-
Posts
33 -
Joined
-
Last visited
Reputation
0 Neutral-
Ads randomly playing through Window's Host Process
Sorbooze replied to Sorbooze's topic in Resolved Malware Removal Logs
It has been a great battle my friend, would you be offended if I just reformatted? I will keep fighting on. -
Ads randomly playing through Window's Host Process
Sorbooze replied to Sorbooze's topic in Resolved Malware Removal Logs
Log WMIDIAG-V2.1_WIN7_.CLI.RTM.64_USER-PC_2014.01.03_23.04.06-REPORT.TXT -
Ads randomly playing through Window's Host Process
Sorbooze replied to Sorbooze's topic in Resolved Malware Removal Logs
Computer didn't restart all day while I was at work. FRST.txt Addition.txt AutoRuns.zip -
Ads randomly playing through Window's Host Process
Sorbooze replied to Sorbooze's topic in Resolved Malware Removal Logs
That extension might be legimating after searching it a bit though. -
Ads randomly playing through Window's Host Process
Sorbooze replied to Sorbooze's topic in Resolved Malware Removal Logs
I did notice the same "extension" in both... it is a divx extension and has the same name such as "DivX Plus Web Player HTML5 <video> 2.12.172" in BOTH firefox and I remember it was also in google chrome. -
Ads randomly playing through Window's Host Process
Sorbooze replied to Sorbooze's topic in Resolved Malware Removal Logs
Well.... the ads started up again... I'm not sure if it is because I installed firefox (was about 3-4 hours without them without firefox), but the automatic restarting and ads are back >< might try uninstalling firefox -
Ads randomly playing through Window's Host Process
Sorbooze replied to Sorbooze's topic in Resolved Malware Removal Logs
Any tips for cleaning it out properly? -
Ads randomly playing through Window's Host Process
Sorbooze replied to Sorbooze's topic in Resolved Malware Removal Logs
Thank you so much for the help! It is so weird that just uninstalling chrome made such a big difference huh? I am definitely open to a new browser. I like something very fast that doesn't take up much CPU and loads pages fast, but I can still use a few extensions for it. Do you have any suggestions? -
Ads randomly playing through Window's Host Process
Sorbooze replied to Sorbooze's topic in Resolved Malware Removal Logs
I am seeing a pretty dramatic change in CPU available and total speed of my computer. SVChost is taking up 0% of CPU now and no adds for about 45 minutes (longest ever I have gone without them) -
Ads randomly playing through Window's Host Process
Sorbooze replied to Sorbooze's topic in Resolved Malware Removal Logs
restarting my computer** -
Ads randomly playing through Window's Host Process
Sorbooze replied to Sorbooze's topic in Resolved Malware Removal Logs
Okay, uninstalled chrome and restarted. Using IE now and it said I didn't even have flash installed... Installed newest version of flash and it automatically installed chrome again (grrr package installers) then I uninstalled chrome again. Playing some videos on youtube and stuff and no ads yet... but it can vary when it occurs. I probably will wait a bit longer and see if they pop up... in addition to the ads it was randomly starting my computer. It has also started playing ads when I am typing log-on password to windows, so im not sure about anything. -
Ads randomly playing through Window's Host Process
Sorbooze replied to Sorbooze's topic in Resolved Malware Removal Logs
Just thinking about other things I can mention... my YouTube flash text is messed up, like when I go to edit quality on a video I can't see any text etc and it feels like whenever I am watching a media video the adds play more frequently... could just be a coincidence though. -
Ads randomly playing through Window's Host Process
Sorbooze replied to Sorbooze's topic in Resolved Malware Removal Logs
-
Ads randomly playing through Window's Host Process
Sorbooze replied to Sorbooze's topic in Resolved Malware Removal Logs
As I was downloading Dr. Web Cureit! the ads starting playing again. I'm about 50% done with the download. -
Ads randomly playing through Window's Host Process
Sorbooze replied to Sorbooze's topic in Resolved Malware Removal Logs
ComboFix 14-01-01.01 - user 01/02/2014 17:05:12.4.4 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8183.1266 [GMT -5:00] Running from: c:\users\user\Desktop\ComboFix.exe Command switches used :: c:\users\user\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWOW64\Desktop_.ini . . --------------- FCopy --------------- . c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll --> c:\windows\system32\rpcss.dll . ((((((((((((((((((((((((( Files Created from 2013-12-02 to 2014-01-02 ))))))))))))))))))))))))))))))) . . 2014-01-02 22:11 . 2014-01-02 22:11 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-01-02 08:16 . 2014-01-02 08:16 -------- d-----w- C:\FRST 2014-01-02 06:07 . 2014-01-02 06:07 117464 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-01-02 06:06 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{08582BD2-A38D-4AEF-9F24-8A318E171FCF}\mpengine.dll 2014-01-02 04:34 . 