Jump to content

CostMin Extension


Recommended Posts

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.


Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

Link to post
Share on other sites

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software

Run date: 2014-07-09 17:22:37

-----------------------------

17:22:37.541    OS Version: Windows x64 6.1.7601 Service Pack 1

17:22:37.541    Number of processors: 4 586 0x2502

17:22:37.542    ComputerName: JAMES-PC  UserName: James

17:22:38.016    Initialize success

17:22:38.043    VM: initialized successfully

17:22:38.046    VM: Intel CPU BiosDisabled 

17:22:40.553    VM: supported disk I/O ataport.SYS

17:26:00.957    AVAST engine defs: 14070900

17:31:15.200    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

17:31:15.216    Disk 0 Vendor: OCZ-VERTEX3 2.25 Size: 228936MB BusType: 11

17:31:15.231    Disk 0 MBR read successfully

17:31:15.231    Disk 0 MBR scan

17:31:15.231    Disk 0 Windows 7 default MBR code

17:31:15.231    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048

17:31:15.247    Disk 0 default boot code

17:31:15.278    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       228834 MB offset 206848

17:31:15.340    Disk 0 scanning C:\Windows\system32\drivers

17:31:21.783    Service scanning

17:31:38.562    Modules scanning

17:31:38.573    Disk 0 trace - called modules:

17:31:38.581    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 

17:31:38.587    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80049ee060]

17:31:38.592    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80048ecb10]

17:31:38.597    5 hpdskflt.sys[fffff88001998189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80047b41f0]

17:31:39.031    AVAST engine scan C:\Windows

17:31:40.076    AVAST engine scan C:\Windows\system32

17:35:00.119    AVAST engine scan C:\Windows\system32\drivers

17:35:07.949    AVAST engine scan C:\Users\James

17:35:41.736    File: C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CDLRKCY0\VOPackage[1].exe  **INFECTED** Win32:Dropper-gen [Drp]

17:37:51.505    File: C:\Users\James\AppData\Local\Temp\repuh3f3.rox.exe  **INFECTED** Win32:Dropper-gen [Drp]

17:38:21.310    AVAST engine scan C:\ProgramData

17:38:50.879    Scan finished successfully

17:41:27.098    Disk 0 MBR has been saved successfully to "C:\Users\James\Desktop\MBR.dat"

17:41:27.135    The log file has been saved successfully to "C:\Users\James\Desktop\aswMBR.txt"
Link to post
Share on other sites

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 7/18/2014
Scan Time: 10:46:26 AM
Logfile: malwarebyteslog.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.18.06
Rootkit Database: v2014.07.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: James
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 372779
Time Elapsed: 6 min, 22 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

C:\Program Files (x86)\SupTab\SupTab.dll Win32/Thinknice.B potentially unwanted application deleted - quarantined

C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000 a variant of Win32/4Shared.U potentially unwanted application deleted - quarantined

C:\Users\James\AppData\Local\Temp\51m1k2rz.slp.exe Win32/AdWare.Linkular.AH application cleaned by deleting - quarantined
Link to post
Share on other sites

Hy again.

Your logs appears to be clean :)

Let me check fresh FRST Logs to make sure there is nothing left.

 

  • Please re-run FRST.
  • Place a checkmark next to Addition.txt and hit Scan.
  • Logfiles are created on your desktop.
  • Post the FRST.txt and  the Addition.txt.
Link to post
Share on other sites

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software

Run date: 2014-07-22 12:25:54

-----------------------------

12:25:54.289    OS Version: Windows x64 6.1.7601 Service Pack 1

12:25:54.289    Number of processors: 4 586 0x2502

12:25:54.290    ComputerName: JAMES-PC  UserName: James

12:25:54.878    Initialize success

12:25:54.921    VM: initialized successfully

12:25:54.925    VM: Intel CPU BiosDisabled 

12:26:00.144    VM: supported disk I/O ataport.SYS

12:44:07.697    AVAST engine defs: 14072200

13:16:01.560    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

13:16:01.564    Disk 0 Vendor: OCZ-VERTEX3 2.25 Size: 228936MB BusType: 11

13:16:01.578    Disk 0 MBR read successfully

13:16:01.581    Disk 0 MBR scan

13:16:01.621    Disk 0 Windows 7 default MBR code

13:16:01.625    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048

13:16:01.629    Disk 0 default boot code

13:16:01.660    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       228834 MB offset 206848

13:16:01.726    Disk 0 scanning C:\Windows\system32\drivers

13:16:08.154    Service scanning

13:16:23.636    Modules scanning

13:16:23.645    Disk 0 trace - called modules:

13:16:23.652    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 

13:16:23.658    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a0c060]

13:16:23.663    3 CLASSPNP.SYS[fffff880019aa43f] -> nt!IofCallDriver -> [0xfffffa80048f7b10]

13:16:23.668    5 hpdskflt.sys[fffff88001951189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80047b41f0]

13:16:24.099    AVAST engine scan C:\Windows

13:16:25.222    AVAST engine scan C:\Windows\system32

13:19:42.950    AVAST engine scan C:\Windows\system32\drivers

13:19:50.347    AVAST engine scan C:\Users\James

13:20:14.757    File: C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CDLRKCY0\VOPackage[1].exe  **INFECTED** Win32:Dropper-gen [Drp]

13:22:10.503    File: C:\Users\James\AppData\Local\Temp\repuh3f3.rox.exe  **INFECTED** Win32:Dropper-gen [Drp]

13:22:52.903    AVAST engine scan C:\ProgramData

13:23:01.181    Scan finished successfully

13:46:56.119    Disk 0 MBR has been saved successfully to "C:\Users\James\Desktop\MBR.dat"

13:46:56.159    The log file has been saved successfully to "C:\Users\James\Desktop\aswMBR1.txt"
Link to post
Share on other sites

Sorry.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-07-2014 01
Ran by James (administrator) on JAMES-PC on 23-07-2014 09:17:30
Running from C:\Users\James\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard ) C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Microsoft Team Foundation Server 12.0\Application Tier\TFSJobAgent\TFSJobAgent.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(AVAST Software) C:\Users\James\Downloads\aswmbr.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [CnxtCoInstallerDefer] => C:\Program Files\CONEXANT\PREINSTALL\SETUP539CAFB11\KESLYN.EXE [1574528 2010-12-15] (Conexant Systems, Inc.)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-07-22] (IDT, Inc.)
HKLM\...\Run: [HPToneControl] => C:\Program Files\Hewlett-Packard\HPToneControl\HPTonectl.exe [107832 2009-08-19] (Hewlett-Packard )
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch 
HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-06-14] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-82-1036420768-1044797643-1061213386-2937092688-4282445334-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1BF874133F88CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.asp.net/mvc/tutorials/mvc-5/introduction/creating-a-connection-string
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll (Skype)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Extension: (Google Drive) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-14]
CHR Extension: (YouTube) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-14]
CHR Extension: (Google Search) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-14]
CHR Extension: (Google Wallet) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-14]
CHR Extension: (Gmail) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [194240 2014-05-15] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2014-05-15] (Microsoft Corporation)
R2 TFSJobAgent; C:\Program Files\Microsoft Team Foundation Server 12.0\Application Tier\TfsJobAgent\TfsJobAgent.exe [51376 2014-03-23] (Microsoft Corporation)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [35328 2013-10-12] (Validity Sensors, Inc.)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87736 2014-04-30] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
==================== Drivers (Whitelisted) ====================
 
