Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Help using GMER
Message
<blockquote data-quote="Paulray" data-source="post: 140755" data-attributes="member: 13978"><p>ComboFix 13-10-19.02 - Paul Curtis 20/10/2013 1:48.1.4 - x64</p><p>Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1907.778 [GMT 1:00]</p><p>Running from: c:\users\Paul Curtis\Downloads\ComboFix.exe</p><p>SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>.</p><p>.</p><p>((((((((((((((((((((((((( Files Created from 2013-09-20 to 2013-10-20 )))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>2013-10-20 00:54 . 2013-10-20 00:54 -------- d-----w- c:\users\Default\AppData\Local\temp</p><p>2013-10-19 16:05 . 2013-10-19 16:05 -------- d-----w- c:\users\Paul Curtis\AppData\Roaming\WinZip</p><p>2013-10-19 16:00 . 2013-10-19 16:00 -------- d-----w- c:\users\Paul Curtis\AppData\Local\WinZip</p><p>2013-10-19 16:00 . 2013-10-19 16:00 -------- d-----w- c:\programdata\WinZip</p><p>2013-10-19 16:00 . 2013-10-19 16:00 -------- d-----w- c:\program files\WinZip</p><p>2013-10-18 18:09 . 2013-10-18 18:09 -------- d-----w- c:\programdata\APN</p><p>2013-10-18 17:56 . 2013-10-18 17:56 -------- d-s---w- c:\windows\SysWow64\Microsoft</p><p>2013-10-18 17:55 . 2013-10-19 15:58 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC30118E-AFE4-4096-9ED9-C31B6C4E156F}\offreg.dll</p><p>2013-10-18 13:53 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC30118E-AFE4-4096-9ED9-C31B6C4E156F}\mpengine.dll</p><p>2013-10-17 15:51 . 2013-10-17 15:51 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll</p><p>2013-10-17 12:42 . 2013-10-17 12:42 -------- d-----w- c:\users\Paul Curtis\KironRaceViewer</p><p>2013-10-16 19:04 . 2013-10-16 19:04 -------- d-----w- c:\users\Paul Curtis\AppData\Local\VS Revo Group</p><p>2013-10-16 19:04 . 2013-10-16 19:04 -------- d-----w- c:\programdata\VS Revo Group</p><p>2013-10-16 19:04 . 2009-12-30 10:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys</p><p>2013-10-16 19:04 . 2013-10-16 19:04 -------- d-----w- c:\program files\VS Revo Group</p><p>2013-10-13 22:53 . 2013-10-13 22:53 -------- d-----w- c:\users\Paul Curtis\AppData\Local\Programs</p><p>2013-10-11 12:06 . 2013-10-11 12:06 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin</p><p>2013-10-09 10:58 . 2013-10-09 10:58 -------- d-----w- c:\program files\iPod</p><p>2013-10-09 10:58 . 2013-10-09 10:59 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69</p><p>2013-10-09 10:58 . 2013-10-09 10:59 -------- d-----w- c:\program files\iTunes</p><p>2013-10-09 10:58 . 2013-10-09 10:59 -------- d-----w- c:\program files (x86)\iTunes</p><p>2013-10-09 10:28 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll</p><p>2013-10-09 10:28 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll</p><p>2013-10-09 10:28 . 2013-06-06 05:50 41472 ----a-w- c:\windows\system32\lpk.dll</p><p>2013-10-09 10:28 . 2013-06-06 05:49 14336 ----a-w- c:\windows\system32\dciman32.dll</p><p>2013-10-09 10:28 . 2013-06-06 04:57 25600 ----a-w- c:\windows\SysWow64\lpk.dll</p><p>2013-10-09 10:28 . 2013-06-06 04:50 10240 ----a-w- c:\windows\SysWow64\dciman32.dll</p><p>2013-10-09 10:28 . 2013-06-06 03:30 368128 ----a-w- c:\windows\system32\atmfd.dll</p><p>2013-10-09 10:28 . 2013-06-06 03:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll</p><p>2013-10-09 10:26 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys</p><p>2013-10-09 10:26 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys</p><p>2013-10-09 10:26 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys</p><p>2013-10-09 10:26 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys</p><p>2013-10-09 10:26 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys</p><p>2013-10-09 10:26 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys</p><p>2013-10-09 10:26 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys</p><p>2013-09-27 12:53 . 2013-09-27 12:54 -------- d-----w- c:\users\Paul Curtis\AppData\Roaming\Enlightenus2_BFG</p><p>2013-09-27 12:52 . 2013-09-27 12:52 -------- d-----w- c:\program files (x86)\Enlightenus II - The Timeless Tower Collector's Edition</p><p>2013-09-20 16:45 . 2013-09-20 16:45 -------- d-----w- c:\program files (x86)\Common Files\Java</p><p>2013-09-20 16:45 . 2013-10-17 15:51 -------- d-----w- c:\programdata\Oracle</p><p>.</p><p>.</p><p>.</p><p>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>2013-10-09 14:25 . 