEDIT4</p><p>.</p><p>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-08-15 43816]</p><p>"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-08-08 43816]</p><p>"AppleIEDAV"="c:\program files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" [2014-08-05 1080104]</p><p>"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-10-01 22065760]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]</p><p>"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]</p><p>"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]</p><p>"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]</p><p>"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]</p><p>"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]</p><p>"DellComms"="c:\program files (x86)\Dell\DellComms\bin\sprtcmd.exe" [2009-05-05 206064]</p><p>"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]</p><p>"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]</p><p>"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]</p><p>"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]</p><p>"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-27 271744]</p><p>"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-11-29 5226600]</p><p>"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2014-10-15 157480]</p><p>.</p><p>c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\</p><p>Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]</p><p>.</p><p>c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\</p><p>HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]</p><p>.</p><p>c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\</p><p>Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-15 1324384]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</p><p>"ConsentPromptBehaviorAdmin"= 5 (0x5)</p><p>"ConsentPromptBehaviorUser"= 3 (0x3)</p><p>"EnableUIADesktopToggle"= 0 (0x0)</p><p>"SoftwareSASGeneration"= 1 (0x1)</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]</p><p>"aux1"=wdmaud.drv</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]</p><p>@="Driver"</p><p>.</p><p>R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]</p><p>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]</p><p>R3 ACTIVhidmini;Promethean USB Board Driver;c:\windows\system32\DRIVERS\ACTIVhidmini.sys;c:\windows\SYSNATIVE\DRIVERS\ACTIVhidmini.sys [x]</p><p>R3 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]</p><p>R3 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]</p><p>R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]</p><p>R3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\DRIVERS\activmouse.sys;c:\windows\SYSNATIVE\DRIVERS\activmouse.sys [x]</p><p>R3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\DRIVERS\PTUMWBus.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMWBus.sys [x]</p><p>R3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\DRIVERS\PTUMWCDF.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMWCDF.sys [x]</p><p>R3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;c:\windows\system32\DRIVERS\PTUMWCSP.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMWCSP.sys [x]</p><p>R3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\DRIVERS\PTUMWFLT.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMWFLT.sys [x]</p><p>R3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\DRIVERS\PTUMWMdm.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMWMdm.sys [x]</p><p>R3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\DRIVERS\PTUMWNET.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMWNET.sys [x]</p><p>R3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;c:\windows\system32\DRIVERS\PTUMWNSP.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMWNSP.sys [x]</p><p>R3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMWVsp.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMWVsp.sys [x]</p><p>R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]</p><p>R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]</p><p>R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]</p><p>R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]</p><p>R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]</p><p>R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]</p><p>R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]</p><p>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]</p><p>R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]</p><p>S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]</p><p>S0 aswRvrt;avast! Revert; [x]</p><p>S0 aswVmm;avast! VM Monitor; [x]</p><p>S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]</p><p>S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]</p><p>S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]</p><p>S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]</p><p>S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]</p><p>S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]</p><p>S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]</p><p>S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]</p><p>S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]</p><p>S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]</p><p>S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]</p><p>S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]</p><p>S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]</p><p>S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe;c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [x]</p><p>S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]</p><p>S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]</p><p>S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]</p><p>S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]</p><p>S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]</p><p>S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]</p><p>S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]</p><p>S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]</p><p>S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]</p><p>S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]</p><p>S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]</p><p>S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]</p><p>.