lakeeffect1000 Posted July 9, 2014 ID:850725 Share Posted July 9, 2014 I keep running into problems with CostMin extension becoming un-deleted every time I open Chrome.Addition.txtFRST.txt Link to post Share on other sites More sharing options...
Psychotic Posted July 9, 2014 ID:850864 Share Posted July 9, 2014 Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding. Scan with aswMBRPlease download aswMBR ( 4.5MB ) to your desktop.Double click the aswMBR.exe icon, and click Run. There will be a short delay before the next dialog box comes up. Please just wait a minute or two. When asked if you'd like to "download the latest Avast! virus definitions", click Yes. Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready. Click the Scan button to start the scan once the update has finished downloading On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record). Link to post Share on other sites More sharing options...
lakeeffect1000 Posted July 9, 2014 Author ID:850873 Share Posted July 9, 2014 aswMBR version 1.0.1.2041 Copyright© 2014 AVAST SoftwareRun date: 2014-07-09 17:22:37-----------------------------17:22:37.541 OS Version: Windows x64 6.1.7601 Service Pack 117:22:37.541 Number of processors: 4 586 0x250217:22:37.542 ComputerName: JAMES-PC UserName: James17:22:38.016 Initialize success17:22:38.043 VM: initialized successfully17:22:38.046 VM: Intel CPU BiosDisabled 17:22:40.553 VM: supported disk I/O ataport.SYS17:26:00.957 AVAST engine defs: 1407090017:31:15.200 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-017:31:15.216 Disk 0 Vendor: OCZ-VERTEX3 2.25 Size: 228936MB BusType: 1117:31:15.231 Disk 0 MBR read successfully17:31:15.231 Disk 0 MBR scan17:31:15.231 Disk 0 Windows 7 default MBR code17:31:15.231 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 204817:31:15.247 Disk 0 default boot code17:31:15.278 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 228834 MB offset 20684817:31:15.340 Disk 0 scanning C:\Windows\system32\drivers17:31:21.783 Service scanning17:31:38.562 Modules scanning17:31:38.573 Disk 0 trace - called modules:17:31:38.581 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 17:31:38.587 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80049ee060]17:31:38.592 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80048ecb10]17:31:38.597 5 hpdskflt.sys[fffff88001998189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80047b41f0]17:31:39.031 AVAST engine scan C:\Windows17:31:40.076 AVAST engine scan C:\Windows\system3217:35:00.119 AVAST engine scan C:\Windows\system32\drivers17:35:07.949 AVAST engine scan C:\Users\James17:35:41.736 File: C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CDLRKCY0\VOPackage[1].exe **INFECTED** Win32:Dropper-gen [Drp]17:37:51.505 File: C:\Users\James\AppData\Local\Temp\repuh3f3.rox.exe **INFECTED** Win32:Dropper-gen [Drp]17:38:21.310 AVAST engine scan C:\ProgramData17:38:50.879 Scan finished successfully17:41:27.098 Disk 0 MBR has been saved successfully to "C:\Users\James\Desktop\MBR.dat"17:41:27.135 The log file has been saved successfully to "C:\Users\James\Desktop\aswMBR.txt" Link to post Share on other sites More sharing options...
Psychotic Posted July 11, 2014 ID:851411 Share Posted July 11, 2014 Fix with FRST (normal mode)WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Download the attached fixlist.txt and save it to the location where FRST is saved to.Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply. Full System Scan with Malwarebytes Antimalware If not existing, please download Malwarebytes Anti-Malware to your desktop.Double-click the downloaded setup file and follow the prompts to install the program.At the end, be sure a checkmark is placed next to the following:Launch Malwarebytes Anti-MalwareA 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.Click Finish.If the program is already installed:Run Malwarebytes AntimalwareOn the Dashboard, click the 'Update Now >>' linkAfter the update completes, click the 'Scan Now >>' button.Or, on the Dashboard, click the Scan Now >> button.If an update is available, click the Update Now button.A Threat Scan will begin.When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.In most cases, a restart will be required.Wait for the prompt to restart the computer to appear, then click on Yes.After the restart once you are back at your desktop, open MBAM once more.Click on the History tab > Application Logs.Double click on the scan log which shows the Date and time of the scan just performed.Click 'Copy to Clipboard'Paste the contents of the clipboard into your reply. fixlist.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 16, 2014 Root Admin ID:853435 Share Posted July 16, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 16, 2014 Root Admin ID:853667 Share Posted July 16, 2014 Topic reopened per user request Link to post Share on other sites More sharing options...
lakeeffect1000 Posted July 18, 2014 Author ID:854554 Share Posted July 18, 2014 Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 7/18/2014Scan Time: 10:46:26 AMLogfile: malwarebyteslog.txtAdministrator: Yes Version: 2.00.2.1012Malware Database: v2014.07.18.06Rootkit Database: v2014.07.17.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: James Scan Type: Threat ScanResult: CompletedObjects Scanned: 372779Time Elapsed: 6 min, 22 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
Psychotic Posted July 19, 2014 ID:855092 Share Posted July 19, 2014 Scan with ESET Online ScanPlease go to here to run the online scannner from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is unticked Click on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth Technology[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic. Link to post Share on other sites More sharing options...
lakeeffect1000 Posted July 19, 2014 Author ID:855178 Share Posted July 19, 2014 C:\Program Files (x86)\SupTab\SupTab.dll Win32/Thinknice.B potentially unwanted application deleted - quarantinedC:\Users\James\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000 a variant of Win32/4Shared.U potentially unwanted application deleted - quarantinedC:\Users\James\AppData\Local\Temp\51m1k2rz.slp.exe Win32/AdWare.Linkular.AH application cleaned by deleting - quarantined Link to post Share on other sites More sharing options...
Larusso Posted July 20, 2014 ID:855415 Share Posted July 20, 2014 Hy there.Psychotic is on vacation and asked me to jump in here. Are there any open issues ? Link to post Share on other sites More sharing options...
lakeeffect1000 Posted July 20, 2014 Author ID:855421 Share Posted July 20, 2014 I just wanted to ensure that based on my last post that everything looks good, to me it seems to. Link to post Share on other sites More sharing options...
Larusso Posted July 21, 2014 ID:855797 Share Posted July 21, 2014 Hy again.Your logs appears to be clean Let me check fresh FRST Logs to make sure there is nothing left. Please re-run FRST.Place a checkmark next to Addition.txt and hit Scan.Logfiles are created on your desktop.Post the FRST.txt and the Addition.txt. Link to post Share on other sites More sharing options...
lakeeffect1000 Posted July 22, 2014 Author ID:856324 Share Posted July 22, 2014 aswMBR version 1.0.1.2041 Copyright© 2014 AVAST SoftwareRun date: 2014-07-22 12:25:54-----------------------------12:25:54.289 OS Version: Windows x64 6.1.7601 Service Pack 112:25:54.289 Number of processors: 4 586 0x250212:25:54.290 ComputerName: JAMES-PC UserName: James12:25:54.878 Initialize success12:25:54.921 VM: initialized successfully12:25:54.925 VM: Intel CPU BiosDisabled 12:26:00.144 VM: supported disk I/O ataport.SYS12:44:07.697 AVAST engine defs: 1407220013:16:01.560 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-013:16:01.564 Disk 0 Vendor: OCZ-VERTEX3 2.25 Size: 228936MB BusType: 1113:16:01.578 Disk 0 MBR read successfully13:16:01.581 Disk 0 MBR scan13:16:01.621 Disk 0 Windows 7 default MBR code13:16:01.625 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 204813:16:01.629 Disk 0 default boot code13:16:01.660 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 228834 MB offset 20684813:16:01.726 Disk 0 scanning C:\Windows\system32\drivers13:16:08.154 Service scanning13:16:23.636 Modules scanning13:16:23.645 Disk 0 trace - called modules:13:16:23.652 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 13:16:23.658 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a0c060]13:16:23.663 3 CLASSPNP.SYS[fffff880019aa43f] -> nt!IofCallDriver -> [0xfffffa80048f7b10]13:16:23.668 5 hpdskflt.sys[fffff88001951189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80047b41f0]13:16:24.099 AVAST engine scan C:\Windows13:16:25.222 AVAST engine scan C:\Windows\system3213:19:42.950 AVAST engine scan C:\Windows\system32\drivers13:19:50.347 AVAST engine scan C:\Users\James13:20:14.757 File: C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CDLRKCY0\VOPackage[1].exe **INFECTED** Win32:Dropper-gen [Drp]13:22:10.503 File: C:\Users\James\AppData\Local\Temp\repuh3f3.rox.exe **INFECTED** Win32:Dropper-gen [Drp]13:22:52.903 AVAST engine scan C:\ProgramData13:23:01.181 Scan finished successfully13:46:56.119 Disk 0 MBR has been saved successfully to "C:\Users\James\Desktop\MBR.dat"13:46:56.159 The log file has been saved successfully to "C:\Users\James\Desktop\aswMBR1.txt" Link to post Share on other sites More sharing options...
