Next two reports.
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software Run date: 2015-02-01 14:23:22 ----------------------------- 14:23:22.923 OS Version: Windows x64 6.1.7601 Service Pack 1 14:23:22.923 Number of processors: 4 586 0x2505 14:23:22.923 ComputerName: DARLENE-LAPTOP UserName: Darlene 14:23:24.073 Initialize success 14:23:24.083 VM: initialized successfully 14:23:24.083 VM: Intel CPU supported 14:23:25.794 VM: supported disk I/O iaStor.sys 14:25:44.224 AVAST engine defs: 15013101 14:25:55.595 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 14:25:55.595 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3 14:25:55.735 VM: Disk 0 MBR read successfully 14:25:55.745 Disk 0 MBR scan 14:25:55.785 Disk 0 Windows 7 default MBR code 14:25:55.785 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16384 MB offset 2048 14:25:55.845 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 33556480 14:25:55.865 Disk 0 default boot code 14:25:55.915 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 288759 MB offset 33761280 14:25:56.086 Disk 0 scanning C:\Windows\system32\drivers 14:26:10.919 Service scanning 14:26:43.405 Modules scanning 14:26:43.405 Disk 0 trace - called modules: 14:26:43.425 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 14:26:43.435 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bce060] 14:26:43.435 3 CLASSPNP.SYS[fffff88001bb643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004937050] 14:26:44.865 AVAST engine scan C:\Windows 14:26:49.156 AVAST engine scan C:\Windows\system32 14:31:15.312 AVAST engine scan C:\Windows\system32\drivers 14:31:32.964 AVAST engine scan C:\Users\Darlene 14:35:05.643 Disk 0 MBR has been saved successfully to "C:\Users\Darlene\Desktop\MBR.dat" 14:35:05.683 The log file has been saved successfully to "C:\Users\Darlene\Desktop\aswMBRlog.txt"
_________________________________
ComboFix 15-01-29.01 - Darlene 01/02/2015 14:58:37.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.1889 [GMT -5:00]
Running from: c:\users\Darlene\Desktop\username123.exe
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\windows\iun6002.exe
c:\windows\tmp
c:\windows\tmp\dd_vcredistMSI70DD.txt
c:\windows\tmp\dd_vcredistUI70DD.txt
c:\windows\tmp\fonts\fontdb
c:\windows\tmp\qtsingleapp-koboex-7d5-1-lockfile
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2015-01-01 to 2015-02-01 )))))))))))))))))))))))))))))))
.
.
2015-02-01 20:09 . 2015-02-01 20:09 -------- d-----w- c:\users\Terry\AppData\Local\temp
2015-02-01 20:09 . 2015-02-01 20:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-01 19:38 . 2015-02-01 19:41 -------- d-----w- c:\users\Darlene\AppData\Local\CrashDumps
2015-02-01 14:57 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F2F9736-32BB-4496-9AE5-5844C364AE01}\mpengine.dll
2015-01-31 14:41 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-01-22 01:28 . 2014-09-17 03:55 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{096D4C5C-0859-4A8B-B6E8-73F7306A9A0B}\gapaengine.dll
2015-01-19 13:43 . 2015-01-19 13:43 -------- d-sh--w- c:\users\Terry\AppData\Local\EmieBrowserModeList
2015-01-15 23:53 . 2015-01-15 23:55 -------- d-----w- C:\FRST
2015-01-15 23:45 . 2015-01-15 23:45 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-01-15 23:45 . 2015-01-15 23:45 -------- d-----w- c:\programdata\RogueKiller
2015-01-13 22:46 . 2015-01-13 22:46 -------- d-----w- C:\_OTL
2015-01-13 22:44 . 2015-01-13 22:44 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2015-01-13 22:23 . 2011-11-10 18:20 4200024 ----a-w- c:\windows\SysWow64\cdintf400.dll
2015-01-13 22:22 . 2015-01-13 22:22 -------- d-----w- c:\program files (x86)\Common Files\Intuit
2015-01-13 22:22 . 2015-01-13 22:26 -------- d-----w- c:\program files (x86)\Quicken
2015-01-11 18:14 . 2015-01-11 18:22 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-11 18:14 . 2014-11-21 11:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-01-11 18:14 . 2014-11-21 11:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-01-11 18:14 . 2014-11-21 11:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-01-11 18:14 . 2015-01-11 18:14 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-01-07 23:47 . 2015-01-07 23:47 -------- d-----w- c:\program files (x86)\Common Files\AnswerWorks 5.0
2015-01-07 23:47 . 2015-01-07 23:47 -------- d-----w- c:\users\Darlene\AppData\Roaming\Intuit
2015-01-07 23:38 . 2015-01-07 23:38 -------- d-----w- c:\programdata\Intuit
2015-01-05 16:23 . 2015-01-05 16:23 -------- d-----w- c:\users\Darlene\AppData\Roaming\MPC-HC
2015-01-03 03:20 . 2015-01-03 03:20 -------- d-sh--w- c:\users\Darlene\AppData\Local\EmieBrowserModeList
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-31 11:14 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-04 02:50 . 2015-01-02 14:23 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2015-01-02 14:23 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2015-01-02 14:23 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2015-01-02 14:23 830976 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2015-01-02 14:23 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2015-01-02 14:23 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2015-01-02 14:23 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2015-01-02 14:23 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-27 21:40 . 2013-10-27 19:51 112710672 ----a-w- c:\windows\system32\MRT.exe
2014-11-27 01:43 . 2015-01-02 14:24 389296 ----a-w- c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2015-01-02 14:23 25059840 ----a-w- c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2015-01-02 14:24 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2015-01-02 14:24 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2015-01-02 14:23 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2015-01-02 14:23 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2015-01-02 14:24 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2015-01-02 14:23 2885120 ----a-w- c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2015-01-02 14:23 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2015-01-02 14:23 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2015-01-02 14:24 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2015-01-02 14:23 633856 ----a-w- c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2015-01-02 14:23 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-11-22 02:35 . 