Jump to content

littlemike1313

Members
  • Content Count

    180
  • Joined

  • Last visited

About littlemike1313

  • Rank
    Member
  1. Jacee, Everything is still good and i wanted to thank you again for the help it was very nice of you and happy thanksgiving
  2. Spyware zero jacee one. No more pop ups or redirects. I left the firefox open overnight and checked this morning and everything is good And computer seems to running faster as well. You are the greatest jacee and thanks for everything
  3. Jacee, Sorry I some how posted the log twice I'm just screwing up all kinds tonight
  4. RogueKiller V10.11.6.0 [Nov 16 2015] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/software/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : mike [Administrator] Started from : C:\Users\mike\Desktop\RogueKiller(1).exe Mode : Scan -- Date : 11/21/2015 17:48:35 ¤¤¤ Processes : 1 ¤¤¤ [suspicious.Path] wermgr.exe(4504) -- C:\ProgramData\Microsoft\Windows\WER\wermgr.exe[-] -> Killed [TermProc] ¤¤¤ Registry : 5 ¤¤¤ [suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | wermgr : C:\ProgramData\Microsoft\Windows\WER\wermgr.exe [-] -> Found [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2368672887-3863149176-669151158-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2368672887-3863149176-669151158-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5228361B-9E7C-407B-83BF-28A546BBC0F9} | DhcpNameServer : 172.20.10.1 ([X]) -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5228361B-9E7C-407B-83BF-28A546BBC0F9} | DhcpNameServer : 172.20.10.1 ([X]) -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 9 ¤¤¤ [PUP][Folder] C:\ProgramData\{0F47B255-CF9F-48C5-B558-B7DAF9345268} -> Found [PUP][Folder] C:\ProgramData\{23D58E70-3B83-4B83-A227-68770F84F5EC} -> Found [PUP][Folder] C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} -> Found [PUP][Folder] C:\ProgramData\{42E04EE4-AB57-407A-9691-3FFA8B8FEBBE} -> Found [PUP][Folder] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} -> Found [PUP][Folder] C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690} -> Found [PUP][Folder] C:\ProgramData\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424} -> Found [PUP][Folder] C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60} -> Found [PUP][Folder] C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6} -> Found ¤¤¤ Hosts File : 36 ¤¤¤ [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 media.opencandy.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.opencandy.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 api.opencandy.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 api.recommendedsw.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 installer.betterinstaller.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 installer.filebulldog.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 inno.bisrv.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 nsis.bisrv.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.file2desktop.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.goateastcach.us [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.guttastatdk.us [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.inskinmedia.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.oibundles2.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.playbryte.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.llogetfastcach.us [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.montiera.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.msdwnld.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.mypcbackup.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.ppdownload.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.riceateastcach.us [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.shyapotato.us [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.solimba.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.tuto4pc.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.appround.biz [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bigspeedpro.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bispd.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bisrv.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.cdndp.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.download.sweetpacks.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.dpdownload.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.visualbee.net ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] d8d268d8047e1faa9b945dbdc98d2c25 [bSP] 837f63b937cbc3ae99160a903cd3e57e : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 941553 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1928507392 | Size: 12214 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: +++++ --- User --- [MBR] 7dbeb153604ba477657883006c233caa [bSP] 7291ef5b4894c4288494038c0bd00195 : Compressed BootMgr MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1936269394 | Size: 896492 MB [Error reading VBR! ([17] Data error (cyclic redundancy check). )] 1 - [XXXXXX] UNKNOWN (0x73) [VISIBLE] Offset (sectors): 1917848077 | Size: 265838 MB 2 - [XXXXXX] SYLSTOR (0x2b) [VISIBLE] Offset (sectors): 1818575915 | Size: 265710 MB 3 - [XXXXXX] UNKNOWN (0x61) [VISIBLE] Offset (sectors): 2844524554 | Size: 26 MB User != LL1 ... KO! --- LL1 --- [MBR] 7dbeb153604ba477657883006c233caa [bSP] 7291ef5b4894c4288494038c0bd00195 : Compressed BootMgr MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1936269394 | Size: 896492 MB[invalid] 1 - [XXXXXX] UNKNOWN (0x73) [VISIBLE] Offset (sectors): 1917848077 | Size: 265838 MB 2 - [XXXXXX] SYLSTOR (0x2b) [VISIBLE] Offset (sectors): 1818575915 | Size: 265710 MB 3 - [XXXXXX] UNKNOWN (0x61) [VISIBLE] Offset (sectors): 2844524554 | Size: 26 MB Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive2: +++++ --- User --- [MBR] f0cbafcf8557128e2ac994c03804c1bf [bSP] a83a24340e59ea8cbbf2d8eaa19e98b0 : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 15483 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK Error reading LL2 MBR! ([32] The request is not supported. )