2013-08-26 04:28 80541720 ----a-w- c:\windows\system32\MRT.exe</p><p>2013-09-03 13:35 . 2013-08-27 20:41 278800 ------w- c:\windows\system32\MpSigStub.exe</p><p>2013-08-30 07:48 . 2013-08-30 07:55 22600 ----a-w- c:\windows\system32\drivers\aswKbd.sys</p><p>2013-08-30 07:47 . 2013-08-25 22:22 287840 ----a-w- c:\windows\system32\aswBoot.exe</p><p>2013-08-29 01:48 . 2013-10-09 10:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll</p><p>2013-08-27 22:23 . 2013-08-27 22:23 97280 ----a-w- c:\windows\system32\mshtmled.dll</p><p>2013-08-27 22:23 . 2013-08-27 22:23 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe</p><p>2013-08-27 22:23 . 2013-08-27 22:23 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll</p><p>2013-08-27 22:23 . 2013-08-27 22:23 81408 ----a-w- c:\windows\system32\icardie.dll</p><p>2013-08-27 22:23 . 2013-08-27 22:23 77312 ----a-w- c:\windows\system32\tdc.ocx</p><p>2013-08-27 22:23 . 2013-08-27 22:23 762368 ----a-w- c:\windows\system32\ieapfltr.dll</p><p>2013-08-27 22:23 . 2013-08-27 22:23 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe</p><p>2013-08-27 22:23 . 2013-08-27 22:23 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll</p><p>2013-08-27 22:23 . 2013-08-27 22:23 62976 ----a-w- c:\windows\system32\pngfilt.dll</p><p>2013-08-27 22:23 . 2013-08-27 22:23 61952 ----a-w- c:\windows\SysWow64\tdc.ocx</p><p>2013-08-27 22:23 . 2013-08-27 22:23 599552 ----a-w- c:\windows\system32\vbscript.dll</p><p>2013-08-27 22:23 . 2013-08-27 22:23 523264 ----a-w- c:\windows\SysWow64\vbscript.dll</p><p>2013-08-27 22:23 . 2013-08-27 22:23 52224 ----a-w- c:\windows\system32\msfeedsbs.dll</p><p>2013-08-27 22:23 . 2013-08-27 22:23 51200 ----a-w- c:\windows\system32\imgutil.dll</p><p>2013-08-27 22:23 . 2013-08-27 22:23 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll</p><p>2013-08-27 22:23 . 2013-08-27 22:23 48640 ----a-w- c:\windows\system32\mshtmler.dll</p><p>2013-08-27 22:23 . 2013-08-27 22:23 452096 ----a-w- c:\windows\system32\dxtmsft.dll</p><p>2013-08-27 22:23 . 2013-08-27 22:23 441856 ----a-w- c:\windows\system32\html.iec</p><p>2013-08-27 22:23 . 2013-08-27 22:23 38400 ----a-w- c:\windows\SysWow64\imgutil.dll</p><p>2013-08-27 22:23 . 2013-08-27 22:23 361984 ----a-w- c:\windows\SysWow64\html.iec</p><p>2013-08-27 22:23 . 2013-08-27 22:23 281600 ----a-w- c:\windows\system32\dxtrans.dll</p><p>2013-08-27 22:23 . 2013-08-27 22:23 27648 ----a-w- c:\windows\system32\licmgr10.dll</p><p>2013-08-27 22:23 . 2013-08-27 22:23 270848 ----a-w- c:\windows\system32\iedkcs32.dll</p><p>2013-08-27 22:23 . 2013-08-27 22:23 247296 ----a-w- c:\windows\system32\webcheck.dll</p><p>2013-08-27 22:23 . 2013-08-27 22:23 235008 ----a-w- c:\windows\system32\url.dll</p><p>2013-08-27 22:23 . 2013-08-27 22:23 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll</p><p>2013-08-27 22:23 . 2013-08-27 22:23 226304 ----a-w- c:\windows\system32\elshyph.dll</p><p>2013-08-27 22:23 . 2013-08-27 22:23 216064 ----a-w- c:\windows\system32\msls31.dll</p><p>2013-08-27 22:23 . 2013-08-27 22:23 197120 ----a-w- c:\windows\system32\msrating.dll</p><p>2013-08-27 22:23 . 2013-08-27 22:23 185344 ----a-w- c:\windows\SysWow64\elshyph.dll</p><p>2013-08-27 22:23 . 2013-08-27 22:23 173568 ----a-w- c:\windows\system32\ieUnatt.exe</p><p>2013-08-27 22:23 . 2013-08-27 22:23 167424 ----a-w- c:\windows\system32\iexpress.exe</p><p>2013-08-27 22:23 . 2013-08-27 22:23 158720 ----a-w- c:\windows\SysWow64\msls31.dll</p><p>2013-08-27 22:23 . 2013-08-27 22:23 1509376 ----a-w- c:\windows\system32\inetcpl.cpl</p><p>2013-08-27 22:23 . 2013-08-27 22:23 150528 ----a-w- c:\windows\SysWow64\iexpress.exe</p><p>2013-08-27 22:23 . 2013-08-27 22:23 149504 ----a-w- c:\windows\system32\occache.dll</p><p>2013-08-27 22:23 . 2013-08-27 22:23 144896 ----a-w- c:\windows\system32\wextract.exe</p><p>2013-08-27 22:23 . 2013-08-27 22:23 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl</p><p>2013-08-27 22:23 . 2013-08-27 22:23 1400416 ----a-w- c:\windows\system32\ieapfltr.dat</p><p>2013-08-27 22:23 . 2013-08-27 22:23 138752 ----a-w- c:\windows\SysWow64\wextract.exe</p><p>2013-08-27 22:23 . 2013-08-27 22:23 13824 ----a-w- c:\windows\system32\mshta.exe</p><p>2013-08-27 22:23 . 2013-08-27 22:23 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe</p><p>2013-08-27 22:23 . 2013-08-27 22:23 136192 ----a-w- c:\windows\system32\iepeers.dll</p><p>2013-08-27 22:23 . 2013-08-27 22:23 135680 ----a-w- c:\windows\system32\IEAdvpack.dll</p><p>2013-08-27 22:23 . 