Larusso Posted July 22, 2014 ID:856380 Share Posted July 22, 2014 You ran aswMBR.exe instead of FRST.exe Please read my instructions carefully Link to post Share on other sites More sharing options...
lakeeffect1000 Posted July 23, 2014 Author ID:856710 Share Posted July 23, 2014 Sorry. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-07-2014 01Ran by James (administrator) on JAMES-PC on 23-07-2014 09:17:30Running from C:\Users\James\DownloadsPlatform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(AMD) C:\Windows\System32\atiesrxx.exe(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe(AMD) C:\Windows\System32\atieclxx.exe(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Hewlett-Packard ) C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe(Microsoft Corporation) C:\Program Files\Microsoft Team Foundation Server 12.0\Application Tier\TFSJobAgent\TFSJobAgent.exe(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(AVAST Software) C:\Users\James\Downloads\aswmbr.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)HKLM\...\Run: [CnxtCoInstallerDefer] => C:\Program Files\CONEXANT\PREINSTALL\SETUP539CAFB11\KESLYN.EXE [1574528 2010-12-15] (Conexant Systems, Inc.)HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-07-22] (IDT, Inc.)HKLM\...\Run: [HPToneControl] => C:\Program Files\Hewlett-Packard\HPToneControl\HPTonectl.exe [107832 2009-08-19] (Hewlett-Packard )HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-09] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\.DEFAULT\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-06-14] (Microsoft Corporation)HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)HKU\S-1-5-82-1036420768-1044797643-1061213386-2937092688-4282445334-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1BF874133F88CF01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USHKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.asp.net/mvc/tutorials/mvc-5/introduction/creating-a-connection-stringhttps://mail.google.com/mail/u/0/#inboxhttp://msdn.microsoft.com/en-us/data/jj206878.aspxhttp://connect.microsoft.com/VisualStudio/feedback/details/809897/cannot-add-data-connections-in-vs2013-express-for-windowshttp://www.bing.com/search?q=is+localdb+native+to+visual+studio+express+2013&qs=n&form=QBRE&pq=is+localdb+native+to+visual+studio+express+2013&sc=0-18&sp=-1&sk=&cvid=5a2caef2ec3f4cf0bf163af507698e1ahttp://stackoverflow.com/questions/20980626/how-to-create-a-localdb-on-visual-studio-2013-that-doesnt-require-sql-server-inhttp://www.visualstudio.com/downloads/download-visual-studio-vs#d-team-foundation-server-expressHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blankBHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox:========FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll (Skype)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No FileFF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No FileFF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: =======CHR Extension: (Google Drive) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-14]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-14]CHR Extension: (YouTube) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-14]CHR Extension: (Google Search) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-14]CHR Extension: (Google Wallet) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-14]CHR Extension: (Gmail) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-14]CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [194240 2014-05-15] (Microsoft Corporation)R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2014-05-15] (Microsoft Corporation)R2 TFSJobAgent; C:\Program Files\Microsoft Team Foundation Server 12.0\Application Tier\TfsJobAgent\TfsJobAgent.exe [51376 2014-03-23] (Microsoft Corporation)R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [35328 2013-10-12] (Validity Sensors, Inc.)S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87736 2014-04-30] (Microsoft Corporation)R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] ==================== Drivers (Whitelisted) ==================== S3 iscFlash; c:\SwSetup\SP55299\iscflashx64.sys [45632 2010-10-15] (Insyde Software)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-22] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)S4 RsFx0201; C:\Windows\System32\DRIVERS\RsFx0201.sys [337088 2014-05-15] (Microsoft Corporation)U3 aswMBR; \??\C:\Users\James\AppData\Local\Temp\aswMBR.sys [X]U3 aswVmm; \??\C:\Users\James\AppData\Local\Temp\aswVmm.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-23 09:17 - 2014-07-23 09:17 - 00000000 ____D () C:\Users\James\Downloads\FRST-OlderVersion2014-07-22 13:46 - 2014-07-22 13:46 - 00002408 _____ () C:\Users\James\Desktop\aswMBR1.txt2014-07-19 19:53 - 2014-07-19 19:53 - 00000414 _____ () C:\Users\James\Downloads\eset.txt2014-07-19 18:28 - 2014-07-19 18:28 - 00000000 ____D () C:\Program Files (x86)\ESET2014-07-19 18:26 - 2014-07-19 18:27 - 02347384 _____ (ESET) C:\Users\James\Downloads\esetsmartinstaller_enu.exe2014-07-16 07:21 - 2014-07-16 07:21 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-16 07:21 - 2014-07-16 07:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-16 07:21 - 2014-07-16 07:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-16 07:21 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-07-16 07:21 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-07-16 07:20 - 2014-07-16 07:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\James\Downloads\mbam-setup-2.0.2.1012.exe2014-07-16 07:08 - 2014-07-16 07:08 - 00001349 _____ () C:\Users\James\Downloads\fixlist.txt2014-07-09 17:41 - 2014-07-22 13:46 - 00000512 _____ () C:\Users\James\Desktop\MBR.dat2014-07-09 17:41 - 2014-07-09 17:41 - 00002407 _____ () C:\Users\James\Desktop\aswMBR.txt2014-07-09 17:22 - 2014-07-09 17:22 - 05185536 _____ (AVAST Software) C:\Users\James\Downloads\aswmbr.exe2014-07-09 09:58 - 2014-07-09 09:58 - 00000000 ____D () C:\ProgramData\Hewlett-Packard2014-07-09 09:39 - 2014-07-22 13:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-09 09:39 - 2014-07-16 07:21 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-09 09:39 - 2014-07-09 09:46 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-07-09 09:38 - 2014-07-16 07:45 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-07-09 09:38 - 2014-07-09 09:46 - 00000000 ____D () C:\Users\James\Desktop\mbar2014-07-09 09:38 - 2014-07-09 09:38 - 14349744 _____ (Malwarebytes Corp.) C:\Users\James\Downloads\mbar-1.07.0.1012.exe2014-07-09 09:38 - 2014-07-09 09:38 - 00204496 _____ (Malwarebytes) C:\Users\James\Downloads\startuplite-setup-1.07.exe2014-07-09 09:32 - 2014-07-09 09:32 - 00076588 _____ () C:\Users\James\Downloads\Addition (1).txt2014-07-09 09:23 - 2014-07-23 09:17 - 00012476 _____ () C:\Users\James\Downloads\FRST.txt2014-07-09 09:23 - 2014-07-09 09:24 - 00076588 _____ () C:\Users\James\Downloads\Addition.txt2014-07-09 09:22 - 2014-07-23 09:17 - 02091520 _____ (Farbar) C:\Users\James\Downloads\FRST64.exe2014-07-09 09:22 - 2014-07-23 09:17 - 00000000 ____D () C:\FRST2014-07-09 09:13 - 2014-07-09 09:13 - 00065232 _____ (Malwarebytes) C:\Users\James\Downloads\regassassin-setup-1.03.exe2014-07-08 14:46 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-07-08 14:46 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-07-08 14:46 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-07-08 14:46 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-07-08 14:46 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-07-08 14:46 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-07-08 14:46 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-07-08 14:46 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-07-08 14:46 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-07-08 14:46 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-07-08 14:46 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-07-08 14:46 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-07-08 14:46 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-07-08 14:46 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-07-08 14:46 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-07-08 14:46 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-07-08 14:46 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-07-08 14:46 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-07-08 14:46 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-07-08 14:46 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-07-08 14:46 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-07-08 14:46 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-07-08 14:46 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-07-08 14:46 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-07-08 14:46 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-07-08 14:46 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-07-08 14:46 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-07-08 14:46 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-07-08 14:46 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-07-08 14:46 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-07-08 14:46 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-07-08 14:46 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-07-08 14:46 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-07-08 14:46 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-07-08 14:46 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-07-08 14:46 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-07-08 14:46 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-07-08 14:46 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-07-08 14:46 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-07-08 14:46 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-07-08 14:46 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-07-08 14:46 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-07-08 14:46 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-07-08 14:46 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-07-08 14:46 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-07-08 14:46 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-07-08 14:46 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-07-08 14:46 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-07-08 14:46 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-07-08 14:46 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-07-08 14:46 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-07-08 14:46 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-07-08 14:46 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-07-08 14:46 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-07-08 14:46 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-07-08 14:46 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-07-08 14:46 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-07-08 14:46 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-07-08 14:46 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe2014-07-08 14:46 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe2014-07-08 14:46 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-07-08 14:46 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2014-07-08 14:46 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2014-07-08 14:46 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-07-08 14:46 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2014-07-08 14:46 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2014-07-08 14:46 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2014-07-08 14:46 