  5. Jacee, I might of messed up. I may have hit delete. I'm not sure If so I'm so very sorry
  6. RogueKiller V10.11.6.0 [Nov 16 2015] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/software/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : mike [Administrator] Started from : C:\Users\mike\Desktop\RogueKiller(1).exe Mode : Scan -- Date : 11/21/2015 17:48:35 ¤¤¤ Processes : 1 ¤¤¤ [suspicious.Path] wermgr.exe(4504) -- C:\ProgramData\Microsoft\Windows\WER\wermgr.exe[-] -> Killed [TermProc] ¤¤¤ Registry : 5 ¤¤¤ [suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | wermgr : C:\ProgramData\Microsoft\Windows\WER\wermgr.exe [-] -> Found [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2368672887-3863149176-669151158-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2368672887-3863149176-669151158-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5228361B-9E7C-407B-83BF-28A546BBC0F9} | DhcpNameServer : 172.20.10.1 ([X]) -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5228361B-9E7C-407B-83BF-28A546BBC0F9} | DhcpNameServer : 172.20.10.1 ([X]) -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 9 ¤¤¤ [PUP][Folder] C:\ProgramData\{0F47B255-CF9F-48C5-B558-B7DAF9345268} -> Found [PUP][Folder] C:\ProgramData\{23D58E70-3B83-4B83-A227-68770F84F5EC} -> Found [PUP][Folder] C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} -> Found [PUP][Folder] C:\ProgramData\{42E04EE4-AB57-407A-9691-3FFA8B8FEBBE} -> Found [PUP][Folder] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} -> Found [PUP][Folder] C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690} -> Found [PUP][Folder] C:\ProgramData\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424} -> Found [PUP][Folder] C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60} -> Found [PUP][Folder] C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6} -> Found ¤¤¤ Hosts File : 36 ¤¤¤ [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 media.opencandy.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.opencandy.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 api.opencandy.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 api.recommendedsw.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 installer.betterinstaller.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 installer.filebulldog.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 inno.bisrv.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 nsis.bisrv.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.file2desktop.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.goateastcach.us [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.guttastatdk.us [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.inskinmedia.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.oibundles2.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.playbryte.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.llogetfastcach.us [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.montiera.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.msdwnld.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.mypcbackup.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.ppdownload.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.riceateastcach.us [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.shyapotato.us [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.solimba.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.tuto4pc.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.appround.biz [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bigspeedpro.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bispd.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bisrv.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.cdndp.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.download.sweetpacks.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.dpdownload.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.visualbee.net ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] d8d268d8047e1faa9b945dbdc98d2c25 [bSP] 837f63b937cbc3ae99160a903cd3e57e : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 941553 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1928507392 | Size: 12214 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: +++++ --- User --- [MBR] 7dbeb153604ba477657883006c233caa [bSP] 7291ef5b4894c4288494038c0bd00195 : Compressed BootMgr MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1936269394 | Size: 896492 MB [Error reading VBR! ([17] Data error (cyclic redundancy check). )] 1 - [XXXXXX] UNKNOWN (0x73) [VISIBLE] Offset (sectors): 1917848077 | Size: 265838 MB 2 - [XXXXXX] SYLSTOR (0x2b) [VISIBLE] Offset (sectors): 1818575915 | Size: 265710 MB 3 - [XXXXXX] UNKNOWN (0x61) [VISIBLE] Offset (sectors): 2844524554 | Size: 26 MB User != LL1 ... KO! --- LL1 --- [MBR] 7dbeb153604ba477657883006c233caa [bSP] 7291ef5b4894c4288494038c0bd00195 : Compressed BootMgr MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1936269394 | Size: 896492 MB[invalid] 1 - [XXXXXX] UNKNOWN (0x73) [VISIBLE] Offset (sectors): 1917848077 | Size: 265838 MB 2 - [XXXXXX] SYLSTOR (0x2b) [VISIBLE] Offset (sectors): 1818575915 | Size: 265710 MB 3 - [XXXXXX] UNKNOWN (0x61) [VISIBLE] Offset (sectors): 2844524554 | Size: 26 MB Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive2: +++++ --- User --- [MBR] f0cbafcf8557128e2ac994c03804c1bf [bSP] a83a24340e59ea8cbbf2d8eaa19e98b0 : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 15483 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK Error reading LL2 MBR! ([32] The request is not supported. )