S3 iscFlash; c:\SwSetup\SP55299\iscflashx64.sys [45632 2010-10-15] (Insyde Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S4 RsFx0201; C:\Windows\System32\DRIVERS\RsFx0201.sys [337088 2014-05-15] (Microsoft Corporation)
U3 aswMBR; \??\C:\Users\James\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\James\AppData\Local\Temp\aswVmm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-23 09:17 - 2014-07-23 09:17 - 00000000 ____D () C:\Users\James\Downloads\FRST-OlderVersion
2014-07-22 13:46 - 2014-07-22 13:46 - 00002408 _____ () C:\Users\James\Desktop\aswMBR1.txt
2014-07-19 19:53 - 2014-07-19 19:53 - 00000414 _____ () C:\Users\James\Downloads\eset.txt
2014-07-19 18:28 - 2014-07-19 18:28 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-19 18:26 - 2014-07-19 18:27 - 02347384 _____ (ESET) C:\Users\James\Downloads\esetsmartinstaller_enu.exe
2014-07-16 07:21 - 2014-07-16 07:21 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-16 07:21 - 2014-07-16 07:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-16 07:21 - 2014-07-16 07:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-16 07:21 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-16 07:21 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-16 07:20 - 2014-07-16 07:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\James\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-16 07:08 - 2014-07-16 07:08 - 00001349 _____ () C:\Users\James\Downloads\fixlist.txt
2014-07-09 17:41 - 2014-07-22 13:46 - 00000512 _____ () C:\Users\James\Desktop\MBR.dat
2014-07-09 17:41 - 2014-07-09 17:41 - 00002407 _____ () C:\Users\James\Desktop\aswMBR.txt
2014-07-09 17:22 - 2014-07-09 17:22 - 05185536 _____ (AVAST Software) C:\Users\James\Downloads\aswmbr.exe
2014-07-09 09:58 - 2014-07-09 09:58 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-07-09 09:39 - 2014-07-22 13:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-09 09:39 - 2014-07-16 07:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-09 09:39 - 2014-07-09 09:46 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-09 09:38 - 2014-07-16 07:45 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-09 09:38 - 2014-07-09 09:46 - 00000000 ____D () C:\Users\James\Desktop\mbar
2014-07-09 09:38 - 2014-07-09 09:38 - 14349744 _____ (Malwarebytes Corp.) C:\Users\James\Downloads\mbar-1.07.0.1012.exe
2014-07-09 09:38 - 2014-07-09 09:38 - 00204496 _____ (Malwarebytes) C:\Users\James\Downloads\startuplite-setup-1.07.exe
2014-07-09 09:32 - 2014-07-09 09:32 - 00076588 _____ () C:\Users\James\Downloads\Addition (1).txt
2014-07-09 09:23 - 2014-07-23 09:17 - 00012476 _____ () C:\Users\James\Downloads\FRST.txt
2014-07-09 09:23 - 2014-07-09 09:24 - 00076588 _____ () C:\Users\James\Downloads\Addition.txt
2014-07-09 09:22 - 2014-07-23 09:17 - 02091520 _____ (Farbar) C:\Users\James\Downloads\FRST64.exe
2014-07-09 09:22 - 2014-07-23 09:17 - 00000000 ____D () C:\FRST
2014-07-09 09:13 - 2014-07-09 09:13 - 00065232 _____ (Malwarebytes) C:\Users\James\Downloads\regassassin-setup-1.03.exe
2014-07-08 14:46 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-08 14:46 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-08 14:46 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-08 14:46 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-08 14:46 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 14:46 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 14:46 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-08 14:46 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 14:46 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 14:46 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-08 14:46 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-08 14:46 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-08 14:46 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 14:46 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-08 14:46 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 14:46 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 14:46 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-08 14:46 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-08 14:46 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-08 14:46 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-08 14:46 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 14:46 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-08 14:46 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-08 14:46 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-08 14:46 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 14:46 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 14:46 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 14:46 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-08 14:46 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-08 14:46 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-08 14:46 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-08 14:46 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-08 14:46 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 14:46 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-08 14:46 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-08 14:46 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-08 14:46 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 14:46 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-08 14:46 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-08 14:46 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-08 14:46 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-08 14:46 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-08 14:46 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-08 14:46 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-08 14:46 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-08 14:46 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 14:46 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-08 14:46 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-08 14:46 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 14:46 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-08 14:46 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-08 14:46 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-08 14:46 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-08 14:46 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 14:46 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-08 14:46 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-08 14:46 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-08 14:46 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-08 14:46 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-08 14:46 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-08 14:46 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 14:46 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 14:46 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-08 14:46 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-08 14:46 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-08 14:46 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-08 14:46 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-08 14:46 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-08 14:46 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-08 14:46 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-08 14:46 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-08 14:46 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-08 14:46 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-08 14:46 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-08 14:46 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-08 14:46 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-08 14:46 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-08 14:46 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 14:45 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-08 14:45 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-08 14:45 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-07 01:07 - 2014-07-07 01:07 - 00000000 ____D () C:\Program Files (x86)\predm
2014-07-07 01:04 - 2014-07-19 19:47 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-07-07 01:04 - 2014-07-07 01:09 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-07-07 01:04 - 2014-07-07 01:06 - 00000000 ____D () C:\ProgramData\d76b26a3592eb7d3
2014-07-07 01:04 - 2014-07-07 01:04 - 00003360 _____ () C:\Windows\System32\Tasks\EnergoTech Update
2014-07-07 01:04 - 2014-07-07 01:04 - 00000000 ____D () C:\Users\James\AppData\Local\Torch
2014-07-07 01:04 - 2014-07-07 01:04 - 00000000 ____D () C:\Users\James\AppData\Local\Packages
2014-07-07 01:04 - 2014-07-07 01:04 - 00000000 ____D () C:\Users\James\AppData\Local\Comodo
2014-07-07 01:04 - 2014-07-07 01:04 - 00000000 ____D () C:\Users\James\AppData\Local\Chromatic Browser
2014-07-07 01:04 - 2014-07-07 01:04 - 00000000 ____D () C:\Users\Guest
2014-07-07 01:04 - 2014-07-07 01:04 - 00000000 ____D () C:\Users\Administrator
2014-07-07 01:04 - 2014-07-07 01:04 - 00000000 ____D () C:\ProgramData\EnergoTech
2014-07-03 14:34 - 2014-07-03 14:34 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-06-30 23:03 - 2014-05-15 14:59 - 00096448 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr11.2.5058.0.dll
2014-06-30 23:03 - 2014-05-15 14:58 - 00083136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr11.2.5058.0.dll
2014-06-23 23:09 - 2012-02-11 12:43 - 00253016 _____ (Microsoft Corporation) C:\Windows\system32\SQSRVRES.DLL
2014-06-23 21:50 - 2014-06-23 21:50 - 00000000 ____D () C:\Users\James\AppData\Local\Adobe_Systems_Incorporate
2014-06-23 21:49 - 2014-07-07 01:30 - 00000000 ____D () C:\Users\James\Documents\My Digital Editions
2014-06-23 21:49 - 2014-06-23 21:49 - 00002188 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 3.0.lnk
2014-06-23 21:49 - 2014-06-23 21:49 - 00002176 _____ () C:\Users\Public\Desktop\Adobe Digital Editions 3.0.lnk
2014-06-23 21:49 - 2014-06-23 21:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-06-23 21:48 - 2014-06-23 21:48 - 00001782 _____ () C:\Users\James\Downloads\ProgrammingC50BuildingWindows08Weband9781449359683.acsm
 
