Jump to content

I believe I'm infected by some Adware


Recommended Posts

Tried many times to remove viruses but no program can.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.51.2
Run by Weenercow at 17:39:54 on 2014-03-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.12232.9779 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\explorer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{D6CA43A9-4D46-4817-8437-EFD34AA363A7} : DHCPNameServer = 192.168.0.1 205.171.2.25
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [shadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-2-28 2169016]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-7-27 170824]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-2-16 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-2-16 701512]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-2-16 1593632]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-3-10 411936]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-2-16 25928]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-2-16 39200]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-2-16 16939296]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [userChoice]
.
=============== Created Last 30 ================
.
2014-03-10 23:18:51 -------- d-----w- C:\$RECYCLE.BIN
2014-03-10 23:07:39 98816 ----a-w- C:\Windows\sed.exe
2014-03-10 23:07:39 256000 ----a-w- C:\Windows\PEV.exe
2014-03-10 23:07:39 208896 ----a-w- C:\Windows\MBR.exe
2014-03-10 22:22:25 599840 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-03-10 22:16:24 -------- d-----w- C:\NVIDIA
2014-03-09 23:43:39 -------- d-----w- C:\ProgramData\boost_interprocess
2014-03-08 01:45:42 76888 ----a-w- C:\Windows\System32\PnkBstrA.exe
2014-03-07 23:02:11 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7F73D3E8-72CD-4A77-959B-53679C141D19}\mpengine.dll
2014-03-07 04:50:05 -------- d-----w- C:\Users\Weenercow\AppData\Roaming\MPEG Streamclip
2014-03-07 04:49:12 -------- d-----w- C:\Users\Weenercow\AppData\Local\Apple
2014-03-06 01:05:17 -------- d-----w- C:\Users\Weenercow\.jmc
2014-03-06 01:05:15 -------- d-----w- C:\Users\Weenercow\.eclipse
2014-03-06 00:42:13 -------- d-----w- C:\Program Files (x86)\WinAnt
2014-03-05 04:56:58 3123272 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2014-03-03 02:57:40 -------- d-----w- C:\cygwin64
2014-03-02 23:23:49 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-03-01 20:06:11 -------- d-----w- C:\Users\Weenercow\AppData\Roaming\.minecraft
2014-03-01 20:04:21 -------- d-----w- C:\ProgramData\Oracle
2014-03-01 20:04:10 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-01 01:35:52 -------- d-----w- C:\Users\Weenercow\AppData\Roaming\PDAppFlex
2014-03-01 01:35:26 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2014-03-01 01:27:51 -------- d-----w- C:\Users\Weenercow\AppData\Local\Adobe
2014-03-01 01:16:11 -------- d-----w- C:\Users\Weenercow\AppData\Roaming\PeaZip
2014-02-24 04:27:37 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-02-24 03:29:12 -------- d-----w- C:\Program Files\Common Files\EPSON
2014-02-24 03:29:07 83968 ----a-w- C:\Windows\System32\E_YD4BHSA.DLL
2014-02-24 03:29:07 120320 ----a-w- C:\Windows\System32\E_YLMHSA.DLL
2014-02-24 03:29:05 -------- d-----w- C:\ProgramData\EPSON
2014-02-24 00:20:23 -------- d-----w- C:\Program Files (x86)\VideoLAN
2014-02-23 15:34:54 877856 ----a-w- C:\Windows\System32\NvFBC64.dll
2014-02-23 15:34:54 1885472 ----a-w- C:\Windows\System32\nvdispco6433489.dll
2014-02-23 15:34:54 15783992 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2014-02-23 15:34:54 1515296 ----a-w- C:\Windows\System32\nvdispgenco6433489.dll
2014-02-20 03:17:26 -------- d-----w- C:\Program Files\Defraggler
2014-02-20 01:52:30 -------- d-----r- C:\Users\Weenercow\Google Drive
2014-02-20 01:29:24 -------- d-----w- C:\Users\Weenercow\AppData\Local\Ubisoft Game Launcher
2014-02-20 00:30:07 -------- d-----w- C:\ProgramData\Microsoft OneDrive
2014-02-20 00:29:04 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive
2014-02-20 00:29:04 -------- d-----r- C:\Users\Weenercow\SkyDrive
2014-02-20 00:29:01 -------- d-----w- C:\ProgramData\Microsoft SkyDrive
2014-02-20 00:24:12 578256 ----a-w- C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-02-20 00:22:17 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft
2014-02-20 00:19:13 -------- d-----w- C:\Program Files\Microsoft Office 15
2014-02-18 02:47:55 -------- d-----w- C:\Users\Weenercow\AppData\Local\My Games
2014-02-17 01:40:33 -------- d-----w- C:\Users\Weenercow\AppData\Local\PunkBuster
2014-02-17 00:59:36 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2014-02-17 00:59:06 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2014-02-17 00:59:06 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-02-17 00:59:06 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-02-17 00:35:26 -------- d-----w- C:\Program Files (x86)\PeaZip
2014-02-17 00:35:00 16896 ----a-w- C:\Windows\AsTaskSched.dll
2014-02-17 00:30:59 1706640 ----a-w- C:\Windows\RtlExUpd.dll
2014-02-17 00:30:58 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2014-02-17 00:21:40 -------- d-----w- C:\Users\Weenercow\AppData\Local\Skype
2014-02-17 00:21:30 -------- d-----r- C:\Program Files (x86)\Skype
2014-02-17 00:09:46 -------- d-----w- C:\Users\Weenercow\AppData\Roaming\NVIDIA
2014-02-16 23:20:58 -------- d-----w- C:\Program Files\Registrar Registry Manager
2014-02-16 23:14:47 -------- d-----w- C:\Program Files (x86)\Enigma Software Group
2014-02-16 23:14:24 -------- d-----w- C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2014-02-16 22:50:39 -------- d-----w- C:\AdwCleaner
2014-02-16 22:26:42 -------- d-----w- C:\Program Files (x86)\Origin Games
2014-02-16 22:25:50 -------- d-----w- C:\Users\Weenercow\AppData\Roaming\Origin
2014-02-16 22:25:49 -------- d-----w- C:\Users\Weenercow\AppData\Local\Origin
2014-02-16 22:25:02 -------- d-----w- C:\ProgramData\Origin
2014-02-16 22:25:00 -------- d-----w- C:\ProgramData\Electronic Arts
2014-02-16 22:24:41 -------- d-----w- C:\Program Files (x86)\Origin
2014-02-16 22:01:42 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2014-02-16 22:01:41 -------- d-----w- C:\Program Files (x86)\Steam
2014-02-16 21:56:33 -------- d-----w- C:\Users\Weenercow\AppData\Local\ESN
2014-02-16 21:56:32 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins
2014-02-16 21:32:43 -------- d-----w- C:\Users\Weenercow\AppData\Roaming\LavasoftStatistics
2014-02-16 21:15:23 -------- d-----w- C:\Program Files\Enigma Software Group
2014-02-16 21:14:54 -------- d-----w- C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-02-16 21:14:53 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-02-16 21:04:39 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-02-16 20:42:39 -------- d--h--w- C:\Program Files (x86)\Temp
2014-02-16 20:42:38 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2014-02-16 20:42:38 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2014-02-16 20:42:38 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2014-02-16 20:42:38 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2014-02-16 20:42:38 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2014-02-16 20:42:38 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2014-02-16 20:42:38 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2014-02-16 20:42:38 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2014-02-16 20:39:38 -------- d-----w- C:\Windows\Panther
2014-02-16 20:32:46 -------- d-----w- C:\Users\Weenercow\AppData\Roaming\Malwarebytes
2014-02-16 20:32:44 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-02-16 20:32:44 -------- d-----w- C:\ProgramData\Malwarebytes
2014-02-16 20:32:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-16 20:31:59 -------- d-----w- C:\Users\Weenercow\AppData\Local\Programs
2014-02-16 20:31:31 -------- d-----w- C:\Program Files\CCleaner
2014-02-16 20:29:50 -------- d-----w- C:\Users\Weenercow\AppData\Roaming\TS3Client
2014-02-16 20:29:44 -------- d-----w- C:\Program Files\TeamSpeak 3 Client
2014-02-16 20:28:37 -------- d-----w- C:\Users\Weenercow\AppData\Roaming\UpdateStar Drivers
2014-02-16 20:28:26 439296 ----a-w- C:\Windows\System32\plsapp64.dll
2014-02-16 20:28:26 -------- d-----w- C:\temp
2014-02-16 20:20:00 -------- d-----w- C:\Users\Weenercow\AppData\Local\Innovative Solutions
2014-02-16 20:18:18 680960 ----a-w- C:\Windows\SysWow64\ROGThemeSetup.exe
2014-02-16 20:18:17 2872320 ----a-w- C:\Windows\explorer.exe.rogbak
2014-02-16 20:18:17 201728 ----a-w- C:\Windows\SysWow64\ROG_Video Intro .scr
2014-02-16 20:18:16 -------- d---a-w- C:\Windows\SysWow64\ROG_Video Intro  dir
2014-02-16 20:11:22 922968 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-02-16 20:11:22 6714312 ----a-w- C:\Windows\System32\nvcpl.dll
2014-02-16 20:11:22 64968 ----a-w- C:\Windows\System32\nvshext.dll
2014-02-16 20:11:22 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2014-02-16 20:11:22 3649185 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-02-16 20:11:22 3497816 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-02-16 20:11:17 62408 ----a-w- C:\Windows\System32\OpenCL.dll
2014-02-16 20:11:17 54216 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2014-02-16 20:10:58 947808 ----a-w- C:\Windows\System32\nvumdshimx.dll
2014-02-16 20:10:58 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2014-02-16 20:10:58 3093280 ----a-w- C:\Windows\System32\nvapi64.dll
2014-02-16 20:10:58 2715264 ----a-w- C:\Windows\SysWow64\nvapi.dll
2014-02-16 20:10:58 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2014-02-16 20:10:58 1884448 ----a-w- C:\Windows\System32\nvdispco6433221.dll
2014-02-16 20:10:58 18302384 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2014-02-16 20:10:58 17755424 ----a-w- C:\Windows\System32\nvd3dumx.dll
2014-02-16 20:10:58 1515296 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2014-02-16 20:10:58 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433221.dll
2014-02-16 20:10:58 14709720 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2014-02-16 20:08:21 -------- d-----w- C:\Users\Weenercow\AppData\Local\NVIDIA Corporation
2014-02-16 20:07:58 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll
2014-02-16 20:07:58 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2014-02-16 20:07:58 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2014-02-16 20:07:58 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2014-02-16 20:07:57 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
2014-02-16 20:07:57 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2014-02-16 20:07:50 1179576 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-02-16 20:07:50 1048152 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-02-16 20:07:50 -------- d-----w- C:\Users\Weenercow\AppData\Local\NVIDIA
2014-02-16 20:07:45 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2014-02-16 20:06:49 -------- d-----w- C:\Users\Weenercow\AppData\Local\Google
2014-02-16 20:06:43 -------- d-----w- C:\Users\Weenercow\AppData\Local\Deployment
2014-02-16 20:06:43 -------- d-----w- C:\Users\Weenercow\AppData\Local\Apps
2014-02-16 20:05:31 -------- d-----w- C:\Intel
2014-02-16 20:04:49 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2014-02-16 20:04:48 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-02-16 20:04:48 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-02-16 20:04:48 33056 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-02-16 20:04:43 -------- d-----w- C:\Program Files\NVIDIA Corporation
2014-02-16 20:03:12 538496 ----a-w- C:\Windows\System32\PROUnstl.exe
2014-02-16 19:48:41 -------- d-----w- C:\Program Files (x86)\ASM106xSATA
2014-02-16 19:48:27 -------- d-sh--w- C:\Windows\Installer
2014-02-16 19:47:42 -------- d-----w- C:\Users\Weenercow\AppData\Local\Diagnostics
.
==================== Find3M  ====================
.
2014-02-17 00:30:23 836544 ----a-w- C:\Windows\System32\tadefxapo264.dll
2014-02-16 20:18:18 2872320 ----a-w- C:\Windows\explorer.exe
2014-02-03 19:20:54 270496 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 17:39:58.98 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 2/16/2014 12:46:41 PM
System Uptime: 3/10/2014 5:18:21 PM (0 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. |  | MAXIMUS V FORMULA
Processor: Intel® Core i7-3770K CPU @ 3.50GHz | LGA1155 | 3501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 786.638 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_84881043&REV_00\4&11EB9DBD&0&00E4
Manufacturer: 
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_84881043&REV_00\4&11EB9DBD&0&00E4
Service: 
.
Class GUID: 
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_1E22&SUBSYS_84CA1043&REV_04\3&11583659&0&FB
Manufacturer: 
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_1E22&SUBSYS_84CA1043&REV_04\3&11583659&0&FB
Service: 
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID: 
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_84CA1043&REV_04\3&11583659&0&A0
Manufacturer: 
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_84CA1043&REV_04\3&11583659&0&A0
Service: 
.
Class GUID: 
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_8086&DEV_1E3A&SUBSYS_84CA1043&REV_04\3&11583659&0&B0
Manufacturer: 
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_8086&DEV_1E3A&SUBSYS_84CA1043&REV_04\3&11583659&0&B0
Service: 
.
==== System Restore Points ===================
.
RP41: 3/9/2014 4:36:55 PM - Installed Assassin's Creed® III v1.02
RP42: 3/10/2014 4:19:19 PM - Installed SpyHunter
RP43: 3/10/2014 5:05:47 PM - Removed SpyHunter
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Apple Application Support
Apple Software Update
Asmedia ASM106x SATA Host Controller Driver
Assassin's Creed® III v1.02
ASUS_ROG_THEME
Battlefield 4™
Battlelog Web Plugins
CCleaner
Crysis®3
Defraggler
EPSON WorkForce 845 Series Printer Uninstall
ESN Sonar
Far Cry 3
GeForce Experience NvStream Client Components
Google Chrome
Google Drive
Google Update Helper
Half-Life
Intel® Network Connections 17.3.63.0
Java 7 Update 51
Java Auto Updater
Java SE Development Kit 7 Update 51
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 365 Home Premium - en-us
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Notepad++
NVIDIA 3D Vision Controller Driver 335.21
NVIDIA 3D Vision Driver 335.23
NVIDIA Control Panel 335.23
NVIDIA GeForce Experience 1.8.2
NVIDIA Graphics Driver 335.23
NVIDIA HD Audio Driver 1.3.30.1
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA Optimus Update 11.10.11
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.1220
NVIDIA ShadowPlay 11.10.11
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 11.10.11
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.20
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Origin
PeaZip 5.2.1
PunkBuster Services
Realtek High Definition Audio Driver
Rust
SHIELD Streaming
Sid Meier's Civilization V
Skype™ 6.13
Steam
TeamSpeak 3 Client
Uplay
VLC media player 2.1.3
.
==== Event Viewer Messages From Past Week ========
.
3/9/2014 3:30:59 PM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
3/10/2014 5:19:53 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/10/2014 5:17:49 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
3/10/2014 5:17:25 PM, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
3/10/2014 5:09:01 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1005]  - Unable to produce a minidump file from the full dump file.
3/10/2014 5:09:01 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff8000204b164, 0xfffff8800db9ddf0, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .
.
==== End Of File ===========================
 