2015-01-02 14:24 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2015-01-02 14:23 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2015-01-02 14:23 6039552 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2015-01-02 14:23 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2015-01-02 14:23 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2015-01-02 14:24 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2015-01-02 14:24 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2015-01-02 14:23 199680 ----a-w- c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2015-01-02 14:23 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2015-01-02 14:23 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2015-01-02 14:24 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2015-01-02 14:24 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2015-01-02 14:23 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2015-01-02 14:23 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-11-22 01:55 . 2015-01-02 14:23 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-11-22 01:54 . 2015-01-02 14:24 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2015-01-02 14:24 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2015-01-02 14:23 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2015-01-02 14:23 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2015-01-02 14:23 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2015-01-02 14:23 14412800 ----a-w- c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2015-01-02 14:24 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2015-01-02 14:23 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2015-01-02 14:23 2358272 ----a-w- c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2015-01-02 14:24 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2015-01-02 14:23 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2015-01-02 14:24 1548288 ----a-w- c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2015-01-02 14:23 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2015-01-02 14:23 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2014-11-11 03:09 . 2015-01-02 14:23 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2015-01-02 14:24 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2015-01-02 14:24 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2015-01-02 14:23 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2015-01-02 14:24 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2015-01-02 14:24 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2015-01-02 14:23 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2015-01-02 14:22 2048 ----a-w- c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2015-01-02 14:22 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-01-28 7780120]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30877280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-02-11 1070160]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-09-20 341360]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-08-26 177448]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2014-08-16 421888]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-09-27 559696]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Darlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files (x86)\palmOne\HOTSYNC.EXE [2004-6-9 471040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe ;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers \AmUStor.SYS [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCo llector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVE RS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIV E\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNA TIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers \TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drive rs\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\Wa tAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files (x86)\Windows Live\Mesh\wlcrasvc.exe;c:\program files (x86)\Windows Live\Mesh\wlcrasvc.exe [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\w indows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\wind ows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\wind ows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIV ERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIV ERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS \IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DR IVERS\L1C62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 58505322
*NewlyCreated* - ASWMBR
*NewlyCreated* - ASWVMM
*Deregistered* - 58505322
*Deregistered* - aswMBR
*Deregistered* - aswVmm
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-01 19:05 1086280 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.94\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-03 03:16]
.
2015-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-03 03:16]
.
2015-02-01 c:\windows\Tasks\SDMsgUpdate (Local).job
- c:\smartd~1\Messages\SDNotify.exe [2014-04-01 15:18]
.
2015-02-01 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\smartd~1\Messages\SDNotify.exe [2014-04-01 15:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-01-26 368728]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 391960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 419096]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-04 11780712]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
"AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe" [2014-12-18 8947008]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.roboform.com
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: tangerine.ca\secure
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{AE2580C2-68FA-4EED-811A-3B473F0897C2}: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{AE2580C2-68FA-4EED-811A-3B473F0897C2}\36F6D6D6F6E6: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{AE2580C2-68FA-4EED-811A-3B473F0897C2}\668636962736C656: DhcpNameServer = 10.25.0.1
.
.
------- File Associations -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-58505322.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-NutriBase 5 Plus v.5.17 Uninstall - c:\windows\iun6002.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_ 0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.e xe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_ 0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.e xe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-02-01 15:26:30
ComboFix-quarantined-files.txt 2015-02-01 20:26
.
Pre-Run: 234,893,578,240 bytes free
Post-Run: 234,543,230,976 bytes free
.