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2014-07-08 14:46 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-07-08 14:46 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-07-08 14:46 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-07-08 14:46 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2014-07-08 14:46 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2014-07-08 14:46 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2014-07-08 14:46 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2014-07-08 14:46 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-07-08 14:46 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-07-08 14:46 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys2014-07-08 14:45 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-07-08 14:45 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2014-07-08 14:45 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2014-07-07 01:07 - 2014-07-07 01:07 - 00000000 ____D () C:\Program Files (x86)\predm2014-07-07 01:04 - 2014-07-19 19:47 - 00000000 ____D () C:\Program Files (x86)\SupTab2014-07-07 01:04 - 2014-07-07 01:09 - 00000258 __RSH () C:\ProgramData\ntuser.pol2014-07-07 01:04 - 2014-07-07 01:06 - 00000000 ____D () C:\ProgramData\d76b26a3592eb7d32014-07-07 01:04 - 2014-07-07 01:04 - 00003360 _____ () C:\Windows\System32\Tasks\EnergoTech Update2014-07-07 01:04 - 2014-07-07 01:04 - 00000000 ____D () C:\Users\James\AppData\Local\Torch2014-07-07 01:04 - 2014-07-07 01:04 - 00000000 ____D () C:\Users\James\AppData\Local\Packages2014-07-07 01:04 - 2014-07-07 01:04 - 00000000 ____D () C:\Users\James\AppData\Local\Comodo2014-07-07 01:04 - 2014-07-07 01:04 - 00000000 ____D () C:\Users\James\AppData\Local\Chromatic Browser2014-07-07 01:04 - 2014-07-07 01:04 - 00000000 ____D () C:\Users\Guest2014-07-07 01:04 - 2014-07-07 01:04 - 00000000 ____D () C:\Users\Administrator2014-07-07 01:04 - 2014-07-07 01:04 - 00000000 ____D () C:\ProgramData\EnergoTech2014-07-03 14:34 - 2014-07-03 14:34 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf2014-06-30 23:03 - 2014-05-15 14:59 - 00096448 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr11.2.5058.0.dll2014-06-30 23:03 - 2014-05-15 14:58 - 00083136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr11.2.5058.0.dll2014-06-23 23:09 - 2012-02-11 12:43 - 00253016 _____ (Microsoft Corporation) C:\Windows\system32\SQSRVRES.DLL2014-06-23 21:50 - 2014-06-23 21:50 - 00000000 ____D () C:\Users\James\AppData\Local\Adobe_Systems_Incorporate2014-06-23 21:49 - 2014-07-07 01:30 - 00000000 ____D () C:\Users\James\Documents\My Digital Editions2014-06-23 21:49 - 2014-06-23 21:49 - 00002188 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 3.0.lnk2014-06-23 21:49 - 2014-06-23 21:49 - 00002176 _____ () C:\Users\Public\Desktop\Adobe Digital Editions 3.0.lnk2014-06-23 21:49 - 2014-06-23 21:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe2014-06-23 21:48 - 2014-06-23 21:48 - 00001782 _____ () C:\Users\James\Downloads\ProgrammingC50BuildingWindows08Weband9781449359683.acsm ==================== One Month Modified Files and Folders ======= 2014-07-23 09:17 - 2014-07-23 09:17 - 00000000 ____D () C:\Users\James\Downloads\FRST-OlderVersion2014-07-23 09:17 - 2014-07-09 09:23 - 00012476 _____ () C:\Users\James\Downloads\FRST.txt2014-07-23 09:17 - 2014-07-09 09:22 - 02091520 _____ (Farbar) C:\Users\James\Downloads\FRST64.exe2014-07-23 09:17 - 2014-07-09 09:22 - 00000000 ____D () C:\FRST2014-07-23 09:16 - 2014-06-15 23:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-07-23 09:16 - 2014-06-14 16:22 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-07-23 09:16 - 2014-06-14 16:22 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-07-22 13:46 - 2014-07-22 13:46 - 00002408 _____ () C:\Users\James\Desktop\aswMBR1.txt2014-07-22 13:46 - 2014-07-09 17:41 - 00000512 _____ () C:\Users\James\Desktop\MBR.dat2014-07-22 13:04 - 2014-07-09 09:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-22 12:28 - 2009-07-14 00:45 - 00014464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-07-22 12:28 - 2009-07-14 00:45 - 00014464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-07-22 12:26 - 2009-07-14 01:13 - 00986544 _____ () C:\Windows\system32\PerfStringBackup.INI2014-07-22 12:24 - 2014-06-14 17:53 - 01065473 _____ () C:\Windows\WindowsUpdate.log2014-07-22 12:21 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-07-22 12:21 - 2009-07-14 00:51 - 00030651 _____ () C:\Windows\setupact.log2014-07-19 19:53 - 2014-07-19 19:53 - 00000414 _____ () C:\Users\James\Downloads\eset.txt2014-07-19 19:47 - 2014-07-07 01:04 - 00000000 ____D () C:\Program Files (x86)\SupTab2014-07-19 18:28 - 2014-07-19 18:28 - 00000000 ____D () C:\Program Files (x86)\ESET2014-07-19 18:27 - 2014-07-19 18:26 - 02347384 _____ (ESET) C:\Users\James\Downloads\esetsmartinstaller_enu.exe2014-07-18 10:45 - 2014-06-14 21:50 - 00127414 _____ () C:\Windows\PFRO.log2014-07-16 07:45 - 2014-07-09 09:38 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-07-16 07:21 - 2014-07-16 07:21 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-16 07:21 - 2014-07-16 07:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-16 07:21 - 2014-07-16 07:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-16 07:21 - 2014-07-16 07:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\James\Downloads\mbam-setup-2.0.2.1012.exe2014-07-16 07:21 - 2014-07-09 09:39 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-16 07:08 - 2014-07-16 07:08 - 00001349 _____ () C:\Users\James\Downloads\fixlist.txt2014-07-10 12:03 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache2014-07-09 17:41 - 2014-07-09 17:41 - 00002407 _____ () C:\Users\James\Desktop\aswMBR.txt2014-07-09 17:22 - 2014-07-09 17:22 - 05185536 _____ (AVAST Software) C:\Users\James\Downloads\aswmbr.exe2014-07-09 09:58 - 2014-07-09 09:58 - 00000000 ____D () C:\ProgramData\Hewlett-Packard2014-07-09 09:58 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Public\Libraries2014-07-09 09:46 - 2014-07-09 09:39 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-07-09 09:46 - 2014-07-09 09:38 - 00000000 ____D () C:\Users\James\Desktop\mbar2014-07-09 09:38 - 2014-07-09 09:38 - 14349744 _____ (Malwarebytes Corp.) C:\Users\James\Downloads\mbar-1.07.0.1012.exe2014-07-09 09:38 - 2014-07-09 09:38 - 00204496 _____ (Malwarebytes) C:\Users\James\Downloads\startuplite-setup-1.07.exe2014-07-09 09:32 - 2014-07-09 09:32 - 00076588 _____ () C:\Users\James\Downloads\Addition (1).txt2014-07-09 09:24 - 2014-07-09 09:23 - 00076588 _____ () C:\Users\James\Downloads\Addition.txt2014-07-09 09:13 - 2014-07-09 09:13 - 00065232 _____ (Malwarebytes) C:\Users\James\Downloads\regassassin-setup-1.03.exe2014-07-09 09:03 - 2009-07-14 00:45 - 00275712 _____ () C:\Windows\system32\FNTCACHE.DAT2014-07-09 09:02 - 2014-06-14 23:02 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-07-09 09:02 - 2009-07-14 03:45 - 00000000 ____D () C:\Program Files\Windows Journal2014-07-09 09:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism2014-07-09 09:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism2014-07-09 08:59 - 2014-06-14 17:05 - 00000000 ____D () C:\Windows\system32\MRT2014-07-09 08:58 - 2014-06-14 17:05 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-07-08 16:40 - 2014-06-15 23:55 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-07-08 16:40 - 2014-06-15 23:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-07-08 16:40 - 2014-06-15 23:55 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-07-07 01:30 - 2014-06-23 21:49 - 00000000 ____D () C:\Users\James\Documents\My Digital Editions2014-07-07 01:09 - 2014-07-07 01:04 - 00000258 __RSH () C:\ProgramData\ntuser.pol2014-07-07 01:07 - 2014-07-07 01:07 - 00000000 ____D () C:\Program Files (x86)\predm2014-07-07 01:06 - 2014-07-07 01:04 - 00000000 ____D () C:\ProgramData\d76b26a3592eb7d32014-07-07 01:04 - 2014-07-07 01:04 - 00003360 _____ () C:\Windows\System32\Tasks\EnergoTech Update2014-07-07 01:04 - 2014-07-07 01:04 - 00000000 ____D () C:\Users\James\AppData\Local\Torch2014-07-07 01:04 - 2014-07-07 01:04 - 00000000 ____D () C:\Users\James\AppData\Local\Packages2014-07-07 01:04 - 2014-07-07 01:04 - 00000000 ____D () C:\Users\James\AppData\Local\Comodo2014-07-07 01:04 - 2014-07-07 01:04 - 00000000 ____D () C:\Users\James\AppData\Local\Chromatic Browser2014-07-07 01:04 - 2014-07-07 01:04 - 00000000 ____D () C:\Users\Guest2014-07-07 01:04 - 2014-07-07 01:04 - 00000000 ____D () C:\Users\Administrator2014-07-07 01:04 - 2014-07-07 01:04 - 00000000 ____D () C:\ProgramData\EnergoTech2014-07-07 01:04 - 2014-06-14 16:22 - 00000000 ____D () C:\Users\James\AppData\Local\Google2014-07-07 01:04 - 2014-06-14 16:22 - 00000000 ____D () C:\Program Files (x86)\Google2014-07-07 01:04 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy2014-07-07 01:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy2014-07-05 10:33 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD2014-07-03 14:34 - 2014-07-03 14:34 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf2014-06-30 23:03 - 2014-06-22 15:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 20122014-06-30 23:00 - 2014-06-14 22:45 - 00000000 ____D () C:\Program Files\Microsoft SQL Server2014-06-30 23:00 - 2014-06-14 22:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server2014-06-29 22:09 - 2014-07-08 14:46 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-06-29 22:04 - 2014-07-08 14:46 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-06-24 23:33 - 2014-06-22 15:47 - 00058584 _____ () C:\Windows\iis7.log2014-06-24 23:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv2014-06-24 23:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\inetsrv2014-06-23 23:06 - 2014-06-21 11:42 - 03211264 _____ () C:\Users\James\PostSalesRight.mdf2014-06-23 23:06 - 2014-06-21 11:42 - 00802816 _____ () C:\Users\James\PostSalesRight_log.ldf2014-06-23 21:50 - 2014-06-23 21:50 - 00000000 ____D () C:\Users\James\AppData\Local\Adobe_Systems_Incorporate2014-06-23 21:49 - 2014-06-23 21:49 - 00002188 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 3.0.lnk2014-06-23 21:49 - 2014-06-23 21:49 - 00002176 _____ () C:\Users\Public\Desktop\Adobe Digital Editions 3.0.lnk2014-06-23 21:49 - 2014-06-23 21:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe2014-06-23 21:49 - 2014-06-16 12:39 - 00000000 ____D () C:\Program Files (x86)\Adobe2014-06-23 21:48 - 2014-06-23 21:48 - 00001782 _____ () C:\Users\James\Downloads\ProgrammingC50BuildingWindows08Weband9781449359683.acsm Some content of TEMP:====================C:\Users\James\AppData\Local\Temp\heyu0n1f.eiu.exeC:\Users\James\AppData\Local\Temp\repuh3f3.rox.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-18 12:26 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Larusso Posted July 23, 2014 ID:856740 Share Posted July 23, 2014 No Problem Delete junk with adwCleanerPlease download AdwCleaner to your desktop. Run adwcleaner.exeHit Scan and wait for the scan to finish.Confirm the message but don´t uncheck anything.Hit CleanWhen the run is finished, it will open up a text filePlease post its contents within your next replyYou´ll find the log file at C:\AdwCleaner[s1].txt also Download ComboFix from here* IMPORTANT- Save ComboFix.exe to your Desktop====================================================Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topicHow to disable your security applications====================================================Double click on combofix.exe & follow the prompts.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that. How is your system behaving now ? Link to post Share on other sites More sharing options...
