Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

(Windows 7 OS) something keeps turning off my anti-virus, please help me kill it


  • This topic is locked This topic is locked
32 replies to this topic

#1 coyora

coyora

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 15 February 2015 - 04:11 PM

re-posted from here:  http://www.bleepingcomputer.com/forums/t/567089/windows-7-os-something-keeps-turning-off-my-anti-virus-please-help-me-kill-it/

 

My pc runs Windows 7.

 

It all started with my google chrome running riiiiiiiidiculously slow, and something opening up windows without my permission.  I found this thread http://www.tomshardware.com/forum/239851-49-simple-free-guide-removing-malware  and did what it said.

 

I booted up in safe mode with networking.  I downloaded Malwarebytes and ran a full system scan.  (It found some stuff that I had it delete; also I un-installed my Avast so it wouldn't interfere.)

 

I downloaded and ran Combofix.  (I *think* it found some stuff, I dunno, it was gibberish to me.)

 

I downloaded and installed ccleaner and ran it. (It fixed stuff)

 

I downloaded Microsoft security essentials and ran it. (because I'd been using Avast before and when I tried to re-install it, I got all kinds of error messages)

 

Then I re-booted and started it normal mode.  It still seemed possessed so then I went back to safe mode with networking and followed the above steps AGAIN (un-installing and re-installing everything) and it found less stuff that time.

 

Then I went back to normal mode, and things seemed more-or-less okay, so I was like "meh, whatever, I probably killed the infection and I don't have any money to steal anyway." but now something's turning off my antivirus constantly and my computer's just acting... weird.

 

I noticed that my svchost.exe is using up a ton of physical memory now, too.

 

If you want logs or anything, I can get them for you.  I can google it to figure out how to get the logs.

 

I can download whatever tool you want me to as well.

 

Thank you so much for all your help and if I'm sorry if I made things harder for you with my untutored computer tinkering. >.<

 

Thanks again!!!

 

2/15/2015  added combo fix logs as requested by the moderator:

 

ComboFix 15-01-08.01 - Larissa 01/10/2015  23:15:09.2.1 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1979.1238 [GMT -10:00]
Running from: c:\users\Larissa\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-12-11 to 2015-01-11  )))))))))))))))))))))))))))))))
.
.
2015-01-11 09:21 . 2015-01-11 09:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-11 04:01 . 2015-01-11 05:23 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-11 04:00 . 2015-01-11 04:01 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-01-11 04:00 . 2014-11-21 16:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-01-11 04:00 . 2014-11-21 16:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-01-11 04:00 . 2014-11-21 16:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-01-11 03:24 . 2015-01-11 03:24 -------- d-s---w- c:\windows\SysWow64\Microsoft
2015-01-10 16:18 . 2015-01-10 16:18 -------- d-----w- c:\programdata\Malwarebytes
2015-01-10 16:17 . 2015-01-10 16:17 -------- d-----w- c:\users\Larissa\AppData\Local\Programs
2015-01-07 04:39 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD7025C8-05B9-4984-A562-49FE11168B2C}\mpengine.dll
2014-12-28 19:05 . 2011-05-10 01:49 225792 ----a-w- c:\windows\system32\Etprop64.ax
2014-12-28 19:05 . 2011-07-08 20:36 6416256 ----a-w- c:\windows\system32\drivers\ETdrv.sys
2014-12-28 19:05 . 2011-05-10 01:49 188416 ----a-w- c:\windows\SysWow64\Etprop.ax
2014-12-28 19:05 . 2010-11-12 19:39 49664 ----a-w- c:\windows\system32\ETCoInst.dll
2014-12-28 19:04 . 2014-12-28 19:04 -------- d-----w- c:\program files (x86)\ETRON
2014-12-21 18:01 . 2014-12-21 18:01 -------- d-----w- c:\users\Larissa\AppData\Local\CyberLink
2014-12-21 02:27 . 2014-12-21 02:27 -------- d-----w- c:\users\Larissa\AppData\Local\Skype
2014-12-21 02:27 . 2015-01-10 23:41 -------- d-----w- c:\users\Larissa\AppData\Roaming\Skype
2014-12-21 02:26 . 2014-12-21 02:26 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-12-21 02:26 . 2014-12-21 02:26 -------- d-----r- c:\program files (x86)\Skype
2014-12-21 02:25 . 2014-12-21 02:26 -------- d-----w- c:\programdata\Skype
2014-12-18 06:41 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-18 06:41 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-12 16:52 . 2014-12-12 16:52 -------- d-----w- c:\windows\system32\appraiser
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-11 17:33 . 2011-10-23 19:38 112710672 ----a-w- c:\windows\system32\MRT.exe
2014-12-04 02:50 . 2014-12-11 05:28 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-11 05:28 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-11 05:28 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-11 05:28 830976 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-11 05:28 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-11 05:28 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-11 05:28 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-11 05:28 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-11 05:22 389296 ----a-w- c:\windows\system32\iedkcs32.dll
2014-11-25 00:04 . 2011-10-20 05:56 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-11-22 03:13 . 2014-12-10 07:27 25059840 ----a-w- c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-11 05:23 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-11 05:22 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-11 05:22 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-10 07:28 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-11 05:23 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-11 05:22 2885120 ----a-w- c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-10 07:27 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-11 05:22 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-11 05:23 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-11 01:28 633856 ----a-w- c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-11 05:23 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-11 01:28 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-11 01:28 6039552 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-11 05:22 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-11 05:22 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-11 05:23 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-11 05:23 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-10 07:27 199680 ----a-w- c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-11 01:28 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-11 05:22 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-11 05:23 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-11 05:23 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-11 05:22 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-11 05:22 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-11 05:22 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-11 05:23 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-11 05:22 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-11 01:28 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-11 05:22 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-11 01:28 14412800 ----a-w- c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-11 05:23 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-11 05:22 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-10 07:28 2358272 ----a-w- c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-11 05:22 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-11 05:22 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-11 05:22 1548288 ----a-w- c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-11 05:22 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-11 05:22 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2014-11-19 06:47 . 2014-11-19 06:47 1247904 ----a-w- c:\windows\SysWow64\FM20.DLL
2014-11-11 03:09 . 2014-12-11 05:25 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 06:03 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 06:03 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-11 05:25 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 06:03 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 06:03 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-11 05:24 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-10 07:10 2048 ----a-w- c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-10 07:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-10-30 02:03 . 2014-12-10 07:24 165888 ----a-w- c:\windows\system32\charmap.exe
2014-10-30 01:45 . 2014-12-10 07:24 155136 ----a-w- c:\windows\SysWow64\charmap.exe
2014-10-25 01:57 . 2014-11-12 01:24 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 01:24 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-12 01:15 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-18 02:05 . 2014-12-11 17:17 4121600 ----a-w- c:\windows\system32\mf.dll
2014-10-18 01:33 . 2014-11-12 01:15 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-10-18 01:33 . 2014-12-11 17:17 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2014-10-14 02:16 . 2014-11-12 01:39 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-12 01:39 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-12 01:23 3241984 ----a-w- c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-12 01:39 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-12 01:39 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-12 01:39 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-12 01:39 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-12 01:23 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-12 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-12 01:39 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-12 01:39 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
1999-06-19 00:37 . 2013-06-18 06:58 36864 ----a-w- c:\program files\internet explorer\plugins\lfbmp11n.dll
2003-04-10 19:20 . 2013-06-18 07:03 30208 ----a-w- c:\program files\internet explorer\plugins\lfbmp13n.dll
2003-04-10 19:20 . 2013-06-18 07:03 35840 ----a-w- c:\program files\internet explorer\plugins\lfcal13n.dll
1999-06-17 03:17 . 2013-06-18 06:58 273920 ----a-w- c:\program files\internet explorer\plugins\LFCMP11n.DLL
2003-04-10 19:28 . 2013-06-18 07:03 406528 ----a-w- c:\program files\internet explorer\plugins\LFCMP13n.DLL
2003-04-10 19:20 . 2013-06-18 07:03 47104 ----a-w- c:\program files\internet explorer\plugins\lfgif13n.dll
2003-04-10 19:21 . 2013-06-18 07:03 18944 ----a-w- c:\program files\internet explorer\plugins\lfmsp13n.dll
2003-04-10 19:21 . 2013-06-18 07:03 26624 ----a-w- c:\program files\internet explorer\plugins\lfpcx13n.dll
2003-04-10 19:32 . 2013-06-18 07:03 181760 ----a-w- c:\program files\internet explorer\plugins\Lfpng13n.dll
2003-04-10 19:21 . 2013-06-18 07:03 55808 ----a-w- c:\program files\internet explorer\plugins\lfpsd13n.dll
1999-06-19 00:37 . 2013-06-18 06:58 27648 ----a-w- c:\program files\internet explorer\plugins\lftga11n.dll
2003-04-10 19:21 . 2013-06-18 07:03 24576 ----a-w- c:\program files\internet explorer\plugins\lftga13n.dll
2002-09-27 21:04 . 2013-06-18 07:03 4033084 ----a-w- c:\program files\internet explorer\plugins\libex.dll
1999-08-31 22:23 . 2013-06-18 06:58 2714885 ----a-w- c:\program files\internet explorer\plugins\library.dll
1999-06-17 03:08 . 2013-06-18 06:58 234496 ----a-w- c:\program files\internet explorer\plugins\LTDIS11n.dll
2003-04-10 19:18 . 2013-06-18 07:03 269824 ----a-w- c:\program files\internet explorer\plugins\LTDIS13n.dll
1999-06-08 05:27 . 2013-06-18 06:58 226816 ----a-w- c:\program files\internet explorer\plugins\ltefx11n.dll
2003-04-05 01:55 . 2013-06-18 07:03 206848 ----a-w- c:\program files\internet explorer\plugins\ltefx13n.dll
1999-06-17 03:09 . 2013-06-18 06:58 110592 ----a-w- c:\program files\internet explorer\plugins\ltfil11n.DLL
2003-04-10 19:18 . 2013-06-18 07:03 144384 ----a-w- c:\program files\internet explorer\plugins\ltfil13n.DLL
1999-06-17 03:10 . 2013-06-18 06:58 124416 ----a-w- c:\program files\internet explorer\plugins\ltimg11n.dll
2003-04-10 19:19 . 2013-06-18 07:03 447488 ----a-w- c:\program files\internet explorer\plugins\ltimg13n.dll
1999-06-11 02:41 . 2013-06-18 06:58 301568 ----a-w- c:\program files\internet explorer\plugins\ltkrn11n.dll
2003-04-10 19:18 . 2013-06-18 07:03 446464 ----a-w- c:\program files\internet explorer\plugins\ltkrn13n.dll
2006-04-11 14:08 . 2013-06-18 07:03 237568 ----a-w- c:\program files\internet explorer\plugins\mwex.dll
2001-12-04 23:20 . 2013-06-18 06:58 233537 ----a-w- c:\program files\internet explorer\plugins\MWPro.dll
2001-10-16 20:59 . 2013-06-18 06:58 61440 ----a-w- c:\program files\internet explorer\plugins\paint.dll
2006-04-11 14:09 . 2013-06-18 07:03 57344 ----a-w- c:\program files\internet explorer\plugins\paintex.dll
2007-02-09 21:23 . 2013-06-18 07:03 118784 ----a-w- c:\program files\internet explorer\plugins\speech.dll
2006-04-11 14:10 . 2013-06-18 07:03 143360 ----a-w- c:\program files\internet explorer\plugins\spriteex.dll
2002-01-31 03:08 . 2013-06-18 06:58 143360 ----a-w- c:\program files\internet explorer\plugins\sprites.dll
2003-04-21 22:09 . 2013-06-18 07:03 245408 ----a-w- c:\program files\internet explorer\plugins\unicows.dll
1998-07-12 11:13 . 2013-06-18 06:58 53760 ----a-w- c:\program files\internet explorer\plugins\zlib.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-13 03:16 1729744 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-13 03:16 1729744 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-13 03:16 1729744 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-12-12 7394584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-27 271744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
R2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]
R2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBET;USB 2.0 WebCAM;c:\windows\system32\DRIVERS\ETdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ETdrv.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15 00:52]
.
2015-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15 00:52]
.
2015-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3411609374-3622566518-3407021004-1000Core.job
- c:\users\Larissa\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-08 19:11]
.
2015-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3411609374-3622566518-3407021004-1000UA.job
- c:\users\Larissa\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-08 19:11]
.
2015-01-10 c:\windows\Tasks\HPCeeScheduleForLarissa.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-13 03:19 2334928 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-13 03:19 2334928 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-13 03:19 2334928 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-01-29 6160928]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-13 995840]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-01-10  23:24:30
ComboFix-quarantined-files.txt  2015-01-11 09:24
ComboFix2.txt  2015-01-11 07:03
.
Pre-Run: 124,444,258,304 bytes free
Post-Run: 124,145,704,960 bytes free
.
- - End Of File - - F6C90FD9C8D0B005DB0D51A3B16E3D5A
E2A9C3A524E2AFE3D0EC7B71691F43CB
 