==================== One Month Modified Files and Folders =======
 
2014-07-23 09:17 - 2014-07-23 09:17 - 00000000 ____D () C:\Users\James\Downloads\FRST-OlderVersion
2014-07-23 09:17 - 2014-07-09 09:23 - 00012476 _____ () C:\Users\James\Downloads\FRST.txt
2014-07-23 09:17 - 2014-07-09 09:22 - 02091520 _____ (Farbar) C:\Users\James\Downloads\FRST64.exe
2014-07-23 09:17 - 2014-07-09 09:22 - 00000000 ____D () C:\FRST
2014-07-23 09:16 - 2014-06-15 23:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-23 09:16 - 2014-06-14 16:22 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-23 09:16 - 2014-06-14 16:22 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-22 13:46 - 2014-07-22 13:46 - 00002408 _____ () C:\Users\James\Desktop\aswMBR1.txt
2014-07-22 13:46 - 2014-07-09 17:41 - 00000512 _____ () C:\Users\James\Desktop\MBR.dat
2014-07-22 13:04 - 2014-07-09 09:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-22 12:28 - 2009-07-14 00:45 - 00014464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-22 12:28 - 2009-07-14 00:45 - 00014464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-22 12:26 - 2009-07-14 01:13 - 00986544 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-22 12:24 - 2014-06-14 17:53 - 01065473 _____ () C:\Windows\WindowsUpdate.log
2014-07-22 12:21 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-22 12:21 - 2009-07-14 00:51 - 00030651 _____ () C:\Windows\setupact.log
2014-07-19 19:53 - 2014-07-19 19:53 - 00000414 _____ () C:\Users\James\Downloads\eset.txt
2014-07-19 19:47 - 2014-07-07 01:04 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-07-19 18:28 - 2014-07-19 18:28 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-19 18:27 - 2014-07-19 18:26 - 02347384 _____ (ESET) C:\Users\James\Downloads\esetsmartinstaller_enu.exe
2014-07-18 10:45 - 2014-06-14 21:50 - 00127414 _____ () C:\Windows\PFRO.log
2014-07-16 07:45 - 2014-07-09 09:38 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-16 07:21 - 2014-07-16 07:21 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-16 07:21 - 2014-07-16 07:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-16 07:21 - 2014-07-16 07:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-16 07:21 - 2014-07-16 07:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\James\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-16 07:21 - 2014-07-09 09:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-16 07:08 - 2014-07-16 07:08 - 00001349 _____ () C:\Users\James\Downloads\fixlist.txt
2014-07-10 12:03 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-07-09 17:41 - 2014-07-09 17:41 - 00002407 _____ () C:\Users\James\Desktop\aswMBR.txt
2014-07-09 17:22 - 2014-07-09 17:22 - 05185536 _____ (AVAST Software) C:\Users\James\Downloads\aswmbr.exe
2014-07-09 09:58 - 2014-07-09 09:58 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-07-09 09:58 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-07-09 09:46 - 2014-07-09 09:39 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-09 09:46 - 2014-07-09 09:38 - 00000000 ____D () C:\Users\James\Desktop\mbar
2014-07-09 09:38 - 2014-07-09 09:38 - 14349744 _____ (Malwarebytes Corp.) C:\Users\James\Downloads\mbar-1.07.0.1012.exe
2014-07-09 09:38 - 2014-07-09 09:38 - 00204496 _____ (Malwarebytes) C:\Users\James\Downloads\startuplite-setup-1.07.exe
2014-07-09 09:32 - 2014-07-09 09:32 - 00076588 _____ () C:\Users\James\Downloads\Addition (1).txt
2014-07-09 09:24 - 2014-07-09 09:23 - 00076588 _____ () C:\Users\James\Downloads\Addition.txt
2014-07-09 09:13 - 2014-07-09 09:13 - 00065232 _____ (Malwarebytes) C:\Users\James\Downloads\regassassin-setup-1.03.exe
2014-07-09 09:03 - 2009-07-14 00:45 - 00275712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 09:02 - 2014-06-14 23:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 09:02 - 2009-07-14 03:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 09:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 09:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 08:59 - 2014-06-14 17:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 08:58 - 2014-06-14 17:05 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-08 16:40 - 2014-06-15 23:55 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 16:40 - 2014-06-15 23:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 16:40 - 2014-06-15 23:55 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-07 01:30 - 2014-06-23 21:49 - 00000000 ____D () C:\Users\James\Documents\My Digital Editions
2014-07-07 01:09 - 2014-07-07 01:04 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-07-07 01:07 - 2014-07-07 01:07 - 00000000 ____D () C:\Program Files (x86)\predm
2014-07-07 01:06 - 2014-07-07 01:04 - 00000000 ____D () C:\ProgramData\d76b26a3592eb7d3
2014-07-07 01:04 - 2014-07-07 01:04 - 00003360 _____ () C:\Windows\System32\Tasks\EnergoTech Update
2014-07-07 01:04 - 2014-07-07 01:04 - 00000000 ____D () C:\Users\James\AppData\Local\Torch
2014-07-07 01:04 - 2014-07-07 01:04 - 00000000 ____D () C:\Users\James\AppData\Local\Packages
2014-07-07 01:04 - 2014-07-07 01:04 - 00000000 ____D () C:\Users\James\AppData\Local\Comodo
2014-07-07 01:04 - 2014-07-07 01:04 - 00000000 ____D () C:\Users\James\AppData\Local\Chromatic Browser
2014-07-07 01:04 - 2014-07-07 01:04 - 00000000 ____D () C:\Users\Guest
2014-07-07 01:04 - 2014-07-07 01:04 - 00000000 ____D () C:\Users\Administrator
2014-07-07 01:04 - 2014-07-07 01:04 - 00000000 ____D () C:\ProgramData\EnergoTech
2014-07-07 01:04 - 2014-06-14 16:22 - 00000000 ____D () C:\Users\James\AppData\Local\Google
2014-07-07 01:04 - 2014-06-14 16:22 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-07 01:04 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-07 01:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-07-05 10:33 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-07-03 14:34 - 2014-07-03 14:34 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-06-30 23:03 - 2014-06-22 15:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012
2014-06-30 23:00 - 2014-06-14 22:45 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-06-30 23:00 - 2014-06-14 22:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-06-29 22:09 - 2014-07-08 14:46 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 22:04 - 2014-07-08 14:46 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-24 23:33 - 2014-06-22 15:47 - 00058584 _____ () C:\Windows\iis7.log
2014-06-24 23:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2014-06-24 23:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-06-23 23:06 - 2014-06-21 11:42 - 03211264 _____ () C:\Users\James\PostSalesRight.mdf
2014-06-23 23:06 - 2014-06-21 11:42 - 00802816 _____ () C:\Users\James\PostSalesRight_log.ldf
2014-06-23 21:50 - 2014-06-23 21:50 - 00000000 ____D () C:\Users\James\AppData\Local\Adobe_Systems_Incorporate
2014-06-23 21:49 - 2014-06-23 21:49 - 00002188 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 3.0.lnk
2014-06-23 21:49 - 2014-06-23 21:49 - 00002176 _____ () C:\Users\Public\Desktop\Adobe Digital Editions 3.0.lnk
2014-06-23 21:49 - 2014-06-23 21:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-06-23 21:49 - 2014-06-16 12:39 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-23 21:48 - 2014-06-23 21:48 - 00001782 _____ () C:\Users\James\Downloads\ProgrammingC50BuildingWindows08Weband9781449359683.acsm
 
Some content of TEMP:
====================
C:\Users\James\AppData\Local\Temp\heyu0n1f.eiu.exe
C:\Users\James\AppData\Local\Temp\repuh3f3.rox.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-18 12:26
 
==================== End Of Log ============================
Link to post
Share on other sites

No Problem :)


Delete junk with adwCleaner


Please download AdwCleaner to your desktop.

 

  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also

 

 

 

Download ComboFix from here



* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic
How to disable your security applications


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.

 

 

 

How is your system behaving now ?

Link to post
Share on other sites

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS

Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

Key Deleted : HKCU\Software\powerpack

Key Deleted : HKCU\Software\TutoTag

Key Deleted : HKCU\Software\AppDataLow\Software\blockAndSurf

Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}

Key Deleted : HKLM\Software\SupDp

Key Deleted : HKLM\Software\SupTab

Key Deleted : HKLM\Software\supWPM

Key Deleted : HKLM\Software\V9Software

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17207

 

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [secondary Start Pages]

 

-\\ Google Chrome v35.0.1916.153

 

[ File : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}

Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh

 

*************************

 

AdwCleaner[R0].txt - [3131 octets] - [23/07/2014 21:22:11]

AdwCleaner[s0].txt - [2360 octets] - [23/07/2014 21:23:32]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2420 octets] ##########
Link to post
Share on other sites

ComboFix 14-07-22.01 - James 07/23/2014  21:39:45.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3894.1732 [GMT -4:00]

Running from: c:\users\James\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\James\AppData\Local\assembly\tmp

c:\users\James\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp

c:\users\James\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp\2.0\background.html

c:\users\James\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp\2.0\content.js

c:\users\James\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp\2.0\HfV8WKkDU.js

c:\users\James\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp\2.0\lsdb.js

c:\users\James\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp\2.0\manifest.json

c:\users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_beofpcngpcdhobdcgcdgodlgiddcafaa_0.localstorage-journal

c:\users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_beofpcngpcdhobdcgcdgodlgiddcafaa_0.localstorage

c:\users\James\AppData\Local\Google\Chrome\User Data\Default\Preferences

.

.

(((((((((((((((((((((((((   Files Created from 2014-06-24 to 2014-07-24  )))))))))))))))))))))))))))))))

.

.