2013-08-27 22:23 12800 ----a-w- c:\windows\SysWow64\mshta.exe</p><p>2013-08-27 22:23 . 2013-08-27 22:23 12800 ----a-w- c:\windows\system32\msfeedssync.exe</p><p>2013-08-27 22:23 . 2013-08-27 22:23 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll</p><p>2013-08-27 22:23 . 2013-08-27 22:23 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe</p><p>2013-08-27 22:23 . 2013-08-27 22:23 102912 ----a-w- c:\windows\system32\inseng.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 648192 ----a-w- c:\windows\system32\d3d10level9.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 465920 ----a-w- c:\windows\system32\WMPhoto.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 3928064 ----a-w- c:\windows\system32\d2d1.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 363008 ----a-w- c:\windows\system32\dxgi.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 333312 ----a-w- c:\windows\system32\d3d10_1core.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 296960 ----a-w- c:\windows\system32\d3d10core.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 293376 ----a-w- c:\windows\SysWow64\dxgi.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 2565120 ----a-w- c:\windows\system32\d3d10warp.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 221184 ----a-w- c:\windows\system32\UIAnimation.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 194560 ----a-w- c:\windows\system32\d3d10_1.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 1682432 ----a-w- c:\windows\system32\XpsPrint.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 1238528 ----a-w- c:\windows\system32\d3d10.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 1175552 ----a-w- c:\windows\system32\FntCache.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll</p><p>2013-08-27 22:22 . 2013-08-27 22:22 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>*Note* empty entries & legit default entries are not shown </p><p>REGEDIT4</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]</p><p>"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-03-03 352256]</p><p>"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]</p><p>"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-15 34160]</p><p>"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]</p><p>"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]</p><p>"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]</p><p>"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]</p><p>"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-01 152392]</p><p>"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]</p><p>.</p><p>[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]</p><p>"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]</p><p>.</p><p>c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\</p><p>TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</p><p>"ConsentPromptBehaviorAdmin"= 5 (0x5)</p><p>"ConsentPromptBehaviorUser"= 3 (0x3)</p><p>"EnableUIADesktopToggle"= 0 (0x0)</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]</p><p>@=""</p><p>.</p><p>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]</p><p>R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]</p><p>R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]</p><p>R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]</p><p>R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]</p><p>R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]</p><p>R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]</p><p>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]</p><p>R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]</p><p>S0 aswKbd;aswKbd; [x]</p><p>S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]</p><p>S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]</p><p>S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x]</p><p>S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]</p><p>S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]</p><p>S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys;c:\windows\SYSNATIVE\DRIVERS\CeKbFilter.sys [x]</p><p>S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]</p><p>S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]</p><p>S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]</p><p>S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]</p><p>S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]</p><p>S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]</p><p>S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]</p><p>.