 
 
 
and then, after I did everything the first time, I ran it again, so here's the log from the second time:
 
 
 
 
ComboFix 15-01-08.01 - Larissa 01/10/2015  23:15:09.2.1 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1979.1238 [GMT -10:00]
Running from: c:\users\Larissa\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-12-11 to 2015-01-11  )))))))))))))))))))))))))))))))
.
.
2015-01-11 09:21 . 2015-01-11 09:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-11 04:01 . 2015-01-11 05:23 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-11 04:00 . 2015-01-11 04:01 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-01-11 04:00 . 2014-11-21 16:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-01-11 04:00 . 2014-11-21 16:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-01-11 04:00 . 2014-11-21 16:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-01-11 03:24 . 2015-01-11 03:24 -------- d-s---w- c:\windows\SysWow64\Microsoft
2015-01-10 16:18 . 2015-01-10 16:18 -------- d-----w- c:\programdata\Malwarebytes
2015-01-10 16:17 . 2015-01-10 16:17 -------- d-----w- c:\users\Larissa\AppData\Local\Programs
2015-01-07 04:39 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD7025C8-05B9-4984-A562-49FE11168B2C}\mpengine.dll
2014-12-28 19:05 . 2011-05-10 01:49 225792 ----a-w- c:\windows\system32\Etprop64.ax
2014-12-28 19:05 . 2011-07-08 20:36 6416256 ----a-w- c:\windows\system32\drivers\ETdrv.sys
2014-12-28 19:05 . 2011-05-10 01:49 188416 ----a-w- c:\windows\SysWow64\Etprop.ax
2014-12-28 19:05 . 2010-11-12 19:39 49664 ----a-w- c:\windows\system32\ETCoInst.dll
2014-12-28 19:04 . 2014-12-28 19:04 -------- d-----w- c:\program files (x86)\ETRON
2014-12-21 18:01 . 2014-12-21 18:01 -------- d-----w- c:\users\Larissa\AppData\Local\CyberLink
2014-12-21 02:27 . 2014-12-21 02:27 -------- d-----w- c:\users\Larissa\AppData\Local\Skype
2014-12-21 02:27 . 2015-01-10 23:41 -------- d-----w- c:\users\Larissa\AppData\Roaming\Skype
2014-12-21 02:26 . 2014-12-21 02:26 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-12-21 02:26 . 2014-12-21 02:26 -------- d-----r- c:\program files (x86)\Skype
2014-12-21 02:25 . 2014-12-21 02:26 -------- d-----w- c:\programdata\Skype
2014-12-18 06:41 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-18 06:41 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-12 16:52 . 2014-12-12 16:52 -------- d-----w- c:\windows\system32\appraiser
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-11 17:33 . 2011-10-23 19:38 112710672 ----a-w- c:\windows\system32\MRT.exe
2014-12-04 02:50 . 2014-12-11 05:28 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-11 05:28 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-11 05:28 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-11 05:28 830976 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-11 05:28 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-11 05:28 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-11 05:28 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-11 05:28 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-11 05:22 389296 ----a-w- c:\windows\system32\iedkcs32.dll
2014-11-25 00:04 . 2011-10-20 05:56 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-11-22 03:13 . 2014-12-10 07:27 25059840 ----a-w- c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-11 05:23 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-11 05:22 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-11 05:22 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-10 07:28 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-11 05:23 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-11 05:22 2885120 ----a-w- c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-10 07:27 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-11 05:22 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-11 05:23 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-11 01:28 633856 ----a-w- c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-11 05:23 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-11 01:28 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-11 01:28 6039552 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-11 05:22 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-11 05:22 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-11 05:23 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-11 05:23 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-10 07:27 199680 ----a-w- c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-11 01:28 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-11 05:22 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-11 05:23 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-11 05:23 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-11 05:22 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-11 05:22 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-11 05:22 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-11 05:23 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-11 05:22 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-11 01:28 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-11 05:22 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-11 01:28 14412800 ----a-w- c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-11 05:23 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-11 05:22 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-10 07:28 2358272 ----a-w- c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-11 05:22 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-11 05:22 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-11 05:22 1548288 ----a-w- c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-11 05:22 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-11 05:22 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2014-11-19 06:47 . 2014-11-19 06:47 1247904 ----a-w- c:\windows\SysWow64\FM20.DLL
2014-11-11 03:09 . 2014-12-11 05:25 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 06:03 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 06:03 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-11 05:25 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 06:03 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 06:03 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-11 05:24 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-10 07:10 2048 ----a-w- c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-10 07:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-10-30 02:03 . 2014-12-10 07:24 165888 ----a-w- c:\windows\system32\charmap.exe
2014-10-30 01:45 . 2014-12-10 07:24 155136 ----a-w- c:\windows\SysWow64\charmap.exe
2014-10-25 01:57 . 2014-11-12 01:24 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 01:24 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-12 01:15 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-18 02:05 . 2014-12-11 17:17 4121600 ----a-w- c:\windows\system32\mf.dll
2014-10-18 01:33 . 2014-11-12 01:15 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-10-18 01:33 . 2014-12-11 17:17 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2014-10-14 02:16 . 2014-11-12 01:39 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-12 01:39 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-12 01:23 3241984 ----a-w- c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-12 01:39 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-12 01:39 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-12 01:39 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-12 01:39 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-12 01:23 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-12 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-12 01:39 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-12 01:39 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
1999-06-19 00:37 . 2013-06-18 06:58 36864 ----a-w- c:\program files\internet explorer\plugins\lfbmp11n.dll
2003-04-10 19:20 . 2013-06-18 07:03 30208 ----a-w- c:\program files\internet explorer\plugins\lfbmp13n.dll
2003-04-10 19:20 . 2013-06-18 07:03 35840 ----a-w- c:\program files\internet explorer\plugins\lfcal13n.dll
1999-06-17 03:17 . 2013-06-18 06:58 273920 ----a-w- c:\program files\internet explorer\plugins\LFCMP11n.DLL
2003-04-10 19:28 . 2013-06-18 07:03 406528 ----a-w- c:\program files\internet explorer\plugins\LFCMP13n.DLL
2003-04-10 19:20 . 2013-06-18 07:03 47104 ----a-w- c:\program files\internet explorer\plugins\lfgif13n.dll
2003-04-10 19:21 . 2013-06-18 07:03 18944 ----a-w- c:\program files\internet explorer\plugins\lfmsp13n.dll
2003-04-10 19:21 . 2013-06-18 07:03 26624 ----a-w- c:\program files\internet explorer\plugins\lfpcx13n.dll
2003-04-10 19:32 . 2013-06-18 07:03 181760 ----a-w- c:\program files\internet explorer\plugins\Lfpng13n.dll
2003-04-10 19:21 . 2013-06-18 07:03 55808 ----a-w- c:\program files\internet explorer\plugins\lfpsd13n.dll
1999-06-19 00:37 . 2013-06-18 06:58 27648 ----a-w- c:\program files\internet explorer\plugins\lftga11n.dll
2003-04-10 19:21 . 2013-06-18 07:03 24576 ----a-w- c:\program files\internet explorer\plugins\lftga13n.dll
2002-09-27 21:04 . 2013-06-18 07:03 4033084 ----a-w- c:\program files\internet explorer\plugins\libex.dll
1999-08-31 22:23 . 2013-06-18 06:58 2714885 ----a-w- c:\program files\internet explorer\plugins\library.dll
1999-06-17 03:08 . 2013-06-18 06:58 234496 ----a-w- c:\program files\internet explorer\plugins\LTDIS11n.dll
2003-04-10 19:18 . 2013-06-18 07:03 269824 ----a-w- c:\program files\internet explorer\plugins\LTDIS13n.dll
1999-06-08 05:27 . 2013-06-18 06:58 226816 ----a-w- c:\program files\internet explorer\plugins\ltefx11n.dll
2003-04-05 01:55 . 2013-06-18 07:03 206848 ----a-w- c:\program files\internet explorer\plugins\ltefx13n.dll
1999-06-17 03:09 . 2013-06-18 06:58 110592 ----a-w- c:\program files\internet explorer\plugins\ltfil11n.DLL
2003-04-10 19:18 . 2013-06-18 07:03 144384 ----a-w- c:\program files\internet explorer\plugins\ltfil13n.DLL
1999-06-17 03:10 . 2013-06-18 06:58 124416 ----a-w- c:\program files\internet explorer\plugins\ltimg11n.dll
2003-04-10 19:19 . 2013-06-18 07:03 447488 ----a-w- c:\program files\internet explorer\plugins\ltimg13n.dll
1999-06-11 02:41 . 2013-06-18 06:58 301568 ----a-w- c:\program files\internet explorer\plugins\ltkrn11n.dll
2003-04-10 19:18 . 2013-06-18 07:03 446464 ----a-w- c:\program files\internet explorer\plugins\ltkrn13n.dll
2006-04-11 14:08 . 2013-06-18 07:03 237568 ----a-w- c:\program files\internet explorer\plugins\mwex.dll
2001-12-04 23:20 . 2013-06-18 06:58 233537 ----a-w- c:\program files\internet explorer\plugins\MWPro.dll
2001-10-16 20:59 . 2013-06-18 06:58 61440 ----a-w- c:\program files\internet explorer\plugins\paint.dll
2006-04-11 14:09 . 2013-06-18 07:03 57344 ----a-w- c:\program files\internet explorer\plugins\paintex.dll
2007-02-09 21:23 . 2013-06-18 07:03 118784 ----a-w- c:\program files\internet explorer\plugins\speech.dll
2006-04-11 14:10 . 2013-06-18 07:03 143360 ----a-w- c:\program files\internet explorer\plugins\spriteex.dll
2002-01-31 03:08 . 2013-06-18 06:58 143360 ----a-w- c:\program files\internet explorer\plugins\sprites.dll
2003-04-21 22:09 . 2013-06-18 07:03 245408 ----a-w- c:\program files\internet explorer\plugins\unicows.dll
1998-07-12 11:13 . 2013-06-18 06:58 53760 ----a-w- c:\program files\internet explorer\plugins\zlib.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-13 03:16 1729744 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-13 03:16 1729744 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-13 03:16 1729744 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-12-12 7394584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-27 271744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
R2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]
R2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBET;USB 2.0 WebCAM;c:\windows\system32\DRIVERS\ETdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ETdrv.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15 00:52]
.
2015-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15 00:52]
.
2015-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3411609374-3622566518-3407021004-1000Core.job
- c:\users\Larissa\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-08 19:11]
.
2015-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3411609374-3622566518-3407021004-1000UA.job
- c:\users\Larissa\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-08 19:11]
.
2015-01-10 c:\windows\Tasks\HPCeeScheduleForLarissa.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-13 03:19 2334928 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-13 03:19 2334928 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-13 03:19 2334928 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-01-29 6160928]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-13 995840]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-01-10  23:24:30
ComboFix-quarantined-files.txt  2015-01-11 09:24
ComboFix2.txt  2015-01-11 07:03
.
Pre-Run: 124,444,258,304 bytes free
Post-Run: 124,145,704,960 bytes free
.\
- - End Of File - - F6C90FD9C8D0B005DB0D51A3B16E3D5A
E2A9C3A524E2AFE3D0EC7B71691F43CB
 
 
 
 
Sorry again if I screwed things up >.<
 
I won't do anything else until you guys tell me to >.<

 



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:55 AM

Posted 15 February 2015 - 06:22 PM

Hello  coyora and Welcome to the BleepingComputer. :welcome:  

 

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.
 