2014-07-24 01:44 . 2014-07-24 01:44 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-07-24 01:44 . 2014-07-24 01:44 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp

2014-07-24 01:22 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll

2014-07-24 01:22 . 2014-07-24 01:23 -------- d-----w- C:\AdwCleaner

2014-07-23 13:28 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91BF4F9C-1AA4-47AC-903D-ABEC7B4AFB65}\mpengine.dll

2014-07-21 21:05 . 2014-06-16 12:37 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{09AE63B1-C902-478E-AD53-9C61FC22DD13}\gapaengine.dll

2014-07-21 21:05 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-07-19 22:28 . 2014-07-19 22:28 -------- d-----w- c:\program files (x86)\ESET

2014-07-16 11:21 . 2014-07-16 11:21 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware

2014-07-16 11:21 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys

2014-07-16 11:21 . 2014-05-12 11:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-07-09 13:58 . 2014-07-09 13:58 -------- d-----w- c:\programdata\Hewlett-Packard

2014-07-09 13:58 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll

2014-07-09 13:49 . 2014-07-09 13:49 -------- d-----w- c:\users\James\AppData\Local\ElevatedDiagnostics

2014-07-09 13:39 . 2014-07-16 11:21 -------- d-----w- c:\programdata\Malwarebytes

2014-07-09 13:39 . 2014-07-09 13:46 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2014-07-09 13:39 . 2014-07-24 01:24 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-07-09 13:38 . 2014-07-16 11:45 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-07-09 13:22 . 2014-07-23 19:59 -------- d-----w- C:\FRST

2014-07-08 18:45 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll

2014-07-08 18:45 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2014-07-08 18:45 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2014-07-07 05:04 . 2014-07-07 05:04 -------- d-----w- c:\users\James\AppData\Local\Programs

2014-07-07 05:04 . 2014-07-07 05:04 -------- d-----w- c:\programdata\EnergoTech

2014-07-07 05:04 . 2014-07-07 05:04 -------- d-----w- c:\users\Guest

2014-07-07 05:04 . 2014-07-07 05:04 -------- d-----w- c:\users\Administrator

2014-07-01 03:03 . 2014-05-15 18:59 96448 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr11.2.5058.0.dll

2014-07-01 03:03 . 2014-05-15 18:58 83136 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr11.2.5058.0.dll

2014-07-01 03:02 . 2014-07-01 03:02 -------- d-----w- c:\program files\Microsoft.NET

2014-06-25 03:43 . 2014-06-16 12:37 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2014-06-24 03:09 . 2012-02-11 16:43 253016 ----a-w- c:\windows\system32\SQSRVRES.DLL

2014-06-24 01:50 . 2014-06-24 01:50 -------- d-----w- c:\users\James\AppData\Local\Adobe_Systems_Incorporate

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-07-09 12:58 . 2014-06-14 21:05 96441528 ----a-w- c:\windows\system32\MRT.exe

2014-07-08 20:40 . 2014-06-16 03:55 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-07-08 20:40 . 2014-06-16 03:55 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-06-18 22:13 . 2014-06-15 02:55 1234944 ----a-w- c:\programdata\Microsoft\VWDExpress\12.0\1033\ResourceCache.dll

2014-06-15 02:01 . 2014-06-15 02:01 194048 ----a-w- c:\windows\SysWow64\elshyph.dll

2014-06-15 02:01 . 2014-06-15 02:01 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2014-06-15 02:01 . 2014-06-15 02:01 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll

2014-06-15 02:01 . 2014-06-15 02:01 62464 ----a-w- c:\windows\SysWow64\tdc.ocx

2014-06-15 02:01 . 2014-06-15 02:01 337408 ----a-w- c:\windows\SysWow64\html.iec

2014-06-15 02:01 . 2014-06-15 02:01 235008 ----a-w- c:\windows\system32\elshyph.dll

2014-06-15 02:01 . 2014-06-15 02:01 182272 ----a-w- c:\windows\SysWow64\msls31.dll

2014-06-15 02:01 . 2014-06-15 02:01 36352 ----a-w- c:\windows\SysWow64\imgutil.dll

2014-06-15 02:01 . 2014-06-15 02:01 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll

2014-06-15 02:01 . 2014-06-15 02:01 151552 ----a-w- c:\windows\SysWow64\iexpress.exe

2014-06-15 02:01 . 2014-06-15 02:01 139264 ----a-w- c:\windows\SysWow64\wextract.exe

2014-06-15 02:01 . 2014-06-15 02:01 13312 ----a-w- c:\windows\SysWow64\mshta.exe

2014-06-15 02:01 . 2014-06-15 02:01 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2014-06-15 02:01 . 2014-06-15 02:01 942592 ----a-w- c:\windows\system32\jsIntl.dll

2014-06-15 02:01 . 2014-06-15 02:01 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll

2014-06-15 02:01 . 2014-06-15 02:01 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2014-06-15 02:01 . 2014-06-15 02:01 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2014-06-15 02:01 . 2014-06-15 02:01 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2014-06-15 02:01 . 2014-06-15 02:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2014-06-15 02:01 . 2014-06-15 02:01 247808 ----a-w- c:\windows\system32\msls31.dll

2014-06-15 02:01 . 2014-06-15 02:01 13312 ----a-w- c:\windows\system32\msfeedssync.exe

2014-06-15 02:01 . 2014-06-15 02:01 131072 ----a-w- c:\windows\system32\IEAdvpack.dll

2014-06-15 02:01 . 2014-06-15 02:01 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2014-06-15 02:01 . 2014-06-15 02:01 81408 ----a-w- c:\windows\system32\icardie.dll

2014-06-15 02:01 . 2014-06-15 02:01 77312 ----a-w- c:\windows\system32\tdc.ocx

2014-06-15 02:01 . 2014-06-15 02:01 616104 ----a-w- c:\windows\system32\ieapfltr.dat

2014-06-15 02:01 . 2014-06-15 02:01 48640 ----a-w- c:\windows\system32\mshtmler.dll

2014-06-15 02:01 . 2014-06-15 02:01 413696 ----a-w- c:\windows\system32\html.iec

2014-06-15 02:01 . 2014-06-15 02:01 30208 ----a-w- c:\windows\system32\licmgr10.dll

2014-06-15 02:01 . 2014-06-15 02:01 243200 ----a-w- c:\windows\system32\webcheck.dll

2014-06-15 02:01 . 2014-06-15 02:01 235520 ----a-w- c:\windows\system32\url.dll

2014-06-15 02:01 . 2014-06-15 02:01 167424 ----a-w- c:\windows\system32\iexpress.exe

2014-06-15 02:01 . 2014-06-15 02:01 143872 ----a-w- c:\windows\system32\wextract.exe

2014-06-15 02:01 . 2014-06-15 02:01 105984 ----a-w- c:\windows\system32\iesysprep.dll

2014-06-15 02:01 . 2014-06-15 02:01 101376 ----a-w- c:\windows\system32\inseng.dll

2014-06-15 02:01 . 2014-06-15 02:01 774144 ----a-w- c:\windows\system32\jscript.dll

2014-06-15 02:01 . 2014-06-15 02:01 62464 ----a-w- c:\windows\system32\pngfilt.dll

2014-06-15 02:01 . 2014-06-15 02:01 48128 ----a-w- c:\windows\system32\imgutil.dll

2014-06-15 02:01 . 2014-06-15 02:01 147968 ----a-w- c:\windows\system32\occache.dll

2014-06-15 02:01 . 2014-06-15 02:01 13824 ----a-w- c:\windows\system32\mshta.exe

2014-06-15 02:01 . 2014-06-15 02:01 135680 ----a-w- c:\windows\system32\iepeers.dll

2014-06-15 01:59 . 2014-06-15 01:59 878080 ----a-w- c:\windows\system32\advapi32.dll

2014-06-15 01:59 . 2014-06-15 01:59 859648 ----a-w- c:\windows\system32\tdh.dll

2014-06-15 01:59 . 2014-06-15 01:59 1732032 ----a-w- c:\windows\system32\ntdll.dll

2014-06-15 01:59 . 2014-06-15 01:59 640512 ----a-w- c:\windows\SysWow64\advapi32.dll