2014-01-02 04:34 -------- d-----w- c:\windows\ERUNT 2014-01-02 04:23 . 2014-01-02 04:25 -------- d-----w- C:\AdwCleaner 2014-01-02 03:59 . 2014-01-02 03:59 388096 ----a-r- c:\users\user\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2014-01-02 03:59 . 2014-01-02 03:59 -------- d-----w- c:\program files (x86)\Trend Micro 2014-01-02 00:44 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-01-02 00:21 . 2014-01-02 00:21 -------- d-----w- C:\TDSSKiller_Quarantine 2014-01-01 23:54 . 2014-01-01 23:54 89304 ----a-w- c:\windows\system32\drivers\3B0527C9.sys 2014-01-01 23:54 . 2014-01-01 23:54 89304 ----a-w- c:\windows\system32\drivers\528B01E2.sys 2014-01-01 07:56 . 2014-01-02 06:09 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2014-01-01 07:56 . 2014-01-02 06:06 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-01-01 04:14 . 2014-01-01 04:16 -------- d-----w- c:\users\user\AppData\Local\DayZ 2014-01-01 04:14 . 2010-06-02 09:55 239960 ----a-w- c:\windows\SysWow64\xactengine3_7.dll 2014-01-01 04:14 . 2010-06-02 09:55 176984 ----a-w- c:\windows\system32\xactengine3_7.dll 2014-01-01 04:13 . 2010-05-26 16:41 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll 2014-01-01 04:13 . 2010-05-26 16:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll 2014-01-01 04:13 . 2010-05-26 16:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll 2014-01-01 04:13 . 2010-05-26 16:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll 2014-01-01 04:13 . 2010-05-26 16:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll 2013-12-06 20:19 . 2013-10-18 05:39 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8325136F-423D-412D-B008-D2C3327A8AF2}\gapaengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-11-19 10:21 . 2009-12-25 01:44 267936 ------w- c:\windows\system32\MpSigStub.exe 2013-10-18 05:39 . 2011-03-25 12:54 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-10-11 13:35 . 2013-10-11 13:35 973736 ----a-w- c:\windows\system32\deployJava1.dll 2010-03-16 00:55 . 2010-03-16 00:19 576000 ----a-w- c:\program files\ISSetup.dll 2010-03-16 00:48 . 2010-03-16 00:19 473 ----a-w- c:\program files\layout.bin 2010-02-10 08:57 . 2010-02-10 08:57 8704 ----a-w- c:\program files\SpOrder.dll 2010-02-04 02:52 . 2010-02-10 08:57 319488 ----a-w- c:\program files\LowerPing.exe 2010-02-04 02:52 . 2010-02-10 08:57 26624 ----a-w- c:\program files\none.exe 2010-02-04 02:52 . 2010-02-10 08:57 20480 ----a-w- c:\program files\LP_Install.exe 2010-02-04 02:52 . 2010-02-10 08:57 28672 ----a-w- c:\program files\Interop.PCProxyLib.dll 2009-11-26 10:31 . 2010-02-10 08:57 2375680 ----a-w- c:\program files\LP.exe 2009-11-26 10:28 . 2010-02-10 08:57 471040 ----a-w- c:\program files\RegisterLSP.exe 2009-06-03 16:07 . 2010-02-10 08:57 454656 ----a-w- c:\program files\putty.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-11-07 00:03 220632 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-11-07 00:03 220632 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-11-07 00:03 220632 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2013-05-21 609640] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-09-05 766208] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk * \0BootDefrag.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys;c:\windows\SYSNATIVE\drivers\dadder.sys [x] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x] R3 MADFUCONECTIV;Service for M-Audio Conectiv DFU;c:\windows\system32\DRIVERS\MAudioConectiv_DFU.sys;c:\windows\SYSNATIVE\DRIVERS\MAudioConectiv_DFU.sys [x] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys;c:\windows\SYSNATIVE\DRIVERS\ManyCam_x64.sys [x] R3 MAUSBCONECTIV;Service for M-Audio Conectiv;c:\windows\system32\DRIVERS\MAudioConectiv.sys;c:\windows\SYSNATIVE\DRIVERS\MAudioConectiv.sys [x] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x] R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x] R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x] S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x] S3 rzudd;Razer Keyboard Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x] S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x] . . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-11-07 00:03 244696 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-11-07 00:03 244696 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-11-07 00:03 244696 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-21 1356240] "IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-10-12 1464984] "IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-10-12 2075288] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-08-30 13192848] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-01-02 17:13:25 ComboFix-quarantined-files.txt 2014-01-02 22:13 ComboFix2.txt 2014-01-02 04:56 ComboFix3.txt 2014-01-02 03:55 . Pre-Run: 27,661,549,568 bytes free Post-Run: 27,585,331,200 bytes free . - - End Of File - - BFFA4525A138D7A04D2146E92E3C41F1 A36C5E4F47E84449FF07ED3517B43A31