Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Mandient Cyber Security Virus
Message
<blockquote data-quote="pennie59" data-source="post: 144002" data-attributes="member: 14789"><p>Here's the ComboFix log:</p><p></p><p>ComboFix 13-11-12.01 - Will 11/13/2013 17:16:56.1.2 - x64</p><p>Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.1890 [GMT -5:00]</p><p>Running from: c:\users\Will\Desktop\ComboFix.exe</p><p>AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}</p><p>FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}</p><p>SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}</p><p>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>C:\END</p><p>c:\windows\SysWow64\FlashPlayerApp.exe</p><p>.</p><p>.</p><p>((((((((((((((((((((((((( Files Created from 2013-10-13 to 2013-11-13 )))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>2013-11-13 22:25 . 2013-11-13 22:25 -------- d-----w- c:\users\Default\AppData\Local\temp</p><p>2013-11-13 00:56 . 2013-11-13 00:56 -------- d-----w- C:\FRST</p><p>2013-11-12 22:45 . 2013-11-13 22:29 -------- d-----w- c:\users\Will\AppData\Local\Temp</p><p>2013-11-11 22:21 . 2013-11-11 22:21 -------- d-----w- C:\found.000</p><p>.</p><p>.</p><p>.</p><p>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>2013-10-11 02:34 . 2011-10-08 20:20 80541720 ----a-w- c:\windows\system32\MRT.exe</p><p>2013-10-08 22:10 . 2011-10-24 21:35 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl</p><p>2013-10-08 22:10 . 2013-10-08 22:10 17813896 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe</p><p>2013-09-22 23:28 . 2013-10-11 02:48 1767936 ----a-w- c:\windows\SysWow64\wininet.dll</p><p>2013-09-22 23:27 . 2013-10-11 02:48 2876928 ----a-w- c:\windows\SysWow64\jscript9.dll</p><p>2013-09-22 23:27 . 2013-10-11 02:48 61440 ----a-w- c:\windows\SysWow64\iesetup.dll</p><p>2013-09-22 23:27 . 2013-10-11 02:48 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll</p><p>2013-09-22 22:55 . 2013-10-11 02:48 51712 ----a-w- c:\windows\system32\ie4uinit.exe</p><p>2013-09-22 22:55 . 2013-10-11 02:48 2241024 ----a-w- c:\windows\system32\wininet.dll</p><p>2013-09-22 22:55 . 2013-10-11 02:48 1365504 ----a-w- c:\windows\system32\urlmon.dll</p><p>2013-09-22 22:54 . 2013-10-11 02:48 603136 ----a-w- c:\windows\system32\msfeeds.dll</p><p>2013-09-22 22:54 . 2013-10-11 02:48 19252224 ----a-w- c:\windows\system32\mshtml.dll</p><p>2013-09-22 22:54 . 2013-10-11 02:48 855552 ----a-w- c:\windows\system32\jscript.dll</p><p>2013-09-22 22:54 . 2013-10-11 02:48 3959296 ----a-w- c:\windows\system32\jscript9.dll</p><p>2013-09-22 22:54 . 2013-10-11 02:48 53248 ----a-w- c:\windows\system32\jsproxy.dll</p><p>2013-09-22 22:54 . 2013-10-11 02:48 526336 ----a-w- c:\windows\system32\ieui.dll</p><p>2013-09-22 22:54 . 2013-10-11 02:48 67072 ----a-w- c:\windows\system32\iesetup.dll</p><p>2013-09-22 22:54 . 2013-10-11 02:48 39936 ----a-w- c:\windows\system32\iernonce.dll</p><p>2013-09-22 22:54 . 2013-10-11 02:48 136704 ----a-w- c:\windows\system32\iesysprep.dll</p><p>2013-09-22 22:54 . 2013-10-11 02:48 2647552 ----a-w- c:\windows\system32\iertutil.dll</p><p>2013-09-22 22:54 . 2013-10-11 02:48 15404544 ----a-w- c:\windows\system32\ieframe.dll</p><p>2013-09-21 03:38 . 2013-10-11 02:48 2706432 ----a-w- c:\windows\system32\mshtml.tlb</p><p>2013-09-21 03:30 . 2013-10-11 02:48 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb</p><p>2013-09-21 02:48 . 2013-10-11 02:48 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe</p><p>2013-09-21 02:39 . 2013-10-11 02:48 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe</p><p>2013-09-14 01:10 . 2013-10-10 22:15 497152 ----a-w- c:\windows\system32\drivers\afd.sys</p><p>2013-09-08 02:30 . 2013-10-10 22:15 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys</p><p>2013-09-08 02:27 . 2013-10-10 22:15 327168 ----a-w- c:\windows\system32\mswsock.dll</p><p>2013-09-08 02:03 . 2013-10-10 22:15 231424 ----a-w- c:\windows\SysWow64\mswsock.dll</p><p>2013-09-05 05:43 . 2013-09-05 05:43 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys</p><p>2013-08-29 02:17 . 2013-10-10 22:14 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe</p><p>2013-08-29 02:16 . 2013-10-10 22:14 1732032 ----a-w- c:\windows\system32\ntdll.dll</p><p>2013-08-29 02:16 . 2013-10-10 22:14 243712 ----a-w- c:\windows\system32\wow64.dll</p><p>2013-08-29 02:16 . 2013-10-10 22:14 859648 ----a-w- c:\windows\system32\tdh.dll</p><p>2013-08-29 02:13 . 2013-10-10 22:14 878080 ----a-w- c:\windows\system32\advapi32.dll</p><p>2013-08-29 01:51 . 2013-10-10 22:14 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe</p><p>2013-08-29 01:51 . 2013-10-10 22:14 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe</p><p>2013-08-29 01:50 . 2013-10-10 22:14 5120 ----a-w- c:\windows\SysWow64\wow32.dll</p><p>2013-08-29 01:50 . 2013-10-10 22:14 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll</p><p>2013-08-29 01:50 . 2013-10-10 22:14 619520 ----a-w- c:\windows\SysWow64\tdh.dll</p><p>2013-08-29 01:48 . 2013-10-10 22:14 640512 ----a-w- c:\windows\SysWow64\advapi32.dll</p><p>2013-08-29 01:48 . 2013-10-10 22:14 44032 ----a-w- c:\windows\apppatch\acwow64.dll</p><p>2013-08-29 00:49 . 