 
 
 
Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

Please post up C:\combofix.txt.

Link to post
Share on other sites

ComboFix 14-03-10.01 - Weenercow 03/10/2014  17:12:31.1.8 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.12232.10156 [GMT -6:00]

Running from: c:\users\Weenercow\Downloads\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\_ctypes.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\_elementtree.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\_hashlib.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\_multiprocessing.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\_socket.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\_ssl.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\pyexpat.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\pysqlite2._sqlite.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\python27.dll

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\pythoncom27.dll

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\PyWinTypes27.dll

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\select.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\unicodedata.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\win32api.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\win32com.shell.shell.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\win32crypt.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\win32event.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\win32file.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\win32inet.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\win32pdh.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\win32pipe.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\win32process.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\win32profile.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\win32security.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\win32ts.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\windows._lib_cacheinvalidation.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\wx._controls_.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\wx._core_.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\wx._gdi_.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\wx._html2.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\wx._misc_.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\wx._windows_.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\wx._wizard.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\wxbase294u_net_vc90.dll

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\wxbase294u_vc90.dll

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\wxmsw294u_adv_vc90.dll

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\wxmsw294u_core_vc90.dll

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\wxmsw294u_html_vc90.dll

c:\users\WEENER~1\AppData\Local\Temp\_MEI17722\wxmsw294u_webview_vc90.dll

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\_ctypes.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\_elementtree.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\_hashlib.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\_multiprocessing.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\_socket.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\_ssl.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\pyexpat.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\pysqlite2._sqlite.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\python27.dll

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\pythoncom27.dll

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\PyWinTypes27.dll

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\select.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\unicodedata.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\win32api.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\win32com.shell.shell.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\win32crypt.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\win32event.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\win32file.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\win32inet.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\win32pdh.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\win32pipe.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\win32process.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\win32profile.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\win32security.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\win32ts.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\windows._lib_cacheinvalidation.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\wx._controls_.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\wx._core_.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\wx._gdi_.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\wx._html2.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\wx._misc_.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\wx._windows_.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\wx._wizard.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\wxbase294u_net_vc90.dll

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\wxbase294u_vc90.dll

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\wxmsw294u_adv_vc90.dll

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\wxmsw294u_core_vc90.dll

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\wxmsw294u_html_vc90.dll

c:\users\Weenercow\AppData\Local\Temp\_MEI17722\wxmsw294u_webview_vc90.dll

c:\windows\security\Database\tmp.edb

.

c:\windows\explorer.exe . . . is infected!!

.

.

(((((((((((((((((((((((((   Files Created from 2014-02-10 to 2014-03-10  )))))))))))))))))))))))))))))))

.

.

2014-03-10 23:17 . 2014-03-10 23:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-03-10 22:22 . 2014-03-04 11:32 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2014-03-10 22:16 . 2014-03-10 22:16 -------- d-----w- C:\NVIDIA

2014-03-09 23:43 . 2014-03-09 23:43 -------- d-----w- c:\programdata\boost_interprocess

2014-03-08 01:45 . 2014-03-08 01:45 76888 ----a-w- c:\windows\system32\PnkBstrA.exe

2014-03-07 23:02 . 2014-02-17 08:32 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F73D3E8-72CD-4A77-959B-53679C141D19}\mpengine.dll

2014-03-07 04:49 . 2014-03-07 04:49 -------- d-----w- c:\program files (x86)\Common Files\Apple

2014-03-07 04:49 . 2014-03-07 04:49 -------- d-----w- c:\programdata\Apple

2014-03-07 04:49 . 2014-03-07 04:49 -------- d-----w- c:\program files (x86)\Apple Software Update

2014-03-06 00:42 . 2014-03-06 00:42 -------- d-----w- c:\program files (x86)\WinAnt

2014-03-05 04:56 . 2014-02-20 06:57 3123272 ----a-w- c:\windows\SysWow64\pbsvc.exe

2014-03-03 02:57 . 2014-03-03 02:57 -------- d-----w- C:\cygwin64

2014-03-02 23:23 . 2014-03-09 22:35 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2014-03-01 20:04 . 2014-03-01 20:04 -------- d-----w- c:\programdata\Oracle

2014-03-01 20:04 . 2014-03-01 20:04 -------- d-----w- c:\program files (x86)\Common Files\Java

2014-03-01 20:04 . 2014-03-01 20:04 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2014-03-01 20:04 . 2014-03-06 00:41 -------- d-----w- c:\program files (x86)\Java

2014-03-01 01:35 . 2014-03-01 01:36 -------- d-----w- c:\programdata\regid.1986-12.com.adobe

2014-03-01 01:28 . 2014-03-03 00:09 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2014-02-24 03:29 . 2014-02-24 03:29 -------- d-----w- c:\program files\Common Files\EPSON

2014-02-24 03:29 . 2011-04-20 10:03 120320 ----a-w- c:\windows\system32\E_YLMHSA.DLL

2014-02-24 03:29 . 2011-03-15 10:03 83968 ----a-w- c:\windows\system32\E_YD4BHSA.DLL

2014-02-24 03:29 . 2014-02-24 03:29 -------- d-----w- c:\programdata\EPSON

2014-02-24 00:20 . 2014-02-24 00:20 -------- d-----w- c:\program files (x86)\VideoLAN

2014-02-23 15:36 . 2014-02-23 15:36 -------- d-----w- c:\program files (x86)\AGEIA Technologies

2014-02-23 15:34 . 2014-03-04 14:35 877856 ----a-w- c:\windows\system32\NvFBC64.dll

2014-02-23 15:34 . 2014-03-04 14:35 15783992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2014-02-23 15:34 . 2014-02-08 18:34 1885472 ----a-w- c:\windows\system32\nvdispco6433489.dll

2014-02-23 15:34 . 2014-02-08 18:34 1515296 ----a-w- c:\windows\system32\nvdispgenco6433489.dll

2014-02-22 18:03 . 2014-02-22 18:03 -------- d-----w- c:\program files (x86)\Notepad++

2014-02-20 03:17 . 2014-02-20 03:17 -------- d-----w- c:\program files\Defraggler

2014-02-20 01:29 . 2014-03-05 04:57 -------- d-----w- c:\program files (x86)\Ubisoft

2014-02-20 00:30 . 2014-02-20 00:30 -------- d-----w- c:\programdata\Microsoft OneDrive

2014-02-20 00:29 . 2014-02-20 00:29 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive

2014-02-20 00:29 . 2014-02-20 00:29 -------- d-----w- c:\programdata\Microsoft SkyDrive

2014-02-20 00:24 . 2014-02-28 23:11 578256 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe

2014-02-20 00:22 . 2014-02-28 23:17 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft

2014-02-20 00:19 . 2014-02-28 23:15 -------- d-----w- c:\program files\Microsoft Office 15

2014-02-17 00:59 . 2014-02-20 02:48 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller

2014-02-17 00:59 . 2014-03-10 21:42 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2014-02-17 00:59 . 2014-03-10 21:42 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2014-02-17 00:59 . 2014-03-05 04:56 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2014-02-17 00:35 . 2014-02-17 00:35 -------- d-----w- c:\program files (x86)\PeaZip

2014-02-17 00:35 . 2014-02-17 00:35 16896 ----a-w- c:\windows\AsTaskSched.dll

2014-02-17 00:30 . 2014-02-17 00:30 1706640 ----a-w- c:\windows\RtlExUpd.dll

2014-02-17 00:21 . 2014-02-17 00:21 -------- d-----w- c:\program files (x86)\Common Files\Skype

2014-02-17 00:21 . 2014-02-17 00:21 -------- d-----r- c:\program files (x86)\Skype

2014-02-17 00:21 . 2014-02-17 00:21 -------- d-----w- c:\programdata\Skype

2014-02-16 23:20 . 2014-02-16 23:29 -------- d-----w- c:\program files\Registrar Registry Manager

2014-02-16 23:14 . 2014-02-16 23:14 -------- d-----w- c:\program files (x86)\Enigma Software Group

2014-02-16 23:14 . 2014-02-16 23:29 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP

2014-02-16 22:50 . 2014-02-16 22:57 -------- d-----w- C:\AdwCleaner

2014-02-16 22:26 . 2014-02-20 01:19 -------- d-----w- c:\program files (x86)\Origin Games

2014-02-16 22:25 . 2014-03-10 23:17 -------- d-----w- c:\programdata\Origin

2014-02-16 22:25 . 2014-02-17 01:33 -------- d-----w- c:\programdata\Electronic Arts

2014-02-16 22:24 . 2014-03-10 23:09 -------- d-----w- c:\program files (x86)\Origin

2014-02-16 22:01 . 2014-03-01 01:28 -------- d-----w- c:\program files (x86)\Common Files\Steam

2014-02-16 22:01 . 2014-03-09 20:08 -------- d-----w- c:\program files (x86)\Steam