  7. No jacee it did not work ?? This virus is one tough ?
  8. I did not save any bookmarks or homepages I had to delete the Firefox profile to delete the bookmarks. As of now everything is running good.ill update you in the morning
  9. Ok I did all the above and uninstalled Firefox and installed it again
  10. And I'm in the process of running a scan of the link you posted at this time
  11. Jacee, you talked about uninstalling Firefox and I dont know if matters are not but i told my son to try using internet explorer and he said the pop ups and redirects are there with it to
  12. Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.0 (11.12.2015) Operating System: Windows 7 Ultimate x64 Ran by mike (Administrator) on Fri 11/20/2015 at 18:01:22.46 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 3 Successfully deleted: C:\Users\mike\AppData\Local\plutotv (Folder) Successfully deleted: C:\Users\mike\Start Menu\Programs\search.lnk (Shortcut) Successfully deleted: C:\Windows\wininit.ini (File) Registry: 4 Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} (Registry Value) Successfully deleted: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9AB797C0-EAFA-4A5D-A65B-2E286BDD1535} (Registry Key) Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} (Registry Key) Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EC9BB9E8-C697-054C-9ABB-3B0B1A6701E2} (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 11/20/2015 at 18:07:08.39 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  13. Complete scanning result of "SUPERDelete.exe", processed in VirusTotal at 11/20/2015 04:58:06 (CET) [ file data ] * name..: SUPERDelete.exe * size..: 59160 * md5...: 35da92670c06c15cf6f5c10708788554 * sha1..: 1fb77420811528d76794b9ca5410f4d7c7583d5d [ scan result ] ALYac 1.0.1.5/20151120 found nothing AVG 16.0.0.4460/20151120 found nothing AVware 1.5.0.21/20151120 found nothing Ad-Aware 12.0.163.0/20151120 found nothing AegisLab 1.5/20151119 found nothing Agnitum 5.5.1.3/20151118 found nothing AhnLab-V3 2015.11.20.00/20151119 found nothing Alibaba 1.0/20151120 found nothing Antiy-AVL 1.0.0.1/20151120 found nothing Arcabit 1.0.0.597/20151120 found nothing Avast 8.0.1489.320/20151120 found nothing Avira 8.3.2.4/20151120 found nothing Baidu-International 3.5.1.41473/20151119 found nothing BitDefender 7.2/20151120 found nothing ByteHero 1.0.0.1/20151120 found nothing CAT-QuickHeal 14.00/20151119 found nothing CMC 1.1.0.977/20151118 found nothing ClamAV 0.98.5.0/20151120 found nothing Comodo 23622/20151120 found nothing Cyren 5.4.16.7/20151120 found nothing DrWeb 7.0.16.10090/20151120 found nothing ESET-NOD32 12595/20151120 found nothing Emsisoft 3.5.0.642/20151120 found nothing F-Prot 4.7.1.166/20151120 found nothing Fortinet 5.1.220.0/20151120 found nothing GData 25/20151120 found nothing Ikarus T3.1.9.5.0/20151120 found nothing Jiangmin 16.0.100/20151119 found nothing K7AntiVirus 9.212.17910/20151119 found nothing K7GW 9.212.17910/20151119 found nothing Kaspersky 15.0.1.10/20151120 found nothing Malwarebytes 2.1.1.1115/20151119 found nothing McAfee 6.0.6.653/20151120 found nothing McAfee-GW-Edition v2015/20151120 found nothing MicroWorld-eScan 12.0.250.0/20151120 found nothing Microsoft 1.1.12300.0/20151120 found nothing NANO-Antivirus 0.30.26.4751/20151120 found nothing Panda 4.6.4.2/20151119 found nothing Qihoo-360 1.0.0.1077/20151120 found nothing Rising 25.0.0.18/20151117 found nothing SUPERAntiSpyware 5.6.0.1032/20151120 found nothing Sophos 4.98.0/20151120 found nothing Symantec 20151.1.0.32/20151119 found nothing Tencent 1.0.0.1/20151120 found nothing TheHacker 6.8.0.5.729/20151119 found nothing TotalDefense 37.1.62.1/20151119 found nothing TrendMicro 9.740.0.1012/20151120 found nothing TrendMicro-HouseCall 9.800.0.1009/20151120 found nothing VBA32 3.12.26.4/20151119 found nothing VIPRE 45304/20151119 found nothing ViRobot 2014.3.20.0/20151119 found nothing Zillya 2.0.0.2520/20151119 found nothing Zoner 1.0/20151120 found nothing nProtect 2015-11-19.01/20151119 found nothing
