Jump to content

Pc shuts off while scanning Malwarebytes Anti-Malware


Recommended Posts

Hi there,

My computer keep shutting off whenever I run the Malwarebytes Anti-Malware scan.

 

I have tried to run the Anti-Malware in the safe mode and deleted all the detected malwares but my computer still turns off when i run the Anti-Malware  in the windows.

 

if anyone could possibly help please, I would appreciate it very much.

Link to post
Share on other sites

here is the report from my combofix but i dont understand anything

if anyone could help

 

 

ComboFix 14-12-04.01 - Kiarash 12/05/2014   0:30.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.16307.11186 [GMT -8:00]
Running from: c:\users\Kiarash\Downloads\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {F0BC89B2-8937-0933-021B-B17D981F2A71}
SP: Comodo Defense+ *Enabled/Updated* {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ShoppingChip
c:\programdata\OrangeRuby
c:\programdata\OrangeRuby\OrangeRuby.exe
c:\programdata\Roaming
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\FUGvA6fb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\FUGvA6fb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\FUGvA6fb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\FUGvA6fb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\FUGvA6fb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\FUGvA6fb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\FUGvA6fb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\FUGvA6fb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\FUGvA6fb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\FUGvA6fb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\FUGvA6fb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\FUGvA6fb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\manifest.json
c:\users\Kiarash\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn
c:\users\Kiarash\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\background.html
c:\users\Kiarash\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\content.js
c:\users\Kiarash\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\FUGvA6fb.js
c:\users\Kiarash\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\lsdb.js
c:\users\Kiarash\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\manifest.json
c:\users\Kiarash\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Kiarash\AppData\Local\Microsoft\Windows\Temporary Internet Files\{71EEC95E-D310-4800-A7B4-4E562445FC35}.xps
c:\users\Kiarash\AppData\Local\Torch\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn
c:\users\Kiarash\AppData\Local\Torch\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\background.html
c:\users\Kiarash\AppData\Local\Torch\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\content.js
c:\users\Kiarash\AppData\Local\Torch\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\FUGvA6fb.js
c:\users\Kiarash\AppData\Local\Torch\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\lsdb.js
c:\users\Kiarash\AppData\Local\Torch\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\manifest.json
c:\users\Kiarash\AppData\Roaming\Seventh\Seventh.exe
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\background.html
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\content.js
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\FUGvA6fb.js
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\lsdb.js
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\manifest.json
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\background.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\content.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\FUGvA6fb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\lsdb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\manifest.json
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\background.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\content.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\FUGvA6fb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\lsdb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\manifest.json
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\background.html
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\content.js
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\FUGvA6fb.js
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\lsdb.js
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\jmmajfghlniijbpalomffhoodkidfkdn\3.18\manifest.json
c:\windows\SysWow64\tmp3ACE.tmp
c:\windows\SysWow64\tmp3BF7.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_globalUpdate
.
.
(((((((((((((((((((((((((   Files Created from 2014-11-05 to 2014-12-05  )))))))))))))))))))))))))))))))
.
.
2014-12-05 08:37 . 2014-12-05 08:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-05 06:59 . 2014-10-01 00:07 19120 ----a-w- c:\windows\system32\roboot64.exe
2014-12-05 06:59 . 2014-12-05 08:28 -------- d-----w- c:\program files (x86)\WinZip Registry Optimizer
2014-12-05 02:32 . 2014-12-05 02:32 -------- d-----w- C:\VTRoot