lakeeffect1000 Posted July 24, 2014 Author ID:857015 Share Posted July 24, 2014 ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbhoKey Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCSKey Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]Key Deleted : HKCU\Software\powerpackKey Deleted : HKCU\Software\TutoTagKey Deleted : HKCU\Software\AppDataLow\Software\blockAndSurfKey Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}Key Deleted : HKLM\Software\SupDpKey Deleted : HKLM\Software\SupTabKey Deleted : HKLM\Software\supWPMKey Deleted : HKLM\Software\V9Software ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17207 Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [secondary Start Pages] -\\ Google Chrome v35.0.1916.153 [ File : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh ************************* AdwCleaner[R0].txt - [3131 octets] - [23/07/2014 21:22:11]AdwCleaner[s0].txt - [2360 octets] - [23/07/2014 21:23:32] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2420 octets] ########## Link to post Share on other sites More sharing options...
lakeeffect1000 Posted July 24, 2014 Author ID:857020 Share Posted July 24, 2014 ComboFix 14-07-22.01 - James 07/23/2014 21:39:45.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.1732 [GMT -4:00]Running from: c:\users\James\Downloads\ComboFix.exeAV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\James\AppData\Local\assembly\tmpc:\users\James\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkpc:\users\James\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp\2.0\background.htmlc:\users\James\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp\2.0\content.jsc:\users\James\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp\2.0\HfV8WKkDU.jsc:\users\James\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp\2.0\lsdb.jsc:\users\James\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp\2.0\manifest.jsonc:\users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_beofpcngpcdhobdcgcdgodlgiddcafaa_0.localstorage-journalc:\users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_beofpcngpcdhobdcgcdgodlgiddcafaa_0.localstoragec:\users\James\AppData\Local\Google\Chrome\User Data\Default\Preferences..((((((((((((((((((((((((( Files Created from 2014-06-24 to 2014-07-24 )))))))))))))))))))))))))))))))..2014-07-24 01:44 . 2014-07-24 01:44 -------- d-----w- c:\users\Default\AppData\Local\temp2014-07-24 01:44 . 2014-07-24 01:44 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp2014-07-24 01:22 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll2014-07-24 01:22 . 2014-07-24 01:23 -------- d-----w- C:\AdwCleaner2014-07-23 13:28 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91BF4F9C-1AA4-47AC-903D-ABEC7B4AFB65}\mpengine.dll2014-07-21 21:05 . 2014-06-16 12:37 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{09AE63B1-C902-478E-AD53-9C61FC22DD13}\gapaengine.dll2014-07-21 21:05 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2014-07-19 22:28 . 2014-07-19 22:28 -------- d-----w- c:\program files (x86)\ESET2014-07-16 11:21 . 2014-07-16 11:21 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware2014-07-16 11:21 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys2014-07-16 11:21 . 2014-05-12 11:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2014-07-09 13:58 . 2014-07-09 13:58 -------- d-----w- c:\programdata\Hewlett-Packard2014-07-09 13:58 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll2014-07-09 13:49 . 2014-07-09 13:49 -------- d-----w- c:\users\James\AppData\Local\ElevatedDiagnostics2014-07-09 13:39 . 2014-07-16 11:21 -------- d-----w- c:\programdata\Malwarebytes2014-07-09 13:39 . 2014-07-09 13:46 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2014-07-09 13:39 . 2014-07-24 01:24 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-07-09 13:38 . 2014-07-16 11:45 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-07-09 13:22 . 2014-07-23 19:59 -------- d-----w- C:\FRST2014-07-08 18:45 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll2014-07-08 18:45 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll2014-07-08 18:45 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll2014-07-07 05:04 . 2014-07-07 05:04 -------- d-----w- c:\users\James\AppData\Local\Programs2014-07-07 05:04 . 2014-07-07 05:04 -------- d-----w- c:\programdata\EnergoTech2014-07-07 05:04 . 2014-07-07 05:04 -------- d-----w- c:\users\Guest2014-07-07 05:04 . 2014-07-07 05:04 -------- d-----w- c:\users\Administrator2014-07-01 03:03 . 2014-05-15 18:59 96448 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr11.2.5058.0.dll2014-07-01 03:03 . 2014-05-15 18:58 83136 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr11.2.5058.0.dll2014-07-01 03:02 . 2014-07-01 03:02 -------- d-----w- c:\program files\Microsoft.NET2014-06-25 03:43 . 2014-06-16 12:37 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2014-06-24 03:09 . 2012-02-11 16:43 253016 ----a-w- c:\windows\system32\SQSRVRES.DLL2014-06-24 01:50 . 2014-06-24 01:50 -------- d-----w- c:\users\James\AppData\Local\Adobe_Systems_Incorporate...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-07-09 12:58 . 2014-06-14 21:05 96441528 ----a-w- c:\windows\system32\MRT.exe2014-07-08 20:40 . 2014-06-16 03:55 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-07-08 20:40 . 2014-06-16 03:55 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-06-18 22:13 . 2014-06-15 02:55 1234944 ----a-w- c:\programdata\Microsoft\VWDExpress\12.0\1033\ResourceCache.dll2014-06-15 02:01 . 2014-06-15 02:01 194048 ----a-w- c:\windows\SysWow64\elshyph.dll2014-06-15 02:01 . 2014-06-15 02:01 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe2014-06-15 02:01 . 2014-06-15 02:01 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll2014-06-15 02:01 . 2014-06-15 02:01 62464 ----a-w- c:\windows\SysWow64\tdc.ocx2014-06-15 02:01 . 2014-06-15 02:01 337408 ----a-w- c:\windows\SysWow64\html.iec2014-06-15 02:01 . 2014-06-15 02:01 235008 ----a-w- c:\windows\system32\elshyph.dll2014-06-15 02:01 . 2014-06-15 02:01 182272 ----a-w- c:\windows\SysWow64\msls31.dll2014-06-15 02:01 . 2014-06-15 02:01 36352 ----a-w- c:\windows\SysWow64\imgutil.dll2014-06-15 02:01 . 2014-06-15 02:01 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll2014-06-15 02:01 . 2014-06-15 02:01 151552 ----a-w- c:\windows\SysWow64\iexpress.exe2014-06-15 02:01 . 2014-06-15 02:01 139264 ----a-w- c:\windows\SysWow64\wextract.exe2014-06-15 02:01 . 2014-06-15 02:01 13312 ----a-w- c:\windows\SysWow64\mshta.exe2014-06-15 02:01 . 2014-06-15 02:01 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll2014-06-15 02:01 . 2014-06-15 02:01 942592 ----a-w- c:\windows\system32\jsIntl.dll2014-06-15 02:01 . 2014-06-15 02:01 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll2014-06-15 02:01 . 2014-06-15 02:01 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2014-06-15 02:01 . 2014-06-15 02:01 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe2014-06-15 02:01 . 2014-06-15 02:01 52224 ----a-w- c:\windows\system32\msfeedsbs.dll2014-06-15 02:01 . 2014-06-15 02:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll2014-06-15 02:01 . 2014-06-15 02:01 247808 ----a-w- c:\windows\system32\msls31.dll2014-06-15 02:01 . 2014-06-15 02:01 13312 ----a-w- c:\windows\system32\msfeedssync.exe2014-06-15 02:01 . 2014-06-15 02:01 131072 ----a-w- c:\windows\system32\IEAdvpack.dll2014-06-15 02:01 . 2014-06-15 02:01 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2014-06-15 02:01 . 2014-06-15 02:01 81408 ----a-w- c:\windows\system32\icardie.dll2014-06-15 02:01 . 2014-06-15 02:01 77312 ----a-w- c:\windows\system32\tdc.ocx2014-06-15 02:01 . 2014-06-15 02:01 616104 ----a-w- c:\windows\system32\ieapfltr.dat2014-06-15 02:01 . 2014-06-15 02:01 48640 ----a-w- c:\windows\system32\mshtmler.dll2014-06-15 02:01 . 2014-06-15 02:01 413696 ----a-w- c:\windows\system32\html.iec2014-06-15 02:01 . 2014-06-15 02:01 30208 ----a-w- c:\windows\system32\licmgr10.dll2014-06-15 02:01 . 2014-06-15 02:01 243200 ----a-w- c:\windows\system32\webcheck.dll2014-06-15 02:01 . 2014-06-15 02:01 235520 ----a-w- c:\windows\system32\url.dll2014-06-15 02:01 . 2014-06-15 02:01 167424 ----a-w- c:\windows\system32\iexpress.exe2014-06-15 02:01 . 2014-06-15 02:01 143872 ----a-w- c:\windows\system32\wextract.exe2014-06-15 02:01 . 2014-06-15 02:01 105984 ----a-w- c:\windows\system32\iesysprep.dll2014-06-15 02:01 . 2014-06-15 02:01 101376 ----a-w- c:\windows\system32\inseng.dll2014-06-15 02:01 . 2014-06-15 02:01 774144 ----a-w- c:\windows\system32\jscript.dll2014-06-15 02:01 . 2014-06-15 02:01 62464 ----a-w- c:\windows\system32\pngfilt.dll2014-06-15 02:01 . 