  14. ComboFix 15-11-17.01 - mike 11/18/2015 16:06:32.3.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2641 [GMT -6:00] Running from: c:\users\mike\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2015-10-18 to 2015-11-18 ))))))))))))))))))))))))))))))) . . 2015-11-18 22:17 . 2015-11-18 22:17 -------- d-----w- c:\users\TEMP\AppData\Local\temp 2015-11-18 22:17 . 2015-11-18 22:17 -------- d-----w- c:\users\Lorelai\AppData\Local\temp 2015-11-18 22:17 . 2015-11-18 22:17 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp 2015-11-18 22:17 . 2015-11-18 22:17 -------- d-----w- c:\users\Guest\AppData\Local\temp 2015-11-18 22:17 . 2015-11-18 22:17 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp 2015-11-18 22:17 . 2015-11-18 22:17 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-11-18 22:17 . 2015-11-18 22:17 -------- d-----w- c:\users\david martin\AppData\Local\temp 2015-11-18 22:17 . 2015-11-18 22:17 -------- d-----w- c:\users\ASPNET\AppData\Local\temp 2015-11-18 22:17 . 2015-11-18 22:17 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2015-11-18 22:01 . 2015-11-18 22:02 -------- d-----w- C:\32788R22FWJFW 2015-11-18 18:24 . 2015-11-18 18:34 -------- d-----w- C:\5d28ed06ae50dfaafaa716d1a6a2 2015-11-18 14:23 . 2015-07-16 19:12 6131200 ----a-w- c:\windows\SysWow64\mstscax.dll 2015-11-18 14:23 . 2015-07-16 19:11 7077376 ----a-w- c:\windows\system32\mstscax.dll 2015-11-18 14:23 . 2015-07-11 13:15 429568 ----a-w- c:\windows\system32\wksprt.exe 2015-11-18 14:23 . 2015-07-16 19:12 856064 ----a-w- c:\windows\SysWow64\rdvidcrl.dll 2015-11-18 14:23 . 2015-07-16 19:12 53248 ----a-w- c:\windows\SysWow64\tsgqec.dll 2015-11-18 14:23 . 2015-07-16 19:11 62976 ----a-w- c:\windows\system32\tsgqec.dll 2015-11-18 14:23 . 2015-07-16 19:11 1057792 ----a-w- c:\windows\system32\rdvidcrl.dll 2015-11-18 14:23 . 2015-06-09 18:03 3180544 ----a-w- c:\windows\system32\rdpcorets.dll 2015-11-18 14:23 . 2015-06-09 18:03 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll 2015-11-18 14:23 . 2015-06-03 20:17 243200 ----a-w- c:\windows\system32\rdpudd.dll 2015-11-18 14:23 . 2014-12-11 17:47 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe 2015-11-18 14:05 . 2015-11-18 14:23 -------- d-----w- C:\6d370d1ef2ed09f34e1a69d0546c 2015-11-18 03:04 . 2015-10-29 09:28 11138400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1C337606-966F-45F9-89DC-D8ACAAE2DB1A}\mpengine.dll 2015-11-17 15:36 . 2013-10-02 01:10 44544 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll 2015-11-17 15:36 . 2013-10-02 04:38 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui 2015-11-17 15:36 . 2013-10-02 02:22 56832 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys 2015-11-17 15:36 . 2013-10-02 02:11 13824 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2015-11-17 15:36 . 2013-10-02 02:08 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2015-11-17 15:36 . 2013-10-02 01:48 56832 ----a-w- c:\windows\system32\MsRdpWebAccess.dll 2015-11-17 15:36 . 2013-10-02 01:48 18944 ----a-w- c:\windows\system32\wksprtPS.dll 2015-11-17 15:36 . 2013-10-02 00:14 50176 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll 2015-11-17 15:36 . 2013-10-02 00:14 17920 ----a-w- c:\windows\SysWow64\wksprtPS.dll 2015-11-17 15:36 . 2013-10-01 23:31 1147392 ----a-w- c:\windows\system32\mstsc.exe 2015-11-17 15:36 . 2013-10-01 22:34 1068544 ----a-w- c:\windows\SysWow64\mstsc.exe 2015-11-17 15:35 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys 2015-11-17 15:35 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll 2015-11-17 15:35 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll 2015-11-17 15:33 . 2015-08-05 17:56 22528 ----a-w- c:\windows\system32\icaapi.dll 2015-11-17 15:33 . 2015-08-05 17:06 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys 2015-11-17 04:30 . 