</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]</p><p>2013-10-15 17:41 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe</p><p>.</p><p>Contents of the 'Scheduled Tasks' folder</p><p>.</p><p>2013-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-25 22:22]</p><p>.</p><p>2013-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-25 22:22]</p><p>.</p><p>.</p><p>--------- X64 Entries -----------</p><p>.</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-05-11 1050072]</p><p>"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 161304]</p><p>"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 386584]</p><p>"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 415256]</p><p>"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]</p><p>"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-28 2120808]</p><p>"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]</p><p>"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]</p><p>"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136]</p><p>.</p><p>------- Supplementary Scan -------</p><p>.</p><p>uLocal Page = c:\windows\system32\blank.htm</p><p>uStart Page = hxxp://toshiba.msn.com</p><p>mLocal Page = c:\windows\SysWOW64\blank.htm</p><p>uInternet Settings,ProxyOverride = *.local</p><p>TCP: DhcpNameServer = 192.168.0.1</p><p>.</p><p>- - - - ORPHANS REMOVED - - - -</p><p>.</p><p>Toolbar-Locked - (no file)</p><p>HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start</p><p>Toolbar-Locked - (no file)</p><p>HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe</p><p>HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe</p><p>HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE</p><p>HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe</p><p>HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe</p><p>HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe</p><p>HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe</p><p>.</p><p>.</p><p>.</p><p>--------------------- LOCKED REGISTRY KEYS ---------------------</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="FlashBroker"</p><p>"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]</p><p>"Enabled"=dword:00000001</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="Shockwave Flash Object"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"</p><p>"ThreadingModel"="Apartment"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]</p><p>@="0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]</p><p>@="ShockwaveFlash.ShockwaveFlash.10"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]</p><p>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]</p><p>@="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</p><p>@="ShockwaveFlash.ShockwaveFlash"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="Macromedia Flash Factory Object"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"</p><p>"ThreadingModel"="Apartment"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]</p><p>@="FlashFactory.FlashFactory.1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]</p><p>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]</p><p>@="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</p><p>@="FlashFactory.FlashFactory"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="IFlashBroker4"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]</p><p>@="{00020424-0000-0000-C000-000000000046}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>"Version"="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]</p><p>"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,</p><p> 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]</p><p>@Denied: (Full) (Everyone)</p><p>.</p><p>Completion time: 2013-10-20 01:57:09</p><p>ComboFix-quarantined-files.txt 2013-10-20 00:57</p><p>.</p><p>Pre-Run: 122,099,220,480 bytes free</p><p>Post-Run: 121,796,063,232 bytes free</p><p>.</p><p>- - End Of File - - 373EAC40A7378B2F91630CC62D0C89F3</p></blockquote><p></p>