2014-02-16 21:56 . 2014-02-21 22:49 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins

2014-02-16 21:22 . 2014-02-16 21:22 -------- d-----w- c:\programdata\Lavasoft

2014-02-16 21:15 . 2014-02-16 21:15 -------- d-----w- c:\program files\Enigma Software Group

2014-02-16 21:14 . 2014-03-10 23:06 -------- d-----w- c:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP

2014-02-16 21:14 . 2014-02-16 23:14 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2014-02-16 21:04 . 2014-02-16 21:04 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-02-16 20:42 . 2014-02-17 00:33 -------- d--h--w- c:\program files (x86)\Temp

2014-02-16 20:42 . 2014-02-16 20:42 -------- d-----w- c:\program files (x86)\Common Files\InstallShield

2014-02-16 20:39 . 2014-02-16 20:40 -------- d-----w- c:\windows\Panther

2014-02-16 20:32 . 2014-02-16 20:32 -------- d-----w- c:\programdata\Malwarebytes

2014-02-16 20:32 . 2014-02-16 20:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2014-02-16 20:32 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-02-16 20:31 . 2014-03-02 06:23 -------- d-----w- c:\program files\CCleaner

2014-02-16 20:29 . 2014-02-16 20:29 -------- d-----w- c:\program files\TeamSpeak 3 Client

2014-02-16 20:28 . 2014-03-10 22:22 -------- d-----w- C:\temp

2014-02-16 20:28 . 2013-11-14 03:41 439296 ----a-w- c:\windows\system32\plsapp64.dll

2014-02-16 20:18 . 2011-10-28 23:01 680960 ----a-w- c:\windows\SysWow64\ROGThemeSetup.exe

2014-02-16 20:18 . 2011-10-26 18:33 201728 ----a-w- c:\windows\SysWow64\ROG_Video Intro .scr

2014-02-16 20:18 . 2010-11-21 03:24 2872320 ----a-w- c:\windows\explorer.exe.rogbak

2014-02-16 20:18 . 2014-02-16 20:18 -------- d-----w- c:\windows\SysWow64\Macromed

2014-02-16 20:18 . 2013-10-21 22:32 -------- d---a-w- c:\windows\SysWow64\ROG_Video Intro  dir

2014-02-16 20:11 . 2014-03-10 23:18 -------- d-----w- c:\programdata\NVIDIA

2014-02-16 20:11 . 2014-03-04 13:06 6714312 ----a-w- c:\windows\system32\nvcpl.dll

2014-02-16 20:11 . 2014-03-04 13:06 3497816 ----a-w- c:\windows\system32\nvsvc64.dll

2014-02-16 20:11 . 2014-03-04 13:05 922968 ----a-w- c:\windows\system32\nvvsvc.exe

2014-02-16 20:11 . 2014-03-04 13:05 64968 ----a-w- c:\windows\system32\nvshext.dll

2014-02-16 20:11 . 2014-03-04 13:05 386336 ----a-w- c:\windows\system32\nvmctray.dll

2014-02-16 20:11 . 2014-03-04 13:05 3649185 ----a-w- c:\windows\system32\nvcoproc.bin

2014-02-16 20:11 . 2014-03-04 14:35 62408 ----a-w- c:\windows\system32\OpenCL.dll

2014-02-16 20:11 . 2014-03-04 14:35 54216 ----a-w- c:\windows\SysWow64\OpenCL.dll

2014-02-16 20:10 . 2014-03-04 14:35 947808 ----a-w- c:\windows\system32\nvumdshimx.dll

2014-02-16 20:10 . 2014-03-04 14:35 3093280 ----a-w- c:\windows\system32\nvapi64.dll

2014-02-16 20:10 . 2014-03-04 14:35 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll

2014-02-16 20:10 . 2014-03-04 14:35 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll

2014-02-16 20:10 . 2014-03-04 14:35 17755424 ----a-w- c:\windows\system32\nvd3dumx.dll

2014-02-16 20:10 . 2014-03-04 14:35 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2014-02-16 20:10 . 2013-12-19 20:33 1884448 ----a-w- c:\windows\system32\nvdispco6433221.dll

2014-02-16 20:10 . 2013-12-19 20:33 1511712 ----a-w- c:\windows\system32\nvdispgenco6433221.dll

2014-02-16 20:10 . 2013-11-28 13:38 31520 ----a-w- c:\windows\system32\nvhdap64.dll

2014-02-16 20:10 . 2013-11-28 13:38 197408 ----a-w- c:\windows\system32\drivers\nvhda64v.sys

2014-02-16 20:10 . 2013-11-22 08:36 1515296 ----a-w- c:\windows\system32\nvhdagenco6420103.dll

2014-02-16 20:07 . 2010-05-26 18:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll

2014-02-16 20:07 . 2010-05-26 18:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll

2014-02-16 20:07 . 2010-05-26 18:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll

2014-02-16 20:07 . 2010-05-26 18:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll

2014-02-16 20:07 . 2010-05-26 18:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll

2014-02-16 20:07 . 2010-05-26 18:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll

2014-02-16 20:07 . 2014-01-21 02:54 1048152 ----a-w- c:\windows\SysWow64\nvspcap.dll

2014-02-16 20:07 . 2014-01-21 02:54 1179576 ----a-w- c:\windows\system32\nvspcap64.dll

2014-02-16 20:07 . 2014-02-16 20:11 -------- d-----w- c:\programdata\NVIDIA Corporation

2014-02-16 20:06 . 2014-02-20 01:30 -------- d-----w- c:\program files (x86)\Google

2014-02-16 20:05 . 2014-02-20 00:28 -------- d-----w- c:\program files (x86)\Microsoft.NET

2014-02-16 20:05 . 2014-02-16 20:05 -------- d-----w- C:\Intel

2014-02-16 20:04 . 2014-03-10 22:22 -------- d-----w- c:\program files (x86)\NVIDIA Corporation

2014-02-16 20:04 . 2013-12-27 18:42 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys

2014-02-16 20:04 . 2013-12-27 18:42 35104 ----a-w- c:\windows\system32\nvaudcap64v.dll

2014-02-16 20:04 . 2013-12-27 18:42 33056 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll

2014-02-16 20:04 . 2014-02-16 20:11 -------- d-----w- c:\program files\NVIDIA Corporation

2014-02-16 20:03 . 2014-02-16 20:03 -------- d-----w- c:\program files\Intel

2014-02-16 20:03 . 2012-07-26 06:54 538496 ----a-w- c:\windows\system32\PROUnstl.exe

2014-02-16 19:48 . 2014-02-16 19:48 -------- d-----w- c:\program files (x86)\ASM106xSATA

2014-02-16 19:48 . 2014-03-10 23:06 -------- d-sh--w- c:\windows\Installer

2014-02-16 19:46 . 2014-03-10 23:04 -------- d-----w- c:\users\Weenercow

2014-02-16 19:46 . 2014-02-16 19:46 -------- d-----w- C:\Recovery

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-02-16 20:18 . 2010-11-21 03:24 2872320 ----a-w- c:\windows\explorer.exe

2014-02-03 19:20 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2014-02-16 . ECC9072346F96A25B27D12B62164DF3C . 2872320 . . [6.1.7600.16385] .. c:\windows\explorer.exe

[-] 2014-02-16 . ECC9072346F96A25B27D12B62164DF3C . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EADM"="c:\program files (x86)\Origin\Origin.exe" [2014-03-10 3588952]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-01-30 21822128]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]

R3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys;c:\windows\SYSNATIVE\drivers\efavdrv.sys [x]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]

S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]

S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]

S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-03-05 01:12 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16 20:06]

.

2014-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16 20:06]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2014-02-28 23:12 2333400 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2014-02-28 23:12 2333400 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2014-02-28 23:12 2333400 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2014-01-30 22:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2014-01-30 22:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2014-01-30 22:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2014-01-30 22:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2014-01-30 22:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-01-21 2234144]

"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-01-21 1179576]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.0.1 205.171.2.25

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\PnkBstrA.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

.

**************************************************************************

.

Completion time: 2014-03-10  17:20:32 - machine was rebooted

ComboFix-quarantined-files.txt  2014-03-10 23:20

.

Pre-Run: 843,653,378,048 bytes free

Post-Run: 844,182,286,336 bytes free

.

- - End Of File - - 771AC05CC4898E4D37EBE045EF53040B

A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

No Antivirus Program installed!

I don't see an Anti Virus Program running on your machine.

Download and install an antivirus program, and make sure that you keep it updated New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.

Two good antivirus programs free for non-commercial home use are
Avast!
or
Microsoft Security Essentials

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

 

 

 

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

CFScript.txt

Link to post
Share on other sites

ComboFix 14-03-13.01 - Weenercow 03/13/2014  18:10:36.2.8 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.12232.10335 [GMT -6:00]

Running from: c:\users\Weenercow\Downloads\ComboFix.exe

Command switches used :: c:\users\Weenercow\Downloads\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\_ctypes.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\_elementtree.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\_hashlib.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\_multiprocessing.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\_socket.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\_ssl.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\pyexpat.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\pysqlite2._sqlite.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\python27.dll

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\pythoncom27.dll

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\PyWinTypes27.dll

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\select.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\unicodedata.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\win32api.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\win32com.shell.shell.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\win32crypt.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\win32event.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\win32file.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\win32inet.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\win32pdh.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\win32pipe.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\win32process.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\win32profile.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\win32security.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\win32ts.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\windows._lib_cacheinvalidation.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\wx._controls_.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\wx._core_.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\wx._gdi_.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\wx._html2.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\wx._misc_.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\wx._windows_.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\wx._wizard.pyd

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\wxbase294u_net_vc90.dll

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\wxbase294u_vc90.dll

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\wxmsw294u_adv_vc90.dll

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\wxmsw294u_core_vc90.dll

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\wxmsw294u_html_vc90.dll

c:\users\WEENER~1\AppData\Local\Temp\_MEI31802\wxmsw294u_webview_vc90.dll

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\_ctypes.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\_elementtree.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\_hashlib.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\_multiprocessing.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\_socket.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\_ssl.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\pyexpat.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\pysqlite2._sqlite.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\python27.dll

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\pythoncom27.dll

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\PyWinTypes27.dll

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\select.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\unicodedata.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\win32api.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\win32com.shell.shell.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\win32crypt.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\win32event.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\win32file.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\win32inet.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\win32pdh.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\win32pipe.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\win32process.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\win32profile.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\win32security.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\win32ts.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\windows._lib_cacheinvalidation.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\wx._controls_.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\wx._core_.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\wx._gdi_.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\wx._html2.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\wx._misc_.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\wx._windows_.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\wx._wizard.pyd

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\wxbase294u_net_vc90.dll

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\wxbase294u_vc90.dll

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\wxmsw294u_adv_vc90.dll

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\wxmsw294u_core_vc90.dll

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\wxmsw294u_html_vc90.dll

c:\users\Weenercow\AppData\Local\Temp\_MEI31802\wxmsw294u_webview_vc90.dll

.

c:\windows\explorer.exe . . . is infected!!

.

.

(((((((((((((((((((((((((   Files Created from 2014-02-14 to 2014-03-14  )))))))))))))))))))))))))))))))

.

.