2013-10-10 22:14 25600 ----a-w- c:\windows\SysWow64\setup16.exe</p><p>2013-08-29 00:49 . 2013-10-10 22:14 7680 ----a-w- c:\windows\SysWow64\instnm.exe</p><p>2013-08-29 00:49 . 2013-10-10 22:14 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll</p><p>2013-08-29 00:49 . 2013-10-10 22:14 2048 ----a-w- c:\windows\SysWow64\user.exe</p><p>2013-08-28 01:21 . 2013-10-10 22:15 3155968 ----a-w- c:\windows\system32\win32k.sys</p><p>2013-08-28 01:12 . 2013-10-10 22:14 461312 ----a-w- c:\windows\system32\scavengeui.dll</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>*Note* empty entries & legit default entries are not shown </p><p>REGEDIT4</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]</p><p>"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]</p><p>"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]</p><p>"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]</p><p>"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792]</p><p>"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]</p><p>"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]</p><p>"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-09-23 4411952]</p><p>"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]</p><p>"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]</p><p>"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]</p><p>.</p><p>c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\</p><p>HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</p><p>"ConsentPromptBehaviorAdmin"= 5 (0x5)</p><p>"ConsentPromptBehaviorUser"= 3 (0x3)</p><p>"EnableUIADesktopToggle"= 0 (0x0)</p><p>.</p><p>[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]</p><p>"HideSCANetwork"= 1 (0x1)</p><p>"HideSCABattery"= 1 (0x1)</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]</p><p>"LoadAppInit_DLLs"=1 (0x1)</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]</p><p>"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"</p><p>"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe</p><p>"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"</p><p>.</p><p>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]</p><p>R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]</p><p>R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]</p><p>R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]</p><p>R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]</p><p>R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]</p><p>R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]</p><p>R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]</p><p>R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]</p><p>R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]</p><p>R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]</p><p>R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]</p><p>R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]</p><p>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]</p><p>R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]</p><p>S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]</p><p>S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]</p><p>S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]</p><p>S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]</p><p>S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]</p><p>S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]</p><p>S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]</p><p>S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]</p><p>S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [x]</p><p>S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe;c:\program files (x86)\AVG\AVG2013\avgfws.exe [x]</p><p>S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]</p><p>S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]</p><p>S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]</p><p>S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]</p><p>S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe [x]</p><p>S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]</p><p>S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]</p><p>S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]</p><p>S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]</p><p>S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]</p><p>S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]</p><p>S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]</p><p>S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]</p><p>S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]</p><p>S3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]</p><p>.</p><p>.</p><p>--- Other Services/Drivers In Memory ---</p><p>.</p><p>*NewlyCreated* - WS2IFSL</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]</p><p>hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc</p><p>.</p><p>Contents of the 'Scheduled Tasks' folder</p><p>.</p><p>2013-11-13 c:\windows\Tasks\Adobe Flash Player Updater.job</p><p>- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 22:10]</p><p>.</p><p>2013-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-03 23:23]</p><p>.</p><p>2013-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-03 23:23]</p><p>.</p><p>.