2015-11-17 04:30 -------- d-----w- c:\program files (x86)\Windows Resource Kits 2015-11-17 03:27 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2015-11-17 03:27 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll 2015-11-17 03:05 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll 2015-11-17 03:05 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll 2015-11-17 01:58 . 2015-10-13 09:47 11140960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2015-11-17 01:19 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2015-11-17 01:19 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2015-11-17 00:46 . 2015-07-30 17:57 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2015-11-17 00:46 . 2015-07-30 18:06 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2015-11-17 00:46 . 2015-07-30 18:06 1648128 ----a-w- c:\windows\system32\DWrite.dll 2015-11-17 00:46 . 2015-07-30 18:06 1180160 ----a-w- c:\windows\system32\FntCache.dll 2015-11-17 00:46 . 2015-07-30 17:57 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll 2015-11-17 00:46 . 2015-02-03 03:31 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll 2015-11-17 00:46 . 2015-02-03 03:12 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2015-11-17 00:06 . 2015-11-17 00:06 -------- d-----w- c:\users\mike\AppData\Local\GWX 2015-11-16 23:55 . 2013-10-15 00:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE 2015-11-16 23:45 . 2015-11-16 23:45 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2015-11-12 20:53 . 2015-11-03 17:55 3211264 ----a-w- c:\windows\system32\win32k.sys 2015-11-11 04:25 . 2015-10-20 01:12 5570496 ----a-w- c:\windows\system32\ntoskrnl.exe 2015-11-11 04:24 . 2015-10-29 17:50 342016 ----a-w- c:\windows\system32\apphelp.dll 2015-11-09 02:09 . 2015-11-09 02:09 -------- d-----w- c:\programdata\GridinSoft 2015-11-08 21:16 . 2015-11-08 21:51 -------- d-----w- c:\users\mike\AppData\Roaming\albumart 2015-11-08 21:08 . 2015-11-08 21:08 -------- d-----w- c:\program files\Common Files\Wondershare 2015-11-08 21:08 . 2015-11-08 21:08 -------- d-----w- c:\programdata\Wondershare 2015-11-08 21:08 . 2015-11-08 21:08 -------- d-----w- c:\program files (x86)\Wondershare 2015-11-08 13:52 . 2015-11-08 13:52 -------- d-----w- C:\SUPERDelete 2015-11-08 13:49 . 2015-11-08 13:49 -------- d-----w- c:\program files\SUPERAntiSpyware 2015-11-08 00:13 . 2015-11-08 00:16 -------- d-----w- C:\EEK 2015-11-07 22:41 . 2015-11-07 22:41 -------- d-----w- c:\users\mike\AppData\Local\Zemana 2015-11-07 22:19 . 2015-11-07 22:19 -------- d-----w- c:\users\mike\AppData\Local\VS Revo Group 2015-11-07 22:19 . 2015-11-07 22:19 -------- d-----w- c:\programdata\VS Revo Group 2015-11-07 22:19 . 2015-11-07 22:19 -------- d-----w- c:\program files\VS Revo Group 2015-11-05 13:47 . 2015-11-05 13:47 186880 ----a-w- c:\windows\system32\rsrcs.dll 2015-11-02 20:35 . 2015-07-03 02:34 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F35EFE6-C938-45C7-AC8D-914BB766E268}\gapaengine.dll 2015-10-20 01:37 . 2015-10-20 01:37 -------- d-----w- c:\users\Lorelai\.oracle_jre_usage . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-11-11 02:28 . 2012-10-07 17:00 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-11-11 02:28 . 2011-12-23 14:41 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-11-10 15:16 . 2015-05-27 03:00 30616 ----a-w- c:\windows\SysWow64\drivers\hitmanpro37.sys 2015-10-29 17:50 . 2015-11-11 04:24 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2015-10-29 17:50 . 2015-11-11 04:24 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2015-10-29 17:50 . 2015-11-11 04:24 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2015-10-29 17:50 . 2015-11-11 04:24 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2015-10-29 17:49 . 2015-11-11 04:24 562176 ----a-w- c:\windows\apppatch\AcLayers.dll 2015-10-29 17:49 . 2015-11-11 04:24 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2015-10-29 17:49 . 2015-11-11 04:24 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll 2015-10-29 17:49 . 