</p><p>.</p><p>--- Other Services/Drivers In Memory ---</p><p>.</p><p>*NewlyCreated* - MBAMSWISSARMY</p><p>*Deregistered* - mbamchameleon</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]</p><p>hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]</p><p>2014-11-30 17:55 1087304 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe</p><p>.</p><p>Contents of the 'Scheduled Tasks' folder</p><p>.</p><p>2014-12-06 c:\windows\Tasks\Adobe Flash Player Updater.job</p><p>- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 17:51]</p><p>.</p><p>2014-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-25 00:44]</p><p>.</p><p>2014-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-25 00:44]</p><p>.</p><p>.</p><p>--------- X64 Entries -----------</p><p>.</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]</p><p>@="{472083B0-C522-11CF-8763-00608CC02F24}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]</p><p>2014-11-29 17:29 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-01-25 369152]</p><p>"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-03 10038304]</p><p>"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-04 166424]</p><p>"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-04 390168]</p><p>"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-04 408600]</p><p>"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]</p><p>.</p><p>------- Supplementary Scan -------</p><p>.</p><p>uLocal Page = c:\windows\system32\blank.htm</p><p>mLocal Page = c:\windows\SysWOW64\blank.htm</p><p>uInternet Settings,ProxyOverride = <-loopback>;*.local</p><p>IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000</p><p>TCP: DhcpNameServer = 192.168.1.1</p><p>.</p><p>- - - - ORPHANS REMOVED - - - -</p><p>.</p><p>Toolbar-Locked - (no file)</p><p>Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe</p><p>Wow6432Node-HKLM-Run-<NO NAME> - (no file)</p><p>SafeBoot-mcmscsvc</p><p>SafeBoot-MCODS</p><p>HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start</p><p>Toolbar-Locked - (no file)</p><p>AddRemove-WildTangentGameProvider-dell-genres - c:\program files (x86)\WildTangent\Dell Games\Game Explorer Categories - genres\Uninstall.exe</p><p>.</p><p>.</p><p>.</p><p>--------------------- LOCKED REGISTRY KEYS ---------------------</p><p>.</p><p>[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]</p><p>@Denied: (2) (LocalSystem)</p><p>.</p><p>[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]</p><p>@Denied: (2) (LocalSystem)</p><p>"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,</p><p> d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ac,de,0b,53,85,98,ec,46,84,14,ba,\</p><p>"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,</p><p> d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ac,de,0b,53,85,98,ec,46,84,14,ba,\</p><p>.</p><p>[HKEY_USERS\S-1-5-21-51682695-2428261589-2065693235-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]</p><p>@Denied: (2) (LocalSystem)</p><p>"Progid"="WindowsLiveMail.Email.1"</p><p>.</p><p>[HKEY_USERS\S-1-5-21-51682695-2428261589-2065693235-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]</p><p>@Denied: (2) (LocalSystem)</p><p>"Progid"="WindowsLiveMail.VCard.1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="FlashBroker"</p><p>"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe,-101"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]</p><p>"Enabled"=dword:00000001</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]</p><p>@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="IFlashBroker6"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]</p><p>@="{00020424-0000-0000-C000-000000000046}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>"Version"="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="FlashBroker"</p><p>"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe,-101"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]</p><p>"Enabled"=dword:00000001</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="Shockwave Flash Object"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"</p><p>"ThreadingModel"="Apartment"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]</p><p>@="0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]</p><p>@="ShockwaveFlash.ShockwaveFlash.15"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]</p><p>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]</p><p>@="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</p><p>@="ShockwaveFlash.ShockwaveFlash"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="Macromedia Flash Factory