</p><p>--------- X64 Entries -----------</p><p>.</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]</p><p>"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]</p><p>"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]</p><p>"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 415256]</p><p>"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]</p><p>"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]</p><p>"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]</p><p>"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 161304]</p><p>"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 386584]</p><p>"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]</p><p>.</p><p>------- Supplementary Scan -------</p><p>.</p><p>uLocal Page = c:\windows\system32\blank.htm</p><p>uStart Page = hxxp://my.yahoo.com/</p><p>mLocal Page = c:\windows\SysWOW64\blank.htm</p><p>uInternet Settings,ProxyOverride = <local></p><p>IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200</p><p>TCP: DhcpNameServer = 192.168.0.1</p><p>.</p><p>- - - - ORPHANS REMOVED - - - -</p><p>.</p><p>Toolbar-Locked - (no file)</p><p>Toolbar-10 - (no file)</p><p>HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start</p><p>Toolbar-Locked - (no file)</p><p>Toolbar-10 - (no file)</p><p>HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE</p><p>HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe</p><p>HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe</p><p>HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe</p><p>HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe</p><p>HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe</p><p>HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe</p><p>HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe</p><p>HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe</p><p>HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe</p><p>.</p><p>.</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCCUJobMgr]</p><p>"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.5.60\diMaster.dll\" /prefetch:1"</p><p>.</p><p>--------------------- LOCKED REGISTRY KEYS ---------------------</p><p>.</p><p>[HKEY_USERS\S-1-5-21-645005121-2817055841-3344550160-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]</p><p>@Denied: (2) (S-1-5-21-645005121-2817055841-3344550160-1001)</p><p>@Denied: (2) (LocalSystem)</p><p>"Progid"="IE.AssocFile.HTM"</p><p>.</p><p>[HKEY_USERS\S-1-5-21-645005121-2817055841-3344550160-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]</p><p>@Denied: (2) (S-1-5-21-645005121-2817055841-3344550160-1001)</p><p>@Denied: (2) (LocalSystem)</p><p>"Progid"="IE.AssocFile.HTM"</p><p>.</p><p>[HKEY_USERS\S-1-5-21-645005121-2817055841-3344550160-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]</p><p>@Denied: (2) (S-1-5-21-645005121-2817055841-3344550160-1001)</p><p>@Denied: (2) (LocalSystem)</p><p>"Progid"="IE.AssocFile.SVG"</p><p>.</p><p>[HKEY_USERS\S-1-5-21-645005121-2817055841-3344550160-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]</p><p>@Denied: (2) (S-1-5-21-645005121-2817055841-3344550160-1001)</p><p>@Denied: (2) (LocalSystem)</p><p>"Progid"="IE.AssocFile.XHT"</p><p>.</p><p>[HKEY_USERS\S-1-5-21-645005121-2817055841-3344550160-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]</p><p>@Denied: (2) (S-1-5-21-645005121-2817055841-3344550160-1001)</p><p>@Denied: (2) (LocalSystem)</p><p>"Progid"="IE.AssocFile.XHT"</p><p>.</p><p>[HKEY_USERS\S-1-5-21-645005121-2817055841-3344550160-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]</p><p>@Denied: (2) (LocalSystem)</p><p>"Progid"="SafariHTML"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="FlashBroker"</p><p>"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]</p><p>"Enabled"=dword:00000001</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]</p><p>@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="IFlashBroker5"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]</p><p>@="{00020424-0000-0000-C000-000000000046}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>"Version"="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="FlashBroker"</p><p>"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]</p><p>"Enabled"=dword:00000001</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]</p><p>@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="Shockwave Flash Object"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]</p><p>@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"</p><p>"ThreadingModel"="Apartment"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]</p><p>@="0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]</p><p>@="ShockwaveFlash.ShockwaveFlash.11"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</p><p>@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]</p><p>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]</p><p>@="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</p><p>@="ShockwaveFlash.ShockwaveFlash"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="Macromedia Flash Factory