2014-06-15 02:01 48128 ----a-w- c:\windows\system32\imgutil.dll2014-06-15 02:01 . 2014-06-15 02:01 147968 ----a-w- c:\windows\system32\occache.dll2014-06-15 02:01 . 2014-06-15 02:01 13824 ----a-w- c:\windows\system32\mshta.exe2014-06-15 02:01 . 2014-06-15 02:01 135680 ----a-w- c:\windows\system32\iepeers.dll2014-06-15 01:59 . 2014-06-15 01:59 878080 ----a-w- c:\windows\system32\advapi32.dll2014-06-15 01:59 . 2014-06-15 01:59 859648 ----a-w- c:\windows\system32\tdh.dll2014-06-15 01:59 . 2014-06-15 01:59 1732032 ----a-w- c:\windows\system32\ntdll.dll2014-06-15 01:59 . 2014-06-15 01:59 640512 ----a-w- c:\windows\SysWow64\advapi32.dll2014-06-15 01:59 . 2014-06-15 01:59 619520 ----a-w- c:\windows\SysWow64\tdh.dll2014-06-15 01:59 . 2014-06-15 01:59 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll2014-06-15 01:59 . 2014-06-15 01:59 327168 ----a-w- c:\windows\system32\mswsock.dll2014-06-15 01:59 . 2014-06-15 01:59 231424 ----a-w- c:\windows\SysWow64\mswsock.dll2014-06-15 01:58 . 2014-06-15 01:58 68608 ----a-w- c:\windows\system32\taskhost.exe2014-06-15 01:58 . 2014-06-15 01:58 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll2014-06-15 01:58 . 2014-06-15 01:58 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 1682432 ----a-w- c:\windows\system32\XpsPrint.dll2014-06-15 01:58 . 2014-06-15 01:58 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll2014-06-15 01:58 . 2014-06-15 01:58 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll2014-06-15 01:58 . 2014-06-15 01:58 648192 ----a-w- c:\windows\system32\d3d10level9.dll2014-06-15 01:58 . 2014-06-15 01:58 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll2014-06-15 01:58 . 2014-06-15 01:58 363008 ----a-w- c:\windows\system32\dxgi.dll2014-06-15 01:58 . 2014-06-15 01:58 333312 ----a-w- c:\windows\system32\d3d10_1core.dll2014-06-15 01:58 . 2014-06-15 01:58 296960 ----a-w- c:\windows\system32\d3d10core.dll2014-06-15 01:58 . 2014-06-15 01:58 293376 ----a-w- c:\windows\SysWow64\dxgi.dll2014-06-15 01:58 . 2014-06-15 01:58 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll2014-06-15 01:58 . 2014-06-15 01:58 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll2014-06-15 01:58 . 2014-06-15 01:58 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll2014-06-15 01:58 . 2014-06-15 01:58 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll2014-06-15 01:58 . 2014-06-15 01:58 221184 ----a-w- c:\windows\system32\UIAnimation.dll2014-06-15 01:58 . 2014-06-15 01:58 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll2014-06-15 01:58 . 2014-06-15 01:58 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll2014-06-15 01:58 . 2014-06-15 01:58 194560 ----a-w- c:\windows\system32\d3d10_1.dll2014-06-15 01:58 . 2014-06-15 01:58 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll2014-06-15 01:58 . 2014-06-15 01:58 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll2014-06-15 01:58 . 2014-06-15 01:58 1238528 ----a-w- c:\windows\system32\d3d10.dll2014-06-15 01:58 . 2014-06-15 01:58 1175552 ----a-w- c:\windows\system32\FntCache.dll2014-06-15 01:58 . 2014-06-15 01:58 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll2014-06-15 01:57 . 2014-06-15 01:57 1887232 ----a-w- c:\windows\system32\d3d11.dll2014-06-15 01:57 . 2014-06-15 01:57 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll2014-06-15 01:44 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll2014-06-15 01:44 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll2014-06-14 20:48 . 2014-06-14 20:49 6656 ----a-w- c:\windows\system32\bcmwlrc.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-09 98304]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 iscFlash;iscFlash;c:\swsetup\SP55299\iscflashx64.sys;c:\swsetup\SP55299\iscflashx64.sys [x]R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe;c:\windows\SYSNATIVE\inetsrv\wmsvc.exe [x]R4 RsFx0201;RsFx0201 Driver;c:\windows\system32\DRIVERS\RsFx0201.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0201.sys [x]R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]S2 TFSJobAgent;Visual Studio Team Foundation Background Job Agent;c:\program files\Microsoft Team Foundation Server 12.0\Application Tier\TfsJobAgent\TfsJobAgent.exe;c:\program files\Microsoft Team Foundation Server 12.0\Application Tier\TfsJobAgent\TfsJobAgent.exe [x]S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S2 valWBFPolicyService;Validity WBF Policy Service;c:\windows\system32\valWBFPolicyService.exe;c:\windows\SYSNATIVE\valWBFPolicyService.exe [x]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - MBAMSWISSARMY.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]iissvcs REG_MULTI_SZ w3svc wasapphost REG_MULTI_SZ apphostsvc.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-06-14 20:23 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-16 20:40]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]"CnxtCoInstallerDefer"="c:\program files\CONEXANT\PREINSTALL\SETUP539CAFB11\KESLYN.EXE" [2010-12-15 1574528]"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-07-22 487424]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 161304]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 386584]"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 415256]"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832]"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = about:blankmDefault_Search_URL = www.google.commDefault_Page_URL = about:blankmStart Page = about:blankmLocal Page = c:\windows\SysWOW64\blank.htmTCP: DhcpNameServer = 192.168.1.254.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exeHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startHKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-4080428611-3054010233-2832862219-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.Email.1".[HKEY_USERS\S-1-5-21-4080428611-3054010233-2832862219-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.VCard.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.14".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-07-23 21:46:32ComboFix-quarantined-files.txt 2014-07-24 01:46ComboFix 14-07-22.01 - James 07/23/2014 21:39:45.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.1732 [GMT -4:00]Running from: c:\users\James\Downloads\ComboFix.exeAV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\James\AppData\Local\assembly\tmpc:\users\James\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkpc:\users\James\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp\2.0\background.htmlc:\users\James\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp\2.0\content.jsc:\users\James\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp\2.0\HfV8WKkDU.jsc:\users\James\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp\2.0\lsdb.jsc:\users\James\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp\2.0\manifest.jsonc:\users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_beofpcngpcdhobdcgcdgodlgiddcafaa_0.localstorage-journalc:\users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_beofpcngpcdhobdcgcdgodlgiddcafaa_0.localstoragec:\users\James\AppData\Local\Google\Chrome\User Data\Default\Preferences..((((((((((((((((((((((((( Files Created from 2014-06-24 to 2014-07-24 )))))))))))))))))))))))))))))))..2014-07-24 01:44 . 2014-07-24 01:44 -------- d-----w- c:\users\Default\AppData\Local\temp2014-07-24 01:44 . 2014-07-24 01:44 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp2014-07-24 01:22 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll2014-07-24 01:22 . 2014-07-24 01:23 -------- d-----w- C:\AdwCleaner2014-07-23 13:28 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91BF4F9C-1AA4-47AC-903D-ABEC7B4AFB65}\mpengine.dll2014-07-21 21:05 . 2014-06-16 12:37 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{09AE63B1-C902-478E-AD53-9C61FC22DD13}\gapaengine.dll2014-07-21 21:05 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2014-07-19 22:28 . 2014-07-19 22:28 -------- d-----w- c:\program files (x86)\ESET2014-07-16 11:21 . 2014-07-16 11:21 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware2014-07-16 11:21 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys2014-07-16 11:21 . 2014-05-12 11:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2014-07-09 13:58 . 2014-07-09 13:58 -------- d-----w- c:\programdata\Hewlett-Packard2014-07-09 13:58 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll2014-07-09 13:49 . 2014-07-09 13:49 -------- d-----w- c:\users\James\AppData\Local\ElevatedDiagnostics2014-07-09 13:39 . 2014-07-16 11:21 -------- d-----w- c:\programdata\Malwarebytes2014-07-09 13:39 . 2014-07-09 13:46 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2014-07-09 13:39 . 