Object"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"</p><p>"ThreadingModel"="Apartment"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]</p><p>@="FlashFactory.FlashFactory.1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]</p><p>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]</p><p>@="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</p><p>@="FlashFactory.FlashFactory"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="IFlashBroker6"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]</p><p>@="{00020424-0000-0000-C000-000000000046}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>"Version"="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]</p><p>@Denied: (A) (Users)</p><p>@Denied: (A) (Everyone)</p><p>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</p><p>"BlindDial"=dword:00000000</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]</p><p>@Denied: (A) (Users)</p><p>@Denied: (A) (Everyone)</p><p>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</p><p>"BlindDial"=dword:00000000</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]</p><p>@Denied: (Full) (Everyone)</p><p>.</p><p>Completion time: 2014-12-06 13:59:00</p><p>ComboFix-quarantined-files.txt 2014-12-06 21:59</p><p>.</p><p>Pre-Run: 116,619,513,856 bytes free</p><p>Post-Run: 134,911,926,272 bytes free</p><p>.</p><p>- - End Of File - - E4A993AE11A039D9C96B5F4E2F9F971B</p><p>A36C5E4F47E84449FF07ED3517B43A31</p></blockquote><p></p>
[QUOTE="Allison, post: 310818, member: 31491"] It's running so much better-- thank you!!!!! Here is the ComboFix log: ComboFix 14-12-04.01 - owner 12/06/2014 12:40:00.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.1935 [GMT -8:00] Running from: c:\users\owner\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWow64\00000793.tmp c:\windows\SysWow64\00001716.tmp c:\windows\SysWow64\00002063.tmp c:\windows\SysWow64\00002159.tmp c:\windows\SysWow64\00002307.tmp c:\windows\SysWow64\00005103.tmp c:\windows\SysWow64\00009961.tmp c:\windows\SysWow64\00010221.tmp c:\windows\SysWow64\00012668.tmp c:\windows\SysWow64\00014392.tmp c:\windows\SysWow64\00014478.tmp c:\windows\SysWow64\00015285.tmp c:\windows\SysWow64\00016734.tmp c:\windows\SysWow64\00016827.tmp c:\windows\SysWow64\00019180.tmp c:\windows\SysWow64\00021078.tmp c:\windows\SysWow64\00021760.tmp c:\windows\SysWow64\00023428.tmp c:\windows\SysWow64\00023712.tmp c:\windows\SysWow64\00025378.tmp c:\windows\SysWow64\00029638.tmp c:\windows\SysWow64\00031429.tmp c:\windows\SysWow64\00031675.tmp . . ((((((((((((((((((((((((( Files Created from 2014-11-06 to 2014-12-06 ))))))))))))))))))))))))))))))) . . 2014-12-06 21:53 . 2014-12-06 21:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-12-06 14:57 . 2014-12-06 15:46 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2014-12-06 01:47 . 2014-12-06 15:53 -------- d-----w- C:\FRST 2014-12-01 03:45 . 2012-10-04 00:14 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2014-12-01 03:45 . 2014-12-01 03:45 -------- d-----w- c:\program files\iPod 2014-12-01 03:44 . 2014-12-01 03:45 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2014-12-01 03:44 . 2014-12-01 03:45 -------- d-----w- c:\program files\iTunes 2014-12-01 03:31 . 2014-12-01 03:31 -------- d-----w- c:\windows\SysWow64\vbox 2014-12-01 03:31 . 2014-12-01 03:31 -------- d-----w- c:\windows\system32\vbox 2014-11-30 22:52 . 2014-11-30 22:43 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2014-11-30 22:49 . 2014-11-29 17:29 364512 ----a-w- c:\windows\system32\aswBoot.exe 2014-11-30 22:38 . 2014-11-30 22:38 449936 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys 2014-11-29 18:05 . 2014-12-06 18:42 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-11-29 18:05 . 2014-12-06 14:51 96472 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-11-29 18:05 . 2014-11-21 14:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-11-29 18:05 . 2014-11-21 14:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-11-29 18:04 . 2014-12-05 00:50 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-11-29 17:32 . 2014-11-29 17:32 -------- d-----w- c:\users\owner\AppData\Roaming\AVAST Software 2014-11-29 17:30 . 2014-11-29 17:30 -------- d-----w- c:\program files\Google 2014-11-29 17:30 . 2014-11-29 17:29 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys 2014-11-29 17:30 . 2014-11-29 17:29 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys 2014-11-29 17:30 . 2014-11-29 17:29 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2014-11-29 17:30 . 2014-11-29 17:29 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2014-11-29 17:30 . 2014-11-29 17:29 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-11-29 17:30 . 2014-11-29 17:29 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2014-11-29 17:30 . 2014-11-29 17:29 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2014-11-29 17:30 . 2014-11-29 17:31 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys 2014-11-29 17:29 . 2014-11-29 17:29 43152 ----a-w- c:\windows\avastSS.scr 2014-11-29 17:28 . 2014-11-29 17:28 -------- d-----w- c:\program files\AVAST Software 2014-11-26 15:23 . 2014-11-29 17:28 -------- d-----w- c:\programdata\AVAST Software 2014-11-18 19:07 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll 2014-11-18 19:07 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll 2014-11-18 19:07 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll 2014-11-18 19:07 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll 2014-11-14 01:18 . 2014-11-14 01:18 -------- d-sh--w- c:\users\owner\AppData\Local\EmieBrowserModeList 2014-11-11 20:29 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll 2014-11-11 20:29 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2014-11-09 02:55 . 