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.

 

  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks

---------------------------------------------------------------------------------------------------------

 

Please do the following.

-----------

I need to see the log from the first run Combofix.

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

C:\Qoobox\ComboFix2.txt

A text file should open. Please post the contents of that file in your next reply.

 

Please check the date of execution.

--------------------------------------------------------------------

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Have a nice day.


Edited by olgun52, 15 February 2015 - 06:37 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 coyora

coyora
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 16 February 2015 - 06:59 PM

Attached File  Addition.txt   33.25KB   2 downloads
 
Thank you so very much for all your help!  I truly appreciate your 
 
assistance!!!
 
here's the combofix log that came up:
 
ComboFix 15-01-08.01 - Larissa 01/10/2015  20:52:46.1.1 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1979.1278 [GMT -
 
10:00]
Running from: c:\users\Larissa\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   
 
)))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Images
c:\images\calibre_cover.jpg
.
.
(((((((((((((((((((((((((   Files Created from 2014-12-11 to 2015-01-11  
 
)))))))))))))))))))))))))))))))
.
.
2015-01-11 07:00 . 2015-01-11 07:00 -------- d-----w- c:\users\Default
 
\AppData\Local\temp
2015-01-11 06:57 . 2015-01-11 06:57 75888 ----a-w- c:\programdata\Microsoft
 
\Windows Defender\Definition Updates\{FD7025C8-05B9-4984-A562-
 
49FE11168B2C}\offreg.dll
2015-01-11 04:01 . 2015-01-11 05:23 129752 ----a-w- c:\windows
 
\system32\drivers\MBAMSwissArmy.sys
2015-01-11 04:00 . 2015-01-11 04:01 -------- d-----w- c:\program files 
 
(x86)\Malwarebytes Anti-Malware
2015-01-11 04:00 . 2014-11-21 16:14 63704 ----a-w- c:\windows
 
\system32\drivers\mwac.sys
2015-01-11 04:00 . 2014-11-21 16:14 93400 ----a-w- c:\windows
 
\system32\drivers\mbamchameleon.sys
2015-01-11 04:00 . 2014-11-21 16:14 25816 ----a-w- c:\windows
 
\system32\drivers\mbam.sys
2015-01-11 03:24 . 2015-01-11 03:24 -------- d-s---w- c:\windows
 
\SysWow64\Microsoft
2015-01-10 16:18 . 2015-01-10 16:18 -------- d-----w- c:\programdata
 
\Malwarebytes
2015-01-10 16:17 . 2015-01-10 16:17 -------- d-----w- c:\users\Larissa
 
\AppData\Local\Programs
2015-01-07 04:39 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata
 
\Microsoft\Windows Defender\Definition Updates\{FD7025C8-05B9-4984-A562-
 
49FE11168B2C}\mpengine.dll
2014-12-28 19:05 . 2011-05-10 01:49 225792 ----a-w- c:\windows
 
\system32\Etprop64.ax
2014-12-28 19:05 . 2011-07-08 20:36 6416256 ----a-w- c:\windows
 
\system32\drivers\ETdrv.sys
2014-12-28 19:05 . 2011-05-10 01:49 188416 ----a-w- c:\windows
 
\SysWow64\Etprop.ax
2014-12-28 19:05 . 2010-11-12 19:39 49664 ----a-w- c:\windows
 
\system32\ETCoInst.dll
2014-12-28 19:04 . 2014-12-28 19:04 -------- d-----w- c:\program files 
 
(x86)\ETRON
2014-12-21 18:01 . 2014-12-21 18:01 -------- d-----w- c:\users\Larissa
 
\AppData\Local\CyberLink
2014-12-21 02:27 . 2014-12-21 02:27 -------- d-----w- c:\users\Larissa
 
\AppData\Local\Skype
2014-12-21 02:27 . 2015-01-10 23:41 -------- d-----w- c:\users\Larissa
 
\AppData\Roaming\Skype
2014-12-21 02:26 . 2014-12-21 02:26 -------- d-----w- c:\program files 
 
(x86)\Common Files\Skype
2014-12-21 02:26 . 2014-12-21 02:26 -------- d-----r- c:\program files 
 
(x86)\Skype
2014-12-21 02:25 . 2014-12-21 02:26 -------- d-----w- c:\programdata\Skype
2014-12-18 06:41 . 2014-12-13 03:33 115712 ----a-w- c:\windows
 
\SysWow64\ieUnatt.exe
2014-12-18 06:41 . 2014-12-13 05:09 144384 ----a-w- c:\windows
 
\system32\ieUnatt.exe
2014-12-12 16:52 . 2014-12-12 16:52 -------- d-----w- c:\windows
 
\system32\appraiser
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   
 
))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-11 17:33 . 2011-10-23 19:38 112710672 ----a-w- c:\windows
 
\system32\MRT.exe
2014-12-04 02:50 . 2014-12-11 05:28 413184 ----a-w- c:\windows
 
\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-11 05:28 741376 ----a-w- c:\windows
 
\system32\invagent.dll
2014-12-04 02:50 . 2014-12-11 05:28 396800 ----a-w- c:\windows
 
\system32\devinv.dll
2014-12-04 02:50 . 2014-12-11 05:28 830976 ----a-w- c:\windows
 
\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-11 05:28 192000 ----a-w- c:\windows
 
\system32\aepic.dll
2014-12-04 02:50 . 2014-12-11 05:28 227328 ----a-w- c:\windows
 
\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-11 05:28 1083392 ----a-w- c:\windows
 
\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-11 05:28 1232040 ----a-w- c:\windows
 
\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-11 05:22 389296 ----a-w- c:\windows
 
\system32\iedkcs32.dll
2014-11-25 00:04 . 2011-10-20 05:56 275080 ------w- c:\windows
 
\system32\MpSigStub.exe
2014-11-22 03:13 . 2014-12-10 07:27 25059840 ----a-w- c:\windows
 
\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-11 05:23 2724864 ----a-w- c:\windows
 
\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-11 05:22 4096 ----a-w- c:\windows
 
\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-11 05:22 66560 ----a-w- c:\windows
 
\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-10 07:28 580096 ----a-w- c:\windows
 
\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-11 05:23 48640 ----a-w- c:\windows
 
\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-11 05:22 2885120 ----a-w- c:\windows
 
\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-10 07:27 88064 ----a-w- c:\windows
 
\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-11 05:22 54784 ----a-w- c:\windows
 
\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-11 05:23 34304 ----a-w- c:\windows
 
\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-11 01:28 633856 ----a-w- c:\windows
 
\system32\ieui.dll
2014-11-22 02:35 . 2014-12-11 05:23 114688 ----a-w- c:\windows
 
\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-11 01:28 814080 ----a-w- c:\windows
 
\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-11 01:28 6039552 ----a-w- c:\windows
 
\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-11 05:22 968704 ----a-w- c:\windows
 
\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-11 05:22 490496 ----a-w- c:\windows
 
\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-11 05:23 2724864 ----a-w- c:\windows
 