2014-07-24 01:24 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-07-09 13:38 . 2014-07-16 11:45 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-07-09 13:22 . 2014-07-23 19:59 -------- d-----w- C:\FRST2014-07-08 18:45 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll2014-07-08 18:45 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll2014-07-08 18:45 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll2014-07-07 05:04 . 2014-07-07 05:04 -------- d-----w- c:\users\James\AppData\Local\Programs2014-07-07 05:04 . 2014-07-07 05:04 -------- d-----w- c:\programdata\EnergoTech2014-07-07 05:04 . 2014-07-07 05:04 -------- d-----w- c:\users\Guest2014-07-07 05:04 . 2014-07-07 05:04 -------- d-----w- c:\users\Administrator2014-07-01 03:03 . 2014-05-15 18:59 96448 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr11.2.5058.0.dll2014-07-01 03:03 . 2014-05-15 18:58 83136 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr11.2.5058.0.dll2014-07-01 03:02 . 2014-07-01 03:02 -------- d-----w- c:\program files\Microsoft.NET2014-06-25 03:43 . 2014-06-16 12:37 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2014-06-24 03:09 . 2012-02-11 16:43 253016 ----a-w- c:\windows\system32\SQSRVRES.DLL2014-06-24 01:50 . 2014-06-24 01:50 -------- d-----w- c:\users\James\AppData\Local\Adobe_Systems_Incorporate...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-07-09 12:58 . 2014-06-14 21:05 96441528 ----a-w- c:\windows\system32\MRT.exe2014-07-08 20:40 . 2014-06-16 03:55 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-07-08 20:40 . 2014-06-16 03:55 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-06-18 22:13 . 2014-06-15 02:55 1234944 ----a-w- c:\programdata\Microsoft\VWDExpress\12.0\1033\ResourceCache.dll2014-06-15 02:01 . 2014-06-15 02:01 194048 ----a-w- c:\windows\SysWow64\elshyph.dll2014-06-15 02:01 . 2014-06-15 02:01 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe2014-06-15 02:01 . 2014-06-15 02:01 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll2014-06-15 02:01 . 2014-06-15 02:01 62464 ----a-w- c:\windows\SysWow64\tdc.ocx2014-06-15 02:01 . 2014-06-15 02:01 337408 ----a-w- c:\windows\SysWow64\html.iec2014-06-15 02:01 . 2014-06-15 02:01 235008 ----a-w- c:\windows\system32\elshyph.dll2014-06-15 02:01 . 2014-06-15 02:01 182272 ----a-w- c:\windows\SysWow64\msls31.dll2014-06-15 02:01 . 2014-06-15 02:01 36352 ----a-w- c:\windows\SysWow64\imgutil.dll2014-06-15 02:01 . 2014-06-15 02:01 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll2014-06-15 02:01 . 2014-06-15 02:01 151552 ----a-w- c:\windows\SysWow64\iexpress.exe2014-06-15 02:01 . 2014-06-15 02:01 139264 ----a-w- c:\windows\SysWow64\wextract.exe2014-06-15 02:01 . 2014-06-15 02:01 13312 ----a-w- c:\windows\SysWow64\mshta.exe2014-06-15 02:01 . 2014-06-15 02:01 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll2014-06-15 02:01 . 2014-06-15 02:01 942592 ----a-w- c:\windows\system32\jsIntl.dll2014-06-15 02:01 . 2014-06-15 02:01 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll2014-06-15 02:01 . 2014-06-15 02:01 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2014-06-15 02:01 . 2014-06-15 02:01 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe2014-06-15 02:01 . 2014-06-15 02:01 52224 ----a-w- c:\windows\system32\msfeedsbs.dll2014-06-15 02:01 . 2014-06-15 02:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll2014-06-15 02:01 . 2014-06-15 02:01 247808 ----a-w- c:\windows\system32\msls31.dll2014-06-15 02:01 . 2014-06-15 02:01 13312 ----a-w- c:\windows\system32\msfeedssync.exe2014-06-15 02:01 . 2014-06-15 02:01 131072 ----a-w- c:\windows\system32\IEAdvpack.dll2014-06-15 02:01 . 2014-06-15 02:01 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2014-06-15 02:01 . 2014-06-15 02:01 81408 ----a-w- c:\windows\system32\icardie.dll2014-06-15 02:01 . 2014-06-15 02:01 77312 ----a-w- c:\windows\system32\tdc.ocx2014-06-15 02:01 . 2014-06-15 02:01 616104 ----a-w- c:\windows\system32\ieapfltr.dat2014-06-15 02:01 . 2014-06-15 02:01 48640 ----a-w- c:\windows\system32\mshtmler.dll2014-06-15 02:01 . 2014-06-15 02:01 413696 ----a-w- c:\windows\system32\html.iec2014-06-15 02:01 . 2014-06-15 02:01 30208 ----a-w- c:\windows\system32\licmgr10.dll2014-06-15 02:01 . 2014-06-15 02:01 243200 ----a-w- c:\windows\system32\webcheck.dll2014-06-15 02:01 . 2014-06-15 02:01 235520 ----a-w- c:\windows\system32\url.dll2014-06-15 02:01 . 2014-06-15 02:01 167424 ----a-w- c:\windows\system32\iexpress.exe2014-06-15 02:01 . 2014-06-15 02:01 143872 ----a-w- c:\windows\system32\wextract.exe2014-06-15 02:01 . 2014-06-15 02:01 105984 ----a-w- c:\windows\system32\iesysprep.dll2014-06-15 02:01 . 2014-06-15 02:01 101376 ----a-w- c:\windows\system32\inseng.dll2014-06-15 02:01 . 2014-06-15 02:01 774144 ----a-w- c:\windows\system32\jscript.dll2014-06-15 02:01 . 2014-06-15 02:01 62464 ----a-w- c:\windows\system32\pngfilt.dll2014-06-15 02:01 . 2014-06-15 02:01 48128 ----a-w- c:\windows\system32\imgutil.dll2014-06-15 02:01 . 2014-06-15 02:01 147968 ----a-w- c:\windows\system32\occache.dll2014-06-15 02:01 . 2014-06-15 02:01 13824 ----a-w- c:\windows\system32\mshta.exe2014-06-15 02:01 . 2014-06-15 02:01 135680 ----a-w- c:\windows\system32\iepeers.dll2014-06-15 01:59 . 2014-06-15 01:59 878080 ----a-w- c:\windows\system32\advapi32.dll2014-06-15 01:59 . 2014-06-15 01:59 859648 ----a-w- c:\windows\system32\tdh.dll2014-06-15 01:59 . 2014-06-15 01:59 1732032 ----a-w- c:\windows\system32\ntdll.dll2014-06-15 01:59 . 2014-06-15 01:59 640512 ----a-w- c:\windows\SysWow64\advapi32.dll2014-06-15 01:59 . 2014-06-15 01:59 619520 ----a-w- c:\windows\SysWow64\tdh.dll2014-06-15 01:59 . 2014-06-15 01:59 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll2014-06-15 01:59 . 2014-06-15 01:59 327168 ----a-w- c:\windows\system32\mswsock.dll2014-06-15 01:59 . 2014-06-15 01:59 231424 ----a-w- c:\windows\SysWow64\mswsock.dll2014-06-15 01:58 . 2014-06-15 01:58 68608 ----a-w- c:\windows\system32\taskhost.exe2014-06-15 01:58 . 2014-06-15 01:58 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll2014-06-15 01:58 . 2014-06-15 01:58 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 1682432 ----a-w- c:\windows\system32\XpsPrint.dll2014-06-15 01:58 . 2014-06-15 01:58 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll2014-06-15 01:58 . 2014-06-15 01:58 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll2014-06-15 01:58 . 2014-06-15 01:58 648192 ----a-w- c:\windows\system32\d3d10level9.dll2014-06-15 01:58 . 2014-06-15 01:58 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll2014-06-15 01:58 . 2014-06-15 01:58 363008 ----a-w- c:\windows\system32\dxgi.dll2014-06-15 01:58 . 2014-06-15 01:58 333312 ----a-w- c:\windows\system32\d3d10_1core.dll2014-06-15 01:58 . 2014-06-15 01:58 296960 ----a-w- c:\windows\system32\d3d10core.dll2014-06-15 01:58 . 2014-06-15 01:58 293376 ----a-w- c:\windows\SysWow64\dxgi.dll2014-06-15 01:58 . 2014-06-15 01:58 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll2014-06-15 01:58 . 2014-06-15 01:58 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll2014-06-15 01:58 . 2014-06-15 01:58 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll2014-06-15 01:58 . 2014-06-15 01:58 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll2014-06-15 01:58 . 2014-06-15 01:58 221184 ----a-w- c:\windows\system32\UIAnimation.dll2014-06-15 01:58 . 2014-06-15 01:58 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll2014-06-15 01:58 . 2014-06-15 01:58 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll2014-06-15 01:58 . 2014-06-15 01:58 194560 ----a-w- c:\windows\system32\d3d10_1.dll2014-06-15 01:58 . 2014-06-15 01:58 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll2014-06-15 01:58 . 2014-06-15 01:58 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll2014-06-15 01:58 . 2014-06-15 01:58 1238528 ----a-w- c:\windows\system32\d3d10.dll2014-06-15 01:58 . 2014-06-15 01:58 1175552 ----a-w- c:\windows\system32\FntCache.dll2014-06-15 01:58 . 2014-06-15 01:58 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll2014-06-15 01:57 . 2014-06-15 01:57 1887232 ----a-w- c:\windows\system32\d3d11.dll2014-06-15 01:57 . 2014-06-15 01:57 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll2014-06-15 01:44 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll2014-06-15 01:44 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll2014-06-14 20:48 . 2014-06-14 20:49 6656 ----a-w- c:\windows\system32\bcmwlrc.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-09 98304]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 iscFlash;iscFlash;c:\swsetup\SP55299\iscflashx64.sys;c:\swsetup\SP55299\iscflashx64.sys [x]R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe;c:\windows\SYSNATIVE\inetsrv\wmsvc.exe [x]R4 RsFx0201;RsFx0201 Driver;c:\windows\system32\DRIVERS\RsFx0201.