2014-11-09 02:56 -------- d-----w- c:\programdata\SMR430 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-11-30 17:51 . 2012-04-28 17:39 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-11-30 17:51 . 2012-04-28 17:39 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-11-12 15:21 . 2010-09-03 01:05 103374192 ----a-w- c:\windows\system32\MRT.exe 2014-10-25 02:54 . 2014-10-25 02:54 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-09-25 02:08 . 2014-10-01 02:35 371712 ----a-w- c:\windows\system32\qdvd.dll 2014-09-25 01:40 . 2014-10-01 02:35 519680 ----a-w- c:\windows\SysWow64\qdvd.dll 2014-09-09 22:11 . 2014-09-24 01:00 2048 ----a-w- c:\windows\system32\tzres.dll 2014-09-09 21:47 . 2014-09-24 01:00 2048 ----a-w- c:\windows\SysWow64\tzres.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-08-15 43816] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-08-08 43816] "AppleIEDAV"="c:\program files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" [2014-08-05 1080104] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-10-01 22065760] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "DellComms"="c:\program files (x86)\Dell\DellComms\bin\sprtcmd.exe" [2009-05-05 206064] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-27 271744] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-11-29 5226600] "iTunesHelper"="d:\itunes\iTunesHelper.exe" [2014-10-15 157480] . c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-15 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 ACTIVhidmini;Promethean USB Board Driver;c:\windows\system32\DRIVERS\ACTIVhidmini.sys;c:\windows\SYSNATIVE\DRIVERS\ACTIVhidmini.sys [x] R3 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x] R3 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\DRIVERS\activmouse.sys;c:\windows\SYSNATIVE\DRIVERS\activmouse.sys [x] R3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\DRIVERS\PTUMWBus.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMWBus.sys [x] R3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\DRIVERS\PTUMWCDF.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMWCDF.sys [x] R3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;c:\windows\system32\DRIVERS\PTUMWCSP.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMWCSP.sys [x] R3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\DRIVERS\PTUMWFLT.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMWFLT.sys [x] R3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\DRIVERS\PTUMWMdm.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMWMdm.sys [x] R3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\DRIVERS\PTUMWNET.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMWNET.sys [x] R3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;c:\windows\system32\DRIVERS\PTUMWNSP.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMWNSP.sys [x] R3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMWVsp.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMWVsp.sys [x] R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x] R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x] S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x] S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x] S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x] S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe;c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [x] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x] S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMSWISSARMY *Deregistered* - mbamchameleon . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-11-30 17:55 1087304 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-12-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 17:51] . 2014-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-25 00:44] . 2014-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-25 00:44] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2014-11-29 17:29 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-01-25 369152] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-03 10038304] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-04 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-04 390168] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-04 408600] "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <-loopback>;*.local IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe Wow6432Node-HKLM-Run-<NO NAME> - (no file) SafeBoot-mcmscsvc SafeBoot-MCODS HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) AddRemove-WildTangentGameProvider-dell-genres - c:\program files (x86)\WildTangent\Dell Games\Game Explorer Categories - genres\Uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ac,de,0b,53,85,98,ec,46,84,14,ba,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ac,de,0b,53,85,98,ec,46,84,14,ba,\ . [HKEY_USERS\S-1-5-21-51682695-2428261589-2065693235-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-51682695-2428261589-2065693235-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.15" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-12-06 13:59:00 ComboFix-quarantined-files.txt 2014-12-06 21:59 . Pre-Run: 116,619,513,856 bytes free Post-Run: 134,911,926,272 bytes free . - - End Of File - - E4A993AE11A039D9C96B5F4E2F9F971B A36C5E4F47E84449FF07ED3517B43A31 [/QUOTE]
Insert quotes…
Verification
Post reply
Top