Sorbooze

It has been a great battle my friend, would you be offended if I just reformatted? I will keep fighting on.

Log WMIDIAG-V2.1_WIN7_.CLI.RTM.64_USER-PC_2014.01.03_23.04.06-REPORT.TXT

Computer didn't restart all day while I was at work. FRST.txt Addition.txt AutoRuns.zip

That extension might be legimating after searching it a bit though.

I did notice the same "extension" in both... it is a divx extension and has the same name such as "DivX Plus Web Player HTML5 <video> 2.12.172" in BOTH firefox and I remember it was also in google chrome.

Well.... the ads started up again... I'm not sure if it is because I installed firefox (was about 3-4 hours without them without firefox), but the automatic restarting and ads are back >< might try uninstalling firefox

Any tips for cleaning it out properly?

Thank you so much for the help! It is so weird that just uninstalling chrome made such a big difference huh? I am definitely open to a new browser. I like something very fast that doesn't take up much CPU and loads pages fast, but I can still use a few extensions for it. Do you have any suggestions?

I am seeing a pretty dramatic change in CPU available and total speed of my computer. SVChost is taking up 0% of CPU now and no adds for about 45 minutes (longest ever I have gone without them)

restarting my computer**

Okay, uninstalled chrome and restarted. Using IE now and it said I didn't even have flash installed... Installed newest version of flash and it automatically installed chrome again (grrr package installers) then I uninstalled chrome again. Playing some videos on youtube and stuff and no ads yet... but it can vary when it occurs. I probably will wait a bit longer and see if they pop up... in addition to the ads it was randomly starting my computer. It has also started playing ads when I am typing log-on password to windows, so im not sure about anything.

Just thinking about other things I can mention... my YouTube flash text is messed up, like when I go to edit quality on a video I can't see any text etc and it feels like whenever I am watching a media video the adds play more frequently... could just be a coincidence though.

After I ran combofix etc the windows host process dissapeared for a bit in the sound tab.

As I was downloading Dr. Web Cureit! the ads starting playing again. I'm about 50% done with the download.