2015-11-11 04:24 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll 2015-10-29 17:39 . 2015-11-11 04:24 2560 ----a-w- c:\windows\apppatch\AcRes.dll 2015-10-28 00:43 . 2011-01-10 04:14 145617392 ----a-w- c:\windows\system32\MRT.exe 2015-10-20 00:45 . 2015-11-11 04:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2015-10-15 17:29 . 2014-12-06 17:30 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2015-10-01 18:06 . 2015-10-13 17:44 692672 ----a-w- c:\windows\system32\winload.efi 2015-10-01 18:04 . 2015-10-13 17:44 616360 ----a-w- c:\windows\system32\winresume.efi 2015-10-01 18:00 . 2015-10-13 17:44 63488 ----a-w- c:\windows\system32\setbcdlocale.dll 2015-10-01 18:00 . 2015-10-13 17:44 59392 ----a-w- c:\windows\system32\appidapi.dll 2015-10-01 18:00 . 2015-10-13 17:44 32768 ----a-w- c:\windows\system32\appidsvc.dll 2015-10-01 18:00 . 2015-10-13 17:44 147456 ----a-w- c:\windows\system32\appidpolicyconverter.exe 2015-10-01 18:00 . 2015-10-13 17:44 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe 2015-10-01 17:50 . 2015-10-13 17:44 50688 ----a-w- c:\windows\SysWow64\appidapi.dll 2015-10-01 17:00 . 2015-10-13 17:44 61440 ----a-w- c:\windows\system32\drivers\appid.sys 2015-09-18 19:22 . 2015-10-15 10:00 25432 ----a-w- c:\windows\system32\CompatTelRunner.exe 2015-09-18 19:19 . 2015-10-15 10:00 700416 ----a-w- c:\windows\system32\invagent.dll 2015-09-18 19:19 . 2015-10-15 10:00 766464 ----a-w- c:\windows\system32\generaltel.dll 2015-09-18 19:19 . 2015-10-15 10:00 503808 ----a-w- c:\windows\system32\devinv.dll 2015-09-18 19:19 . 2015-10-15 10:00 73216 ----a-w- c:\windows\system32\acmigration.dll 2015-09-18 19:19 . 2015-10-15 10:00 1291264 ----a-w- c:\windows\system32\appraiser.dll 2015-09-18 19:09 . 2015-10-15 10:00 1163776 ----a-w- c:\windows\system32\aeinv.dll 2015-09-02 03:04 . 2015-09-09 10:36 41984 ----a-w- c:\windows\system32\lpk.dll 2015-09-02 03:04 . 2015-09-09 10:36 100864 ----a-w- c:\windows\system32\fontsub.dll 2015-09-02 03:04 . 2015-09-09 10:36 14336 ----a-w- c:\windows\system32\dciman32.dll 2015-09-02 03:04 . 2015-09-09 10:36 46080 ----a-w- c:\windows\system32\atmlib.dll 2015-09-02 02:48 . 2015-09-09 10:36 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2015-09-02 02:48 . 2015-09-09 10:36 10240 ----a-w- c:\windows\SysWow64\dciman32.dll 2015-09-02 02:48 . 2015-09-09 10:36 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2015-09-02 02:47 . 2015-09-09 10:36 25600 ----a-w- c:\windows\SysWow64\lpk.dll 2015-09-02 01:47 . 2015-09-09 10:36 372736 ----a-w- c:\windows\system32\atmfd.dll 2015-09-02 01:33 . 2015-09-09 10:36 299520 ----a-w- c:\windows\SysWow64\atmfd.dll 2015-08-27 18:18 . 2015-09-09 10:37 2004480 ----a-w- c:\windows\system32\msxml6.dll 2015-08-27 18:18 . 2015-09-09 10:37 1887232 ----a-w- c:\windows\system32\msxml3.dll 2015-08-27 18:13 . 2015-09-09 10:37 2048 ----a-w- c:\windows\system32\msxml6r.dll 2015-08-27 18:13 . 2015-09-09 10:37 2048 ----a-w- c:\windows\system32\msxml3r.dll 2015-08-27 17:58 . 2015-09-09 10:37 1391104 ----a-w- c:\windows\SysWow64\msxml6.dll 2015-08-27 17:58 . 2015-09-09 10:37 1241088 ----a-w- c:\windows\SysWow64\msxml3.dll 2015-08-27 17:51 . 2015-09-09 10:37 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll 2015-08-27 17:51 . 2015-09-09 10:37 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll 2013-02-17 03:27 . 2013-02-17 03:27 2174976 ----a-w- c:\program files (x86)\Common Files\atimpenc.