2014-06-15 01:59 . 2014-06-15 01:59 619520 ----a-w- c:\windows\SysWow64\tdh.dll

2014-06-15 01:59 . 2014-06-15 01:59 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll

2014-06-15 01:59 . 2014-06-15 01:59 327168 ----a-w- c:\windows\system32\mswsock.dll

2014-06-15 01:59 . 2014-06-15 01:59 231424 ----a-w- c:\windows\SysWow64\mswsock.dll

2014-06-15 01:58 . 2014-06-15 01:58 68608 ----a-w- c:\windows\system32\taskhost.exe

2014-06-15 01:58 . 2014-06-15 01:58 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2014-06-15 01:58 . 2014-06-15 01:58 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 1682432 ----a-w- c:\windows\system32\XpsPrint.dll

2014-06-15 01:58 . 2014-06-15 01:58 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2014-06-15 01:58 . 2014-06-15 01:58 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2014-06-15 01:58 . 2014-06-15 01:58 648192 ----a-w- c:\windows\system32\d3d10level9.dll

2014-06-15 01:58 . 2014-06-15 01:58 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2014-06-15 01:58 . 2014-06-15 01:58 363008 ----a-w- c:\windows\system32\dxgi.dll

2014-06-15 01:58 . 2014-06-15 01:58 333312 ----a-w- c:\windows\system32\d3d10_1core.dll

2014-06-15 01:58 . 2014-06-15 01:58 296960 ----a-w- c:\windows\system32\d3d10core.dll

2014-06-15 01:58 . 2014-06-15 01:58 293376 ----a-w- c:\windows\SysWow64\dxgi.dll

2014-06-15 01:58 . 2014-06-15 01:58 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll

2014-06-15 01:58 . 2014-06-15 01:58 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2014-06-15 01:58 . 2014-06-15 01:58 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2014-06-15 01:58 . 2014-06-15 01:58 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll

2014-06-15 01:58 . 2014-06-15 01:58 221184 ----a-w- c:\windows\system32\UIAnimation.dll

2014-06-15 01:58 . 2014-06-15 01:58 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll

2014-06-15 01:58 . 2014-06-15 01:58 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll

2014-06-15 01:58 . 2014-06-15 01:58 194560 ----a-w- c:\windows\system32\d3d10_1.dll

2014-06-15 01:58 . 2014-06-15 01:58 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll

2014-06-15 01:58 . 2014-06-15 01:58 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2014-06-15 01:58 . 2014-06-15 01:58 1238528 ----a-w- c:\windows\system32\d3d10.dll

2014-06-15 01:58 . 2014-06-15 01:58 1175552 ----a-w- c:\windows\system32\FntCache.dll

2014-06-15 01:58 . 2014-06-15 01:58 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll

2014-06-15 01:57 . 2014-06-15 01:57 1887232 ----a-w- c:\windows\system32\d3d11.dll

2014-06-15 01:57 . 2014-06-15 01:57 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll

2014-06-15 01:44 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2014-06-15 01:44 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2014-06-14 20:48 . 2014-06-14 20:49 6656 ----a-w- c:\windows\system32\bcmwlrc.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-09 98304]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 iscFlash;iscFlash;c:\swsetup\SP55299\iscflashx64.sys;c:\swsetup\SP55299\iscflashx64.sys [x]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe;c:\windows\SYSNATIVE\inetsrv\wmsvc.exe [x]

R4 RsFx0201;RsFx0201 Driver;c:\windows\system32\DRIVERS\RsFx0201.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0201.sys [x]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]

S2 TFSJobAgent;Visual Studio Team Foundation Background Job Agent;c:\program files\Microsoft Team Foundation Server 12.0\Application Tier\TfsJobAgent\TfsJobAgent.exe;c:\program files\Microsoft Team Foundation Server 12.0\Application Tier\TfsJobAgent\TfsJobAgent.exe [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 valWBFPolicyService;Validity WBF Policy Service;c:\windows\system32\valWBFPolicyService.exe;c:\windows\SYSNATIVE\valWBFPolicyService.exe [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]

S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]

S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MBAMSWISSARMY

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ   w3svc was

apphost REG_MULTI_SZ   apphostsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-06-14 20:23 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-16 20:40]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]

"CnxtCoInstallerDefer"="c:\program files\CONEXANT\PREINSTALL\SETUP539CAFB11\KESLYN.EXE" [2010-12-15 1574528]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-07-22 487424]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 415256]

"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mDefault_Search_URL = www.google.com

mDefault_Page_URL = about:blank

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-4080428611-3054010233-2832862219-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-4080428611-3054010233-2832862219-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.14"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2014-07-23  21:46:32

ComboFix-quarantined-files.txt  2014-07-24 01:46ComboFix 14-07-22.01 - James 07/23/2014  21:39:45.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3894.1732 [GMT -4:00]

Running from: c:\users\James\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\James\AppData\Local\assembly\tmp

c:\users\James\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp

c:\users\James\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp\2.0\background.html

c:\users\James\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp\2.0\content.js

c:\users\James\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp\2.0\HfV8WKkDU.js

c:\users\James\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp\2.0\lsdb.js

c:\users\James\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp\2.0\manifest.json

c:\users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_beofpcngpcdhobdcgcdgodlgiddcafaa_0.localstorage-journal

c:\users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_beofpcngpcdhobdcgcdgodlgiddcafaa_0.localstorage

c:\users\James\AppData\Local\Google\Chrome\User Data\Default\Preferences

.

.

(((((((((((((((((((((((((   Files Created from 2014-06-24 to 2014-07-24  )))))))))))))))))))))))))))))))

.

.

2014-07-24 01:44 . 2014-07-24 01:44 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-07-24 01:44 . 2014-07-24 01:44 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp

2014-07-24 01:22 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll

2014-07-24 01:22 . 2014-07-24 01:23 -------- d-----w- C:\AdwCleaner

2014-07-23 13:28 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91BF4F9C-1AA4-47AC-903D-ABEC7B4AFB65}\mpengine.dll

2014-07-21 21:05 . 2014-06-16 12:37 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{09AE63B1-C902-478E-AD53-9C61FC22DD13}\gapaengine.dll

2014-07-21 21:05 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-07-19 22:28 . 2014-07-19 22:28 -------- d-----w- c:\program files (x86)\ESET

2014-07-16 11:21 . 2014-07-16 11:21 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware

2014-07-16 11:21 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys

2014-07-16 11:21 . 2014-05-12 11:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-07-09 13:58 . 2014-07-09 13:58 -------- d-----w- c:\programdata\Hewlett-Packard

2014-07-09 13:58 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll

2014-07-09 13:49 . 2014-07-09 13:49 -------- d-----w- c:\users\James\AppData\Local\ElevatedDiagnostics

2014-07-09 13:39 . 2014-07-16 11:21 -------- d-----w- c:\programdata\Malwarebytes

2014-07-09 13:39 . 2014-07-09 13:46 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2014-07-09 13:39 . 2014-07-24 01:24 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-07-09 13:38 . 2014-07-16 11:45 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-07-09 13:22 . 2014-07-23 19:59 -------- d-----w- C:\FRST

2014-07-08 18:45 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll

2014-07-08 18:45 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2014-07-08 18:45 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2014-07-07 05:04 . 2014-07-07 05:04 -------- d-----w- c:\users\James\AppData\Local\Programs

2014-07-07 05:04 . 2014-07-07 05:04 -------- d-----w- c:\programdata\EnergoTech

2014-07-07 05:04 . 2014-07-07 05:04 -------- d-----w- c:\users\Guest

2014-07-07 05:04 . 2014-07-07 05:04 -------- d-----w- c:\users\Administrator

2014-07-01 03:03 . 2014-05-15 18:59 96448 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr11.2.5058.0.dll

2014-07-01 03:03 . 2014-05-15 18:58 83136 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr11.2.5058.0.dll

2014-07-01 03:02 . 2014-07-01 03:02 -------- d-----w- c:\program files\Microsoft.NET

2014-06-25 03:43 . 2014-06-16 12:37 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2014-06-24 03:09 . 2012-02-11 16:43 253016 ----a-w- c:\windows\system32\SQSRVRES.DLL

2014-06-24 01:50 . 2014-06-24 01:50 -------- d-----w- c:\users\James\AppData\Local\Adobe_Systems_Incorporate