\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-11 05:23 77824 ----a-w- c:\windows
 
\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-10 07:27 199680 ----a-w- c:\windows
 
\system32\msrating.dll
2014-11-22 02:08 . 2014-12-11 01:28 92160 ----a-w- c:\windows
 
\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-11 05:22 501248 ----a-w- c:\windows
 
\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-11 05:23 62464 ----a-w- c:\windows
 
\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-11 05:23 47616 ----a-w- c:\windows
 
\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-11 05:22 64000 ----a-w- c:\windows
 
\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-11 05:22 316928 ----a-w- c:\windows
 
\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-11 05:22 620032 ----a-w- c:\windows
 
\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-11 05:23 718848 ----a-w- c:\windows
 
\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-11 05:22 800768 ----a-w- c:\windows
 
\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-11 01:28 1359360 ----a-w- c:\windows
 
\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-11 05:22 2125312 ----a-w- c:\windows
 
\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-11 01:28 14412800 ----a-w- c:\windows
 
\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-11 05:23 60416 ----a-w- c:\windows
 
\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-11 05:22 4299264 ----a-w- c:\windows
 
\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-10 07:28 2358272 ----a-w- c:\windows
 
\system32\wininet.dll
2014-11-22 01:22 . 2014-12-11 05:22 2052096 ----a-w- c:\windows
 
\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-11 05:22 1155072 ----a-w- c:\windows
 
\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-11 05:22 1548288 ----a-w- c:\windows
 
\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-11 05:22 800768 ----a-w- c:\windows
 
\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-11 05:22 1888256 ----a-w- c:\windows
 
\SysWow64\wininet.dll
2014-11-19 06:47 . 2014-11-19 06:47 1247904 ----a-w- c:\windows
 
\SysWow64\FM20.DLL
2014-11-11 03:09 . 2014-12-11 05:25 1424384 ----a-w- c:\windows
 
\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 06:03 241152 ----a-w- c:\windows
 
\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 06:03 728064 ----a-w- c:\windows
 
\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-11 05:25 1230336 ----a-w- c:\windows
 
\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 06:03 186880 ----a-w- c:\windows
 
\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 06:03 550912 ----a-w- c:\windows
 
\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-11 05:24 119296 ----a-w- c:\windows
 
\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-10 07:10 2048 ----a-w- c:\windows
 
\system32\tzres.dll
2014-11-08 02:45 . 2014-12-10 07:10 2048 ----a-w- c:\windows
 
\SysWow64\tzres.dll
2014-10-30 02:03 . 2014-12-10 07:24 165888 ----a-w- c:\windows
 
\system32\charmap.exe
2014-10-30 01:45 . 2014-12-10 07:24 155136 ----a-w- c:\windows
 
\SysWow64\charmap.exe
2014-10-25 01:57 . 2014-11-12 01:24 77824 ----a-w- c:\windows
 
\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 01:24 67584 ----a-w- c:\windows
 
\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-12 01:15 861696 ----a-w- c:\windows
 
\system32\oleaut32.dll
2014-10-18 02:05 . 2014-12-11 17:17 4121600 ----a-w- c:\windows
 
\system32\mf.dll
2014-10-18 01:33 . 2014-11-12 01:15 571904 ----a-w- c:\windows
 
\SysWow64\oleaut32.dll
2014-10-18 01:33 . 2014-12-11 17:17 3209728 ----a-w- c:\windows
 
\SysWow64\mf.dll
2014-10-14 02:16 . 2014-11-12 01:39 155064 ----a-w- c:\windows
 
\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-12 01:39 683520 ----a-w- c:\windows
 
\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-12 01:23 3241984 ----a-w- c:\windows
 
\system32\msi.dll
2014-10-14 02:12 . 2014-11-12 01:39 1460736 ----a-w- c:\windows
 
\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-12 01:39 146432 ----a-w- c:\windows
 
\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-12 01:39 681984 ----a-w- c:\windows
 
\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-12 01:39 22016 ----a-w- c:\windows
 
\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-12 01:23 2363904 ----a-w- c:\windows
 
\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-12 01:39 96768 ----a-w- c:\windows
 
\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-12 01:39 146432 ----a-w- c:\windows
 
\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-12 01:39 681984 ----a-w- c:\windows
 
\SysWow64\adtschema.dll
1999-06-19 00:37 . 2013-06-18 06:58 36864 ----a-w- c:\program files\internet 
 
explorer\plugins\lfbmp11n.dll
2003-04-10 19:20 . 2013-06-18 07:03 30208 ----a-w- c:\program files\internet 
 
explorer\plugins\lfbmp13n.dll
2003-04-10 19:20 . 2013-06-18 07:03 35840 ----a-w- c:\program files\internet 
 
explorer\plugins\lfcal13n.dll
1999-06-17 03:17 . 2013-06-18 06:58 273920 ----a-w- c:\program files\internet 
 
explorer\plugins\LFCMP11n.DLL
2003-04-10 19:28 . 2013-06-18 07:03 406528 ----a-w- c:\program files\internet 
 
explorer\plugins\LFCMP13n.DLL
2003-04-10 19:20 . 2013-06-18 07:03 47104 ----a-w- c:\program files\internet 
 
explorer\plugins\lfgif13n.dll
2003-04-10 19:21 . 2013-06-18 07:03 18944 ----a-w- c:\program files\internet 
 
explorer\plugins\lfmsp13n.dll
2003-04-10 19:21 . 2013-06-18 07:03 26624 ----a-w- c:\program files\internet 
 
explorer\plugins\lfpcx13n.dll
2003-04-10 19:32 . 2013-06-18 07:03 181760 ----a-w- c:\program files\internet 
 
explorer\plugins\Lfpng13n.dll
2003-04-10 19:21 . 2013-06-18 07:03 55808 ----a-w- c:\program files\internet 
 
explorer\plugins\lfpsd13n.dll
1999-06-19 00:37 . 2013-06-18 06:58 27648 ----a-w- c:\program files\internet 
 
explorer\plugins\lftga11n.dll
2003-04-10 19:21 . 2013-06-18 07:03 24576 ----a-w- c:\program files\internet 
 
explorer\plugins\lftga13n.dll
2002-09-27 21:04 . 2013-06-18 07:03 4033084 ----a-w- c:\program files\internet 
 
explorer\plugins\libex.dll
1999-08-31 22:23 . 2013-06-18 06:58 2714885 ----a-w- c:\program files\internet 
 
explorer\plugins\library.dll
1999-06-17 03:08 . 2013-06-18 06:58 234496 ----a-w- c:\program files\internet 
 
explorer\plugins\LTDIS11n.dll
2003-04-10 19:18 . 2013-06-18 07:03 269824 ----a-w- c:\program files\internet 
 
explorer\plugins\LTDIS13n.dll
1999-06-08 05:27 . 2013-06-18 06:58 226816 ----a-w- c:\program files\internet 
 
explorer\plugins\ltefx11n.dll
2003-04-05 01:55 . 2013-06-18 07:03 206848 ----a-w- c:\program files\internet 
 
explorer\plugins\ltefx13n.dll
1999-06-17 03:09 . 2013-06-18 06:58 110592 ----a-w- c:\program files\internet 
 
explorer\plugins\ltfil11n.DLL
2003-04-10 19:18 . 2013-06-18 07:03 144384 ----a-w- c:\program files\internet 
 
explorer\plugins\ltfil13n.DLL
1999-06-17 03:10 . 2013-06-18 06:58 124416 ----a-w- c:\program files\internet 
 
explorer\plugins\ltimg11n.dll
2003-04-10 19:19 . 2013-06-18 07:03 447488 ----a-w- c:\program files\internet 
 
explorer\plugins\ltimg13n.dll
1999-06-11 02:41 . 2013-06-18 06:58 301568 ----a-w- c:\program files\internet 
 
explorer\plugins\ltkrn11n.dll
2003-04-10 19:18 . 2013-06-18 07:03 446464 ----a-w- c:\program files\internet 
 