2014-03-14 00:17 . 2014-03-14 00:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-03-10 22:22 . 2014-03-04 11:32 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2014-03-08 01:45 . 2014-03-08 01:45 76888 ----a-w- c:\windows\system32\PnkBstrA.exe

2014-03-07 23:02 . 2014-02-17 08:32 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F73D3E8-72CD-4A77-959B-53679C141D19}\mpengine.dll

2014-03-07 04:49 . 2014-03-07 04:49 -------- d-----w- c:\program files (x86)\Common Files\Apple

2014-03-07 04:49 . 2014-03-07 04:49 -------- d-----w- c:\programdata\Apple

2014-03-07 04:49 . 2014-03-07 04:49 -------- d-----w- c:\program files (x86)\Apple Software Update

2014-03-06 00:42 . 2014-03-06 00:42 -------- d-----w- c:\program files (x86)\WinAnt

2014-03-05 04:56 . 2014-02-20 06:57 3123272 ----a-w- c:\windows\SysWow64\pbsvc.exe

2014-03-03 02:57 . 2014-03-03 02:57 -------- d-----w- C:\cygwin64

2014-03-02 23:23 . 2014-03-09 22:35 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2014-03-01 20:04 . 2014-03-01 20:04 -------- d-----w- c:\programdata\Oracle

2014-03-01 20:04 . 2014-03-01 20:04 -------- d-----w- c:\program files (x86)\Common Files\Java

2014-03-01 20:04 . 2014-03-01 20:04 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2014-03-01 20:04 . 2014-03-06 00:41 -------- d-----w- c:\program files (x86)\Java

2014-03-01 01:35 . 2014-03-01 01:36 -------- d-----w- c:\programdata\regid.1986-12.com.adobe

2014-03-01 01:28 . 2014-03-03 00:09 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2014-02-24 03:29 . 2014-02-24 03:29 -------- d-----w- c:\program files\Common Files\EPSON

2014-02-24 03:29 . 2011-04-20 10:03 120320 ----a-w- c:\windows\system32\E_YLMHSA.DLL

2014-02-24 03:29 . 2011-03-15 10:03 83968 ----a-w- c:\windows\system32\E_YD4BHSA.DLL

2014-02-24 03:29 . 2014-02-24 03:29 -------- d-----w- c:\programdata\EPSON

2014-02-24 00:20 . 2014-02-24 00:20 -------- d-----w- c:\program files (x86)\VideoLAN

2014-02-23 15:36 . 2014-02-23 15:36 -------- d-----w- c:\program files (x86)\AGEIA Technologies

2014-02-23 15:34 . 2014-03-04 14:35 877856 ----a-w- c:\windows\system32\NvFBC64.dll

2014-02-23 15:34 . 2014-03-04 14:35 15783992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2014-02-23 15:34 . 2014-02-08 18:34 1885472 ----a-w- c:\windows\system32\nvdispco6433489.dll

2014-02-23 15:34 . 2014-02-08 18:34 1515296 ----a-w- c:\windows\system32\nvdispgenco6433489.dll

2014-02-22 18:03 . 2014-02-22 18:03 -------- d-----w- c:\program files (x86)\Notepad++

2014-02-20 03:17 . 2014-02-20 03:17 -------- d-----w- c:\program files\Defraggler

2014-02-20 01:29 . 2014-03-05 04:57 -------- d-----w- c:\program files (x86)\Ubisoft

2014-02-20 00:30 . 2014-02-20 00:30 -------- d-----w- c:\programdata\Microsoft OneDrive

2014-02-20 00:29 . 2014-02-20 00:29 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive

2014-02-20 00:29 . 2014-02-20 00:29 -------- d-----w- c:\programdata\Microsoft SkyDrive

2014-02-20 00:24 . 2014-02-28 23:11 578256 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe

2014-02-20 00:22 . 2014-02-28 23:17 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft

2014-02-20 00:19 . 2014-02-28 23:15 -------- d-----w- c:\program files\Microsoft Office 15

2014-02-17 00:59 . 2014-02-20 02:48 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller

2014-02-17 00:59 . 2014-03-11 21:52 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2014-02-17 00:59 . 2014-03-11 21:51 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2014-02-17 00:59 . 2014-03-05 04:56 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2014-02-17 00:35 . 2014-02-17 00:35 -------- d-----w- c:\program files (x86)\PeaZip

2014-02-17 00:35 . 2014-02-17 00:35 16896 ----a-w- c:\windows\AsTaskSched.dll

2014-02-17 00:30 . 2014-02-17 00:30 1706640 ----a-w- c:\windows\RtlExUpd.dll

2014-02-17 00:21 . 2014-02-17 00:21 -------- d-----w- c:\program files (x86)\Common Files\Skype

2014-02-17 00:21 . 2014-02-17 00:21 -------- d-----r- c:\program files (x86)\Skype

2014-02-17 00:21 . 2014-02-17 00:21 -------- d-----w- c:\programdata\Skype

2014-02-16 23:20 . 2014-02-16 23:29 -------- d-----w- c:\program files\Registrar Registry Manager

2014-02-16 23:14 . 2014-02-16 23:14 -------- d-----w- c:\program files (x86)\Enigma Software Group

2014-02-16 23:14 . 2014-02-16 23:29 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP

2014-02-16 22:50 . 2014-03-11 03:36 -------- d-----w- C:\AdwCleaner

2014-02-16 22:26 . 2014-02-20 01:19 -------- d-----w- c:\program files (x86)\Origin Games

2014-02-16 22:25 . 2014-03-14 00:07 -------- d-----w- c:\programdata\Origin

2014-02-16 22:25 . 2014-02-17 01:33 -------- d-----w- c:\programdata\Electronic Arts

2014-02-16 22:24 . 2014-03-14 00:07 -------- d-----w- c:\program files (x86)\Origin

2014-02-16 22:01 . 2014-03-01 01:28 -------- d-----w- c:\program files (x86)\Common Files\Steam

2014-02-16 22:01 . 2014-03-12 00:10 -------- d-----w- c:\program files (x86)\Steam

2014-02-16 21:56 . 2014-03-11 21:48 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins

2014-02-16 21:22 . 2014-02-16 21:22 -------- d-----w- c:\programdata\Lavasoft

2014-02-16 21:15 . 2014-02-16 21:15 -------- d-----w- c:\program files\Enigma Software Group

2014-02-16 21:14 . 2014-03-11 01:59 -------- d-----w- c:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP

2014-02-16 21:14 . 2014-02-16 23:14 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2014-02-16 21:04 . 2014-02-16 21:04 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-02-16 20:42 . 2014-02-17 00:33 -------- d--h--w- c:\program files (x86)\Temp

2014-02-16 20:42 . 2014-02-16 20:42 -------- d-----w- c:\program files (x86)\Common Files\InstallShield

2014-02-16 20:39 . 2014-02-16 20:40 -------- d-----w- c:\windows\Panther

2014-02-16 20:32 . 2014-02-16 20:32 -------- d-----w- c:\programdata\Malwarebytes

2014-02-16 20:32 . 2014-02-16 20:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2014-02-16 20:32 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-02-16 20:31 . 2014-03-02 06:23 -------- d-----w- c:\program files\CCleaner

2014-02-16 20:29 . 2014-02-16 20:29 -------- d-----w- c:\program files\TeamSpeak 3 Client

2014-02-16 20:28 . 2014-03-10 22:22 -------- d-----w- C:\temp

2014-02-16 20:28 . 2013-11-14 03:41 439296 ----a-w- c:\windows\system32\plsapp64.dll

2014-02-16 20:18 . 2011-10-28 23:01 680960 ----a-w- c:\windows\SysWow64\ROGThemeSetup.exe

2014-02-16 20:18 . 2011-10-26 18:33 201728 ----a-w- c:\windows\SysWow64\ROG_Video Intro .scr

2014-02-16 20:18 . 2010-11-21 03:24 2872320 ----a-w- c:\windows\explorer.exe.rogbak

2014-02-16 20:18 . 2014-02-16 20:18 -------- d-----w- c:\windows\SysWow64\Macromed

2014-02-16 20:18 . 2013-10-21 22:32 -------- d---a-w- c:\windows\SysWow64\ROG_Video Intro  dir

2014-02-16 20:11 . 2014-03-14 00:18 -------- d-----w- c:\programdata\NVIDIA

2014-02-16 20:11 . 2014-03-04 13:06 6714312 ----a-w- c:\windows\system32\nvcpl.dll

2014-02-16 20:11 . 2014-03-04 13:06 3497816 ----a-w- c:\windows\system32\nvsvc64.dll

2014-02-16 20:11 . 2014-03-04 13:05 922968 ----a-w- c:\windows\system32\nvvsvc.exe

2014-02-16 20:11 . 2014-03-04 13:05 64968 ----a-w- c:\windows\system32\nvshext.dll

2014-02-16 20:11 . 2014-03-04 13:05 386336 ----a-w- c:\windows\system32\nvmctray.dll

2014-02-16 20:11 . 2014-03-04 13:05 3649185 ----a-w- c:\windows\system32\nvcoproc.bin

2014-02-16 20:11 . 2014-03-04 14:35 62408 ----a-w- c:\windows\system32\OpenCL.dll

2014-02-16 20:11 . 2014-03-04 14:35 54216 ----a-w- c:\windows\SysWow64\OpenCL.dll

2014-02-16 20:10 . 2014-03-04 14:35 947808 ----a-w- c:\windows\system32\nvumdshimx.dll

2014-02-16 20:10 . 2014-03-04 14:35 3093280 ----a-w- c:\windows\system32\nvapi64.dll

2014-02-16 20:10 . 2014-03-04 14:35 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll

2014-02-16 20:10 . 2014-03-04 14:35 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll

2014-02-16 20:10 . 2014-03-04 14:35 17755424 ----a-w- c:\windows\system32\nvd3dumx.dll

2014-02-16 20:10 . 2014-03-04 14:35 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2014-02-16 20:10 . 2013-12-19 20:33 1884448 ----a-w- c:\windows\system32\nvdispco6433221.dll

2014-02-16 20:10 . 2013-12-19 20:33 1511712 ----a-w- c:\windows\system32\nvdispgenco6433221.dll

2014-02-16 20:10 . 2013-11-28 13:38 31520 ----a-w- c:\windows\system32\nvhdap64.dll

2014-02-16 20:10 . 2013-11-28 13:38 197408 ----a-w- c:\windows\system32\drivers\nvhda64v.sys

2014-02-16 20:10 . 2013-11-22 08:36 1515296 ----a-w- c:\windows\system32\nvhdagenco6420103.dll

2014-02-16 20:07 . 2010-05-26 18:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll

2014-02-16 20:07 . 2010-05-26 18:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll

2014-02-16 20:07 . 2010-05-26 18:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll

2014-02-16 20:07 . 2010-05-26 18:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll

2014-02-16 20:07 . 2010-05-26 18:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll

2014-02-16 20:07 . 2010-05-26 18:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll

2014-02-16 20:07 . 2014-01-21 02:54 1048152 ----a-w- c:\windows\SysWow64\nvspcap.dll

2014-02-16 20:07 . 2014-01-21 02:54 1179576 ----a-w- c:\windows\system32\nvspcap64.dll

2014-02-16 20:07 . 2014-02-16 20:11 -------- d-----w- c:\programdata\NVIDIA Corporation

2014-02-16 20:06 . 2014-02-20 01:30 -------- d-----w- c:\program files (x86)\Google

2014-02-16 20:05 . 2014-02-20 00:28 -------- d-----w- c:\program files (x86)\Microsoft.NET

2014-02-16 20:05 . 2014-02-16 20:05 -------- d-----w- C:\Intel

2014-02-16 20:04 . 2014-03-10 22:22 -------- d-----w- c:\program files (x86)\NVIDIA Corporation

2014-02-16 20:04 . 2013-12-27 18:42 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys

2014-02-16 20:04 . 2013-12-27 18:42 35104 ----a-w- c:\windows\system32\nvaudcap64v.dll

2014-02-16 20:04 . 2013-12-27 18:42 33056 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll

2014-02-16 20:04 . 2014-02-16 20:11 -------- d-----w- c:\program files\NVIDIA Corporation

2014-02-16 20:03 . 2014-02-16 20:03 -------- d-----w- c:\program files\Intel

2014-02-16 20:03 . 2012-07-26 06:54 538496 ----a-w- c:\windows\system32\PROUnstl.exe

2014-02-16 19:48 . 2014-02-16 19:48 -------- d-----w- c:\program files (x86)\ASM106xSATA

2014-02-16 19:48 . 2014-03-11 01:59 -------- d-sh--w- c:\windows\Installer

2014-02-16 19:46 . 2014-03-10 23:04 -------- d-----w- c:\users\Weenercow

2014-02-16 19:46 . 2014-02-16 19:46 -------- d-----w- C:\Recovery

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-02-16 20:18 . 2010-11-21 03:24 2872320 ----a-w- c:\windows\explorer.exe

2014-02-03 19:20 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2014-02-16 . ECC9072346F96A25B27D12B62164DF3C . 2872320 . . [6.1.7600.16385] .. c:\windows\explorer.exe

[-] 2014-02-16 . ECC9072346F96A25B27D12B62164DF3C . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EADM"="c:\program files (x86)\Origin\Origin.exe" [2014-03-10 3588952]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-01-30 21822128]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys;c:\windows\SYSNATIVE\drivers\efavdrv.sys [x]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]

S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]

S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]

S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]

S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]

S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-03-05 01:12 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16 20:06]

.