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0201.sys [x]R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]S2 TFSJobAgent;Visual Studio Team Foundation Background Job Agent;c:\program files\Microsoft Team Foundation Server 12.0\Application Tier\TfsJobAgent\TfsJobAgent.exe;c:\program files\Microsoft Team Foundation Server 12.0\Application Tier\TfsJobAgent\TfsJobAgent.exe [x]S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S2 valWBFPolicyService;Validity WBF Policy Service;c:\windows\system32\valWBFPolicyService.exe;c:\windows\SYSNATIVE\valWBFPolicyService.exe [x]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - MBAMSWISSARMY.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]iissvcs REG_MULTI_SZ w3svc wasapphost REG_MULTI_SZ apphostsvc.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-06-14 20:23 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-16 20:40]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]"CnxtCoInstallerDefer"="c:\program files\CONEXANT\PREINSTALL\SETUP539CAFB11\KESLYN.EXE" [2010-12-15 1574528]"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-07-22 487424]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 161304]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 386584]"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 415256]"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832]"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = about:blankmDefault_Search_URL = www.google.commDefault_Page_URL = about:blankmStart Page = about:blankmLocal Page = c:\windows\SysWOW64\blank.htmTCP: DhcpNameServer = 192.168.1.254.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exeHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startHKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-4080428611-3054010233-2832862219-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.Email.1".[HKEY_USERS\S-1-5-21-4080428611-3054010233-2832862219-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.VCard.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.14".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-07-23 21:46:32ComboFix-quarantined-files.txt 2014-07-24 01:46.Pre-Run: 177,590,095,872 bytes freePost-Run: 181,080,010,752 bytes free.- - End Of File - - 7B338A53D592B90CF02EC7789EEDA5ECA36C5E4F47E84449FF07ED3517B43A31 .Pre-Run: 177,590,095,872 bytes freePost-Run: 181,080,010,752 bytes free.- - End Of File - - 7B338A53D592B90CF02EC7789EEDA5ECA36C5E4F47E84449FF07ED3517B43A31 Link to post Share on other sites More sharing options...
lakeeffect1000 Posted July 24, 2014 Author ID:857022 Share Posted July 24, 2014 ComboFix 14-07-22.01 - James 07/23/2014 21:39:45.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.1732 [GMT -4:00]Running from: c:\users\James\Downloads\ComboFix.exeAV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\James\AppData\Local\assembly\tmpc:\users\James\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkpc:\users\James\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp\2.0\background.htmlc:\users\James\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp\2.0\content.jsc:\users\James\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp\2.0\HfV8WKkDU.jsc:\users\James\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp\2.0\lsdb.jsc:\users\James\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp\2.0\manifest.jsonc:\users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_beofpcngpcdhobdcgcdgodlgiddcafaa_0.localstorage-journalc:\users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_beofpcngpcdhobdcgcdgodlgiddcafaa_0.localstoragec:\users\James\AppData\Local\Google\Chrome\User Data\Default\Preferences..((((((((((((((((((((((((( Files Created from 2014-06-24 to 2014-07-24 )))))))))))))))))))))))))))))))..2014-07-24 01:44 . 2014-07-24 01:44 -------- d-----w- c:\users\Default\AppData\Local\temp2014-07-24 01:44 . 2014-07-24 01:44 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp2014-07-24 01:22 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll2014-07-24 01:22 . 2014-07-24 01:23 -------- d-----w- C:\AdwCleaner2014-07-23 13:28 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91BF4F9C-1AA4-47AC-903D-ABEC7B4AFB65}\mpengine.dll2014-07-21 21:05 . 2014-06-16 12:37 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{09AE63B1-C902-478E-AD53-9C61FC22DD13}\gapaengine.dll2014-07-21 21:05 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2014-07-19 22:28 . 2014-07-19 22:28 -------- d-----w- c:\program files (x86)\ESET2014-07-16 11:21 . 2014-07-16 11:21 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware2014-07-16 11:21 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys2014-07-16 11:21 . 2014-05-12 11:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2014-07-09 13:58 . 2014-07-09 13:58 -------- d-----w- c:\programdata\Hewlett-Packard2014-07-09 13:58 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll2014-07-09 13:49 . 2014-07-09 13:49 -------- d-----w- c:\users\James\AppData\Local\ElevatedDiagnostics2014-07-09 13:39 . 2014-07-16 11:21 -------- d-----w- c:\programdata\Malwarebytes2014-07-09 13:39 . 2014-07-09 13:46 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2014-07-09 13:39 . 2014-07-24 01:24 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-07-09 13:38 . 2014-07-16 11:45 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-07-09 13:22 . 2014-07-23 19:59 -------- d-----w- C:\FRST2014-07-08 18:45 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll2014-07-08 18:45 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll2014-07-08 18:45 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll2014-07-07 05:04 . 2014-07-07 05:04 -------- d-----w- c:\users\James\AppData\Local\Programs2014-07-07 05:04 . 2014-07-07 05:04 -------- d-----w- c:\programdata\EnergoTech2014-07-07 05:04 . 2014-07-07 05:04 -------- d-----w- c:\users\Guest2014-07-07 05:04 . 2014-07-07 05:04 -------- d-----w- c:\users\Administrator2014-07-01 03:03 . 2014-05-15 18:59 96448 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr11.2.5058.0.dll2014-07-01 03:03 . 2014-05-15 18:58 83136 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr11.2.5058.0.dll2014-07-01 03:02 . 2014-07-01 03:02 -------- d-----w- c:\program files\Microsoft.NET2014-06-25 03:43 . 2014-06-16 12:37 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2014-06-24 03:09 . 2012-02-11 16:43 253016 ----a-w- c:\windows\system32\SQSRVRES.DLL2014-06-24 01:50 . 2014-06-24 01:50 -------- d-----w- c:\users\James\AppData\Local\Adobe_Systems_Incorporate...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-07-09 12:58 . 2014-06-14 21:05 96441528 ----a-w- c:\windows\system32\MRT.exe2014-07-08 20:40 . 2014-06-16 03:55 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-07-08 20:40 . 2014-06-16 03:55 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-06-18 22:13 . 2014-06-15 02:55 1234944 ----a-w- c:\programdata\Microsoft\VWDExpress\12.0\1033\ResourceCache.dll2014-06-15 02:01 . 2014-06-15 02:01 194048 ----a-w- c:\windows\SysWow64\elshyph.dll2014-06-15 02:01 . 2014-06-15 02:01 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe2014-06-15 02:01 . 2014-06-15 02:01 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll2014-06-15 02:01 . 2014-06-15 02:01 62464 ----a-w- c:\windows\SysWow64\tdc.ocx2014-06-15 02:01 . 2014-06-15 02:01 337408 ----a-w- c:\windows\SysWow64\html.iec2014-06-15 02:01 . 2014-06-15 02:01 235008 ----a-w- c:\windows\system32\elshyph.dll2014-06-15 02:01 . 2014-06-15 02:01 182272 ----a-w- c:\windows\SysWow64\msls31.dll2014-06-15 02:01 . 2014-06-15 02:01 36352 ----a-w- c:\windows\SysWow64\imgutil.dll2014-06-15 02:01 . 2014-06-15 02:01 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll2014-06-15 02:01 . 2014-06-15 02:01 151552 ----a-w- c:\windows\SysWow64\iexpress.exe2014-06-15 02:01 . 2014-06-15 02:01 139264 ----a-w- c:\windows\SysWow64\wextract.exe2014-06-15 02:01 . 2014-06-15 02:01 13312 ----a-w- c:\windows\SysWow64\mshta.exe2014-06-15 02:01 . 2014-06-15 02:01 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll2014-06-15 02:01 . 2014-06-15 02:01 942592 ----a-w- c:\windows\system32\jsIntl.dll2014-06-15 02:01 . 2014-06-15 02:01 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll2014-06-15 02:01 . 2014-06-15 02:01 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2014-06-15 02:01 . 2014-06-15 02:01 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe2014-06-15 02:01 . 2014-06-15 02:01 52224 ----a-w- c:\windows\system32\msfeedsbs.dll2014-06-15 02:01 . 2014-06-15 02:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll2014-06-15 02:01 . 