explorer\plugins\ltkrn13n.dll
2006-04-11 14:08 . 2013-06-18 07:03 237568 ----a-w- c:\program files\internet 
 
explorer\plugins\mwex.dll
2001-12-04 23:20 . 2013-06-18 06:58 233537 ----a-w- c:\program files\internet 
 
explorer\plugins\MWPro.dll
2001-10-16 20:59 . 2013-06-18 06:58 61440 ----a-w- c:\program files\internet 
 
explorer\plugins\paint.dll
2006-04-11 14:09 . 2013-06-18 07:03 57344 ----a-w- c:\program files\internet 
 
explorer\plugins\paintex.dll
2007-02-09 21:23 . 2013-06-18 07:03 118784 ----a-w- c:\program files\internet 
 
explorer\plugins\speech.dll
2006-04-11 14:10 . 2013-06-18 07:03 143360 ----a-w- c:\program files\internet 
 
explorer\plugins\spriteex.dll
2002-01-31 03:08 . 2013-06-18 06:58 143360 ----a-w- c:\program files\internet 
 
explorer\plugins\sprites.dll
2003-04-21 22:09 . 2013-06-18 07:03 245408 ----a-w- c:\program files\internet 
 
explorer\plugins\unicows.dll
1998-07-12 11:13 . 2013-06-18 06:58 53760 ----a-w- c:\program files\internet 
 
explorer\plugins\zlib.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   
 
))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion
 
\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-13 03:16 1729744 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion
 
\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-13 03:16 1729744 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion
 
\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-13 03:16 1729744 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless 
 
Assistant\HPWAMain.exe" [2009-07-23 498744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update
 
\jusched.exe" [2014-09-27 271744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA
 
\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN 
 
v4.0.30319_X64;c:\windows\Microsoft.NET
 
\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET
 
\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch
 
\HPWMISVC.exe;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe 
 
[x]
R2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync 
 
Manager\HSMServiceEntry.exe;c:\program files (x86)\HTC\HTC Sync Manager
 
\HSMServiceEntry.exe [x]
R2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC
 
\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet 
 
Pass-Through\PassThruSvr.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater
 
\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:
 
\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS
 
\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows
 
\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 
 
Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE
 
\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers
 
\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows
 
\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows
 
\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:
 
\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows
 
\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBET;USB 2.0 WebCAM;c:\windows\system32\DRIVERS\ETdrv.sys;c:\windows
 
\SYSNATIVE\DRIVERS\ETdrv.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows
 
\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:
 
\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys 
 
[x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:
 
\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows
 
\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15 00:52]
.
2015-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15 00:52]
.
2015-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3411609374-
 
3622566518-3407021004-1000Core.job
- c:\users\Larissa\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-08 
 
19:11]
.
2015-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3411609374-
 
3622566518-3407021004-1000UA.job
- c:\users\Larissa\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-08 
 
19:11]
.
2015-01-10 c:\windows\Tasks\HPCeeScheduleForLarissa.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 
 
11:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer
 
\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-13 03:19 2334928 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer
 
\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-13 03:19 2334928 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer
 
\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-13 03:19 2334928 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-01-29 
 
6160928]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-13 
 
995840]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch
 
\HPMSGSVC.exe" [2010-01-18 451072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root
 
\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root
 
\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files 
 
(x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-mIRC - c:\program files (x86)\mIRC\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-
 
0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\
 
\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-
 
0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-
 
0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-
 
0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-
 
0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-
 
0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-
 
0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-
 
B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\
 
\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-
 
B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-
 
B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-
 
B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-
 
96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-
 
96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-
 
96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-
 
96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-
 
96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-
 
96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-
 
96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-
 
96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-
 
96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-
 
96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-
 
96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-
 
96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-
 
96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-
 
96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-
 
96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-
 
11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-
 
11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-
 
11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag
 
\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library
 
\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library
 
\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\
 
\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-01-10  21:03:17
ComboFix-quarantined-files.txt  2015-01-11 07:03
.
Pre-Run: 123,664,166,912 bytes free
Post-Run: 124,029,091,840 bytes free
.
- - End Of File - - D087FA7B78F8933C149C69EB6612AE48
E2A9C3A524E2AFE3D0EC7B71691F43CB
 