2014-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16 20:06]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2014-02-28 23:12 2333400 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2014-02-28 23:12 2333400 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2014-02-28 23:12 2333400 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2014-01-30 22:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2014-01-30 22:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2014-01-30 22:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2014-01-30 22:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2014-01-30 22:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-01-21 2234144]

"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-01-21 1179576]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.0.1 205.171.2.25

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\PnkBstrA.exe

.

**************************************************************************

.

Completion time: 2014-03-13  18:20:22 - machine was rebooted

ComboFix-quarantined-files.txt  2014-03-14 00:20

ComboFix2.txt  2014-03-10 23:20

.

Pre-Run: 841,619,742,720 bytes free

Post-Run: 841,439,039,488 bytes free

.

- - End Of File - - 3612C7412B2CC70B2C3925C26DF3B9ED

A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

Scan with SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefindexplorer.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff

Log created at 09:02 on 15/03/2014 by Weenercow

Administrator - Elevation successful

 

========== filefind ==========

 

Searching for "explorer.exe"

C:\Windows\explorer.exe --a---- 2872320 bytes [03:24 21/11/2010] [20:18 16/02/2014] ECC9072346F96A25B27D12B62164DF3C

C:\Windows\SysWOW64\explorer.exe --a---- 2616320 bytes [03:24 21/11/2010] [03:24 21/11/2010] 40D777B7A95E00593EB1568C68514493

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe --a---- 2872320 bytes [03:24 21/11/2010] [20:18 16/02/2014] ECC9072346F96A25B27D12B62164DF3C

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe --a---- 2616320 bytes [03:24 21/11/2010] [03:24 21/11/2010] 40D777B7A95E00593EB1568C68514493

 

-= EOF =-

Link to post
Share on other sites

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

CFScript.txt

Link to post
Share on other sites

I ran the combofix script and explorer.exe is no longer working. I cannot browse files but I can launch anything from the command line but of course this will not do. I am not blaming you I just need my explorer.exe back. Ill run the malwarebytes and upload both logs but I really need this back.

Combofix log was never created. I'm assuming its because of the explorer.exe problem. Would you still like the malwarebytes log? I doubt it will work though

Link to post
Share on other sites

2014-03-14 21:40:45 . 2014-03-14 21:40:45          595,968 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\wxmsw294u_html_vc90.dll.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45           91,648 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\wxmsw294u_webview_vc90.dll.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45          154,112 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\wxbase294u_net_vc90.dll.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45        1,234,944 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\wxmsw294u_adv_vc90.dll.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45        4,598,272 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\wxmsw294u_core_vc90.dll.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45        1,985,024 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\wxbase294u_vc90.dll.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45        2,436,608 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\python27.dll.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45           26,624 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\_multiprocessing.pyd.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45          805,888 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\wx._gdi_.pyd.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45          110,080 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\PyWinTypes27.dll.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45        1,157,120 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\_ssl.pyd.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45          811,008 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\wx._windows_.pyd.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45          712,192 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\_hashlib.pyd.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45           24,064 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\win32pipe.pyd.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45           35,840 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\win32process.pyd.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45           70,656 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\wx._html2.pyd.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45           87,040 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\_ctypes.pyd.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45           38,912 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\win32inet.pyd.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45           25,600 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\win32pdh.pyd.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45        1,062,400 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\wx._controls_.pyd.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45          127,488 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\pyexpat.pyd.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45           10,240 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\select.pyd.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45          686,080 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\unicodedata.pyd.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45           18,432 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\win32event.pyd.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45          119,808 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\win32file.pyd.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45           17,408 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\win32profile.pyd.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45          108,544 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\win32security.pyd.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45          525,640 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\windows._lib_cacheinvalidation.pyd.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45          557,056 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\pysqlite2._sqlite.pyd.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45           98,816 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\win32api.pyd.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45          128,512 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\_elementtree.pyd.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45           44,032 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\_socket.pyd.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45          320,512 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\win32com.shell.shell.pyd.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45           22,528 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\win32ts.pyd.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45        1,175,040 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\wx._core_.pyd.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45          364,544 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\pythoncom27.dll.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45          735,232 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\wx._misc_.pyd.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45           11,264 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\win32crypt.pyd.vir

2014-03-14 21:40:45 . 2014-03-14 21:40:45          122,368 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI32482\wx._wizard.pyd.vir

2014-03-14 00:10:28 . 2014-03-14 00:10:28                0 ----a-w-  C:\Qoobox\Quarantine\catchme.txt

2014-03-14 00:07:07 . 2014-03-14 00:07:07          595,968 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\wxmsw294u_html_vc90.dll.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07           91,648 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\wxmsw294u_webview_vc90.dll.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07          154,112 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\wxbase294u_net_vc90.dll.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07        1,234,944 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\wxmsw294u_adv_vc90.dll.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07        4,598,272 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\wxmsw294u_core_vc90.dll.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07        1,985,024 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\wxbase294u_vc90.dll.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07        2,436,608 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\python27.dll.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07           26,624 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\_multiprocessing.pyd.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07          805,888 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\wx._gdi_.pyd.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07          110,080 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\PyWinTypes27.dll.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07        1,157,120 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\_ssl.pyd.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07          712,192 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\_hashlib.pyd.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07           38,912 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\win32inet.pyd.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07           25,600 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\win32pdh.pyd.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07           24,064 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\win32pipe.pyd.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07           35,840 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\win32process.pyd.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07           70,656 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\wx._html2.pyd.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07          811,008 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\wx._windows_.pyd.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07           87,040 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\_ctypes.pyd.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07          127,488 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\pyexpat.pyd.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07           10,240 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\select.pyd.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07          686,080 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\unicodedata.pyd.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07           18,432 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\win32event.pyd.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07          119,808 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\win32file.pyd.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07           17,408 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\win32profile.pyd.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07          108,544 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\win32security.pyd.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07          525,640 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\windows._lib_cacheinvalidation.pyd.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07        1,062,400 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\wx._controls_.pyd.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07          557,056 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\pysqlite2._sqlite.pyd.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07           98,816 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\win32api.pyd.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07          128,512 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\_elementtree.pyd.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07           44,032 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\_socket.pyd.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07          320,512 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\win32com.shell.shell.pyd.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07          364,544 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\pythoncom27.dll.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07           22,528 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\win32ts.pyd.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07        1,175,040 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\wx._core_.pyd.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07           11,264 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\win32crypt.pyd.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07          735,232 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\wx._misc_.pyd.vir

2014-03-14 00:07:07 . 2014-03-14 00:07:07          122,368 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI31802\wx._wizard.pyd.vir

2014-03-10 23:20:32 . 2014-03-10 23:20:32              512 ----a-w-  C:\Qoobox\Quarantine\MBR_HardDisk0.mbr

2014-03-10 23:15:11 . 2014-03-15 06:54:28            3,914 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2014-03-10 23:09:18 . 2014-03-10 23:09:18          595,968 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\wxmsw294u_html_vc90.dll.vir

2014-03-10 23:09:18 . 2014-03-10 23:09:18           91,648 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\wxmsw294u_webview_vc90.dll.vir

2014-03-10 23:09:18 . 2014-03-10 23:09:18          154,112 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\wxbase294u_net_vc90.dll.vir

2014-03-10 23:09:18 . 2014-03-10 23:09:18        1,234,944 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\wxmsw294u_adv_vc90.dll.vir

2014-03-10 23:09:18 . 2014-03-10 23:09:18        4,598,272 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\wxmsw294u_core_vc90.dll.vir

2014-03-10 23:09:18 . 2014-03-10 23:09:18        1,985,024 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\wxbase294u_vc90.dll.vir

2014-03-10 23:09:18 . 2014-03-10 23:09:18        2,436,608 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\python27.dll.vir

2014-03-10 23:09:18 . 2014-03-10 23:09:18           26,624 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\_multiprocessing.pyd.vir

2014-03-10 23:09:18 . 2014-03-10 23:09:18          805,888 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\wx._gdi_.pyd.vir

2014-03-10 23:09:18 . 2014-03-10 23:09:18          110,080 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\PyWinTypes27.dll.vir

2014-03-10 23:09:18 . 2014-03-10 23:09:18        1,157,120 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\_ssl.pyd.vir

2014-03-10 23:09:18 . 2014-03-10 23:09:18          712,192 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\_hashlib.pyd.vir

2014-03-10 23:09:17 . 2014-03-10 23:09:17           24,064 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\win32pipe.pyd.vir

2014-03-10 23:09:17 . 2014-03-10 23:09:17           70,656 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\wx._html2.pyd.vir

2014-03-10 23:09:17 . 2014-03-10 23:09:17          811,008 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\wx._windows_.pyd.vir

2014-03-10 23:09:17 . 2014-03-10 23:09:17           38,912 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\win32inet.pyd.vir

2014-03-10 23:09:17 . 2014-03-10 23:09:17           25,600 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\win32pdh.pyd.vir

2014-03-10 23:09:17 . 2014-03-10 23:09:17           35,840 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\win32process.pyd.vir

2014-03-10 23:09:17 . 2014-03-10 23:09:17        1,062,400 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\wx._controls_.pyd.vir

2014-03-10 23:09:17 . 2014-03-10 23:09:17           87,040 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\_ctypes.pyd.vir

2014-03-10 23:09:17 . 2014-03-10 23:09:17          686,080 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\unicodedata.pyd.vir

2014-03-10 23:09:17 . 2014-03-10 23:09:17          127,488 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\pyexpat.pyd.vir

2014-03-10 23:09:17 . 2014-03-10 23:09:17           10,240 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\select.pyd.vir

2014-03-10 23:09:17 . 2014-03-10 23:09:17           18,432 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\win32event.pyd.vir

2014-03-10 23:09:17 . 2014-03-10 23:09:17          119,808 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\win32file.pyd.vir

2014-03-10 23:09:17 . 2014-03-10 23:09:17           17,408 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\win32profile.pyd.vir

2014-03-10 23:09:17 . 2014-03-10 23:09:17          108,544 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\win32security.pyd.vir

2014-03-10 23:09:17 . 2014-03-10 23:09:17          525,640 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\windows._lib_cacheinvalidation.pyd.vir

2014-03-10 23:09:17 . 2014-03-10 23:09:17          128,512 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\_elementtree.pyd.vir

2014-03-10 23:09:17 . 2014-03-10 23:09:17          557,056 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\pysqlite2._sqlite.pyd.vir

2014-03-10 23:09:17 . 2014-03-10 23:09:17           98,816 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\win32api.pyd.vir

2014-03-10 23:09:17 . 2014-03-10 23:09:17           44,032 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\_socket.pyd.vir

2014-03-10 23:09:17 . 2014-03-10 23:09:17          320,512 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\win32com.shell.shell.pyd.vir

2014-03-10 23:09:17 . 2014-03-10 23:09:17           22,528 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\win32ts.pyd.vir

2014-03-10 23:09:17 . 2014-03-10 23:09:17        1,175,040 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\wx._core_.pyd.vir

2014-03-10 23:09:16 . 2014-03-10 23:09:16          364,544 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\pythoncom27.dll.vir

2014-03-10 23:09:16 . 2014-03-10 23:09:16          735,232 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\wx._misc_.pyd.vir

2014-03-10 23:09:16 . 2014-03-10 23:09:16           11,264 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\win32crypt.pyd.vir