2014-12-05 02:28 . 2014-12-05 02:28 -------- d-----w- c:\programdata\Shared Space
2014-12-05 02:27 . 2014-12-05 02:28 -------- d-----w- c:\program files\COMODO
2014-12-05 02:27 . 2014-12-05 02:28 -------- d-----w- c:\programdata\MFAData
2014-12-05 02:27 . 2014-12-05 02:27 -------- d-----w- c:\users\Kiarash\AppData\Local\MFAData
2014-12-05 02:27 . 2014-12-05 02:27 -------- d-----w- c:\users\Kiarash\AppData\Local\Avg2015
2014-12-05 02:27 . 2014-12-05 02:27 -------- d-----w- c:\programdata\Comodo Downloader
2014-12-05 02:26 . 2014-12-05 08:40 -------- d-----w- c:\programdata\Comodo
2014-12-05 02:11 . 2014-12-05 02:11 -------- d-----w- c:\users\Kiarash\AppData\Roaming\Proxifier
2014-12-05 01:50 . 2014-12-05 02:18 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-12-05 01:50 . 2014-12-05 01:50 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-12-05 00:30 . 2014-12-05 00:30 1958587 ----a-w- c:\windows\shost.bin
2014-12-05 00:30 . 2014-12-02 23:23 378472 ----a-w- c:\windows\system32\ColorMedia64.dll
2014-12-05 00:30 . 2014-12-02 23:23 332584 ----a-w- c:\windows\SysWow64\ColorMedia.dll
2014-12-05 00:30 . 2014-12-05 00:30 -------- d-----w- c:\programdata\RfndNSIS
2014-12-05 00:30 . 2014-12-05 05:08 -------- d-----w- c:\program files (x86)\globalUpdate
2014-12-05 00:30 . 2014-12-05 00:30 -------- d-----w- c:\users\Kiarash\AppData\Local\globalUpdate
2014-12-05 00:29 . 2014-12-05 02:18 -------- d-----w- c:\users\Kiarash\AppData\Local\Pro_PC_Cleaner
2014-12-05 00:29 . 2014-12-05 02:18 -------- d-----w- c:\users\Kiarash\AppData\Local\Desktop_Dock
2014-12-05 00:21 . 2014-12-05 00:21 -------- d-sh--w- c:\users\Kiarash\AppData\Local\EmieBrowserModeList
2014-12-03 21:34 . 2014-12-03 21:34 -------- d-----w- c:\users\Kiarash\AppData\Local\3dmouse
2014-12-03 21:31 . 2014-12-03 21:31 -------- d-----w- c:\users\Kiarash\AppData\Roaming\McNeel
2014-12-03 21:31 . 2014-12-03 21:31 -------- d-----w- c:\program files\Rhinoceros 5 (64-bit)
2014-12-03 21:30 . 2014-12-05 00:18 500 ----a-w- c:\windows\SysWow64\drivers\dcompbg204.dat
2014-12-03 21:30 . 2014-12-03 21:30 500 ----a-w- c:\windows\SysWow64\drivers\fcompbg297.dat
2014-12-03 21:30 . 2014-12-03 21:30 -------- d-----w- c:\program files (x86)\McNeelUpdate
2014-12-03 21:30 . 2014-12-03 21:30 -------- d-----w- c:\program files (x86)\Rhinoceros 5
2014-12-01 18:05 . 2014-12-01 18:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-12-01 18:05 . 2014-12-01 18:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-12-01 18:05 . 2014-12-01 18:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-12-01 18:05 . 2014-12-01 18:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-12-01 18:05 . 2014-12-01 18:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-12-01 18:05 . 2014-12-01 18:05 -------- d-----w- c:\program files (x86)\QuickTime
2014-12-01 18:04 . 2014-12-01 18:04 -------- d-----w- c:\program files\iPod
2014-12-01 18:04 . 2014-12-01 18:04 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-01 18:04 . 2014-12-01 18:04 -------- d-----w- c:\program files\iTunes
2014-12-01 18:04 . 2014-12-01 18:04 -------- d-----w- c:\program files (x86)\iTunes
2014-11-19 17:13 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-19 17:13 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-19 17:13 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-19 17:13 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-15 06:22 . 2014-11-15 06:22 -------- d-----w- c:\users\Kiarash\AppData\Roaming\SimpleFiles
2014-11-13 22:04 . 2014-11-13 22:04 -------- d-----w- c:\program files (x86)\The Proving Ground
2014-11-13 21:28 . 2014-11-13 21:28 -------- d-----w- c:\users\Kiarash\AppData\Local\Downloaded Installations
2014-11-11 23:13 . 2014-08-21 06:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2014-11-09 04:13 . 2014-11-09 04:13 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-05 07:47 . 2014-10-22 05:37 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-05 07:06 . 2013-02-24 05:19 103374192 ----a-w- c:\windows\system32\MRT.exe
2014-12-05 07:04 . 2014-10-22 05:37 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-05 07:04 . 2014-10-22 05:37 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-12-05 07:04 . 2014-10-22 05:37 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-25 23:30 . 2013-02-23 01:18 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-25 23:30 . 2013-02-23 01:18 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-30 11:25 . 2010-11-21 03:27 275080 ----a-w- c:\windows\system32\MpSigStub.exe
2014-10-07 09:06 . 2013-03-25 00:32 590536 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-10-02 22:23 . 2014-10-02 22:23 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2014-10-02 22:23 . 2014-10-02 22:23 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2014-09-25 02:08 . 2014-10-02 02:49 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-02 02:49 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-09 22:11 . 2014-09-24 21:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 21:23 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-10-14 18:37 239272 ----a-w- c:\users\Kiarash\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-10-14 18:37 239272 ----a-w- c:\users\Kiarash\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-10-14 18:37 239272 ----a-w- c:\users\Kiarash\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSync"="c:\users\Kiarash\AppData\Roaming\SSync\SSync.exe" [2012-12-19 41984]