 
Here's the FRST.txt (I have ATTACHED the Addition.txt): 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Larissa (administrator) on SATORI on 16-02-2015 13:49:50
Running from C:\Users\Larissa\Desktop
Loaded Profiles: Larissa (Available profiles: Larissa)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Users\Larissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Google Inc.) C:\Users\Larissa\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Users\Larissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Larissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Larissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Larissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Larissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Larissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Larissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Larissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Larissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Larissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Larissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Larissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Larissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Larissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Larissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Amazon.com) C:\Users\Larissa\AppData\Local\Amazon\Kindle\application\Kindle.exe
(Google Inc.) C:\Users\Larissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Larissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Larissa\AppData\Local\Google\Chrome\Application\chrome.exe
(mIRC Co. Ltd.) C:\sysreset\mirc.exe
(Google Inc.) C:\Users\Larissa\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6160928 2010-01-29] (Realtek Semiconductor)
HKLM\...\Run: [RtkOSD] => C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [995840 2010-01-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [HP Quick Launch] => C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [451072 2010-01-18] (Hewlett-Packard Company)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3411609374-3622566518-3407021004-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3411609374-3622566518-3407021004-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784904 2014-10-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3411609374-3622566518-3407021004-1000\...\Run: [Google Update] => C:\Users\Larissa\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-25] (Google Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3411609374-3622566518-3407021004-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3411609374-3622566518-3407021004-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {855E7394-CBE2-4B8E-8E48-C3AF45E5318A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {855E7394-CBE2-4B8E-8E48-C3AF45E5318A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {EE234FF5-13D5-4CD0-AE74-C2D92F0B9458} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {855E7394-CBE2-4B8E-8E48-C3AF45E5318A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {EE234FF5-13D5-4CD0-AE74-C2D92F0B9458} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
SearchScopes: HKU\S-1-5-21-3411609374-3622566518-3407021004-1000 -> DefaultScope {855E7394-CBE2-4B8E-8E48-C3AF45E5318A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3411609374-3622566518-3407021004-1000 -> {855E7394-CBE2-4B8E-8E48-C3AF45E5318A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3411609374-3622566518-3407021004-1000 -> {EE234FF5-13D5-4CD0-AE74-C2D92F0B9458} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: No Name -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} ->  No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - No Name - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} -  No File
Toolbar: HKU\S-1-5-21-3411609374-3622566518-3407021004-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3411609374-3622566518-3407021004-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Larissa\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3411609374-3622566518-3407021004-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Larissa\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-03-24]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Users\Larissa\AppData\Local\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Larissa\AppData\Local\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Larissa\AppData\Local\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java™ Platform SE 6 U17) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll No File
CHR Profile: C:\Users\Larissa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Larissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-31]
CHR Extension: (YouTube) - C:\Users\Larissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-07]
CHR Extension: (Google Search) - C:\Users\Larissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-07]
CHR Extension: (Google Wallet) - C:\Users\Larissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Larissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-07]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [120832 2009-10-15] (Hewlett-Packard) [File not signed]
R2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] () [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-18] (Nero AG)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174600 2014-10-14] (Sandboxie Holdings, LLC)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2015-01-11] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-10-14] (Sandboxie Holdings, LLC)
S3 USBET; C:\Windows\System32\DRIVERS\ETdrv.sys [6416256 2011-07-08] (Etron)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-16 13:49 - 2015-02-16 13:51 - 00017274 _____ () C:\Users\Larissa\Desktop\FRST.txt
2015-02-16 13:49 - 2015-02-16 13:49 - 00000000 ____D () C:\FRST
2015-02-16 13:48 - 2015-02-16 13:48 - 02085888 _____ (Farbar) C:\Users\Larissa\Desktop\FRST64.exe
2015-02-16 13:46 - 2015-02-16 13:46 - 00284920 _____ () C:\Users\Larissa\Downloads\Daybreak on Hyperion 01 - Aorii.mobi
2015-02-16 10:48 - 2015-02-16 10:49 - 00000000 ____D () C:\f0278e1786ce0c5974
2015-02-16 00:26 - 2015-02-16 00:27 - 05066189 _____ () C:\Users\Larissa\Downloads\Only_Sense_Online_-_Volume_03.mobi
2015-02-15 22:03 - 2015-02-15 22:04 - 04113071 _____ () C:\Users\Larissa\Downloads\Only_Sense_Online_-_Volume_02.mobi
2015-02-15 17:45 - 2015-02-15 17:45 - 04393072 _____ () C:\Users\Larissa\Downloads\Only_Sense_Online_-_Volume_01.mobi
2015-02-15 17:42 - 2015-02-15 17:42 - 05152168 _____ () C:\Users\Larissa\Downloads\Only Sense Online - Volume 03.epub
2015-02-15 17:41 - 2015-02-15 17:41 - 04040297 _____ () C:\Users\Larissa\Downloads\Only Sense Online - Volume 02.epub
2015-02-15 17:40 - 2015-02-15 17:40 - 04341966 _____ () C:\Users\Larissa\Downloads\Only Sense Online - Volume 01.epub
2015-02-15 11:33 - 2015-02-15 11:33 - 00055838 _____ () C:\Users\Larissa\Desktop\post.txt
2015-02-15 10:48 - 2015-02-15 10:48 - 00003544 ____N () C:\bootsqm.dat
2015-02-14 23:06 - 2015-02-14 23:06 - 00119000 _____ () C:\Users\Larissa\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-14 23:05 - 2015-02-16 11:00 - 00000224 _____ () C:\Windows\setupact.log
2015-02-14 23:05 - 2015-02-14 23:05 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-14 23:04 - 2015-02-14 23:04 - 00458464 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 20:18 - 2015-01-22 18:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 20:18 - 2015-01-22 18:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 20:18 - 2015-01-22 17:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 20:18 - 2015-01-22 17:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 19:40 - 2015-02-12 19:40 - 00670774 _____ () C:\Users\Larissa\Downloads\dragonheroesarrival.mobi
2015-02-12 03:21 - 2015-02-12 03:21 - 00000000 ____D () C:\Windows\Temp051DCE62-4C02-3FCC-EB7B-DC4C45105747-Signatures
2015-02-11 07:04 - 2015-02-03 17:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 07:04 - 2015-02-03 17:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 07:04 - 2015-02-03 17:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 07:04 - 2015-02-03 17:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 07:04 - 2015-02-03 17:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 07:04 - 2015-02-03 17:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 07:04 - 2015-02-03 17:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 07:04 - 2015-01-27 13:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 07:03 - 2015-01-13 19:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 07:03 - 2015-01-13 19:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 07:03 - 2015-01-11 17:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 07:03 - 2015-01-11 17:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 07:03 - 2015-01-11 16:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 07:03 - 2015-01-11 16:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 07:03 - 2015-01-11 16:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 07:03 - 2015-01-11 16:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 07:03 - 2015-01-11 16:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 07:03 - 2015-01-11 16:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 07:03 - 2015-01-11 16:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 07:03 - 2015-01-11 16:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 07:03 - 2015-01-11 16:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 07:03 - 2015-01-11 16:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 07:03 - 2015-01-11 16:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 07:03 - 2015-01-11 16:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 07:03 - 2015-01-11 16:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 07:03 - 2015-01-11 16:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 07:03 - 2015-01-11 16:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 07:03 - 2015-01-11 16:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 07:03 - 2015-01-11 16:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 07:03 - 2015-01-11 16:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 07:03 - 2015-01-11 16:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 07:03 - 2015-01-11 16:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 07:03 - 2015-01-11 16:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 07:03 - 2015-01-11 15:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 07:03 - 2015-01-11 15:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 07:03 - 2015-01-11 15:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 07:03 - 2015-01-11 15:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 07:03 - 2015-01-11 15:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 07:03 - 2015-01-11 15:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 07:03 - 2015-01-11 15:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 07:03 - 2015-01-11 15:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 07:03 - 2015-01-11 15:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 07:03 - 2015-01-11 15:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 07:03 - 2015-01-11 15:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 07:03 - 2015-01-11 15:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 07:03 - 2015-01-11 15:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 07:03 - 2015-01-11 15:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 07:03 - 2015-01-11 15:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 07:03 - 2015-01-11 15:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 07:03 - 2015-01-11 15:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 07:03 - 2015-01-11 15:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 07:03 - 2015-01-11 15:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 07:03 - 2015-01-11 15:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 07:03 - 2015-01-11 14:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 07:03 - 2015-01-11 14:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 07:03 - 2015-01-09 20:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 07:03 - 2015-01-09 20:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 07:03 - 2015-01-09 20:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 07:03 - 2015-01-09 20:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 07:03 - 2015-01-09 20:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 07:03 - 2015-01-09 20:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 07:03 - 2015-01-09 20:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 07:03 - 2015-01-09 20:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 07:03 - 2015-01-09 20:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 07:03 - 2015-01-09 20:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 07:03 - 2015-01-09 20:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 07:03 - 2015-01-09 20:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 07:03 - 2015-01-09 20:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 07:03 - 2015-01-09 20:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 07:02 - 2015-01-14 22:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 07:02 - 2015-01-14 22:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 07:02 - 2015-01-14 22:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 07:02 - 2015-01-14 22:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 07:02 - 2015-01-14 22:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 07:02 - 2015-01-14 22:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 07:02 - 2015-01-14 22:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 07:02 - 2015-01-14 22:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 07:02 - 2015-01-14 22:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 07:02 - 2015-01-14 22:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 07:02 - 2015-01-14 22:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 07:02 - 2015-01-14 21:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 07:02 - 2015-01-14 21:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 07:02 - 2015-01-14 21:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 07:02 - 2015-01-14 21:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 07:02 - 2015-01-14 21:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 07:02 - 2015-01-14 21:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 07:02 - 2015-01-14 18:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 07:02 - 2015-01-12 17:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 07:02 - 2015-01-12 16:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 07:02 - 2015-01-11 17:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 07:02 - 2015-01-11 16:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 07:02 - 2015-01-11 16:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 07:02 - 2015-01-11 16:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 07:02 - 2015-01-11 15:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 07:01 - 2014-12-11 19:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 07:01 - 2014-12-11 19:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 07:01 - 2014-11-25 17:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 07:01 - 2014-11-25 17:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 07:01 - 2014-10-03 16:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 07:01 - 2014-10-03 15:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 07:01 - 2014-10-03 15:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-11 07:00 - 2014-12-07 17:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 07:00 - 2014-12-07 16:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 06:59 - 2015-01-13 20:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 06:59 - 2015-01-13 20:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 06:59 - 2015-01-13 20:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 06:59 - 2015-01-13 20:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 06:59 - 2015-01-13 19:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 06:59 - 2015-01-13 19:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 06:59 - 2015-01-13 19:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 06:58 - 2015-01-08 16:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-07 15:09 - 2015-02-07 12:52 - 01794750 _____ () C:\Users\Larissa\Downloads\Dragon_in_Exile-eARC.mobi
2015-02-07 15:08 - 2015-02-07 13:21 - 01555336 ____N () C:\Users\Larissa\Downloads\P_dragon_in_exile_-_earc.zip
2015-02-07 15:07 - 2015-02-07 15:07 - 01555952 _____ () C:\Users\Larissa\Downloads\P_ORDER_1043129.zip
2015-02-07 14:59 - 2015-02-07 15:00 - 00331093 _____ () C:\Users\Larissa\Downloads\Ark Volume 03 [Ilya].mobi
2015-02-07 14:59 - 2015-02-07 15:00 - 00330517 _____ () C:\Users\Larissa\Downloads\Ark Volume 02 [Ilya].mobi
2015-02-07 14:59 - 2015-02-07 14:59 - 00406177 _____ () C:\Users\Larissa\Downloads\Ark Volume 01.mobi
2015-02-05 18:40 - 2015-02-05 18:40 - 00190131 _____ () C:\Users\Larissa\Downloads\Unique Legend - Volume 1.mobi
2015-02-05 18:40 - 2015-02-05 18:40 - 00175422 _____ () C:\Users\Larissa\Downloads\Unique Legend - Volume 2.mobi
2015-02-05 18:40 - 2015-02-05 18:40 - 00170984 _____ () C:\Users\Larissa\Downloads\Unique Legend - Volume 3 (Light).mobi
2015-02-01 10:25 - 2015-02-01 10:25 - 01000503 _____ () C:\Users\Larissa\Downloads\Ann_Aguirre_-_[Dred_Chronicles_02_-_Havoc_epub_.mobi
2015-01-25 17:10 - 2015-01-25 17:11 - 00000000 ____D () C:\Users\Larissa\Desktop\Baka-Updates Manga - Gojikanme no Sensou_files
2015-01-25 17:10 - 2015-01-25 17:10 - 00037849 _____ () C:\Users\Larissa\Desktop\Baka-Updates Manga - Gojikanme no Sensou.html
2015-01-25 10:32 - 2015-01-25 10:32 - 11304303 _____ () C:\Users\Larissa\Downloads\[roankun] Abnormal-kei Joshi 03.zip
2015-01-25 10:31 - 2015-01-25 10:32 - 13117761 _____ () C:\Users\Larissa\Downloads\[roankun] Abnormal-kei Joshi 02v2.zip
2015-01-25 10:21 - 2015-01-25 10:22 - 15125448 _____ () C:\Users\Larissa\Downloads\[roankun] Abnormal-kei Joshi 01v2.zip
2015-01-25 10:21 - 2015-01-25 10:21 - 07533438 _____ () C:\Users\Larissa\Downloads\[roankun] Abnormal-kei Joshi 04.zip
2015-01-25 10:21 - 2015-01-25 10:21 - 04102482 _____ () C:\Users\Larissa\Downloads\[roankun] Abnormal-kei Joshi Color Illustrations.zip
2015-01-25 10:20 - 2015-01-25 10:21 - 12048071 _____ () C:\Users\Larissa\Downloads\[roankun] Abnormal-kei Joshi 05.zip
2015-01-25 10:20 - 2015-01-25 10:20 - 10041869 _____ () C:\Users\Larissa\Downloads\[roankun] Abnormal-kei Joshi 07.zip
2015-01-25 10:20 - 2015-01-25 10:20 - 07662561 _____ () C:\Users\Larissa\Downloads\[roankun] Abnormal-kei Joshi 06.zip
2015-01-25 10:19 - 2015-01-25 10:20 - 05319510 _____ () C:\Users\Larissa\Downloads\[roankun] Abnormal-kei Joshi 08 (1).zip
2015-01-25 10:19 - 2015-01-25 10:19 - 17379940 _____ () C:\Users\Larissa\Downloads\[roankun] Abnormal-kei Joshi 09.zip
2015-01-25 10:12 - 2015-01-25 10:12 - 11253251 _____ () C:\Users\Larissa\Downloads\[roankun] Abnormal-kei Joshi 10.zip
2015-01-25 10:02 - 2015-01-25 10:03 - 08140296 _____ () C:\Users\Larissa\Downloads\Abnormal-kei Joshi 11 [roankun].zip
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-16 13:35 - 2012-02-07 21:58 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3411609374-3622566518-3407021004-1000UA.job
2015-02-16 13:27 - 2012-02-14 18:58 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-16 11:23 - 2012-02-14 18:58 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-16 11:21 - 2009-07-13 19:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-16 11:20 - 2009-07-13 19:08 - 00032654 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-16 11:13 - 2015-01-11 13:34 - 02035666 _____ () C:\Windows\WindowsUpdate.log
2015-02-16 10:49 - 2015-01-11 23:19 - 00002148 _____ () C:\Windows\epplauncher.mif
2015-02-16 00:28 - 2013-02-12 22:51 - 00000000 ____D () C:\Users\Larissa\Documents\My Kindle Content
2015-02-15 18:38 - 2009-07-13 19:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-15 18:35 - 2012-02-07 21:57 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3411609374-3622566518-3407021004-1000Core.job
2015-02-15 10:57 - 2009-07-13 18:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-15 10:57 - 2009-07-13 18:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-15 10:51 - 2014-04-04 19:02 - 00000000 ____D () C:\Users\Larissa\AppData\Local\HTC MediaHub
2015-02-14 21:10 - 2013-03-20 20:01 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForLarissa
2015-02-14 21:10 - 2013-03-20 20:01 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForLarissa.job
2015-02-14 08:12 - 2010-03-24 08:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-12 13:39 - 2015-01-11 23:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-12 13:38 - 2014-12-12 06:52 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 13:38 - 2014-05-07 13:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 05:38 - 2015-01-13 18:35 - 00001634 _____ () C:\Windows\Sandboxie.ini
2015-02-12 04:00 - 2014-10-29 21:43 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-12 03:55 - 2009-07-13 16:34 - 00000502 _____ () C:\Windows\win.ini
2015-02-12 03:22 - 2015-01-11 23:22 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-12 03:18 - 2013-07-17 08:30 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 03:07 - 2011-10-23 09:38 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 21:45 - 2011-10-19 21:40 - 00000000 ____D () C:\sysreset
2015-02-06 15:22 - 2012-02-14 18:58 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 15:22 - 2012-02-14 18:58 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 23:38 - 2012-02-07 21:59 - 00002340 _____ () C:\Users\Larissa\Desktop\Google Chrome.lnk
2015-02-03 18:30 - 2012-02-07 21:58 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3411609374-3622566518-3407021004-1000UA
2015-02-03 18:30 - 2012-02-07 21:58 - 00003494 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3411609374-3622566518-3407021004-1000Core
2015-01-17 07:27 - 2014-02-25 03:11 - 00779276 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
 