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-07-09 12:58 . 2014-06-14 21:05 96441528 ----a-w- c:\windows\system32\MRT.exe

2014-07-08 20:40 . 2014-06-16 03:55 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-07-08 20:40 . 2014-06-16 03:55 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-06-18 22:13 . 2014-06-15 02:55 1234944 ----a-w- c:\programdata\Microsoft\VWDExpress\12.0\1033\ResourceCache.dll

2014-06-15 02:01 . 2014-06-15 02:01 194048 ----a-w- c:\windows\SysWow64\elshyph.dll

2014-06-15 02:01 . 2014-06-15 02:01 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2014-06-15 02:01 . 2014-06-15 02:01 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll

2014-06-15 02:01 . 2014-06-15 02:01 62464 ----a-w- c:\windows\SysWow64\tdc.ocx

2014-06-15 02:01 . 2014-06-15 02:01 337408 ----a-w- c:\windows\SysWow64\html.iec

2014-06-15 02:01 . 2014-06-15 02:01 235008 ----a-w- c:\windows\system32\elshyph.dll

2014-06-15 02:01 . 2014-06-15 02:01 182272 ----a-w- c:\windows\SysWow64\msls31.dll

2014-06-15 02:01 . 2014-06-15 02:01 36352 ----a-w- c:\windows\SysWow64\imgutil.dll

2014-06-15 02:01 . 2014-06-15 02:01 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll

2014-06-15 02:01 . 2014-06-15 02:01 151552 ----a-w- c:\windows\SysWow64\iexpress.exe

2014-06-15 02:01 . 2014-06-15 02:01 139264 ----a-w- c:\windows\SysWow64\wextract.exe

2014-06-15 02:01 . 2014-06-15 02:01 13312 ----a-w- c:\windows\SysWow64\mshta.exe

2014-06-15 02:01 . 2014-06-15 02:01 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2014-06-15 02:01 . 2014-06-15 02:01 942592 ----a-w- c:\windows\system32\jsIntl.dll

2014-06-15 02:01 . 2014-06-15 02:01 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll

2014-06-15 02:01 . 2014-06-15 02:01 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2014-06-15 02:01 . 2014-06-15 02:01 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2014-06-15 02:01 . 2014-06-15 02:01 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2014-06-15 02:01 . 2014-06-15 02:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2014-06-15 02:01 . 2014-06-15 02:01 247808 ----a-w- c:\windows\system32\msls31.dll

2014-06-15 02:01 . 2014-06-15 02:01 13312 ----a-w- c:\windows\system32\msfeedssync.exe

2014-06-15 02:01 . 2014-06-15 02:01 131072 ----a-w- c:\windows\system32\IEAdvpack.dll

2014-06-15 02:01 . 2014-06-15 02:01 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2014-06-15 02:01 . 2014-06-15 02:01 81408 ----a-w- c:\windows\system32\icardie.dll

2014-06-15 02:01 . 2014-06-15 02:01 77312 ----a-w- c:\windows\system32\tdc.ocx

2014-06-15 02:01 . 2014-06-15 02:01 616104 ----a-w- c:\windows\system32\ieapfltr.dat

2014-06-15 02:01 . 2014-06-15 02:01 48640 ----a-w- c:\windows\system32\mshtmler.dll

2014-06-15 02:01 . 2014-06-15 02:01 413696 ----a-w- c:\windows\system32\html.iec

2014-06-15 02:01 . 2014-06-15 02:01 30208 ----a-w- c:\windows\system32\licmgr10.dll

2014-06-15 02:01 . 2014-06-15 02:01 243200 ----a-w- c:\windows\system32\webcheck.dll

2014-06-15 02:01 . 2014-06-15 02:01 235520 ----a-w- c:\windows\system32\url.dll

2014-06-15 02:01 . 2014-06-15 02:01 167424 ----a-w- c:\windows\system32\iexpress.exe

2014-06-15 02:01 . 2014-06-15 02:01 143872 ----a-w- c:\windows\system32\wextract.exe

2014-06-15 02:01 . 2014-06-15 02:01 105984 ----a-w- c:\windows\system32\iesysprep.dll

2014-06-15 02:01 . 2014-06-15 02:01 101376 ----a-w- c:\windows\system32\inseng.dll

2014-06-15 02:01 . 2014-06-15 02:01 774144 ----a-w- c:\windows\system32\jscript.dll

2014-06-15 02:01 . 2014-06-15 02:01 62464 ----a-w- c:\windows\system32\pngfilt.dll

2014-06-15 02:01 . 2014-06-15 02:01 48128 ----a-w- c:\windows\system32\imgutil.dll

2014-06-15 02:01 . 2014-06-15 02:01 147968 ----a-w- c:\windows\system32\occache.dll

2014-06-15 02:01 . 2014-06-15 02:01 13824 ----a-w- c:\windows\system32\mshta.exe

2014-06-15 02:01 . 2014-06-15 02:01 135680 ----a-w- c:\windows\system32\iepeers.dll

2014-06-15 01:59 . 2014-06-15 01:59 878080 ----a-w- c:\windows\system32\advapi32.dll

2014-06-15 01:59 . 2014-06-15 01:59 859648 ----a-w- c:\windows\system32\tdh.dll

2014-06-15 01:59 . 2014-06-15 01:59 1732032 ----a-w- c:\windows\system32\ntdll.dll

2014-06-15 01:59 . 2014-06-15 01:59 640512 ----a-w- c:\windows\SysWow64\advapi32.dll

2014-06-15 01:59 . 2014-06-15 01:59 619520 ----a-w- c:\windows\SysWow64\tdh.dll

2014-06-15 01:59 . 2014-06-15 01:59 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll

2014-06-15 01:59 . 2014-06-15 01:59 327168 ----a-w- c:\windows\system32\mswsock.dll

2014-06-15 01:59 . 2014-06-15 01:59 231424 ----a-w- c:\windows\SysWow64\mswsock.dll

2014-06-15 01:58 . 2014-06-15 01:58 68608 ----a-w- c:\windows\system32\taskhost.exe

2014-06-15 01:58 . 2014-06-15 01:58 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2014-06-15 01:58 . 2014-06-15 01:58 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 1682432 ----a-w- c:\windows\system32\XpsPrint.dll

2014-06-15 01:58 . 2014-06-15 01:58 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2014-06-15 01:58 . 2014-06-15 01:58 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2014-06-15 01:58 . 2014-06-15 01:58 648192 ----a-w- c:\windows\system32\d3d10level9.dll

2014-06-15 01:58 . 2014-06-15 01:58 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2014-06-15 01:58 . 2014-06-15 01:58 363008 ----a-w- c:\windows\system32\dxgi.dll

2014-06-15 01:58 . 2014-06-15 01:58 333312 ----a-w- c:\windows\system32\d3d10_1core.dll

2014-06-15 01:58 . 2014-06-15 01:58 296960 ----a-w- c:\windows\system32\d3d10core.dll

2014-06-15 01:58 . 2014-06-15 01:58 293376 ----a-w- c:\windows\SysWow64\dxgi.dll

2014-06-15 01:58 . 2014-06-15 01:58 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll

2014-06-15 01:58 . 2014-06-15 01:58 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2014-06-15 01:58 . 2014-06-15 01:58 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2014-06-15 01:58 . 2014-06-15 01:58 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll

2014-06-15 01:58 . 2014-06-15 01:58 221184 ----a-w- c:\windows\system32\UIAnimation.dll

2014-06-15 01:58 . 2014-06-15 01:58 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll

2014-06-15 01:58 . 2014-06-15 01:58 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll

2014-06-15 01:58 . 2014-06-15 01:58 194560 ----a-w- c:\windows\system32\d3d10_1.dll

2014-06-15 01:58 . 2014-06-15 01:58 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll

2014-06-15 01:58 . 2014-06-15 01:58 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2014-06-15 01:58 . 2014-06-15 01:58 1238528 ----a-w- c:\windows\system32\d3d10.dll

2014-06-15 01:58 . 2014-06-15 01:58 1175552 ----a-w- c:\windows\system32\FntCache.dll

2014-06-15 01:58 . 2014-06-15 01:58 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll

2014-06-15 01:57 . 2014-06-15 01:57 1887232 ----a-w- c:\windows\system32\d3d11.dll

2014-06-15 01:57 . 2014-06-15 01:57 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll

2014-06-15 01:44 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2014-06-15 01:44 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2014-06-14 20:48 . 2014-06-14 20:49 6656 ----a-w- c:\windows\system32\bcmwlrc.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-09 98304]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 iscFlash;iscFlash;c:\swsetup\SP55299\iscflashx64.sys;c:\swsetup\SP55299\iscflashx64.sys [x]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe;c:\windows\SYSNATIVE\inetsrv\wmsvc.exe [x]

R4 RsFx0201;RsFx0201 Driver;c:\windows\system32\DRIVERS\RsFx0201.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0201.sys [x]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]

S2 TFSJobAgent;Visual Studio Team Foundation Background Job Agent;c:\program files\Microsoft Team Foundation Server 12.0\Application Tier\TfsJobAgent\TfsJobAgent.exe;c:\program files\Microsoft Team Foundation Server 12.0\Application Tier\TfsJobAgent\TfsJobAgent.exe [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 valWBFPolicyService;Validity WBF Policy Service;c:\windows\system32\valWBFPolicyService.exe;c:\windows\SYSNATIVE\valWBFPolicyService.exe [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]

S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]

S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MBAMSWISSARMY

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ   w3svc was

apphost REG_MULTI_SZ   apphostsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-06-14 20:23 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-16 20:40]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]

"CnxtCoInstallerDefer"="c:\program files\CONEXANT\PREINSTALL\SETUP539CAFB11\KESLYN.EXE" [2010-12-15 1574528]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-07-22 487424]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 415256]

"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mDefault_Search_URL = www.google.com

mDefault_Page_URL = about:blank

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-4080428611-3054010233-2832862219-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-4080428611-3054010233-2832862219-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.14"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2014-07-23  21:46:32

ComboFix-quarantined-files.txt  2014-07-24 01:46

.

Pre-Run: 177,590,095,872 bytes free

Post-Run: 181,080,010,752 bytes free

.

- - End Of File - - 7B338A53D592B90CF02EC7789EEDA5EC

A36C5E4F47E84449FF07ED3517B43A31

 

.

Pre-Run: 177,590,095,872 bytes free

Post-Run: 181,080,010,752 bytes free

.

- - End Of File - - 7B338A53D592B90CF02EC7789EEDA5EC

A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

ComboFix 14-07-22.01 - James 07/23/2014  21:39:45.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3894.1732 [GMT -4:00]

Running from: c:\users\James\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\James\AppData\Local\assembly\tmp

c:\users\James\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp

c:\users\James\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp\2.0\background.html

c:\users\James\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp\2.0\content.js

c:\users\James\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp\2.0\HfV8WKkDU.js

c:\users\James\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp\2.0\lsdb.js

c:\users\James\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp\2.0\manifest.json

c:\users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_beofpcngpcdhobdcgcdgodlgiddcafaa_0.localstorage-journal

c:\users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_beofpcngpcdhobdcgcdgodlgiddcafaa_0.localstorage

c:\users\James\AppData\Local\Google\Chrome\User Data\Default\Preferences

.

.

(((((((((((((((((((((((((   Files Created from 2014-06-24 to 2014-07-24  )))))))))))))))))))))))))))))))

.

.

2014-07-24 01:44 . 2014-07-24 01:44 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-07-24 01:44 . 2014-07-24 01:44 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp

2014-07-24 01:22 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll

2014-07-24 01:22 . 2014-07-24 01:23 -------- d-----w- C:\AdwCleaner

2014-07-23 13:28 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91BF4F9C-1AA4-47AC-903D-ABEC7B4AFB65}\mpengine.dll

2014-07-21 21:05 . 2014-06-16 12:37 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{09AE63B1-C902-478E-AD53-9C61FC22DD13}\gapaengine.dll

2014-07-21 21:05 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-07-19 22:28 . 2014-07-19 22:28 -------- d-----w- c:\program files (x86)\ESET

2014-07-16 11:21 . 2014-07-16 11:21 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware

2014-07-16 11:21 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys

2014-07-16 11:21 . 2014-05-12 11:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-07-09 13:58 . 2014-07-09 13:58 -------- d-----w- c:\programdata\Hewlett-Packard

2014-07-09 13:58 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll

2014-07-09 13:49 . 2014-07-09 13:49 -------- d-----w- c:\users\James\AppData\Local\ElevatedDiagnostics

2014-07-09 13:39 . 2014-07-16 11:21 -------- d-----w- c:\programdata\Malwarebytes

2014-07-09 13:39 . 2014-07-09 13:46 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2014-07-09 13:39 . 2014-07-24 01:24 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-07-09 13:38 . 2014-07-16 11:45 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-07-09 13:22 . 2014-07-23 19:59 -------- d-----w- C:\FRST

2014-07-08 18:45 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll

2014-07-08 18:45 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2014-07-08 18:45 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2014-07-07 05:04 . 2014-07-07 05:04 -------- d-----w- c:\users\James\AppData\Local\Programs

2014-07-07 05:04 . 2014-07-07 05:04 -------- d-----w- c:\programdata\EnergoTech

2014-07-07 05:04 . 2014-07-07 05:04 -------- d-----w- c:\users\Guest

2014-07-07 05:04 . 2014-07-07 05:04 -------- d-----w- c:\users\Administrator

2014-07-01 03:03 . 2014-05-15 18:59 96448 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr11.2.5058.0.dll

2014-07-01 03:03 . 2014-05-15 18:58 83136 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr11.2.5058.0.dll

2014-07-01 03:02 . 2014-07-01 03:02 -------- d-----w- c:\program files\Microsoft.NET

2014-06-25 03:43 . 2014-06-16 12:37 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2014-06-24 03:09 . 2012-02-11 16:43 253016 ----a-w- c:\windows\system32\SQSRVRES.DLL

2014-06-24 01:50 . 2014-06-24 01:50 -------- d-----w- c:\users\James\AppData\Local\Adobe_Systems_Incorporate

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-07-09 12:58 . 2014-06-14 21:05 96441528 ----a-w- c:\windows\system32\MRT.exe

2014-07-08 20:40 . 2014-06-16 03:55 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-07-08 20:40 . 2014-06-16 03:55 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-06-18 22:13 . 2014-06-15 02:55 1234944 ----a-w- c:\programdata\Microsoft\VWDExpress\12.0\1033\ResourceCache.dll

2014-06-15 02:01 . 2014-06-15 02:01 194048 ----a-w- c:\windows\SysWow64\elshyph.dll

2014-06-15 02:01 . 2014-06-15 02:01 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2014-06-15 02:01 . 2014-06-15 02:01 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll

2014-06-15 02:01 . 2014-06-15 02:01 62464 ----a-w- c:\windows\SysWow64\tdc.ocx

2014-06-15 02:01 . 2014-06-15 02:01 337408 ----a-w- c:\windows\SysWow64\html.iec

2014-06-15 02:01 . 2014-06-15 02:01 235008 ----a-w- c:\windows\system32\elshyph.dll

2014-06-15 02:01 . 2014-06-15 02:01 182272 ----a-w- c:\windows\SysWow64\msls31.dll

2014-06-15 02:01 . 2014-06-15 02:01 36352 ----a-w- c:\windows\SysWow64\imgutil.dll

2014-06-15 02:01 . 2014-06-15 02:01 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll

2014-06-15 02:01 . 2014-06-15 02:01 151552 ----a-w- c:\windows\SysWow64\iexpress.exe

2014-06-15 02:01 . 2014-06-15 02:01 139264 ----a-w- c:\windows\SysWow64\wextract.exe

2014-06-15 02:01 . 2014-06-15 02:01 13312 ----a-w- c:\windows\SysWow64\mshta.exe

2014-06-15 02:01 . 2014-06-15 02:01 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2014-06-15 02:01 . 2014-06-15 02:01 942592 ----a-w- c:\windows\system32\jsIntl.dll

2014-06-15 02:01 . 2014-06-15 02:01 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll

2014-06-15 02:01 . 2014-06-15 02:01 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2014-06-15 02:01 . 2014-06-15 02:01 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2014-06-15 02:01 . 2014-06-15 02:01 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2014-06-15 02:01 . 2014-06-15 02:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2014-06-15 02:01 . 2014-06-15 02:01 247808 ----a-w- c:\windows\system32\msls31.dll

2014-06-15 02:01 . 2014-06-15 02:01 13312 ----a-w- c:\windows\system32\msfeedssync.exe

2014-06-15 02:01 . 2014-06-15 02:01 131072 ----a-w- c:\windows\system32\IEAdvpack.dll

2014-06-15 02:01 . 2014-06-15 02:01 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2014-06-15 02:01 . 2014-06-15 02:01 81408 ----a-w- c:\windows\system32\icardie.dll

2014-06-15 02:01 . 2014-06-15 02:01 77312 ----a-w- c:\windows\system32\tdc.ocx

2014-06-15 02:01 . 2014-06-15 02:01 616104 ----a-w- c:\windows\system32\ieapfltr.dat

2014-06-15 02:01 . 2014-06-15 02:01 48640 ----a-w- c:\windows\system32\mshtmler.dll

2014-06-15 02:01 . 2014-06-15 02:01 413696 ----a-w- c:\windows\system32\html.iec

2014-06-15 02:01 . 2014-06-15 02:01 30208 ----a-w- c:\windows\system32\licmgr10.dll

2014-06-15 02:01 . 2014-06-15 02:01 243200 ----a-w- c:\windows\system32\webcheck.dll

2014-06-15 02:01 . 2014-06-15 02:01 235520 ----a-w- c:\windows\system32\url.dll

2014-06-15 02:01 . 2014-06-15 02:01 167424 ----a-w- c:\windows\system32\iexpress.exe

2014-06-15 02:01 . 2014-06-15 02:01 143872 ----a-w- c:\windows\system32\wextract.exe

2014-06-15 02:01 . 2014-06-15 02:01 105984 ----a-w- c:\windows\system32\iesysprep.dll

2014-06-15 02:01 . 2014-06-15 02:01 101376 ----a-w- c:\windows\system32\inseng.dll

2014-06-15 02:01 . 2014-06-15 02:01 774144 ----a-w- c:\windows\system32\jscript.dll

2014-06-15 02:01 . 2014-06-15 02:01 62464 ----a-w- c:\windows\system32\pngfilt.dll

2014-06-15 02:01 . 2014-06-15 02:01 48128 ----a-w- c:\windows\system32\imgutil.dll

2014-06-15 02:01 . 2014-06-15 02:01 147968 ----a-w- c:\windows\system32\occache.dll

2014-06-15 02:01 . 2014-06-15 02:01 13824 ----a-w- c:\windows\system32\mshta.exe

2014-06-15 02:01 . 2014-06-15 02:01 135680 ----a-w- c:\windows\system32\iepeers.dll

2014-06-15 01:59 . 2014-06-15 01:59 878080 ----a-w- c:\windows\system32\advapi32.dll

2014-06-15 01:59 . 2014-06-15 01:59 859648 ----a-w- c:\windows\system32\tdh.dll

2014-06-15 01:59 . 2014-06-15 01:59 1732032 ----a-w- c:\windows\system32\ntdll.dll

2014-06-15 01:59 . 2014-06-15 01:59 640512 ----a-w- c:\windows\SysWow64\advapi32.dll

2014-06-15 01:59 . 2014-06-15 01:59 619520 ----a-w- c:\windows\SysWow64\tdh.dll

2014-06-15 01:59 . 2014-06-15 01:59 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll

2014-06-15 01:59 . 2014-06-15 01:59 327168 ----a-w- c:\windows\system32\mswsock.dll

2014-06-15 01:59 . 2014-06-15 01:59 231424 ----a-w- c:\windows\SysWow64\mswsock.dll

2014-06-15 01:58 . 2014-06-15 01:58 68608 ----a-w- c:\windows\system32\taskhost.exe

2014-06-15 01:58 . 2014-06-15 01:58 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2014-06-15 01:58 . 2014-06-15 01:58 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 1682432 ----a-w- c:\windows\system32\XpsPrint.dll

2014-06-15 01:58 . 2014-06-15 01:58 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2014-06-15 01:58 . 2014-06-15 01:58 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2014-06-15 01:58 . 2014-06-15 01:58 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2014-06-15 01:58 . 2014-06-15 01:58 648192 ----a-w- c:\windows\system32\d3d10level9.dll

2014-06-15 01:58 . 2014-06-15 01:58 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2014-06-15 01:58 . 2014-06-15 01:58 363008 ----a-w- c:\windows\system32\dxgi.dll

2014-06-15 01:58 . 2014-06-15 01:58 333312 ----a-w- c:\windows\system32\d3d10_1core.dll

2014-06-15 01:58 . 2014-06-15 01:58 296960 ----a-w- c:\windows\system32\d3d10core.dll

2014-06-15 01:58 . 2014-06-15 01:58 293376 ----a-w- c:\windows\SysWow64\dxgi.dll

2014-06-15 01:58 . 2014-06-15 01:58 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll

2014-06-15 01:58 . 2014-06-15 01:58 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2014-06-15 01:58 . 2014-06-15 01:58 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2014-06-15 01:58 . 2014-06-15 01:58 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll

2014-06-15 01:58 . 2014-06-15 01:58 221184 ----a-w- c:\windows\system32\UIAnimation.dll

2014-06-15 01:58 . 2014-06-15 01:58 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll

2014-06-15 01:58 . 2014-06-15 01:58 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll

2014-06-15 01:58 . 2014-06-15 01:58 194560 ----a-w- c:\windows\system32\d3d10_1.dll

2014-06-15 01:58 . 2014-06-15 01:58 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll

2014-06-15 01:58 . 2014-06-15 01:58 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2014-06-15 01:58 . 2014-06-15 01:58 1238528 ----a-w- c:\windows\system32\d3d10.dll

2014-06-15 01:58 . 2014-06-15 01:58 1175552 ----a-w- c:\windows\system32\FntCache.dll

2014-06-15 01:58 . 2014-06-15 01:58 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll

2014-06-15 01:57 . 2014-06-15 01:57 1887232 ----a-w- c:\windows\system32\d3d11.dll

2014-06-15 01:57 . 2014-06-15 01:57 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll

2014-06-15 01:44 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2014-06-15 01:44 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2014-06-14 20:48 . 2014-06-14 20:49 6656 ----a-w- c:\windows\system32\bcmwlrc.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-09 98304]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 iscFlash;iscFlash;c:\swsetup\SP55299\iscflashx64.sys;c:\swsetup\SP55299\iscflashx64.sys [x]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe;c:\windows\SYSNATIVE\inetsrv\wmsvc.exe [x]

R4 RsFx0201;RsFx0201 Driver;c:\windows\system32\DRIVERS\RsFx0201.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0201.sys [x]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]

S2 TFSJobAgent;Visual Studio Team Foundation Background Job Agent;c:\program files\Microsoft Team Foundation Server 12.0\Application Tier\TfsJobAgent\TfsJobAgent.exe;c:\program files\Microsoft Team Foundation Server 12.0\Application Tier\TfsJobAgent\TfsJobAgent.exe [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 valWBFPolicyService;Validity WBF Policy Service;c:\windows\system32\valWBFPolicyService.exe;c:\windows\SYSNATIVE\valWBFPolicyService.exe [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]

S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]

S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MBAMSWISSARMY

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ   w3svc was

apphost REG_MULTI_SZ   apphostsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-06-14 20:23 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-16 20:40]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]

"CnxtCoInstallerDefer"="c:\program files\CONEXANT\PREINSTALL\SETUP539CAFB11\KESLYN.EXE" [2010-12-15 1574528]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-07-22 487424]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 415256]

"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mDefault_Search_URL = www.google.com

mDefault_Page_URL = about:blank

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-4080428611-3054010233-2832862219-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-4080428611-3054010233-2832862219-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.14"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2014-07-23  21:46:32

ComboFix-quarantined-files.txt  2014-07-24 01:46

.

Pre-Run: 177,590,095,872 bytes free

Post-Run: 181,080,010,752 bytes free

.

- - End Of File - - 7B338A53D592B90CF02EC7789EEDA5EC

A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.