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "wermgr"="c:\programdata\Microsoft\Windows\WER\wermgr.exe" [2015-01-09 6786560] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-08-04 597552] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "ConsentPromptBehaviorAdmin"= 5 (0x5) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui] [bU] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys] @="FSFilter System Recovery" . R1 akhooiqi;akhooiqi;c:\windows\system32\drivers\akhooiqi.sys;c:\windows\SYSNATIVE\drivers\akhooiqi.sys [x] R1 cbdvaeqm;cbdvaeqm;c:\windows\system32\drivers\cbdvaeqm.sys;c:\windows\SYSNATIVE\drivers\cbdvaeqm.sys [x] R1 cllsgdvi;cllsgdvi;c:\windows\system32\drivers\cllsgdvi.sys;c:\windows\SYSNATIVE\drivers\cllsgdvi.sys [x] R1 djjjcxvu;djjjcxvu;c:\windows\system32\drivers\djjjcxvu.sys;c:\windows\SYSNATIVE\drivers\djjjcxvu.sys [x] R1 dmgmtnms;dmgmtnms;c:\windows\system32\drivers\dmgmtnms.sys;c:\windows\SYSNATIVE\drivers\dmgmtnms.sys [x] R1 dmkpvuyz;dmkpvuyz;c:\windows\system32\drivers\dmkpvuyz.sys;c:\windows\SYSNATIVE\drivers\dmkpvuyz.sys [x] R1 gsiuylod;gsiuylod;c:\windows\system32\drivers\gsiuylod.sys;c:\windows\SYSNATIVE\drivers\gsiuylod.sys [x] R1 gzgnstjx;gzgnstjx;c:\windows\system32\drivers\gzgnstjx.sys;c:\windows\SYSNATIVE\drivers\gzgnstjx.sys [x] R1 hrvbrxpw;hrvbrxpw;c:\windows\system32\drivers\hrvbrxpw.sys;c:\windows\SYSNATIVE\drivers\hrvbrxpw.sys [x] R1 jkoejsda;jkoejsda;c:\windows\system32\drivers\jkoejsda.sys;c:\windows\SYSNATIVE\drivers\jkoejsda.sys [x] R1 jysmvthj;jysmvthj;c:\windows\system32\drivers\jysmvthj.sys;c:\windows\SYSNATIVE\drivers\jysmvthj.sys [x] R1 kphuubhw;kphuubhw;c:\windows\system32\drivers\kphuubhw.sys;c:\windows\SYSNATIVE\drivers\kphuubhw.sys [x] R1 kwgzdrjw;kwgzdrjw;c:\windows\system32\drivers\kwgzdrjw.sys;c:\windows\SYSNATIVE\drivers\kwgzdrjw.sys [x] R1 lorvmjsc;lorvmjsc;c:\windows\system32\drivers\lorvmjsc.sys;c:\windows\SYSNATIVE\drivers\lorvmjsc.sys [x] R1 ojwhzknr;ojwhzknr;c:\windows\system32\drivers\ojwhzknr.sys;c:\windows\SYSNATIVE\drivers\ojwhzknr.sys [x] R1 poeziqaw;poeziqaw;c:\windows\system32\drivers\poeziqaw.sys;c:\windows\SYSNATIVE\drivers\poeziqaw.sys [x] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x] R1 tnjasajl;tnjasajl;c:\windows\system32\drivers\tnjasajl.sys;c:\windows\SYSNATIVE\drivers\tnjasajl.sys [x] R1 vcyjxvwh;vcyjxvwh;c:\windows\system32\drivers\vcyjxvwh.sys;c:\windows\SYSNATIVE\drivers\vcyjxvwh.sys [x] R1 wlkhwyvt;wlkhwyvt;c:\windows\system32\drivers\wlkhwyvt.sys;c:\windows\SYSNATIVE\drivers\wlkhwyvt.sys [x] R1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x] R1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x] R3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys;c:\windows\SYSNATIVE\drivers\DrmRAudio.sys [x] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x] R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x] R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys;c:\windows\SYSNATIVE\drivers\libusb0.sys [x] R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe;c:\program files\Microsoft Fix it Center\Matsvc.exe [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys;c:\program files\PeerBlock\pbfilter.sys [x] R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\pnetmdm64.sys [x] R3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 SMServer;SMServer;c:\windows\SysWOW64\snmvtsvc.exe;c:\windows\SysWOW64\snmvtsvc.exe [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WsAudio_Device;WsAudio_Device;c:\windows\system32\drivers\VirtualAudio.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio.sys [x] R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(1).sys [x] R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(2).sys [x] R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(3).sys [x] R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(4).sys [x] R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(5).sys [x] R4 LavasoftTcpService;LavasoftTcpService;c:\program files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe;c:\program files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe [x] S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x] S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x] S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys;c:\windows\SYSNATIVE\drivers\SndTAudio.sys [x] S3 WsAudio_Device(1);WsAudio_Device(1);c:\windows\system32\drivers\VirtualAudio1.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio1.sys [x] S3 WsAudio_Device(2);WsAudio_Device(2);c:\windows\system32\drivers\VirtualAudio2.