Object"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]</p><p>@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"</p><p>"ThreadingModel"="Apartment"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]</p><p>@="FlashFactory.FlashFactory.1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</p><p>@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]</p><p>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]</p><p>@="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</p><p>@="FlashFactory.FlashFactory"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="IFlashBroker5"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]</p><p>@="{00020424-0000-0000-C000-000000000046}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>"Version"="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]</p><p>@Denied: (A) (Everyone)</p><p>"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]</p><p>@Denied: (A) (Everyone)</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]</p><p>"Key"="ActionsPane3"</p><p>"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]</p><p>@Denied: (Full) (Everyone)</p><p>.</p><p>------------------------ Other Running Processes ------------------------</p><p>.</p><p>c:\program files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe</p><p>c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe</p><p>c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</p><p>c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe</p><p>c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe</p><p>c:\program files (x86)\IObit\Advanced SystemCare 6\Monitor.exe</p><p>c:\program files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe</p><p>.</p><p>**************************************************************************</p><p>.</p><p>Completion time: 2013-11-13 17:43:16 - machine was rebooted</p><p>ComboFix-quarantined-files.txt 2013-11-13 22:43</p><p>.</p><p>Pre-Run: 161,131,610,112 bytes free</p><p>Post-Run: 160,903,249,920 bytes free</p><p>.</p><p>- - End Of File - - 4FBD96604DAAC8E859023A297BF0AED3</p></blockquote><p></p>
[QUOTE="pennie59, post: 144002, member: 14789"] Here's the ComboFix log: ComboFix 13-11-12.01 - Will 11/13/2013 17:16:56.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.1890 [GMT -5:00] Running from: c:\users\Will\Desktop\ComboFix.exe AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\END c:\windows\SysWow64\FlashPlayerApp.exe . . ((((((((((((((((((((((((( Files Created from 2013-10-13 to 2013-11-13 ))))))))))))))))))))))))))))))) . . 2013-11-13 22:25 . 2013-11-13 22:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-11-13 00:56 . 2013-11-13 00:56 -------- d-----w- C:\FRST 2013-11-12 22:45 . 2013-11-13 22:29 -------- d-----w- c:\users\Will\AppData\Local\Temp 2013-11-11 22:21 . 2013-11-11 22:21 -------- d-----w- C:\found.000 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-10-11 02:34 . 2011-10-08 20:20 80541720 ----a-w- c:\windows\system32\MRT.exe 2013-10-08 22:10 . 2011-10-24 21:35 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-08 22:10 . 2013-10-08 22:10 17813896 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2013-09-22 23:28 . 2013-10-11 02:48 1767936 ----a-w- c:\windows\SysWow64\wininet.dll 2013-09-22 23:27 . 2013-10-11 02:48 2876928 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-09-22 23:27 . 2013-10-11 02:48 61440 ----a-w- c:\windows\SysWow64\iesetup.dll 2013-09-22 23:27 . 2013-10-11 02:48 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-09-22 22:55 . 2013-10-11 02:48 51712 ----a-w- c:\windows\system32\ie4uinit.exe 2013-09-22 22:55 . 2013-10-11 02:48 2241024 ----a-w- c:\windows\system32\wininet.dll 2013-09-22 22:55 . 2013-10-11 02:48 1365504 ----a-w- c:\windows\system32\urlmon.dll 2013-09-22 22:54 . 2013-10-11 02:48 603136 ----a-w- c:\windows\system32\msfeeds.dll 2013-09-22 22:54 . 2013-10-11 02:48 19252224 ----a-w- c:\windows\system32\mshtml.dll 2013-09-22 22:54 . 2013-10-11 02:48 855552 ----a-w- c:\windows\system32\jscript.dll 2013-09-22 22:54 . 2013-10-11 02:48 3959296 ----a-w- c:\windows\system32\jscript9.dll 2013-09-22 22:54 . 2013-10-11 02:48 53248 ----a-w- c:\windows\system32\jsproxy.dll 2013-09-22 22:54 . 2013-10-11 02:48 526336 ----a-w- c:\windows\system32\ieui.dll 2013-09-22 22:54 . 2013-10-11 02:48 67072 ----a-w- c:\windows\system32\iesetup.dll 2013-09-22 22:54 . 2013-10-11 02:48 39936 ----a-w- c:\windows\system32\iernonce.dll 2013-09-22 22:54 . 2013-10-11 02:48 136704 ----a-w- c:\windows\system32\iesysprep.dll 2013-09-22 22:54 . 2013-10-11 02:48 2647552 ----a-w- c:\windows\system32\iertutil.dll 2013-09-22 22:54 . 2013-10-11 02:48 15404544 ----a-w- c:\windows\system32\ieframe.dll 2013-09-21 03:38 . 2013-10-11 02:48 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-09-21 03:30 . 2013-10-11 02:48 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-09-21 02:48 . 2013-10-11 02:48 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-09-21 02:39 . 2013-10-11 02:48 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-09-14 01:10 . 2013-10-10 22:15 497152 ----a-w- c:\windows\system32\drivers\afd.sys 2013-09-08 02:30 . 2013-10-10 22:15 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-09-08 02:27 . 2013-10-10 22:15 327168 ----a-w- c:\windows\system32\mswsock.dll 2013-09-08 02:03 . 2013-10-10 22:15 231424 ----a-w- c:\windows\SysWow64\mswsock.dll 2013-09-05 05:43 . 