ComboFix 14-01-01.01 - user 01/02/2014 17:05:12.4.4 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8183.1266 [GMT -5:00] Running from: c:\users\user\Desktop\ComboFix.exe Command switches used :: c:\users\user\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWOW64\Desktop_.ini . . --------------- FCopy --------------- . c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll --> c:\windows\system32\rpcss.dll . ((((((((((((((((((((((((( Files Created from 2013-12-02 to 2014-01-02 ))))))))))))))))))))))))))))))) . . 2014-01-02 22:11 . 2014-01-02 22:11 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-01-02 08:16 . 2014-01-02 08:16 -------- d-----w- C:\FRST 2014-01-02 06:07 . 2014-01-02 06:07 117464 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-01-02 06:06 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{08582BD2-A38D-4AEF-9F24-8A318E171FCF}\mpengine.dll 2014-01-02 04:34 . 2014-01-02 04:34 -------- d-----w- c:\windows\ERUNT 2014-01-02 04:23 . 2014-01-02 04:25 -------- d-----w- C:\AdwCleaner 2014-01-02 03:59 . 2014-01-02 03:59 388096 ----a-r- c:\users\user\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2014-01-02 03:59 . 2014-01-02 03:59 -------- d-----w- c:\program files (x86)\Trend Micro 2014-01-02 00:44 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-01-02 00:21 . 2014-01-02 00:21 -------- d-----w- C:\TDSSKiller_Quarantine 2014-01-01 23:54 . 2014-01-01 23:54 89304 ----a-w- c:\windows\system32\drivers\3B0527C9.sys 2014-01-01 23:54 . 2014-01-01 23:54 89304 ----a-w- c:\windows\system32\drivers\528B01E2.sys 2014-01-01 07:56 . 2014-01-02 06:09 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2014-01-01 07:56 . 2014-01-02 06:06 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-01-01 04:14 . 2014-01-01 04:16 -------- d-----w- c:\users\user\AppData\Local\DayZ 2014-01-01 04:14 . 2010-06-02 09:55 239960 ----a-w- c:\windows\SysWow64\xactengine3_7.dll 2014-01-01 04:14 . 2010-06-02 09:55 176984 ----a-w- c:\windows\system32\xactengine3_7.dll 2014-01-01 04:13 . 2010-05-26 16:41 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll 2014-01-01 04:13 . 2010-05-26 16:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll 2014-01-01 04:13 . 2010-05-26 16:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll 2014-01-01 04:13 . 2010-05-26 16:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll 2014-01-01 04:13 . 2010-05-26 16:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll 2013-12-06 20:19 . 2013-10-18 05:39 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8325136F-423D-412D-B008-D2C3327A8AF2}\gapaengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-11-19 10:21 . 2009-12-25 01:44 267936 ------w- c:\windows\system32\MpSigStub.exe 2013-10-18 05:39 . 2011-03-25 12:54 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-10-11 13:35 . 2013-10-11 13:35 973736 ----a-w- c:\windows\system32\deployJava1.dll 2010-03-16 00:55 . 2010-03-16 00:19 576000 ----a-w- c:\program files\ISSetup.dll 2010-03-16 00:48 . 2010-03-16 00:19 473 ----a-w- c:\program files\layout.bin 2010-02-10 08:57 . 2010-02-10 08:57 8704 ----a-w- c:\program files\SpOrder.dll 2010-02-04 02:52 . 2010-02-10 08:57 319488 ----a-w- c:\program files\LowerPing.exe 2010-02-04 02:52 . 2010-02-10 08:57 26624 ----a-w- c:\program files\none.exe 2010-02-04 02:52 . 2010-02-10 08:57 20480 ----a-w- c:\program files\LP_Install.exe 2010-02-04 02:52 . 2010-02-10 08:57 28672 ----a-w- c:\program files\Interop.PCProxyLib.dll 2009-11-26 10:31 . 2010-02-10 08:57 2375680 ----a-w- c:\program files\LP.exe 2009-11-26 10:28 . 2010-02-10 08:57 471040 ----a-w- c:\program files\RegisterLSP.exe 2009-06-03 16:07 . 2010-02-10 08:57 454656 ----a-w- c:\program files\putty.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-11-07 00:03 220632 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-11-07 00:03 220632 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-11-07 00:03 220632 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2013-05-21 609640] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-09-05 766208] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk * \0BootDefrag.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys;c:\windows\SYSNATIVE\drivers\dadder.sys [x] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x] R3 MADFUCONECTIV;Service for M-Audio Conectiv DFU;c:\windows\system32\DRIVERS\MAudioConectiv_DFU.sys;c:\windows\SYSNATIVE\DRIVERS\MAudioConectiv_DFU.sys [x] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys;c:\windows\SYSNATIVE\DRIVERS\ManyCam_x64.sys [x] R3 MAUSBCONECTIV;Service for M-Audio Conectiv;c:\windows\system32\DRIVERS\MAudioConectiv.sys;c:\windows\SYSNATIVE\DRIVERS\MAudioConectiv.sys [x] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x] R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x] R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x] S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x] S3 rzudd;Razer Keyboard Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x] S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x] . . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-11-07 00:03 244696 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-11-07 00:03 244696 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-11-07 00:03 244696 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-21 1356240] "IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-10-12 1464984] "IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-10-12 2075288] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-08-30 13192848] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-01-02 17:13:25 ComboFix-quarantined-files.txt 2014-01-02 22:13 ComboFix2.txt 2014-01-02 04:56 ComboFix3.txt 2014-01-02 03:55 . Pre-Run: 27,661,549,568 bytes free Post-Run: 27,585,331,200 bytes free . - - End Of File - - BFFA4525A138D7A04D2146E92E3C41F1 A36C5E4F47E84449FF07ED3517B43A31