- - End Of File - - 364667E6A6FEFF1734EC6E23050024AA
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software Run date: 2015-02-01 14:23:22 ----------------------------- 14:23:22.923 OS Version: Windows x64 6.1.7601 Service Pack 1 14:23:22.923 Number of processors: 4 586 0x2505 14:23:22.923 ComputerName: DARLENE-LAPTOP UserName: Darlene 14:23:24.073 Initialize success 14:23:24.083 VM: initialized successfully 14:23:24.083 VM: Intel CPU supported 14:23:25.794 VM: supported disk I/O iaStor.sys 14:25:44.224 AVAST engine defs: 15013101 14:25:55.595 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 14:25:55.595 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3 14:25:55.735 VM: Disk 0 MBR read successfully 14:25:55.745 Disk 0 MBR scan 14:25:55.785 Disk 0 Windows 7 default MBR code 14:25:55.785 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16384 MB offset 2048 14:25:55.845 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 33556480 14:25:55.865 Disk 0 default boot code 14:25:55.915 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 288759 MB offset 33761280 14:25:56.086 Disk 0 scanning C:\Windows\system32\drivers 14:26:10.919 Service scanning 14:26:43.405 Modules scanning 14:26:43.405 Disk 0 trace - called modules: 14:26:43.425 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 14:26:43.435 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bce060] 14:26:43.435 3 CLASSPNP.SYS[fffff88001bb643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004937050] 14:26:44.865 AVAST engine scan C:\Windows 14:26:49.156 AVAST engine scan C:\Windows\system32 14:31:15.312 AVAST engine scan C:\Windows\system32\drivers 14:31:32.964 AVAST engine scan C:\Users\Darlene 14:35:05.643 Disk 0 MBR has been saved successfully to "C:\Users\Darlene\Desktop\MBR.dat" 14:35:05.683 The log file has been saved successfully to "C:\Users\Darlene\Desktop\aswMBRlog.txt"
_________________________________
ComboFix 15-01-29.01 - Darlene 01/02/2015 14:58:37.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.1889 [GMT -5:00]
Running from: c:\users\Darlene\Desktop\username123.exe
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\windows\iun6002.exe
c:\windows\tmp
c:\windows\tmp\dd_vcredistMSI70DD.txt
c:\windows\tmp\dd_vcredistUI70DD.txt
c:\windows\tmp\fonts\fontdb
c:\windows\tmp\qtsingleapp-koboex-7d5-1-lockfile
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2015-01-01 to 2015-02-01 )))))))))))))))))))))))))))))))
.
.
2015-02-01 20:09 . 2015-02-01 20:09 -------- d-----w- c:\users\Terry\AppData\Local\temp
2015-02-01 20:09 . 2015-02-01 20:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-01 19:38 . 2015-02-01 19:41 -------- d-----w- c:\users\Darlene\AppData\Local\CrashDumps
2015-02-01 14:57 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F2F9736-32BB-4496-9AE5-5844C364AE01}\mpengine.dll
2015-01-31 14:41 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-01-22 01:28 . 2014-09-17 03:55 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{096D4C5C-0859-4A8B-B6E8-73F7306A9A0B}\gapaengine.dll
2015-01-19 13:43 . 2015-01-19 13:43 -------- d-sh--w- c:\users\Terry\AppData\Local\EmieBrowserModeList
2015-01-15 23:53 . 2015-01-15 23:55 -------- d-----w- C:\FRST
2015-01-15 23:45 . 2015-01-15 23:45 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-01-15 23:45 . 2015-01-15 23:45 -------- d-----w- c:\programdata\RogueKiller
2015-01-13 22:46 . 2015-01-13 22:46 -------- d-----w- C:\_OTL
2015-01-13 22:44 . 2015-01-13 22:44 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2015-01-13 22:23 . 2011-11-10 18:20 4200024 ----a-w- c:\windows\SysWow64\cdintf400.dll
2015-01-13 22:22 . 2015-01-13 22:22 -------- d-----w- c:\program files (x86)\Common Files\Intuit
2015-01-13 22:22 . 2015-01-13 22:26 -------- d-----w- c:\program files (x86)\Quicken
2015-01-11 18:14 . 2015-01-11 18:22 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-11 18:14 . 2014-11-21 11:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-01-11 18:14 . 2014-11-21 11:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-01-11 18:14 . 2014-11-21 11:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-01-11 18:14 . 2015-01-11 18:14 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-01-07 23:47 . 2015-01-07 23:47 -------- d-----w- c:\program files (x86)\Common Files\AnswerWorks 5.0
2015-01-07 23:47 . 2015-01-07 23:47 -------- d-----w- c:\users\Darlene\AppData\Roaming\Intuit
2015-01-07 23:38 . 2015-01-07 23:38 -------- d-----w- c:\programdata\Intuit
2015-01-05 16:23 . 2015-01-05 16:23 -------- d-----w- c:\users\Darlene\AppData\Roaming\MPC-HC
2015-01-03 03:20 . 2015-01-03 03:20 -------- d-sh--w- c:\users\Darlene\AppData\Local\EmieBrowserModeList
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-31 11:14 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-04 02:50 . 2015-01-02 14:23 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2015-01-02 14:23 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2015-01-02 14:23 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2015-01-02 14:23 830976 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2015-01-02 14:23 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2015-01-02 14:23 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2015-01-02 14:23 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2015-01-02 14:23 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-27 21:40 . 2013-10-27 19:51 112710672 ----a-w- c:\windows\system32\MRT.exe
2014-11-27 01:43 . 2015-01-02 14:24 389296 ----a-w- c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2015-01-02 14:23 25059840 ----a-w- c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2015-01-02 14:24 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2015-01-02 14:24 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2015-01-02 14:23 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2015-01-02 14:23 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2015-01-02 14:24 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2015-01-02 14:23 2885120 ----a-w- c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2015-01-02 14:23 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2015-01-02 14:23 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2015-01-02 14:24 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2015-01-02 14:23 633856 ----a-w- c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2015-01-02 14:23 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-11-22 02:35 . 