[QUOTE="Paulray, post: 140755, member: 13978"] ComboFix 13-10-19.02 - Paul Curtis 20/10/2013 1:48.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1907.778 [GMT 1:00] Running from: c:\users\Paul Curtis\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-09-20 to 2013-10-20 ))))))))))))))))))))))))))))))) . . 2013-10-20 00:54 . 2013-10-20 00:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-10-19 16:05 . 2013-10-19 16:05 -------- d-----w- c:\users\Paul Curtis\AppData\Roaming\WinZip 2013-10-19 16:00 . 2013-10-19 16:00 -------- d-----w- c:\users\Paul Curtis\AppData\Local\WinZip 2013-10-19 16:00 . 2013-10-19 16:00 -------- d-----w- c:\programdata\WinZip 2013-10-19 16:00 . 2013-10-19 16:00 -------- d-----w- c:\program files\WinZip 2013-10-18 18:09 . 2013-10-18 18:09 -------- d-----w- c:\programdata\APN 2013-10-18 17:56 . 2013-10-18 17:56 -------- d-s---w- c:\windows\SysWow64\Microsoft 2013-10-18 17:55 . 2013-10-19 15:58 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC30118E-AFE4-4096-9ED9-C31B6C4E156F}\offreg.dll 2013-10-18 13:53 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC30118E-AFE4-4096-9ED9-C31B6C4E156F}\mpengine.dll 2013-10-17 15:51 . 2013-10-17 15:51 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-10-17 12:42 . 2013-10-17 12:42 -------- d-----w- c:\users\Paul Curtis\KironRaceViewer 2013-10-16 19:04 . 2013-10-16 19:04 -------- d-----w- c:\users\Paul Curtis\AppData\Local\VS Revo Group 2013-10-16 19:04 . 2013-10-16 19:04 -------- d-----w- c:\programdata\VS Revo Group 2013-10-16 19:04 . 2009-12-30 10:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys 2013-10-16 19:04 . 2013-10-16 19:04 -------- d-----w- c:\program files\VS Revo Group 2013-10-13 22:53 . 2013-10-13 22:53 -------- d-----w- c:\users\Paul Curtis\AppData\Local\Programs 2013-10-11 12:06 . 2013-10-11 12:06 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin 2013-10-09 10:58 . 2013-10-09 10:58 -------- d-----w- c:\program files\iPod 2013-10-09 10:58 . 2013-10-09 10:59 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-10-09 10:58 . 2013-10-09 10:59 -------- d-----w- c:\program files\iTunes 2013-10-09 10:58 . 2013-10-09 10:59 -------- d-----w- c:\program files (x86)\iTunes 2013-10-09 10:28 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll 2013-10-09 10:28 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll 2013-10-09 10:28 . 2013-06-06 05:50 41472 ----a-w- c:\windows\system32\lpk.dll 2013-10-09 10:28 . 2013-06-06 05:49 14336 ----a-w- c:\windows\system32\dciman32.dll 2013-10-09 10:28 . 2013-06-06 04:57 25600 ----a-w- c:\windows\SysWow64\lpk.dll 2013-10-09 10:28 . 2013-06-06 04:50 10240 ----a-w- c:\windows\SysWow64\dciman32.dll 2013-10-09 10:28 . 2013-06-06 03:30 368128 ----a-w- c:\windows\system32\atmfd.dll 2013-10-09 10:28 . 2013-06-06 03:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2013-10-09 10:26 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-10-09 10:26 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-10-09 10:26 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys 2013-10-09 10:26 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2013-10-09 10:26 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2013-10-09 10:26 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys 2013-10-09 10:26 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2013-09-27 12:53 . 2013-09-27 12:54 -------- d-----w- c:\users\Paul Curtis\AppData\Roaming\Enlightenus2_BFG 2013-09-27 12:52 . 2013-09-27 12:52 -------- d-----w- c:\program files (x86)\Enlightenus II - The Timeless Tower Collector's Edition 2013-09-20 16:45 . 2013-09-20 16:45 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-09-20 16:45 . 2013-10-17 15:51 -------- d-----w- c:\programdata\Oracle . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-10-09 14:25 . 2013-08-26 04:28 80541720 ----a-w- c:\windows\system32\MRT.exe 2013-09-03 13:35 . 2013-08-27 20:41 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-08-30 07:48 . 2013-08-30 07:55 22600 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2013-08-30 07:47 . 2013-08-25 22:22 287840 ----a-w- c:\windows\system32\aswBoot.exe 2013-08-29 01:48 . 2013-10-09 10:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-08-27 22:23 . 2013-08-27 22:23 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-08-27 22:23 . 2013-08-27 22:23 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-08-27 22:23 . 2013-08-27 22:23 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-08-27 22:23 . 2013-08-27 22:23 81408 ----a-w- c:\windows\system32\icardie.dll 2013-08-27 22:23 . 2013-08-27 22:23 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-08-27 22:23 . 2013-08-27 22:23 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-08-27 22:23 . 