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio2.sys [x] S3 WsAudio_Device(3);WsAudio_Device(3);c:\windows\system32\drivers\VirtualAudio3.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio3.sys [x] S3 WsAudio_Device(4);WsAudio_Device(4);c:\windows\system32\drivers\VirtualAudio4.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio4.sys [x] S3 WsAudio_Device(5);WsAudio_Device(5);c:\windows\system32\drivers\VirtualAudio5.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio5.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . Contents of the 'Scheduled Tasks' folder . 2015-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-07 02:28] . 2015-11-08 c:\windows\Tasks\HPCeeScheduleFormike.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-03-16 13667032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-30 1337000] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank uDefault_Search_URL = hxxp://go.microsoft.com mDefault_Search_URL = hxxp://go.microsoft.com mLocal Page = c:\windows\system32\blank.htm mSearch Page = hxxp://go.microsoft.com IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\l06oe161.default-1408982550710\ FF - prefs.js: browser.startup.homepage - hxxp://www.finheaven.com/ . - - - - ORPHANS REMOVED - - - - . BHO-{10921475-03CE-4E04-90CE-E2E7EF20C814} - (no file) BHO-{EC9BB9E8-C697-054C-9ABB-3B0B1A6701E2} - (no file) Toolbar-10 - (no file) Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-iSkysoft Helper Compact.exe - c:\program files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe Notify-avldr - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start BHO-{72351B45-9636-4F99-820B-7C552D27897D}} - (no file) WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file) AddRemove-Firefox Preloader_is1 - c:\program files (x86)\FirefoxPreloader\unins000.exe AddRemove-Free Merge MP3_is1 - c:\program files (x86)\Free Merge MP3\unins000.exe AddRemove-MagicDisc 2.7.106 - c:\progra~2\MAGICD~1\UNWISE.EXE AddRemove-Media Player - Codec Pack - c:\windows\SysWOW64\C2MP\Uninst.exe AddRemove-WBFS Manager 3.0 - n:\wbfs manager 3.0\uninstall.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet002\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:51,5f,8f,a6,6d,41,cf,01 . [HKEY_USERS\S-1-5-21-2368672887-3863149176-669151158-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*õ¦,] @Class="Shell" . [HKEY_USERS\S-1-5-21-2368672887-3863149176-669151158-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*õ¦,\OpenWithList] @Class="Shell" "a"="vlc.exe" "MRUList"="a" . [HKEY_USERS\S-1-5-21-2368672887-3863149176-669151158-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*öo0+] @Class="Shell" . [HKEY_USERS\S-1-5-21-2368672887-3863149176-669151158-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*öo0+\OpenWithList] @Class="Shell" "a"="vlc.exe" "MRUList"="a" . [HKEY_USERS\S-1-5-21-2368672887-3863149176-669151158-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*½‘T,] @Class="Shell" . [HKEY_USERS\S-1-5-21-2368672887-3863149176-669151158-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*½‘T,\OpenWithList] @Class="Shell" "a"="vlc.exe" "MRUList"="a" . [HKEY_USERS\S-1-5-21-2368672887-3863149176-669151158-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-2368672887-3863149176-669151158-1000\Software\SecuROM\License information*] "datasecu"=hex:f3,17,f8,a4,18,f9,50,c1,3d,8c,2b,b7,6c,de,dd,49,17,3e,46,4a,e8, c9,f3,99,ed,a0,80,bf,b2,b4,b8,98,85,c7,cb,bc,de,b9,f9,c8,7b,1b,cb,8a,34,38,\ "rkeysecu"=hex:8f,86,3b,fd,05,34,43,f3,40,71,07,75,85,7a,a0,d2 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.19" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . Completion time: 2015-11-18 16:22:04 ComboFix-quarantined-files.txt 2015-11-18 22:22 . Pre-Run: 565,305,651,200 bytes free Post-Run: 567,989,993,472 bytes free . - - End Of File - - D254591837EBF41D0F309C0EEA69F6B8 AF00FC1920E1CF861B39B90A4375EDF3
×
×
  • Create New...