2015-01-02 14:24 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2015-01-02 14:23 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2015-01-02 14:23 6039552 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2015-01-02 14:23 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2015-01-02 14:23 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2015-01-02 14:24 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2015-01-02 14:24 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2015-01-02 14:23 199680 ----a-w- c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2015-01-02 14:23 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2015-01-02 14:23 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2015-01-02 14:24 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2015-01-02 14:24 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2015-01-02 14:23 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2015-01-02 14:23 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-11-22 01:55 . 2015-01-02 14:23 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-11-22 01:54 . 2015-01-02 14:24 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2015-01-02 14:24 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2015-01-02 14:23 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2015-01-02 14:23 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2015-01-02 14:23 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2015-01-02 14:23 14412800 ----a-w- c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2015-01-02 14:24 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2015-01-02 14:23 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2015-01-02 14:23 2358272 ----a-w- c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2015-01-02 14:24 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2015-01-02 14:23 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2015-01-02 14:24 1548288 ----a-w- c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2015-01-02 14:23 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2015-01-02 14:23 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2014-11-11 03:09 . 2015-01-02 14:23 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2015-01-02 14:24 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2015-01-02 14:24 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2015-01-02 14:23 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2015-01-02 14:24 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2015-01-02 14:24 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2015-01-02 14:23 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2015-01-02 14:22 2048 ----a-w- c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2015-01-02 14:22 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-01-28 7780120]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30877280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-02-11 1070160]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-09-20 341360]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-08-26 177448]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2014-08-16 421888]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-09-27 559696]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Darlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files (x86)\palmOne\HOTSYNC.EXE [2004-6-9 471040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe ;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers \AmUStor.SYS [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCo llector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVE RS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIV E\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNA TIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers \TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drive rs\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\Wa tAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files (x86)\Windows Live\Mesh\wlcrasvc.exe;c:\program files (x86)\Windows Live\Mesh\wlcrasvc.exe [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\w indows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\wind ows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\wind ows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIV ERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIV ERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS \IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DR IVERS\L1C62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 58505322
*NewlyCreated* - ASWMBR
*NewlyCreated* - ASWVMM
*Deregistered* - 58505322
*Deregistered* - aswMBR
*Deregistered* - aswVmm
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-01 19:05 1086280 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.94\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-03 03:16]
.
2015-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-03 03:16]
.
2015-02-01 c:\windows\Tasks\SDMsgUpdate (Local).job
- c:\smartd~1\Messages\SDNotify.exe [2014-04-01 15:18]
.
2015-02-01 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\smartd~1\Messages\SDNotify.exe [2014-04-01 15:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-01-26 368728]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 391960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 419096]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-04 11780712]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
"AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe" [2014-12-18 8947008]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.roboform.com
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: tangerine.ca\secure
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{AE2580C2-68FA-4EED-811A-3B473F0897C2}: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{AE2580C2-68FA-4EED-811A-3B473F0897C2}\36F6D6D6F6E6: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{AE2580C2-68FA-4EED-811A-3B473F0897C2}\668636962736C656: DhcpNameServer = 10.25.0.1
.
.
------- File Associations -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-58505322.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-NutriBase 5 Plus v.5.17 Uninstall - c:\windows\iun6002.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_ 0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.e xe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_ 0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.e xe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-02-01 15:26:30
ComboFix-quarantined-files.txt 2015-02-01 20:26
.
Pre-Run: 234,893,578,240 bytes free
Post-Run: 234,543,230,976 bytes free
.
- - End Of File - - 364667E6A6FEFF1734EC6E23050024AA