2014-06-15 02:01 247808 ----a-w- c:\windows\system32\msls31.dll2014-06-15 02:01 . 2014-06-15 02:01 13312 ----a-w- c:\windows\system32\msfeedssync.exe2014-06-15 02:01 . 2014-06-15 02:01 131072 ----a-w- c:\windows\system32\IEAdvpack.dll2014-06-15 02:01 . 2014-06-15 02:01 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2014-06-15 02:01 . 2014-06-15 02:01 81408 ----a-w- c:\windows\system32\icardie.dll2014-06-15 02:01 . 2014-06-15 02:01 77312 ----a-w- c:\windows\system32\tdc.ocx2014-06-15 02:01 . 2014-06-15 02:01 616104 ----a-w- c:\windows\system32\ieapfltr.dat2014-06-15 02:01 . 2014-06-15 02:01 48640 ----a-w- c:\windows\system32\mshtmler.dll2014-06-15 02:01 . 2014-06-15 02:01 413696 ----a-w- c:\windows\system32\html.iec2014-06-15 02:01 . 2014-06-15 02:01 30208 ----a-w- c:\windows\system32\licmgr10.dll2014-06-15 02:01 . 2014-06-15 02:01 243200 ----a-w- c:\windows\system32\webcheck.dll2014-06-15 02:01 . 2014-06-15 02:01 235520 ----a-w- c:\windows\system32\url.dll2014-06-15 02:01 . 2014-06-15 02:01 167424 ----a-w- c:\windows\system32\iexpress.exe2014-06-15 02:01 . 2014-06-15 02:01 143872 ----a-w- c:\windows\system32\wextract.exe2014-06-15 02:01 . 2014-06-15 02:01 105984 ----a-w- c:\windows\system32\iesysprep.dll2014-06-15 02:01 . 2014-06-15 02:01 101376 ----a-w- c:\windows\system32\inseng.dll2014-06-15 02:01 . 2014-06-15 02:01 774144 ----a-w- c:\windows\system32\jscript.dll2014-06-15 02:01 . 2014-06-15 02:01 62464 ----a-w- c:\windows\system32\pngfilt.dll2014-06-15 02:01 . 2014-06-15 02:01 48128 ----a-w- c:\windows\system32\imgutil.dll2014-06-15 02:01 . 2014-06-15 02:01 147968 ----a-w- c:\windows\system32\occache.dll2014-06-15 02:01 . 2014-06-15 02:01 13824 ----a-w- c:\windows\system32\mshta.exe2014-06-15 02:01 . 2014-06-15 02:01 135680 ----a-w- c:\windows\system32\iepeers.dll2014-06-15 01:59 . 2014-06-15 01:59 878080 ----a-w- c:\windows\system32\advapi32.dll2014-06-15 01:59 . 2014-06-15 01:59 859648 ----a-w- c:\windows\system32\tdh.dll2014-06-15 01:59 . 2014-06-15 01:59 1732032 ----a-w- c:\windows\system32\ntdll.dll2014-06-15 01:59 . 2014-06-15 01:59 640512 ----a-w- c:\windows\SysWow64\advapi32.dll2014-06-15 01:59 . 2014-06-15 01:59 619520 ----a-w- c:\windows\SysWow64\tdh.dll2014-06-15 01:59 . 2014-06-15 01:59 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll2014-06-15 01:59 . 2014-06-15 01:59 327168 ----a-w- c:\windows\system32\mswsock.dll2014-06-15 01:59 . 2014-06-15 01:59 231424 ----a-w- c:\windows\SysWow64\mswsock.dll2014-06-15 01:58 . 2014-06-15 01:58 68608 ----a-w- c:\windows\system32\taskhost.exe2014-06-15 01:58 . 2014-06-15 01:58 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll2014-06-15 01:58 . 2014-06-15 01:58 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 1682432 ----a-w- c:\windows\system32\XpsPrint.dll2014-06-15 01:58 . 2014-06-15 01:58 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll2014-06-15 01:58 . 2014-06-15 01:58 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll2014-06-15 01:58 . 2014-06-15 01:58 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll2014-06-15 01:58 . 2014-06-15 01:58 648192 ----a-w- c:\windows\system32\d3d10level9.dll2014-06-15 01:58 . 2014-06-15 01:58 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll2014-06-15 01:58 . 2014-06-15 01:58 363008 ----a-w- c:\windows\system32\dxgi.dll2014-06-15 01:58 . 2014-06-15 01:58 333312 ----a-w- c:\windows\system32\d3d10_1core.dll2014-06-15 01:58 . 2014-06-15 01:58 296960 ----a-w- c:\windows\system32\d3d10core.dll2014-06-15 01:58 . 2014-06-15 01:58 293376 ----a-w- c:\windows\SysWow64\dxgi.dll2014-06-15 01:58 . 2014-06-15 01:58 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll2014-06-15 01:58 . 2014-06-15 01:58 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll2014-06-15 01:58 . 2014-06-15 01:58 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll2014-06-15 01:58 . 2014-06-15 01:58 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll2014-06-15 01:58 . 2014-06-15 01:58 221184 ----a-w- c:\windows\system32\UIAnimation.dll2014-06-15 01:58 . 2014-06-15 01:58 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll2014-06-15 01:58 . 2014-06-15 01:58 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll2014-06-15 01:58 . 2014-06-15 01:58 194560 ----a-w- c:\windows\system32\d3d10_1.dll2014-06-15 01:58 . 2014-06-15 01:58 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll2014-06-15 01:58 . 2014-06-15 01:58 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll2014-06-15 01:58 . 2014-06-15 01:58 1238528 ----a-w- c:\windows\system32\d3d10.dll2014-06-15 01:58 . 2014-06-15 01:58 1175552 ----a-w- c:\windows\system32\FntCache.dll2014-06-15 01:58 . 2014-06-15 01:58 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll2014-06-15 01:57 . 2014-06-15 01:57 1887232 ----a-w- c:\windows\system32\d3d11.dll2014-06-15 01:57 . 2014-06-15 01:57 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll2014-06-15 01:44 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll2014-06-15 01:44 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll2014-06-14 20:48 . 2014-06-14 20:49 6656 ----a-w- c:\windows\system32\bcmwlrc.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-09 98304]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 iscFlash;iscFlash;c:\swsetup\SP55299\iscflashx64.sys;c:\swsetup\SP55299\iscflashx64.sys [x]R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe;c:\windows\SYSNATIVE\inetsrv\wmsvc.exe [x]R4 RsFx0201;RsFx0201 Driver;c:\windows\system32\DRIVERS\RsFx0201.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0201.sys [x]R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]S2 TFSJobAgent;Visual Studio Team Foundation Background Job Agent;c:\program files\Microsoft Team Foundation Server 12.0\Application Tier\TfsJobAgent\TfsJobAgent.exe;c:\program files\Microsoft Team Foundation Server 12.0\Application Tier\TfsJobAgent\TfsJobAgent.exe [x]S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S2 valWBFPolicyService;Validity WBF Policy Service;c:\windows\system32\valWBFPolicyService.exe;c:\windows\SYSNATIVE\valWBFPolicyService.exe [x]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - MBAMSWISSARMY.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]iissvcs REG_MULTI_SZ w3svc wasapphost REG_MULTI_SZ apphostsvc.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-06-14 20:23 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-16 20:40]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]"CnxtCoInstallerDefer"="c:\program files\CONEXANT\PREINSTALL\SETUP539CAFB11\KESLYN.EXE" [2010-12-15 1574528]"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-07-22 487424]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 161304]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 386584]"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 415256]"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832]"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = about:blankmDefault_Search_URL = www.google.commDefault_Page_URL = about:blankmStart Page = about:blankmLocal Page = c:\windows\SysWOW64\blank.htmTCP: DhcpNameServer = 192.168.1.254.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exeHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startHKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-4080428611-3054010233-2832862219-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.Email.1".[HKEY_USERS\S-1-5-21-4080428611-3054010233-2832862219-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.VCard.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.14".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-07-23 21:46:32ComboFix-quarantined-files.txt 2014-07-24 01:46.Pre-Run: 177,590,095,872 bytes freePost-Run: 181,080,010,752 bytes free.- - End Of File - - 7B338A53D592B90CF02EC7789EEDA5ECA36C5E4F47E84449FF07ED3517B43A31 Link to post Share on other sites More sharing options...
Larusso Posted July 25, 2014 ID:857712 Share Posted July 25, 2014 Hy there and sorry for the delay.Had a long workday yesterday How is your system behaving now ? Link to post Share on other sites More sharing options...
Larusso Posted July 31, 2014 ID:860898 Share Posted July 31, 2014 Are you still with me ?If I do not hear something from you within the next 48hours, this topic will be closed Link to post Share on other sites More sharing options...
lakeeffect1000 Posted July 31, 2014 Author ID:860998 Share Posted July 31, 2014 At this point it looks like everything looks good. Thanks again for your help. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 6, 2014 Root Admin ID:863008 Share Posted August 6, 2014 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts