Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD issues


  • This topic is locked This topic is locked
3 replies to this topic

#1 Ayoh

Ayoh

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 08 February 2014 - 08:42 AM

Hi

I am having recurring BSOD issues which after do not appear to be RAM or SSD related. I have reinstalled all my key drivers too and they persist. To isolate any other causes I ran ComboFix to make sure the system is not infected and i was wondering if someone could please interpret the ComboFix log to see if there are any issues. A log txt file is attached. Thank you for your help.

ComboFix 14-02-05.02 - Xxxxx 08/02/2014 23:40:48.1.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.61.1033.18.16294.11158 [GMT 11:00]
Running from: d:\desktop\ComboFix.exe
AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Xxxxx\.uc-c4d0f1519594410ba5e10f03d2765460.xxxxx.2760p.tmp
c:\users\Xxxxx\AppData\Local\assembly\tmp
c:\users\Xxxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3CAE45F8-8C68-4242-A135-7E5F941800A0}.xps
c:\users\Xxxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3F6A7334-99C6-4D44-997D-06CC9050B519}.xps
c:\windows\SysWow64\dlumd10.dll
c:\windows\SysWow64\dlumd11.dll
c:\windows\SysWow64\dlumd9.dll
c:\windows\SysWow64\dlumdfb10.dll
c:\windows\SysWow64\dlumdfb11.dll
c:\windows\SysWow64\dlumdfb9.dll
c:\windows\SysWow64\tmpC6B4.tmp
c:\windows\SysWow64\tmpC6D4.tmp
.
.
((((((((((((((((((((((((( Files Created from 2014-01-08 to 2014-02-08 )))))))))))))))))))))))))))))))
.
.
2014-02-08 12:57 . 2014-02-08 12:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-06 07:42 . 2014-02-06 07:55 -------- d-----w- c:\users\Xxxxx\AppData\Roaming\Mp3tag
2014-02-06 07:42 . 2014-02-06 07:42 -------- d-----w- c:\program files (x86)\Mp3tag
2014-02-06 01:01 . 2014-02-06 01:01 -------- d-----w- c:\program files (x86)\CrystalDiskInfo
2014-02-04 12:34 . 2010-07-22 05:46 237056 ----a-w- c:\windows\system32\APOMgr64.DLL
2014-02-04 12:34 . 2010-07-22 05:45 181760 ----a-w- c:\windows\SysWow64\APOMngr.DLL
2014-02-04 12:34 . 2009-12-29 05:52 89088 ----a-w- c:\windows\system32\CmdRtr64.DLL
2014-02-04 12:34 . 2009-12-29 05:50 73728 ----a-w- c:\windows\SysWow64\CmdRtr.DLL
2014-02-04 12:34 . 2009-05-26 04:59 26768 ----a-w- c:\windows\ksaudENG.reg
2014-02-04 12:34 . 2007-07-04 23:27 2630 ----a-w- c:\windows\MixerName.reg
2014-02-04 12:33 . 2014-02-04 12:33 -------- d-----w- c:\program files (x86)\Common Files\Creative Labs Shared
2014-02-03 04:59 . 2014-02-03 04:59 -------- d-----w- c:\programdata\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-02-03 04:58 . 2013-09-26 23:12 565048 ----a-w- c:\windows\system32\PROUnstl.exe
2014-02-03 04:51 . 2014-02-03 04:51 -------- d-----w- C:\New folder
2014-02-03 03:02 . 2010-07-20 02:26 102952 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2014-02-03 03:02 . 2010-07-20 02:26 135720 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2014-02-03 03:02 . 2010-07-20 02:26 21544 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2014-02-03 03:02 . 2010-03-02 03:37 39464 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2014-02-03 02:56 . 2011-08-08 06:28 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2014-02-03 02:33 . 2014-02-03 02:33 -------- d--h--w- c:\windows\system32\WLANProfiles
2014-02-03 02:32 . 2014-02-03 02:32 -------- d-----w- c:\users\Xxxxx\AppData\Roaming\Intel
2014-02-03 02:32 . 2014-02-03 02:32 -------- d-----w- c:\users\Xxxxx\Roaming
2014-02-03 02:32 . 2014-02-03 02:32 -------- d-----w- c:\users\Default\Roaming
2014-02-03 02:32 . 2014-02-03 02:32 -------- d-----w- c:\users\Ansys shared\Roaming
2014-02-03 02:31 . 2014-02-03 02:31 -------- d-----w- c:\program files\Common Files\Intel
2014-02-03 02:31 . 2014-02-03 02:31 -------- d-----w- c:\program files (x86)\Cisco
2014-02-03 02:31 . 2014-02-03 02:31 -------- d-----w- c:\programdata\Intel.sav
2014-02-03 02:30 . 2014-02-03 02:30 -------- d-----w- c:\users\Xxxxx\AppData\Local\Broadcom
2014-02-03 02:29 . 2010-07-13 19:25 344616 ----a-w- c:\windows\system32\drivers\btwampfl.sys
2014-02-03 02:28 . 2014-02-03 02:28 -------- d-----w- c:\program files\WIDCOMM
2014-02-03 02:27 . 2014-02-03 04:59 -------- d-----w- c:\program files\Intel
2014-02-03 02:24 . 2012-05-14 20:13 144896 ----a-w- c:\windows\system32\IntelOpenCL64.dll
2014-02-03 02:24 . 2012-05-14 20:13 20992 ----a-w- c:\windows\system32\OpenCL.dll
2014-02-03 02:24 . 2012-05-14 19:20 104448 ----a-w- c:\windows\SysWow64\IntelOpenCL32.dll
2014-02-03 02:24 . 2012-05-14 19:20 17920 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-02-03 01:46 . 2014-02-03 01:46 -------- d-----w- c:\program files\HP USB Docking Video
2014-02-03 01:46 . 2014-02-03 01:46 0 ----a-w- c:\windows\system32\dlumdfb9.dll
2014-02-03 01:46 . 2014-02-03 01:46 0 ----a-w- c:\windows\system32\dlumdfb11.dll
2014-02-03 01:46 . 2014-02-03 01:46 0 ----a-w- c:\windows\system32\dlumdfb10.dll
2014-02-03 01:46 . 2014-02-03 01:46 0 ----a-w- c:\windows\system32\dlumd9.dll
2014-02-03 01:46 . 2014-02-03 01:46 0 ----a-w- c:\windows\system32\dlumd11.dll
2014-02-03 01:46 . 2014-02-03 01:46 0 ----a-w- c:\windows\system32\dlumd10.dll
2014-02-03 01:45 . 2014-02-03 01:45 -------- d-----w- C:\system.sav
2014-02-03 01:43 . 2014-02-03 01:43 -------- d-----w- c:\programdata\SZCCID
2014-02-03 01:43 . 2014-02-03 01:43 -------- d-----w- c:\program files (x86)\AlcorMicro
2014-02-03 01:40 . 2014-02-03 01:40 -------- d-----w- c:\windows\system32\SRSLabs
2014-02-03 01:39 . 2014-02-03 01:39 -------- d-----w- c:\users\Xxxxx\AppData\Roaming\Sierra Wireless
2014-02-03 01:29 . 2012-10-02 02:49 443208 ----a-w- c:\windows\system32\drivers\Mbm3CBus.sys
2014-02-03 01:29 . 2012-10-02 02:49 17736 ----a-w- c:\windows\system32\drivers\Mbm3whnt.sys
2014-02-03 01:29 . 2012-10-02 02:49 17736 ----a-w- c:\windows\system32\drivers\Mbm3wh.sys
2014-02-03 01:29 . 2011-10-05 00:38 29736 ----a-w- c:\windows\system32\drivers\wwussf64.sys
2014-02-03 01:29 . 2011-10-05 00:38 26664 ----a-w- c:\windows\system32\drivers\wwuss64.sys
2014-02-03 01:29 . 2012-12-21 02:29 280448 ----a-w- c:\windows\system32\drivers\WwanUsbMp64.sys
2014-02-03 01:29 . 2012-10-02 02:49 506184 ----a-w- c:\windows\system32\drivers\Mbm3Mdm.sys
2014-02-03 01:29 . 2012-10-02 02:49 453960 ----a-w- c:\windows\system32\drivers\Mbm3DevMt.sys
2014-02-03 01:29 . 2012-10-02 02:49 21832 ----a-w- c:\windows\system32\drivers\Mbm3mdfl.sys
2014-02-03 01:29 . 2012-10-02 02:49 17224 ----a-w- c:\windows\system32\drivers\Mbm3cmnt.sys
2014-02-03 01:29 . 2012-10-02 02:49 17224 ----a-w- c:\windows\system32\drivers\Mbm3cm.sys
2014-02-03 01:29 . 2012-03-01 04:09 103184 ----a-w- c:\windows\system32\drivers\h36wgps64.sys
2014-02-03 01:15 . 2011-04-28 23:23 4096 ----a-w- c:\windows\SysWow64\sigfile.exe
2014-02-03 01:09 . 2014-02-04 10:21 -------- d-----w- C:\swsetup
2014-02-03 01:06 . 2014-02-04 12:18 -------- d-----w- C:\DRIVERS
2014-02-03 01:03 . 2014-02-03 01:04 -------- d-----w- c:\users\Xxxxx\AppData\Roaming\HpUpdate
2014-02-03 01:03 . 2014-02-03 01:03 -------- d-----w- c:\windows\Hewlett-Packard
2014-02-03 00:57 . 2014-01-06 05:20 86054176 ----a-w- c:\windows\system32\MRT.exe
2014-02-02 04:14 . 2011-11-21 03:13 1114624 ----a-w- c:\windows\memorb.exe
2014-02-02 04:10 . 2014-02-02 04:14 -------- d-----w- c:\program files (x86)\Ultimate Windows Customizer
2014-01-29 03:55 . 2014-01-29 03:55 -------- d-----w- c:\users\Xxxxx\AppData\Local\PACE Anti-Piracy
2014-01-29 01:56 . 2014-01-29 01:58 -------- d-----w- c:\users\Xxxxx\AppData\Roaming\HandBrake
2014-01-29 01:56 . 2014-01-29 01:56 -------- d-----w- c:\program files\Handbrake
2014-01-25 13:51 . 2014-01-29 03:55 -------- d--h--w- c:\users\Xxxxx\AppData\Local\n1pWeu7X1SY2
2014-01-25 11:27 . 2014-01-25 11:28 -------- d-----w- C:\Plug-ins
2014-01-25 07:42 . 2014-01-25 07:42 -------- d-----w- c:\users\Xxxxx\AppData\Roaming\FluCard® Pro Shoot & View Pro
2014-01-25 07:42 . 2014-01-25 07:42 -------- d-----w- c:\program files (x86)\Trek 2000 International
2014-01-21 22:45 . 2014-02-05 10:32 -------- d-----w- c:\program files\WhoCrashed
2014-01-17 01:08 . 1998-10-29 05:45 306688 ----a-w- c:\windows\IsUninst.exe
2014-01-16 00:01 . 2014-01-16 00:01 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-13 17:06 . 2013-07-11 10:27 89888 ----a-w- c:\windows\system32\NicInstC.dll
2014-01-13 17:06 . 2009-05-26 17:05 36472 ----a-w- c:\windows\system32\NicCo36.dll
2014-01-13 17:06 . 2013-08-21 09:27 494864 ----a-w- c:\windows\system32\drivers\e1c62x64.sys
2014-01-13 17:06 . 2013-07-25 10:08 73480 ----a-w- c:\windows\system32\e1cmsg.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-16 00:00 . 2012-07-20 04:21 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-16 00:00 . 2012-02-16 08:03 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-14 05:27 . 2013-11-14 05:27 823000 ----a-w- c:\windows\system32\ncs2dmix.dll
2013-11-14 05:27 . 2013-11-14 05:27 797400 ----a-w- c:\windows\system32\accesor.dll
2013-11-14 05:21 . 2013-11-14 05:21 251096 ----a-w- c:\windows\system32\ncs2instutility.dll
2013-11-14 05:19 . 2013-11-14 05:19 3568344 ----a-w- c:\windows\system32\ncscolib.dll
2009-09-26 22:39 415744 --sh--w- c:\windows\SysWOW64\avisynth.dll
2005-07-14 01:31 32256 --sh--w- c:\windows\SysWOW64\AVSredirect.dll
2004-02-21 23:11 764416 --sh--w- c:\windows\SysWOW64\devil.dll
2004-01-24 13:00 70656 --sh--w- c:\windows\SysWOW64\i420vfw.dll
2004-01-24 13:00 70656 --sh--w- c:\windows\SysWOW64\yv12vfw.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 09:38 1720976 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 09:38 1720976 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 09:38 1720976 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 89600]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 350776]
"RUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" [2011-09-19 115048]
"PaperCut MF Client"="c:\program files (x86)\PaperCut MF Client\pc-client.exe" [2011-06-20 208896]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-05-10 38984]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-05-10 840768]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2013-06-13 2236816]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2013-03-06 185144]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-04-30 421888]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-08-08 112408]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2012-08-28 334240]
.
c:\users\Xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
AutoHotkey.lnk - c:\program files\AutoHotkey\AutoHotkey.exe [2013-5-31 1297920]
DragToScroll.exe - Shortcut.lnk - d:\programs\DragToScroll\DragToScroll.exe [2013-6-7 220303]
NoSleepHDv2.0.exe - Shortcut.lnk - C:\NoSleepHDv2.0.exe [2013-2-19 110080]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2010-12-21 245120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DelayedDesktopSwitchTimeout"= 5 (0x5)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R2 MSC.Licensing;MSC.Licensing;c:\program files\MD ADAMS\lmgrd.exe;c:\program files\MD ADAMS\lmgrd.exe [x]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys;c:\windows\SYSNATIVE\drivers\pdihwctl.sys [x]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 EyeOneDisplay;EyeOneDisplay;c:\windows\system32\Drivers\i1display_x64.sys;c:\windows\SYSNATIVE\Drivers\i1display_x64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 Remote Solver for Flow Simulation 2012;Remote Solver for Flow Simulation 2012;c:\program files\Solidworks 2012\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe;c:\program files\Solidworks 2012\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [x]
R3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3hub.sys [x]
R3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3xhc.sys [x]
R3 slicedisk.sys;slicedisk.sys;c:\windows\system32\slicedisk.sys;c:\windows\SYSNATIVE\slicedisk.sys [x]
R3 SliceDisk5;SliceDisk5;c:\program files\A-FF Find and Mount\slicedisk-x64.sys;c:\program files\A-FF Find and Mount\slicedisk-x64.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
R4 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
R4 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 SOHDms;Sony Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R4 SOHDs;Sony Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R4 SPACECLAIM_LICENSE_FILE;SPACECLAIM_LICENSE_FILE;d:\programs\SpaceClaim\lmgrd.exe;d:\programs\SpaceClaim\lmgrd.exe [x]
R4 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R4 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe;c:\program files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe [x]
R4 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [x]
R4 viscamslocksrv;VisCAM Softlock Service;c:\program files (x86)\Marcam Engineering\VisCAM Softlock\slocksrv.exe;c:\program files (x86)\Marcam Engineering\VisCAM Softlock\slocksrv.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys;c:\windows\SYSNATIVE\drivers\LUMDriver.sys [x]
S2 Abaqus;Abaqus;c:\program files\ABAQUS\License\lmgrd.exe;c:\program files\ABAQUS\License\lmgrd.exe [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 ANSYS, Inc. License Manager;ANSYS, Inc. License Manager;c:\program files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe;c:\program files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 chromoting;Chrome Remote Desktop Service;c:\program files (x86)\Google\Chrome Remote Desktop\32.0.1700.98\remoting_host.exe;c:\program files (x86)\Google\Chrome Remote Desktop\32.0.1700.98\remoting_host.exe [x]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run;c:\windows\SYSNATIVE\hasplms.exe -run [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 MatLocalLicenceServer60;Materialise Local License Server 6.0;c:\program files (x86)\Common Files\Materialise\LicenseFiles6\LicSrv60.exe;c:\program files (x86)\Common Files\Materialise\LicenseFiles6\LicSrv60.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 RemoteSolverDispatcher;Remote Solver for Flow Simulation 2013;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe SOFTWARE\SRAC\COSMOS_FloWorks 2013;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe SOFTWARE\SRAC\COSMOS_FloWorks 2013 [x]
S2 TabletServiceISD;TabletServiceISD;c:\program files\Tablet\ISD\ISD_Tablet.exe;c:\program files\Tablet\ISD\ISD_Tablet.exe [x]
S2 TouchServiceISD;Wacom ISD Touch Service;c:\program files\Tablet\ISD\ISD_TouchService.exe;c:\program files\Tablet\ISD\ISD_TouchService.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe servicemode;c:\program files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe servicemode [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys;c:\windows\SYSNATIVE\Drivers\wwuss64.sys [x]
S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys;c:\windows\SYSNATIVE\Drivers\wwussf64.sys [x]
S3 h36wgps;HP Mobile Broadband Module NMEA;c:\windows\system32\DRIVERS\h36wgps64.sys;c:\windows\SYSNATIVE\DRIVERS\h36wgps64.sys [x]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys;c:\windows\SYSNATIVE\DRIVERS\johci.sys [x]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys;c:\windows\SYSNATIVE\drivers\ksaud.sys [x]
S3 Mbm3CBus;HP hs2340 HSPA+ Mobile Broadband Module USB Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3CBus.sys [x]
S3 Mbm3DevMt;HP Mobile Broadband Module Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3DevMt.sys [x]
S3 Mbm3mdfl;HP Mobile Broadband Module Modem Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3mdfl.sys [x]
S3 Mbm3Mdm;HP Mobile Broadband Module Modem Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3Mdm.sys [x]
S3 wacomvthid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys;c:\windows\SYSNATIVE\DRIVERS\WacomVTHid.sys [x]
S3 WISDPen;Wacom Penabled MiniDriver;c:\windows\system32\DRIVERS\wisdpen.sys;c:\windows\SYSNATIVE\DRIVERS\wisdpen.sys [x]
S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys;c:\windows\SYSNATIVE\DRIVERS\WwanUsbMp64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 86432587
*Deregistered* - 86432587
*Deregistered* - PROCEXP152
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-08 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-02-16 09:51]
.
2014-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-21 05:29]
.
2014-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-21 05:29]
.
2014-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3007538225-896779704-3853836102-1000Core.job
- c:\users\Xxxxx\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-16 08:26]
.
2014-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3007538225-896779704-3853836102-1000UA.job
- c:\users\Xxxxx\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-16 08:26]
.
2014-02-08 c:\windows\Tasks\HPCeeScheduleForXxxxx.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-14 17:43]
.
2014-02-08 c:\windows\Tasks\MATLAB R2012b Startup Accelerator.job
- c:\program files\MATLAB\R2012b\bin\win64\MATLABStartupAccelerator.exe [2012-11-27 09:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2013-06-11 13:58 3316080 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2013-06-11 13:58 3316080 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2013-06-11 13:58 3316080 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 4081008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-04-29 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-04-29 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-04-29 442352]
"Creative SB Monitoring Utility"="sbavmon.dll" [2010-07-29 115712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-01-28 21720]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 109.234.199.41:3128
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 203.12.160.35 203.12.160.36
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\xwz4vcqq.default\
FF - ExtSQL: !HIDDEN! 2013-01-04 01:55; hotfix@mozilla.org; c:\users\Xxxxx\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3007538225-896779704-3853836102-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ib]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3007538225-896779704-3853836102-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ib\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_38_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_38_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:cb,7d,af,15,61,93,30,72,ed,44,69,0f,0c,67,fe,0f,ab,ae,fd,d5,dd,
87,4a,9a,6d,c7,e6,f4,2a,12,e3,a0,1b,c8,c7,48,a5,d4,8f,15,47,3f,57,19,a7,6f,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{107E6D21-54ED-32EA-89EBEFDD29F12B2C}\{B975045C-7EA8-ADE1-408732B9E3F99960}\{A296A331-83C2-2419-70104A7C6B45B24D}*]
"RA4KGUJC6T6LBNJRIDQ63C2L6C1"=hex:01,00,01,00,00,00,00,00,f7,8a,3d,85,55,45,07,
82,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{580924E7-4534-80EF-AD4675C17646FF10}\{0EFB2AA0-1A3E-507D-F9B34D5CF29081CD}\{BBABFA65-B0A6-C96D-B621BCAFF6A8D6D6}*]
"RA4KGUJC6T6LBNJRIDQ63C2L6C1"=hex:01,00,01,00,00,00,00,00,f7,8a,3d,85,55,45,07,
82,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:cb,7d,af,15,61,93,30,72,ed,44,69,0f,0c,67,fe,0f,ab,ae,fd,d5,dd,
87,4a,9a,6d,c7,e6,f4,2a,12,e3,a0,1b,c8,c7,48,a5,d4,8f,15,47,3f,57,19,a7,6f,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-09 00:21:39
ComboFix-quarantined-files.txt 2014-02-08 13:21
.
Pre-Run: 72,578,232,320 bytes free
Post-Run: 75,939,459,072 bytes free
.
- - End Of File - - 051D93E5CBBC7888DD763D90FA87AEE0
A36C5E4F47E84449FF07ED3517B43A31

Attached Files

  • Attached File  LOG.txt   38.39KB   3 downloads

Edited by Oh My, 12 February 2014 - 07:21 PM.
Posted log


BC AdBot (Login to Remove)

 


m

#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:45 PM

Posted 12 February 2014 - 07:23 PM

Greetings Ayoh and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Do your recognize this folder and/or Proxy setting?

c:\users\Xxxxx\AppData\Local\n1pWeu7X1SY2
ProxyServer = 109.234.199.41:3128


Please do this for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------

  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply

===================================================

BlueScreenView

----------

  • Download BlueScreenView and save it to your desktop
  • Double click the BlueScreenView.exe file then click OK
  • Select Run, Next, then Next again
  • Click Install
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items
  • Save the report as BSOD.txt
  • Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

  • FRST results
  • Addition log
  • BSOD log

Edited by Oh My, 12 February 2014 - 07:37 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:45 PM

Posted 15 February 2014 - 10:50 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:45 PM

Posted 17 February 2014 - 04:08 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users