2013-08-27 22:23 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-08-27 22:23 . 2013-08-27 22:23 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-08-27 22:23 . 2013-08-27 22:23 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-08-27 22:23 . 2013-08-27 22:23 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-08-27 22:23 . 2013-08-27 22:23 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-08-27 22:23 . 2013-08-27 22:23 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-08-27 22:23 . 2013-08-27 22:23 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-08-27 22:23 . 2013-08-27 22:23 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-08-27 22:23 . 2013-08-27 22:23 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-08-27 22:23 . 2013-08-27 22:23 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-08-27 22:23 . 2013-08-27 22:23 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-08-27 22:23 . 2013-08-27 22:23 441856 ----a-w- c:\windows\system32\html.iec 2013-08-27 22:23 . 2013-08-27 22:23 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-08-27 22:23 . 2013-08-27 22:23 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-08-27 22:23 . 2013-08-27 22:23 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-08-27 22:23 . 2013-08-27 22:23 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-08-27 22:23 . 2013-08-27 22:23 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-08-27 22:23 . 2013-08-27 22:23 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-08-27 22:23 . 2013-08-27 22:23 235008 ----a-w- c:\windows\system32\url.dll 2013-08-27 22:23 . 2013-08-27 22:23 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-08-27 22:23 . 2013-08-27 22:23 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-08-27 22:23 . 2013-08-27 22:23 216064 ----a-w- c:\windows\system32\msls31.dll 2013-08-27 22:23 . 2013-08-27 22:23 197120 ----a-w- c:\windows\system32\msrating.dll 2013-08-27 22:23 . 2013-08-27 22:23 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-08-27 22:23 . 2013-08-27 22:23 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-08-27 22:23 . 2013-08-27 22:23 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-08-27 22:23 . 2013-08-27 22:23 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-08-27 22:23 . 2013-08-27 22:23 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-08-27 22:23 . 2013-08-27 22:23 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-08-27 22:23 . 2013-08-27 22:23 149504 ----a-w- c:\windows\system32\occache.dll 2013-08-27 22:23 . 2013-08-27 22:23 144896 ----a-w- c:\windows\system32\wextract.exe 2013-08-27 22:23 . 2013-08-27 22:23 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-08-27 22:23 . 2013-08-27 22:23 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-08-27 22:23 . 2013-08-27 22:23 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-08-27 22:23 . 2013-08-27 22:23 13824 ----a-w- c:\windows\system32\mshta.exe 2013-08-27 22:23 . 2013-08-27 22:23 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-08-27 22:23 . 2013-08-27 22:23 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-08-27 22:23 . 2013-08-27 22:23 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-08-27 22:23 . 2013-08-27 22:23 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-08-27 22:23 . 2013-08-27 22:23 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-08-27 22:23 . 2013-08-27 22:23 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-08-27 22:23 . 2013-08-27 22:23 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-08-27 22:23 . 2013-08-27 22:23 102912 ----a-w- c:\windows\system32\inseng.dll 2013-08-27 22:22 . 2013-08-27 22:22 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-08-27 22:22 . 2013-08-27 22:22 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-08-27 22:22 . 2013-08-27 22:22 648192 ----a-w- c:\windows\system32\d3d10level9.dll 2013-08-27 22:22 . 2013-08-27 22:22 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2013-08-27 22:22 . 2013-08-27 22:22 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-08-27 22:22 . 2013-08-27 22:22 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-08-27 22:22 . 2013-08-27 22:22 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-08-27 22:22 . 2013-08-27 22:22 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-08-27 22:22 . 2013-08-27 22:22 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-08-27 22:22 . 