2013-09-05 05:43 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys 2013-08-29 02:17 . 2013-10-10 22:14 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-29 02:16 . 2013-10-10 22:14 1732032 ----a-w- c:\windows\system32\ntdll.dll 2013-08-29 02:16 . 2013-10-10 22:14 243712 ----a-w- c:\windows\system32\wow64.dll 2013-08-29 02:16 . 2013-10-10 22:14 859648 ----a-w- c:\windows\system32\tdh.dll 2013-08-29 02:13 . 2013-10-10 22:14 878080 ----a-w- c:\windows\system32\advapi32.dll 2013-08-29 01:51 . 2013-10-10 22:14 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-08-29 01:51 . 2013-10-10 22:14 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-08-29 01:50 . 2013-10-10 22:14 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-08-29 01:50 . 2013-10-10 22:14 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll 2013-08-29 01:50 . 2013-10-10 22:14 619520 ----a-w- c:\windows\SysWow64\tdh.dll 2013-08-29 01:48 . 2013-10-10 22:14 640512 ----a-w- c:\windows\SysWow64\advapi32.dll 2013-08-29 01:48 . 2013-10-10 22:14 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-08-29 00:49 . 2013-10-10 22:14 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-08-29 00:49 . 2013-10-10 22:14 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-08-29 00:49 . 2013-10-10 22:14 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-08-29 00:49 . 2013-10-10 22:14 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-08-28 01:21 . 2013-10-10 22:15 3155968 ----a-w- c:\windows\system32\win32k.sys 2013-08-28 01:12 . 2013-10-10 22:14 461312 ----a-w- c:\windows\system32\scavengeui.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736] "ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960] "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-09-23 4411952] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720] "Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "HideSCANetwork"= 1 (0x1) "HideSCABattery"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x] R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x] R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x] S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x] S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [x] S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe;c:\program files (x86)\AVG\AVG2013\avgfws.exe [x] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe [x] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x] S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x] S3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2013-11-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 22:10] . 2013-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-03 23:23] . 2013-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-03 23:23] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 415256] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760] "IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944] "IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 386584] "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://my.yahoo.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 192.168.0.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-10 - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) Toolbar-10 - (no file) HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCCUJobMgr] "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.5.60\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-645005121-2817055841-3344550160-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (S-1-5-21-645005121-2817055841-3344550160-1001) @Denied: (2) (LocalSystem) "Progid"="IE.AssocFile.HTM" . [HKEY_USERS\S-1-5-21-645005121-2817055841-3344550160-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (S-1-5-21-645005121-2817055841-3344550160-1001) @Denied: (2) (LocalSystem) "Progid"="IE.AssocFile.HTM" . [HKEY_USERS\S-1-5-21-645005121-2817055841-3344550160-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice] @Denied: (2) (S-1-5-21-645005121-2817055841-3344550160-1001) @Denied: (2) (LocalSystem) "Progid"="IE.AssocFile.SVG" . [HKEY_USERS\S-1-5-21-645005121-2817055841-3344550160-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (S-1-5-21-645005121-2817055841-3344550160-1001) @Denied: (2) (LocalSystem) "Progid"="IE.AssocFile.XHT" . [HKEY_USERS\S-1-5-21-645005121-2817055841-3344550160-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (S-1-5-21-645005121-2817055841-3344550160-1001) @Denied: (2) (LocalSystem) "Progid"="IE.AssocFile.XHT" . [HKEY_USERS\S-1-5-21-645005121-2817055841-3344550160-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="SafariHTML" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files (x86)\IObit\Advanced SystemCare 6\Monitor.exe c:\program files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe . ************************************************************************** . Completion time: 2013-11-13 17:43:16 - machine was rebooted ComboFix-quarantined-files.txt 2013-11-13 22:43 . Pre-Run: 161,131,610,112 bytes free Post-Run: 160,903,249,920 bytes free . - - End Of File - - 4FBD96604DAAC8E859023A297BF0AED3 [/QUOTE]
Insert quotes…
Verification
Post reply
Top