VSTICKETS

--------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2015-05-06 04:52 358064 ----a-w- c:\users\RyanTix\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2] @="{5AB7172C-9C11-405C-8DD5-AF20F3606282}" [HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}] 2015-05-06 04:52 358064 ----a-w- c:\users\RyanTix\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3] @="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}" [HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}] 2015-05-06 04:52 358064 ----a-w- c:\users\RyanTix\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2015-05-06 04:52 358064 ----a-w- c:\users\RyanTix\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2015-05-06 04:52 358064 ----a-w- c:\users\RyanTix\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2015-10-30 12:41 2339032 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2015-10-30 12:41 2339032 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2015-10-30 12:41 2339032 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2015-10-12 23:34 232712 ----a-w- c:\users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2015-10-12 23:34 232712 ----a-w- c:\users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"] @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}] 2015-10-12 23:34 232712 ----a-w- c:\users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"] @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}] 2015-10-12 23:34 232712 ----a-w- c:\users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2015-10-12 23:34 232712 ----a-w- c:\users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"] @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}] 2015-10-12 23:34 232712 ----a-w- c:\users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2015-10-12 23:34 232712 ----a-w- c:\users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"] @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}] 2015-10-12 23:34 232712 ----a-w- c:\users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-16 12445288] "Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536] "Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704] "Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112] "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2015-02-16 57928] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyServer = 104.251.91.113:29842 IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\RyanTix\AppData\Roaming\Mozilla\Firefox\Profiles\6x4bcklr.default-1431047896472\ FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: network.proxy.ftp - 104.251.83.100 FF - prefs.js: network.proxy.ftp_port - 29842 FF - prefs.js: network.proxy.http - 104.251.83.100 FF - prefs.js: network.proxy.http_port - 29842 FF - prefs.js: network.proxy.socks - 104.251.83.100 FF - prefs.js: network.proxy.socks_port - 29842 FF - prefs.js: network.proxy.ssl - 104.251.83.100 FF - prefs.js: network.proxy.ssl_port - 29842 FF - prefs.js: network.proxy.type - 1 user_pref(extensions.autoDisableScopes,14); . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.19" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2015-11-07 06:29:02 ComboFix-quarantined-files.txt 2015-11-07 13:29 . Pre-Run: 62,720,905,216 bytes free Post-Run: 62,332,891,136 bytes free . - - End Of File - - F599B7E8CA5D67F4B809660EE8EEE1D9

Computer slows at times, high CPU, memory when I'm not running anything, many network connections. Combofix log attached ComboFix 15-11-05.01 - RyanTix 11/07/2015 6:25.1.12 - x64Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.65453.60693 [GMT -7:00]Running from: c:\users\RyanTix\Documents\123.exeSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2015-10-07 to 2015-11-07 )))))))))))))))))))))))))))))))..2015-11-07 13:28 . 2015-11-07 13:28 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp2015-11-07 13:28 . 2015-11-07 13:28 -------- d-----w- c:\users\Default\AppData\Local\temp2015-11-07 10:09 . 2015-11-07 10:09 -------- d-----w- c:\program files (x86)\Common Files\Java2015-11-07 00:01 . 2015-10-13 09:47 11140960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9429D6C-127E-42AF-8B88-E0BD788F4191}\mpengine.dll2015-10-16 08:58 . 2015-10-16 08:58 189136 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\LICLUA.EXE2015-10-15 06:18 . 2015-09-18 19:22 25432 ----a-w- c:\windows\system32\CompatTelRunner.exe2015-10-15 06:18 . 2015-09-18 19:19 700416 ----a-w- c:\windows\system32\invagent.dll2015-10-15 06:18 . 2015-09-18 19:19 766464 ----a-w- c:\windows\system32\generaltel.dll2015-10-15 06:18 . 2015-09-18 19:19 503808 ----a-w- c:\windows\system32\devinv.dll2015-10-15 06:18 . 2015-09-18 19:19 73216 ----a-w- c:\windows\system32\acmigration.dll2015-10-15 06:18 . 2015-09-18 19:19 1291264 ----a-w- c:\windows\system32\appraiser.dll2015-10-15 06:18 . 2015-09-18 19:09 1163776 ----a-w- c:\windows\system32\aeinv.dll2015-10-14 09:59 . 2015-09-29 03:16 5569472 ----a-w- c:\windows\system32\ntoskrnl.exe...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2015-11-07 10:09 . 2015-07-07 22:40 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2015-10-30 12:40 . 2015-05-06 04:48 632432 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe2015-10-29 20:11 . 2015-04-29 19:03 122400 ----a-w- c:\windows\system32\LMIRfsClientNP.dll2015-10-29 20:11 . 2015-04-29 19:03 35328 ----a-w- c:\windows\system32\LMIport.dll2015-10-29 20:11 . 2015-04-29 19:03 107008 ----a-w- c:\windows\system32\LMIinit.dll2015-10-17 08:41 . 2015-04-26 07:07 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2015-10-17 08:41 . 2015-04-26 07:07 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2015-10-15 09:02 . 2015-04-26 07:38 143481208 ----a-w- c:\windows\system32\MRT.exe2015-09-29 02:58 . 2015-10-14 09:59 44032 ----a-w- c:\windows\apppatch\acwow64.dll2015-09-02 03:04 . 2015-09-09 13:57 41984 ----a-w- c:\windows\system32\lpk.dll2015-09-02 03:04 . 2015-09-09 13:57 100864 ----a-w- c:\windows\system32\fontsub.dll2015-09-02 03:04 . 2015-09-09 13:57 14336 ----a-w- c:\windows\system32\dciman32.dll2015-09-02 03:04 . 2015-09-09 13:57 46080 ----a-w- c:\windows\system32\atmlib.dll2015-09-02 02:48 . 2015-09-09 13:57 70656 ----a-w- c:\windows\SysWow64\fontsub.dll2015-09-02 02:48 . 2015-09-09 13:57 10240 ----a-w- c:\windows\SysWow64\dciman32.dll2015-09-02 02:48 . 2015-09-09 13:57 34304 ----a-w- c:\windows\SysWow64\atmlib.dll2015-09-02 02:47 . 2015-09-09 13:57 25600 ----a-w- c:\windows\SysWow64\lpk.dll2015-09-02 01:51 . 2015-09-09 13:57 3209216 ----a-w- c:\windows\system32\win32k.sys2015-09-02 01:47 . 2015-09-09 13:57 372736 ----a-w- c:\windows\system32\atmfd.dll2015-09-02 01:33 . 2015-09-09 13:57 299520 ----a-w- c:\windows\SysWow64\atmfd.dll2015-08-27 18:18 . 2015-09-09 13:57 2004480 ----a-w- c:\windows\system32\msxml6.dll2015-08-27 18:18 . 2015-09-09 13:57 1887232 ----a-w- c:\windows\system32\msxml3.dll2015-08-27 18:13 . 2015-09-09 13:57 2048 ----a-w- c:\windows\system32\msxml6r.dll2015-08-27 18:13 . 2015-09-09 13:57 2048 ----a-w- c:\windows\system32\msxml3r.dll2015-08-27 17:58 . 2015-09-09 13:57 1391104 ----a-w- c:\windows\SysWow64\msxml6.dll2015-08-27 17:58 . 2015-09-09 13:57 1241088 ----a-w- c:\windows\SysWow64\msxml3.dll2015-08-27 17:51 . 2015-09-09 13:57 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll2015-08-27 17:51 . 2015-09-09 13:57 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll2015-08-15 14:55 . 2015-04-29 19:03 122752 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak2015-08-15 14:55 . 2015-04-29 19:03 107368 ----a-w- c:\windows\system32\LMIinit.dll.000.bak..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ACEC6276-3D7B-4AA9-BE79-23520A23026D}]2014-08-28 03:39 38752 ----a-w- c:\program files (x86)\Soda PDF 6\creator-ie-helper.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{35251526-B7A4-44E4-8B2E-FD62AE267B82}"= "c:\program files (x86)\Soda PDF 6\creator-ie-plugin.dll" [2014-08-28 479584].[HKEY_CLASSES_ROOT\clsid\{35251526-b7a4-44e4-8b2e-fd62ae267b82}][HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter.1][HKEY_CLASSES_ROOT\TypeLib\{4255D129-EA58-4912-9C1E-95A57D3865B2}][HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter].[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2015-05-06 04:52 329376 ----a-w- c:\users\RyanTix\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]2015-05-06 04:52 329376 ----a-w- c:\users\RyanTix\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]2015-05-06 04:52 329376 ----a-w- c:\users\RyanTix\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2015-05-06 04:52 329376 ----a-w- c:\users\RyanTix\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2015-05-06 04:52 329376 ----a-w- c:\users\RyanTix\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Dropbox Update"="c:\users\RyanTix\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-19 134512]"GoogleChromeAutoLaunch_F9D5FAED6397588C0DB5E8C28DA2DACC"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-10-20 811848].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe" [2012-03-15 286720]"FLxHCIm64"="c:\program files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" [2011-10-03 47616]"Virtual Account Numbers"="c:\progra~2\VIRTUA~1\CitiVAN.exe" [2014-02-07 435712]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-10-07 597040].c:\users\RyanTix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\RyanTix\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-4 36711472].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x]R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 LULU Software CrashHandler;LULU Software CrashHandler;c:\program files (x86)\Soda PDF 6\crash-handler-ws.exe;c:\program files (x86)\Soda PDF 6\crash-handler-ws.exe [x]R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys;c:\windows\SYSNATIVE\DRIVERS\PcaSp60.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 Soda PDF 6;Soda PDF 6;c:\program files (x86)\Soda PDF 6\ws.exe;c:\program files (x86)\Soda PDF 6\ws.exe [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]S2 HP DS Service;HP DS Service;c:\program files (x86)\HP\HPBDSService\HPBDSService.exe;c:\program files (x86)\HP\HPBDSService\HPBDSService.exe [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [x]S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]S2 Soda PDF 6 Creator;Soda PDF 6 Creator;c:\program files (x86)\Soda PDF 6\creator-ws.exe;c:\program files (x86)\Soda PDF 6\creator-ws.exe [x]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]S3 cmudaxp;ASUS Xonar DG Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x]S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2015-10-24 05:02 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2015-11-07 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-26 08:41].2015-11-07 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1943265577-1131406837-4153604767-1000Core.job- c:\users\RyanTix\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19 15:52].2015-11-07 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1943265577-1131406837-4153604767-1000UA.job- c:\users\RyanTix\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19 15:52].2015-11-07 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-1943265577-1131406837-4153604767-1000.job- c:\users\RyanTix\AppData\Local\Citrix\GoToMeeting\3499\g2mupdate.exe [2015-10-29 19:59].2015-11-07 c:\windows\Tasks\G2MUploadTask-S-1-5-21-1943265577-1131406837-4153604767-1000.job- c:\users\RyanTix\AppData\Local\Citrix\GoToMeeting\3499\g2mupload.exe [2015-10-29 19:59].2015-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-05-08 01:31].2015-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-05-08 01:31]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2015-05-06 04:52 358064 ----a-w- c:\users\RyanTix\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]2015-05-06 04:52 358064 ----a-w- c:\users\RyanTix\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]2015-05-06 04:52 358064 ----a-w- c:\users\RyanTix\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2015-05-06 04:52 358064 ----a-w- c:\users\RyanTix\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2015-05-06 04:52 358064 ----a-w- c:\users\RyanTix\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]2015-10-30 12:41 2339032 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]2015-10-30 12:41 2339032 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]2015-10-30 12:41 2339032 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2015-10-12 23:34 232712 ----a-w- c:\users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2015-10-12 23:34 232712 ----a-w- c:\users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]2015-10-12 23:34 232712 ----a-w- c:\users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]2015-10-12 23:34 232712 ----a-w- c:\users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2015-10-12 23:34 232712 ----a-w- c:\users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]2015-10-12 23:34 232712 ----a-w- c:\users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2015-10-12 23:34 232712 ----a-w- c:\users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]2015-10-12 23:34 232712 ----a-w- c:\users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-16 12445288]"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2015-02-16 57928].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://google.com/mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyServer = 104.251.91.113:29842IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105TCP: DhcpNameServer = 192.168.1.1FF - ProfilePath - c:\users\RyanTix\AppData\Roaming\Mozilla\Firefox\Profiles\6x4bcklr.default-1431047896472\FF - prefs.js: browser.startup.homepage - about:homeFF - prefs.js: network.proxy.ftp - 104.251.83.100FF - prefs.js: network.proxy.ftp_port - 29842FF - prefs.js: network.proxy.http - 104.251.83.100FF - prefs.js: network.proxy.http_port - 29842FF - prefs.js: network.proxy.socks - 104.251.83.100FF - prefs.js: network.proxy.socks_port - 29842FF - prefs.js: network.proxy.ssl - 104.251.83.100FF - prefs.js: network.proxy.ssl_port - 29842FF - prefs.js: network.proxy.type - 1user_pref(extensions.autoDisableScopes,14);..--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.19".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2015-11-07 06:29:02ComboFix-quarantined-files.txt 2015-11-07 13:29.Pre-Run: 62,720,905,216 bytes freePost-Run: 62,332,891,136 bytes free.- - End Of File - - F599B7E8CA5D67F4B809660EE8EEE1D9