"Akamai NetSession Interface"="c:\users\Kiarash\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"Spotify Web Helper"="c:\users\Kiarash\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-10-09 1514040]
"Spotify"="c:\users\Kiarash\AppData\Roaming\Spotify\spotify.exe" [2014-10-09 6553144]
"SCheck"="c:\users\Kiarash\AppData\Roaming\SCheck\SCheck.exe" [2013-12-09 37376]
"Snoozer"="c:\users\Kiarash\AppData\Roaming\Snz\Snz.exe" [2014-09-06 1620064]
"Intermediate"="c:\users\Kiarash\AppData\Roaming\Intermediate\Intermediate.exe" [2013-12-09 37376]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-11-27 30528608]
"Sixth"="c:\users\Kiarash\AppData\Roaming\Sixth\Sixth.exe" [2014-11-24 74470]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"THX Audio Control Panel"="c:\program files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe" [2011-08-30 1517056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe" [2010-02-19 241789]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-10 1073312]
"ADSK DLMSession"="c:\program files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe" [2012-07-24 1632216]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"PowerDVD12DMREngine"="c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" [2012-12-28 506480]
"PowerDVD12Agent"="c:\program files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" [2012-12-28 375168]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2014-10-16 2694320]
"ADSKAppManager"="c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" [2014-06-21 488328]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2014-09-12 3499920]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
.
c:\users\Kiarash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kiarash\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-11-12 35419192]
Send to OneNote.lnk - c:\program files\Microsoft Office 15\root\office15\ONENOTEM.EXE /tsr [2014-9-26 195240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hotkey.lnk - c:\program files (x86)\Hotkey\Hotkey.exe [2012-10-25 4739072]
TotalMedia BackUp & Recorder Monitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia Extreme 2\BackUp & Recorder\uBBMonitor.exe [2013-3-13 285288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 27961eae;Content Accelerator;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 cpuz130;cpuz130; [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe;c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 tihub3;TI USB3 Hub Service;c:\windows\system32\DRIVERS\tihub3.sys;c:\windows\SYSNATIVE\DRIVERS\tihub3.sys [x]
R3 tixhci;TI XHCI Service;c:\windows\system32\DRIVERS\tixhci.sys;c:\windows\SYSNATIVE\DRIVERS\tixhci.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys;c:\windows\SYSNATIVE\drivers\ArcSec.sys [x]
S2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2013/03/11 15:31];c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [x]
S2 AdAppMgrSvc;Autodesk Application Manager Service;c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe ;c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe  [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 ArcSoftServiceHelperTool;ArcSoftServiceHelperTool;c:\program files (x86)\ArcSoft\TotalMedia Extreme 2\BackUp & Recorder\BackupService.exe;c:\program files (x86)\ArcSoft\TotalMedia Extreme 2\BackUp & Recorder\BackupService.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [x]
S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [x]
S2 FPLService;TrueSuiteService;c:\program files\AuthenTec TrueSuite\TrueSuiteService.exe;c:\program files\AuthenTec TrueSuite\TrueSuiteService.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 McNeelUpdate;McNeel Update Service 5.0;c:\program files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe;c:\program files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [x]
S2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;c:\program files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe;c:\program files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe [x]
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [x]
S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe;c:\program files (x86)\Hotkey\PowerBiosServer.exe [x]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe;c:\program files\CyberLink\Shared files\RichVideo64.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-05 01:31 1087304 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-23 23:30]
.
2014-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-05 01:31]
.
2014-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-05 01:31]
.