2014-03-10 23:09:16 . 2014-03-10 23:09:16          122,368 ----a-w-  C:\Qoobox\Quarantine\C\Users\WEENER~1\AppData\Local\Temp\_MEI17722\wx._wizard.pyd.vir

2014-03-10 23:07:37 . 2014-03-15 06:51:55              204 ----a-w-  C:\Qoobox\Quarantine\catchme.log

2014-02-23 15:36:15 . 2014-03-10 22:22:29        1,056,768 ----a-w-  C:\Qoobox\Quarantine\C\Windows\security\database\tmp.edb.vir
Link to post
Share on other sites

I re ran the CFScript you uploaded in reply #9 in safemode but nothing changed. Here is the log:

ComboFix 14-03-13.01 - Weenercow 03/15/2014  14:09:41.5.8 - x64 MINIMAL
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.12232.10983 [GMT -6:00]
Running from: c:\users\Weenercow\Downloads\ComboFix.exe
Command switches used :: c:\users\Weenercow\Downloads\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
 
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
 
 
c:\users\WEENER~1\AppData\Local\Temp
c:\users\WEENER~1\AppData\Local\Temp\Skype\DbTemp\temp-Ad20Vfd1asEjdb8NMxHmvqNC
c:\users\WEENER~1\AppData\Local\Temp\Skype\DbTemp\temp-dArCht5BO90qE8gypCw56bfP
c:\users\Weenercow\AppData\Local\Temp\Skype\DbTemp\temp-Ad20Vfd1asEjdb8NMxHmvqNC
c:\users\Weenercow\AppData\Local\Temp\Skype\DbTemp\temp-dArCht5BO90qE8gypCw56bfP
 
---- Previous Run -------
 
C:\Users\WEENER~1\AppData\Local\Temp\_MEI33482\_ctypes.pyd
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\_elementtree.pyd
C:\Users\WEENER~1\AppData\Local\Temp\_MEI33482\_hashlib.pyd
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\_multiprocessing.pyd
C:\Users\WEENER~1\AppData\Local\Temp\_MEI33482\_socket.pyd
C:\Users\WEENER~1\AppData\Local\Temp\_MEI33482\_ssl.pyd
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\_win32sysloader.pyd
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\bz2.pyd
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\gdi32.dll
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\kernel32.dll
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\main.exe.manifest
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\mfc90.dll
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\mfc90u.dll
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\mfcm90.dll
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\mfcm90u.dll
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\msvcp100.dll
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\msvcr100.dll
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\psapi.dll
C:\Users\WEENER~1\AppData\Local\Temp\_MEI33482\pyexpat.pyd
C:\Users\WEENER~1\AppData\Local\Temp\_MEI33482\pysqlite2._sqlite.pyd
C:\Users\WEENER~1\AppData\Local\Temp\_MEI33482\python27.dll
C:\Users\WEENER~1\AppData\Local\Temp\_MEI33482\pythoncom27.dll
C:\Users\WEENER~1\AppData\Local\Temp\_MEI33482\PyWinTypes27.dll
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\fonts\Roboto-Bold.ttf
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\fonts\Roboto-Regular.ttf
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\fonts\Roboto-Thin.ttf
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\html\drive_thankyou.html
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\ar\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\bg\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\bn\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\ca\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\cs\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\da\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\de\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\el\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\en\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\en_GB\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\en_US\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\es\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\fi\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\fil\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\fr\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\gu\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\he\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\hi\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\hr\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\hu\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\id\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\it\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\ja\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\kn\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\ko\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\lt\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\lv\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\ml\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\mr\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\nl\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\no\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\pl\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\pt\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\pt_BR\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\pt_PT\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\ro\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\ru\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\sk\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\sl\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\sr\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\sv\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\ta\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\te\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\th\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\tr\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\uk\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\vi\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\zh-Hans\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\zh-Hant\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\zh\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\zh_CN\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\zh_HK\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\i18n\locale\zh_TW\LC_MESSAGES\syncclient.mo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\__init__.py
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\__init__.pyo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\docs.ico
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\drive-gdoc16.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\drive-gdoc256.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\drive-gdoc32.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\drive-gdoc48.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\drive-gdraw16.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\drive-gdraw256.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\drive-gdraw32.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\drive-gdraw48.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\drive-gform16.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\drive-gform256.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\drive-gform32.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\drive-gform48.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\drive-glink16.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\drive-glink256.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\drive-glink32.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\drive-glink48.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\drive-gsheet16.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\drive-gsheet256.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\drive-gsheet32.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\drive-gsheet48.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\drive-gslides16.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\drive-gslides256.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\drive-gslides32.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\drive-gslides48.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\drive-sync16.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\drive-sync16.xpm
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\drive-sync256.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\drive-sync32.xpm
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\drive-sync64.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\exclaim.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\file.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\folder-mac.icns
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\folder-winseven.ico
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\folder-winxp.ico
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\folder.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\gdoc.icns
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\gdoc.ico
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\gdraw.icns
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\gdraw.ico
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\gform.icns
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\gform.ico
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\glink.icns
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\glink.ico
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\gnote.icns
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\gnote.ico
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\gscript.icns
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\gscript.ico
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\gsheet.icns
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\gsheet.ico
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\gslides.icns
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\gslides.ico
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\gtable.icns
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\gtable.ico
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\image_resources.py
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\image_resources.pyo
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-animate1-inverse.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-animate1-inverse_2x.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-animate1.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-animate1_2x.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-animate2-inverse.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-animate2-inverse_2x.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-animate2.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-animate2_2x.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-animate3-inverse.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-animate3-inverse_2x.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-animate3.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-animate3_2x.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-animate4-inverse.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-animate4-inverse_2x.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-animate4.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-animate4_2x.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-animate5-inverse.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-animate5-inverse_2x.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-animate5.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-animate5_2x.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-animate6-inverse.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-animate6-inverse_2x.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-animate6.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-animate6_2x.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-animate7-inverse.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-animate7-inverse_2x.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-animate7.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-animate7_2x.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-animate8-inverse.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-animate8-inverse_2x.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-animate8.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-animate8_2x.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-error-inverse.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-error-inverse_2x.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-error.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-error_2x.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-inactive-inverse.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-inactive-inverse_2x.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-inactive.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-inactive_2x.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-normal-inverse.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-normal-inverse_2x.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-normal.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-normal_2x.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-pause-inverse_2x.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-paused-inverse.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-paused-inverse_2x.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-paused.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\mac-paused_2x.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\menu_warning.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\menu_warning_2x.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\overlays\Blacklisted.ico
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\overlays\Shared.ico
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\overlays\Synced.ico
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\overlays\Syncing.ico
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\setup1.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\setup2-mac.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\setup2-win.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\setup3-bottom.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\setup3-right.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\setup4-mac.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\setup4-win.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\setup5-mac.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\setup5-win.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\sharedfolder-mac.icns
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\sharedfolder-winseven.ico
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\sharedfolder-winxp.ico
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\shareguyicon.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\sheets.ico
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\slides.ico
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\sync.icns
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\sync.ico
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\sync.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\sync_128.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\sync_menu_done.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\sync_menu_done_2x.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\sync_menu_error.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\sync_menu_error_2x.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\sync_menu_syncing.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\sync_menu_syncing_2x.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\toprighticon.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\warning-hdpi_2x.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\win-animate1.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\win-animate2.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\win-animate3.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\win-animate4.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\win-animate5.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\win-animate6.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\win-animate7.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\win-animate8.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\win-normal.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\win7-error.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\win7-inactive.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\win7-paused.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\winxp-error.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\winxp-inactive.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\images\winxp-paused.png
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\js\XMLHttpRequest.js
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\resources\mime\drive.mime.types
C:\Users\WEENER~1\AppData\Local\Temp\_MEI33482\select.pyd
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\shell32.dll
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\support\gen_py\__init__.py
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\unicodedata.pyd
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\win32api.pyd
C:\Users\WEENER~1\AppData\Local\Temp\_MEI33482\win32com.shell.shell.pyd
C:\Users\WEENER~1\AppData\Local\Temp\_MEI33482\win32crypt.pyd
C:\Users\WEENER~1\AppData\Local\Temp\_MEI33482\win32event.pyd
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\win32evtlog.pyd
C:\Users\WEENER~1\AppData\Local\Temp\_MEI33482\win32file.pyd
C:\Users\WEENER~1\AppData\Local\Temp\_MEI33482\win32inet.pyd
C:\Users\WEENER~1\AppData\Local\Temp\_MEI33482\win32pdh.pyd
C:\Users\WEENER~1\AppData\Local\Temp\_MEI33482\win32pipe.pyd
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\win32process.pyd
C:\Users\WEENER~1\AppData\Local\Temp\_MEI33482\win32profile.pyd
C:\Users\WEENER~1\AppData\Local\Temp\_MEI33482\win32security.pyd
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\win32trace.pyd
C:\Users\WEENER~1\AppData\Local\Temp\_MEI33482\win32ts.pyd
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\win32ui.pyd
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\win32wnet.pyd
C:\Users\WEENER~1\AppData\Local\Temp\_MEI33482\windows._lib_cacheinvalidation.pyd
C:\Users\WEENER~1\AppData\Local\Temp\_MEI33482\wx._controls_.pyd
C:\Users\WEENER~1\AppData\Local\Temp\_MEI33482\wx._core_.pyd
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\wx._gdi_.pyd
C:\Users\WEENER~1\AppData\Local\Temp\_MEI33482\wx._html2.pyd
C:\Users\WEENER~1\AppData\Local\Temp\_MEI33482\wx._misc_.pyd
C:\Users\WEENER~1\AppData\Local\Temp\_MEI33482\wx._windows_.pyd
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\wx._wizard.pyd