2013-08-27 22:22 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2013-08-27 22:22 . 2013-08-27 22:22 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-08-27 22:22 . 2013-08-27 22:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-08-27 22:22 . 2013-08-27 22:22 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-08-27 22:22 . 2013-08-27 22:22 3928064 ----a-w- c:\windows\system32\d2d1.dll 2013-08-27 22:22 . 2013-08-27 22:22 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2013-08-27 22:22 . 2013-08-27 22:22 363008 ----a-w- c:\windows\system32\dxgi.dll 2013-08-27 22:22 . 2013-08-27 22:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-08-27 22:22 . 2013-08-27 22:22 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-08-27 22:22 . 2013-08-27 22:22 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll 2013-08-27 22:22 . 2013-08-27 22:22 333312 ----a-w- c:\windows\system32\d3d10_1core.dll 2013-08-27 22:22 . 2013-08-27 22:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-08-27 22:22 . 2013-08-27 22:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-08-27 22:22 . 2013-08-27 22:22 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-08-27 22:22 . 2013-08-27 22:22 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-08-27 22:22 . 2013-08-27 22:22 296960 ----a-w- c:\windows\system32\d3d10core.dll 2013-08-27 22:22 . 2013-08-27 22:22 293376 ----a-w- c:\windows\SysWow64\dxgi.dll 2013-08-27 22:22 . 2013-08-27 22:22 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2013-08-27 22:22 . 2013-08-27 22:22 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2013-08-27 22:22 . 2013-08-27 22:22 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-08-27 22:22 . 2013-08-27 22:22 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-08-27 22:22 . 2013-08-27 22:22 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2013-08-27 22:22 . 2013-08-27 22:22 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2013-08-27 22:22 . 2013-08-27 22:22 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll 2013-08-27 22:22 . 2013-08-27 22:22 221184 ----a-w- c:\windows\system32\UIAnimation.dll 2013-08-27 22:22 . 2013-08-27 22:22 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll 2013-08-27 22:22 . 2013-08-27 22:22 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll 2013-08-27 22:22 . 2013-08-27 22:22 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2013-08-27 22:22 . 2013-08-27 22:22 194560 ----a-w- c:\windows\system32\d3d10_1.dll 2013-08-27 22:22 . 2013-08-27 22:22 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll 2013-08-27 22:22 . 2013-08-27 22:22 1682432 ----a-w- c:\windows\system32\XpsPrint.dll 2013-08-27 22:22 . 2013-08-27 22:22 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2013-08-27 22:22 . 2013-08-27 22:22 1238528 ----a-w- c:\windows\system32\d3d10.dll 2013-08-27 22:22 . 2013-08-27 22:22 1175552 ----a-w- c:\windows\system32\FntCache.dll 2013-08-27 22:22 . 2013-08-27 22:22 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2013-08-27 22:22 . 2013-08-27 22:22 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll 2013-08-27 22:22 . 2013-08-27 22:22 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-03-03 352256] "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936] "KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-15 34160] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-01 152392] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 aswKbd;aswKbd; [x] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x] S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys;c:\windows\SYSNATIVE\DRIVERS\CeKbFilter.sys [x] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-10-15 17:41 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-25 22:22] . 2013-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-25 22:22] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-05-11 1050072] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 415256] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-28 2120808] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://toshiba.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.0.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-10-20 01:57:09 ComboFix-quarantined-files.txt 2013-10-20 00:57 . Pre-Run: 122,099,220,480 bytes free Post-Run: 121,796,063,232 bytes free . - - End Of File - - 373EAC40A7378B2F91630CC62D0C89F3 [/QUOTE]
Insert quotes…
Verification
Post reply
Top