2014-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-900365376-1320249618-260173824-1002Core.job
- c:\users\Kiarash\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-04 05:16]
.
2014-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-900365376-1320249618-260173824-1002UA.job
- c:\users\Kiarash\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-04 05:16]
.
2014-12-05 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2013-03-05 20:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2014-09-26 21:41 1021088 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2014-09-26 21:41 1021088 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2014-09-26 21:41 1021088 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-10-14 18:37 266416 ----a-w- c:\users\Kiarash\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-10-14 18:37 266416 ----a-w- c:\users\Kiarash\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-10-14 18:37 266416 ----a-w- c:\users\Kiarash\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-10-14 18:27 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-10-14 18:27 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-10-14 18:27 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Kiarash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{BC6D10E6-AE59-4cef-83DB-FD4C9BC7B7F2}"
[HKEY_CLASSES_ROOT\CLSID\{BC6D10E6-AE59-4cef-83DB-FD4C9BC7B7F2}]
2011-10-21 22:00 4014408 ----a-w- c:\program files\AuthenTec TrueSuite\KeepSafe\fvns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{93BB455E-3D52-4fba-9733-E5103B30FC12}"
[HKEY_CLASSES_ROOT\CLSID\{93BB455E-3D52-4fba-9733-E5103B30FC12}]
2011-10-21 22:00 4014408 ----a-w- c:\program files\AuthenTec TrueSuite\KeepSafe\fvns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-08-30 13192848]
"KeepSafe"="c:\program files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe" [2011-10-21 38728]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-10-14 557768]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-06 415680]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>;<local>
uInternet Settings,ProxyServer = http=127.0.0.1:59768;https=127.0.0.1:59768
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Kiarash\AppData\Roaming\Mozilla\Firefox\Profiles\n0s4o6tc.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: !HIDDEN! 2013-02-25 11:49; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: !HIDDEN! 2013-03-21 13:54; SpecialSavings@SpecialSavings.com; c:\users\Kiarash\AppData\Roaming\Mozilla\Extensions\SpecialSavings@SpecialSavings.com
FF - user.js: extensions.nspdlsd.aflt - spd_wnzp_14_20_ff
FF - user.js: extensions.nspdlsd.instlRef - 140305_b
FF - user.js: extensions.nspdlsd.cr - 1334993540
FF - user.js: extensions.nspdlsd.cd - 2XzuyEtN2Y1L1Qzu0CyEzzyDtDzztD0E0CtAtA0E0EtBtDtCtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtCtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyB0DtByDyE0A0AtAtGyE0A0ByCtGyB0AyBtCtGtBtAzztAtGyE0AyEtAzz0F0EzytAzy0ByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0Czy0EyBtA0EzztGtA0CyDtCtG0ByDyBtBtG0E0CzyyDtGyEyD0D0EyCtCyD0EtC0DtCtB2Q
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{72351B45-9636-4F99-820B-7C552D27897D}} - (no file)
Wow6432Node-HKCU-Run-EarthAlerts - c:\program files (x86)\Earth Alerts\EarthAlerts.exe
Wow6432Node-HKCU-Run-Seventh - c:\users\Kiarash\AppData\Roaming\Seventh\Seventh.exe
Wow6432Node-HKLM-Run-Express FilesInstaller Starter - c:\users\Kiarash\AppData\Local\Temp\install501356.exe
c:\users\Kiarash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk - c:\program files (x86)\ZooskMessenger\ZooskMessenger.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{72351B45-9636-4F99-820B-7C552D27897D}} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_¤\00\00¤\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~¤\00\00¤\00\00\00\00¤\00\00\00\00\00\00\00\00‘’“"
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{73526619-C24F-470B-9BED-53D455FBB5C6}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2014-12-05  00:42:10 - machine was rebooted
ComboFix-quarantined-files.txt  2014-12-05 08:42
.
Pre-Run: 22,703,505,408 bytes free
Post-Run: 47,921,864,704 bytes free
.
- - End Of File - - 68E91C34333CDCD7E5485AEAB7D60063
A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

Hello cheeta and welcome:

Please take no additional unguided actions with applications such as ComboFix lest your system be rendered entirely unusable. I recommend following the advice from the topic: Available Assistance for Possibly Infected Computers and have one of the Malware Removal Experts assist you with your issue.

If, as recommended, you do open a topic in Malware Removal Help, please make reference to this thread.

If you would like to get off to a very fast start, the Malware Removal Experts would appreciate it if you would also Copy and Paste (not attach) both the FRST.txt and the Addition.txt output diagnostic reports from only Log Set 1 into your new topic.

Thank you. :)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.