C:\Users\WEENER~1\AppData\Local\Temp\_MEI33482\wxbase294u_net_vc90.dll
c:\users\WEENER~1\AppData\Local\Temp\_MEI33482\wxbase294u_vc90.dll
C:\Users\WEENER~1\AppData\Local\Temp\_MEI33482\wxmsw294u_adv_vc90.dll
C:\Users\WEENER~1\AppData\Local\Temp\_MEI33482\wxmsw294u_core_vc90.dll
C:\Users\WEENER~1\AppData\Local\Temp\_MEI33482\wxmsw294u_html_vc90.dll
C:\Users\WEENER~1\AppData\Local\Temp\_MEI33482\wxmsw294u_webview_vc90.dll
c:\users\WEENER~1\AppData\Local\Temp\5884_21344\crl-set
c:\users\WEENER~1\AppData\Local\Temp\5884_21344\manifest.fingerprint
c:\users\WEENER~1\AppData\Local\Temp\5884_21344\manifest.json
C:\Users\Weenercow\AppData\Local\Temp\_MEI33482\_ctypes.pyd
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\_elementtree.pyd
C:\Users\Weenercow\AppData\Local\Temp\_MEI33482\_hashlib.pyd
C:\Users\Weenercow\AppData\Local\Temp\_MEI33482\_multiprocessing.pyd
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\_socket.pyd
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\_ssl.pyd
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\_win32sysloader.pyd
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\bz2.pyd
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\gdi32.dll
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\kernel32.dll
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\main.exe.manifest
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\mfc90.dll
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\mfc90u.dll
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\mfcm90.dll
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\mfcm90u.dll
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\msvcp100.dll
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\msvcr100.dll
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\psapi.dll
C:\Users\Weenercow\AppData\Local\Temp\_MEI33482\pyexpat.pyd
C:\Users\Weenercow\AppData\Local\Temp\_MEI33482\pysqlite2._sqlite.pyd
C:\Users\Weenercow\AppData\Local\Temp\_MEI33482\python27.dll
C:\Users\Weenercow\AppData\Local\Temp\_MEI33482\pythoncom27.dll
C:\Users\Weenercow\AppData\Local\Temp\_MEI33482\PyWinTypes27.dll
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\fonts\Roboto-Bold.ttf
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\fonts\Roboto-Regular.ttf
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\fonts\Roboto-Thin.ttf
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\html\drive_thankyou.html
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\ar\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\bg\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\bn\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\ca\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\cs\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\da\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\de\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\el\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\en\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\en_GB\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\en_US\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\es\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\fi\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\fil\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\fr\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\gu\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\he\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\hi\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\hr\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\hu\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\id\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\it\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\ja\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\kn\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\ko\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\lt\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\lv\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\ml\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\mr\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\nl\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\no\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\pl\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\pt\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\pt_BR\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\pt_PT\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\ro\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\ru\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\sk\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\sl\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\sr\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\sv\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\ta\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\te\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\th\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\tr\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\uk\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\vi\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\zh-Hans\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\zh-Hant\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\zh\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\zh_CN\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\zh_HK\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\i18n\locale\zh_TW\LC_MESSAGES\syncclient.mo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\__init__.py
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\__init__.pyo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\docs.ico
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\drive-gdoc16.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\drive-gdoc256.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\drive-gdoc32.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\drive-gdoc48.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\drive-gdraw16.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\drive-gdraw256.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\drive-gdraw32.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\drive-gdraw48.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\drive-gform16.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\drive-gform256.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\drive-gform32.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\drive-gform48.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\drive-glink16.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\drive-glink256.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\drive-glink32.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\drive-glink48.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\drive-gsheet16.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\drive-gsheet256.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\drive-gsheet32.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\drive-gsheet48.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\drive-gslides16.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\drive-gslides256.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\drive-gslides32.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\drive-gslides48.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\drive-sync16.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\drive-sync16.xpm
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\drive-sync256.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\drive-sync32.xpm
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\drive-sync64.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\exclaim.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\file.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\folder-mac.icns
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\folder-winseven.ico
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\folder-winxp.ico
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\folder.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\gdoc.icns
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\gdoc.ico
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\gdraw.icns
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\gdraw.ico
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\gform.icns
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\gform.ico
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\glink.icns
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\glink.ico
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\gnote.icns
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\gnote.ico
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\gscript.icns
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\gscript.ico
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\gsheet.icns
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\gsheet.ico
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\gslides.icns
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\gslides.ico
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\gtable.icns
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\gtable.ico
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\image_resources.py
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\image_resources.pyo
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-animate1-inverse.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-animate1-inverse_2x.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-animate1.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-animate1_2x.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-animate2-inverse.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-animate2-inverse_2x.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-animate2.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-animate2_2x.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-animate3-inverse.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-animate3-inverse_2x.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-animate3.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-animate3_2x.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-animate4-inverse.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-animate4-inverse_2x.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-animate4.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-animate4_2x.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-animate5-inverse.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-animate5-inverse_2x.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-animate5.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-animate5_2x.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-animate6-inverse.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-animate6-inverse_2x.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-animate6.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-animate6_2x.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-animate7-inverse.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-animate7-inverse_2x.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-animate7.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-animate7_2x.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-animate8-inverse.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-animate8-inverse_2x.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-animate8.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-animate8_2x.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-error-inverse.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-error-inverse_2x.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-error.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-error_2x.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-inactive-inverse.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-inactive-inverse_2x.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-inactive.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-inactive_2x.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-normal-inverse.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-normal-inverse_2x.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-normal.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-normal_2x.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-pause-inverse_2x.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-paused-inverse.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-paused-inverse_2x.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-paused.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\mac-paused_2x.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\menu_warning.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\menu_warning_2x.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\overlays\Blacklisted.ico
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\overlays\Shared.ico
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\overlays\Synced.ico
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\overlays\Syncing.ico
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\setup1.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\setup2-mac.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\setup2-win.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\setup3-bottom.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\setup3-right.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\setup4-mac.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\setup4-win.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\setup5-mac.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\setup5-win.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\sharedfolder-mac.icns
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\sharedfolder-winseven.ico
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\sharedfolder-winxp.ico
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\shareguyicon.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\sheets.ico
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\slides.ico
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\sync.icns
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\sync.ico
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\sync.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\sync_128.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\sync_menu_done.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\sync_menu_done_2x.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\sync_menu_error.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\sync_menu_error_2x.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\sync_menu_syncing.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\sync_menu_syncing_2x.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\toprighticon.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\warning-hdpi_2x.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\win-animate1.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\win-animate2.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\win-animate3.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\win-animate4.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\win-animate5.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\win-animate6.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\win-animate7.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\win-animate8.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\win-normal.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\win7-error.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\win7-inactive.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\win7-paused.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\winxp-error.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\winxp-inactive.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\images\winxp-paused.png
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\js\XMLHttpRequest.js
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\resources\mime\drive.mime.types
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\select.pyd
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\shell32.dll
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\support\gen_py\__init__.py
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\unicodedata.pyd
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\win32api.pyd
C:\Users\Weenercow\AppData\Local\Temp\_MEI33482\win32com.shell.shell.pyd
C:\Users\Weenercow\AppData\Local\Temp\_MEI33482\win32crypt.pyd
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\win32event.pyd
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\win32evtlog.pyd
C:\Users\Weenercow\AppData\Local\Temp\_MEI33482\win32file.pyd
C:\Users\Weenercow\AppData\Local\Temp\_MEI33482\win32inet.pyd
C:\Users\Weenercow\AppData\Local\Temp\_MEI33482\win32pdh.pyd
C:\Users\Weenercow\AppData\Local\Temp\_MEI33482\win32pipe.pyd
C:\Users\Weenercow\AppData\Local\Temp\_MEI33482\win32process.pyd
C:\Users\Weenercow\AppData\Local\Temp\_MEI33482\win32profile.pyd
C:\Users\Weenercow\AppData\Local\Temp\_MEI33482\win32security.pyd
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\win32trace.pyd
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\win32ts.pyd
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\win32ui.pyd
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\win32wnet.pyd
C:\Users\Weenercow\AppData\Local\Temp\_MEI33482\windows._lib_cacheinvalidation.pyd
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\wx._controls_.pyd
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\wx._core_.pyd
C:\Users\Weenercow\AppData\Local\Temp\_MEI33482\wx._gdi_.pyd
C:\Users\Weenercow\AppData\Local\Temp\_MEI33482\wx._html2.pyd
C:\Users\Weenercow\AppData\Local\Temp\_MEI33482\wx._misc_.pyd
C:\Users\Weenercow\AppData\Local\Temp\_MEI33482\wx._windows_.pyd
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\wx._wizard.pyd
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\wxbase294u_net_vc90.dll
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\wxbase294u_vc90.dll
C:\Users\Weenercow\AppData\Local\Temp\_MEI33482\wxmsw294u_adv_vc90.dll
C:\Users\Weenercow\AppData\Local\Temp\_MEI33482\wxmsw294u_core_vc90.dll
c:\users\Weenercow\AppData\Local\Temp\_MEI33482\wxmsw294u_html_vc90.dll
C:\Users\Weenercow\AppData\Local\Temp\_MEI33482\wxmsw294u_webview_vc90.dll
c:\users\Weenercow\AppData\Local\Temp\5884_21344\crl-set
c:\users\Weenercow\AppData\Local\Temp\5884_21344\manifest.fingerprint
c:\users\Weenercow\AppData\Local\Temp\5884_21344\manifest.json
 
 
--------------- FCopy ---------------
 
C:\Windows\SysWOW64\explorer.exe --> C:\Windows\explorer.exe
 
(((((((((((((((((((((((((   Files Created from 2014-02-15 to 2014-03-15  )))))))))))))))))))))))))))))))
 
 
2014-03-15 20:12:31 . 2014-03-15 20:12:31 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-03-10 22:22:25 . 2014-03-04 11:32:59 599840 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-03-08 01:45:42 . 2014-03-08 01:45:26 76888 ----a-w- C:\Windows\system32\PnkBstrA.exe
2014-03-07 23:02:11 . 2014-02-17 08:32:00 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7F73D3E8-72CD-4A77-959B-53679C141D19}\mpengine.dll
2014-03-07 04:49:15 . 2014-03-07 04:49:15 -------- d-----w- C:\Program Files (x86)\Common Files\Apple
2014-03-07 04:49:11 . 2014-03-07 04:49:11 -------- d-----w- C:\ProgramData\Apple
2014-03-07 04:49:11 . 2014-03-07 04:49:11 -------- d-----w- C:\Program Files (x86)\Apple Software Update
2014-03-06 00:42:13 . 2014-03-06 00:42:14 -------- d-----w- C:\Program Files (x86)\WinAnt
2014-03-05 04:56:58 . 2014-02-20 06:57:26 3123272 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2014-03-03 02:57:40 . 2014-03-03 02:57:54 -------- d-----w- C:\cygwin64
2014-03-02 23:23:49 . 2014-03-09 22:35:41 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-03-01 20:04:21 . 2014-03-01 20:04:21 -------- d-----w- C:\ProgramData\Oracle
2014-03-01 20:04:18 . 2014-03-01 20:04:18 -------- d-----w- C:\Program Files (x86)\Common Files\Java
2014-03-01 20:04:10 . 2014-03-01 20:04:05 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-01 20:04:04 . 2014-03-06 00:41:16 -------- d-----w- C:\Program Files (x86)\Java
2014-03-01 01:35:26 . 2014-03-01 01:36:09 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2014-03-01 01:28:38 . 2014-03-03 00:09:53 -------- d-----w- C:\Program Files (x86)\Common Files\Adobe
2014-02-24 03:29:12 . 2014-02-24 03:29:12 -------- d-----w- C:\Program Files\Common Files\EPSON
2014-02-24 03:29:07 . 2011-04-20 10:03:00 120320 ----a-w- C:\Windows\system32\E_YLMHSA.DLL
2014-02-24 03:29:07 . 2011-03-15 10:03:00 83968 ----a-w- C:\Windows\system32\E_YD4BHSA.DLL
2014-02-24 03:29:05 . 2014-02-24 03:29:12 -------- d-----w- C:\ProgramData\EPSON
2014-02-24 00:20:23 . 2014-02-24 00:20:23 -------- d-----w- C:\Program Files (x86)\VideoLAN
2014-02-23 15:36:34 . 2014-02-23 15:36:34 -------- d-----w- C:\Program Files (x86)\AGEIA Technologies
2014-02-23 15:34:54 . 2014-03-04 14:35:23 877856 ----a-w- C:\Windows\system32\NvFBC64.dll
2014-02-23 15:34:54 . 2014-03-04 14:35:23 15783992 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2014-02-23 15:34:54 . 2014-02-08 18:34:51 1885472 ----a-w- C:\Windows\system32\nvdispco6433489.dll
2014-02-23 15:34:54 . 2014-02-08 18:34:51 1515296 ----a-w- C:\Windows\system32\nvdispgenco6433489.dll
2014-02-22 18:03:11 . 2014-02-22 18:03:13 -------- d-----w- C:\Program Files (x86)\Notepad++
2014-02-20 03:17:26 . 2014-02-20 03:17:31 -------- d-----w- C:\Program Files\Defraggler
2014-02-20 01:29:23 . 2014-03-05 04:57:13 -------- d-----w- C:\Program Files (x86)\Ubisoft
2014-02-20 00:30:07 . 2014-02-20 00:30:07 -------- d-----w- C:\ProgramData\Microsoft OneDrive
2014-02-20 00:29:04 . 2014-02-20 00:29:04 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive
2014-02-20 00:29:01 . 2014-02-20 00:29:01 -------- d-----w- C:\ProgramData\Microsoft SkyDrive
2014-02-20 00:24:12 . 2014-02-28 23:11:17 578256 ----a-w- C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-02-20 00:22:17 . 2014-02-28 23:17:07 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft
2014-02-20 00:19:13 . 2014-02-28 23:15:23 -------- d-----w- C:\Program Files\Microsoft Office 15
2014-02-17 00:59:36 . 2014-02-20 02:48:38 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2014-02-17 00:59:06 . 2014-03-15 17:45:46 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-02-17 00:59:06 . 2014-03-15 17:45:39 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-02-17 00:59:06 . 2014-03-05 04:56:59 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2014-02-17 00:35:26 . 2014-02-17 00:35:26 -------- d-----w- C:\Program Files (x86)\PeaZip
2014-02-17 00:35:00 . 2014-02-17 00:35:00 16896 ----a-w- C:\Windows\AsTaskSched.dll
2014-02-17 00:30:59 . 2014-02-17 00:30:06 1706640 ----a-w- C:\Windows\RtlExUpd.dll
2014-02-17 00:21:30 . 2014-02-17 00:21:30 -------- d-----w- C:\Program Files (x86)\Common Files\Skype
2014-02-17 00:21:30 . 2014-02-17 00:21:30 -------- d-----r- C:\Program Files (x86)\Skype
2014-02-17 00:21:28 . 2014-02-17 00:21:32 -------- d-----w- C:\ProgramData\Skype
2014-02-16 23:20:58 . 2014-02-16 23:29:56 -------- d-----w- C:\Program Files\Registrar Registry Manager
2014-02-16 23:14:47 . 2014-02-16 23:14:47 -------- d-----w- C:\Program Files (x86)\Enigma Software Group
2014-02-16 23:14:24 . 2014-02-16 23:29:45 -------- d-----w- C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2014-02-16 22:50:39 . 2014-03-11 03:36:10 -------- d-----w- C:\AdwCleaner
2014-02-16 22:26:42 . 2014-02-20 01:19:25 -------- d-----w- C:\Program Files (x86)\Origin Games
2014-02-16 22:25:02 . 2014-03-15 14:56:43 -------- d-----w- C:\ProgramData\Origin
2014-02-16 22:25:00 . 2014-02-17 01:33:11 -------- d-----w- C:\ProgramData\Electronic Arts
2014-02-16 22:24:41 . 2014-03-15 14:56:27 -------- d-----w- C:\Program Files (x86)\Origin
2014-02-16 22:01:42 . 2014-03-01 01:28:04 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2014-02-16 22:01:41 . 2014-03-15 18:49:32 -------- d-----w- C:\Program Files (x86)\Steam
2014-02-16 21:56:32 . 2014-03-11 21:48:37 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins
2014-02-16 21:22:08 . 2014-02-16 21:22:08 -------- d-----w- C:\ProgramData\Lavasoft
2014-02-16 21:15:23 . 2014-02-16 21:15:23 -------- d-----w- C:\Program Files\Enigma Software Group
2014-02-16 21:14:54 . 2014-03-11 01:59:14 -------- d-----w- C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-02-16 21:14:53 . 2014-02-16 23:14:23 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-02-16 21:04:39 . 2014-02-16 21:04:39 91352 ----a-w- C:\Windows\system32\drivers\mbamchameleon.sys
2014-02-16 20:42:39 . 2014-02-17 00:33:59 -------- d--h--w- C:\Program Files (x86)\Temp
2014-02-16 20:42:38 . 2014-02-16 20:42:38 -------- d-----w- C:\Program Files (x86)\Common Files\InstallShield
2014-02-16 20:39:38 . 2014-02-16 20:40:17 -------- d-----w- C:\Windows\Panther
2014-02-16 20:32:44 . 2014-02-16 20:32:44 -------- d-----w- C:\ProgramData\Malwarebytes
2014-02-16 20:32:44 . 2014-02-16 20:32:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-16 20:32:44 . 2013-04-04 21:50:32 25928 ----a-w- C:\Windows\system32\drivers\mbam.sys
2014-02-16 20:31:31 . 2014-03-02 06:23:31 -------- d-----w- C:\Program Files\CCleaner
2014-02-16 20:29:44 . 2014-03-14 00:27:42 -------- d-----w- C:\Program Files\TeamSpeak 3 Client
2014-02-16 20:28:26 . 2014-03-10 22:22:42 -------- d-----w- C:\temp
2014-02-16 20:28:26 . 2013-11-14 03:41:42 439296 ----a-w- C:\Windows\system32\plsapp64.dll
2014-02-16 20:18:18 . 2011-10-28 23:01:04 680960 ----a-w- C:\Windows\SysWow64\ROGThemeSetup.exe
2014-02-16 20:18:17 . 2011-10-26 18:33:40 201728 ----a-w- C:\Windows\SysWow64\ROG_Video Intro .scr
2014-02-16 20:18:17 . 2010-11-21 03:24:11 2872320 ----a-w- C:\Windows\explorer.exe.rogbak
2014-02-16 20:18:16 . 2014-02-16 20:18:16 -------- d-----w- C:\Windows\SysWow64\Macromed
2014-02-16 20:18:16 . 2013-10-21 22:32:30 -------- d---a-w- C:\Windows\SysWow64\ROG_Video Intro  dir
2014-02-16 20:11:43 . 2014-03-15 20:03:40 -------- d-----w- C:\ProgramData\NVIDIA
2014-02-16 20:11:22 . 2014-03-04 13:06:00 6714312 ----a-w- C:\Windows\system32\nvcpl.dll
2014-02-16 20:11:22 . 2014-03-04 13:06:00 3497816 ----a-w- C:\Windows\system32\nvsvc64.dll
2014-02-16 20:11:22 . 2014-03-04 13:05:58 922968 ----a-w- C:\Windows\system32\nvvsvc.exe
2014-02-16 20:11:22 . 2014-03-04 13:05:58 64968 ----a-w- C:\Windows\system32\nvshext.dll
2014-02-16 20:11:22 . 2014-03-04 13:05:57 386336 ----a-w- C:\Windows\system32\nvmctray.dll
2014-02-16 20:11:22 . 2014-03-04 13:05:53 3649185 ----a-w- C:\Windows\system32\nvcoproc.bin
2014-02-16 20:11:17 . 2014-03-04 14:35:23 62408 ----a-w- C:\Windows\system32\OpenCL.dll
2014-02-16 20:11:17 . 2014-03-04 14:35:23 54216 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2014-02-16 20:10:58 . 2014-03-04 14:35:23 947808 ----a-w- C:\Windows\system32\nvumdshimx.dll
2014-02-16 20:10:58 . 2014-03-04 14:35:23 3093280 ----a-w- C:\Windows\system32\nvapi64.dll
2014-02-16 20:10:58 . 2014-03-04 14:35:23 2715264 ----a-w- C:\Windows\SysWow64\nvapi.dll
2014-02-16 20:10:58 . 2014-03-04 14:35:23 18302384 ----a-w- C:\Windows\system32\nvwgf2umx.dll
2014-02-16 20:10:58 . 2014-03-04 14:35:23 17755424 ----a-w- C:\Windows\system32\nvd3dumx.dll
2014-02-16 20:10:58 . 2014-03-04 14:35:23 14709720 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2014-02-16 20:10:58 . 2013-12-19 20:33:31 1884448 ----a-w- C:\Windows\system32\nvdispco6433221.dll
2014-02-16 20:10:58 . 2013-12-19 20:33:31 1511712 ----a-w- C:\Windows\system32\nvdispgenco6433221.dll
2014-02-16 20:10:58 . 2013-11-28 13:38:22 31520 ----a-w- C:\Windows\system32\nvhdap64.dll
2014-02-16 20:10:58 . 2013-11-28 13:38:18 197408 ----a-w- C:\Windows\system32\drivers\nvhda64v.sys
2014-02-16 20:10:58 . 2013-11-22 08:36:08 1515296 ----a-w- C:\Windows\system32\nvhdagenco6420103.dll
2014-02-16 20:07:58 . 2010-05-26 18:41:02 511328 ----a-w- C:\Windows\system32\d3dx10_43.dll
2014-02-16 20:07:58 . 2010-05-26 18:41:02 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2014-02-16 20:07:58 . 2010-05-26 18:41:02 276832 ----a-w- C:\Windows\system32\d3dx11_43.dll
2014-02-16 20:07:58 . 2010-05-26 18:41:02 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2014-02-16 20:07:57 . 2010-05-26 18:41:02 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2014-02-16 20:07:57 . 2010-05-26 18:41:00 2401112 ----a-w- C:\Windows\system32\D3DX9_43.dll
2014-02-16 20:07:50 . 2014-01-21 02:54:53 1048152 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-02-16 20:07:50 . 2014-01-21 02:54:22 1179576 ----a-w- C:\Windows\system32\nvspcap64.dll
2014-02-16 20:07:45 . 2014-02-16 20:11:49 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2014-02-16 20:06:51 . 2014-02-20 01:30:50 -------- d-----w- C:\Program Files (x86)\Google
2014-02-16 20:05:51 . 2014-02-20 00:28:47 -------- d-----w- C:\Program Files (x86)\Microsoft.NET
2014-02-16 20:05:31 . 2014-02-16 20:05:31 -------- d-----w- C:\Intel
2014-02-16 20:04:49 . 2014-03-10 22:22:29 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2014-02-16 20:04:48 . 2013-12-27 18:42:26 39200 ----a-w- C:\Windows\system32\drivers\nvvad64v.sys
2014-02-16 20:04:48 . 2013-12-27 18:42:16 35104 ----a-w- C:\Windows\system32\nvaudcap64v.dll
2014-02-16 20:04:48 . 2013-12-27 18:42:16 33056 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-02-16 20:04:43 . 2014-02-16 20:11:21 -------- d-----w- C:\Program Files\NVIDIA Corporation
2014-02-16 20:03:20 . 2014-02-16 20:03:20 -------- d-----w- C:\Program Files\Intel
2014-02-16 20:03:12 . 2012-07-26 06:54:34 538496 ----a-w- C:\Windows\system32\PROUnstl.exe
2014-02-16 19:48:41 . 2014-02-16 19:48:41 -------- d-----w- C:\Program Files (x86)\ASM106xSATA
2014-02-16 19:48:27 . 2014-03-11 01:59:16 -------- d-sh--w- C:\Windows\Installer
2014-02-16 19:46:43 . 2014-03-10 23:04:59 -------- d-----w- C:\Users\Weenercow
2014-02-16 19:46:39 . 2014-02-16 19:46:39 -------- d-----w- C:\Recovery
.
 
 
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
 
2014-02-03 19:20:54 . 2010-11-21 03:27:21 270496 ------w- C:\Windows\system32\MpSigStub.exe
 
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EADM"="C:\Program Files (x86)\Origin\Origin.exe" [2014-03-10 21:36:46 3588952]
"GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe" [2014-01-30 22:05:24 21822128]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 16:16:26 254336]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 02:51:06 59720]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
 
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe;C:\Windows\SYSNATIVE\IProsetMonitor.exe [x]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R3 efavdrv;efavdrv;C:\Windows\system32\drivers\efavdrv.sys;C:\Windows\SYSNATIVE\drivers\efavdrv.sys [x]
R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\system32\drivers\nvvad64v.sys;C:\Windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys;C:\Windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys;C:\Windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
S0 asahci64;asahci64;C:\Windows\system32\DRIVERS\asahci64.sys;C:\Windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
 
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-05 01:12:00 1150280 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
 
Contents of the 'Scheduled Tasks' folder
 
2014-03-15 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16 20:06:51 . 2014-02-16 20:06:51]
 
2014-03-15 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16 20:06:51 . 2014-02-16 20:06:51]
 
 
--------- X64 Entries -----------
 
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-02-28 23:12:16 2333400 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-02-28 23:12:16 2333400 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-02-28 23:12:16 2333400 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 22:05:26 777032 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 22:05:26 777032 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 22:05:26 777032 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 22:05:26 777032 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 22:05:26 777032 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-01-21 02:57:40 2234144]
"ShadowPlay"="C:\Windows\system32\nvspcap64.dll" [2014-01-21 02:54:22 1179576]
 
------- Supplementary Scan -------
 
uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1 205.171.2.25
 
- - - - ORPHANS REMOVED - - - -
 
AddRemove-PunkBusterSvc - C:\Windows\system32\pbsvc.exe
 
 
 
--------------------- LOCKED REGISTRY KEYS ---------------------
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="C:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
 
Completion time: 2014-03-15  14:13:22
ComboFix-quarantined-files.txt  2014-03-15 20:13:22
ComboFix2.txt  2014-03-15 07:03:13
ComboFix3.txt  2014-03-10 23:20:32
 
Pre-Run: 824,055,607,296 bytes free
Post-Run: 823,885,205,504 bytes free
 
- - End Of File - - E48EFD6A84F9C846DDAD33F701DD369E
A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.