==================== Files in the root of some directories =======
 
2011-10-29 20:44 - 2013-12-15 17:53 - 0005390 _____ () C:\Users\Larissa\AppData\Roaming\wklnhst.dat
2013-07-24 21:08 - 2013-07-24 21:08 - 0007626 _____ () C:\Users\Larissa\AppData\Local\Resmon.ResmonCfg
2011-10-19 19:31 - 2015-02-16 12:51 - 0000942 _____ () C:\ProgramData\HPWALog.txt
2010-07-07 22:43 - 2010-07-07 22:43 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2010-03-24 09:30 - 2010-03-24 09:30 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-07-07 22:43 - 2010-07-07 22:43 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2010-03-24 09:24 - 2010-03-24 09:25 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-07-07 22:42 - 2010-07-07 22:42 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2010-07-07 22:43 - 2010-07-07 22:43 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2010-03-24 09:24 - 2010-03-24 09:24 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-03-24 09:25 - 2010-03-24 09:30 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2010-07-07 22:43 - 2010-07-07 22:43 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-03 00:12
 
==================== End Of Log ============================
 
(the Addition.txt is attached)


#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:55 AM

Posted 17 February 2015 - 04:18 PM

Hi coyora,
 
Thanks for the Logs

[b][roankun] Abnormal-kei Joshi 03.zip
Unique Legend - Volume 3 (Light).mobi
Ark Volume 03 [Ilya].mobi[/b]

What are these and do you have any information ?
-------------------------------------------------------------------------

Uninstalling a Program using Add/Remove Program

I recommend the uninstalling of the below listed program(s).

  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

ask.com --->Here

SweetIM Toolbar or SweetPacks Toolbar -->Here

  • Reboot your computer

-------------------------------------------------------------------------
Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.

 C:\sysreset\mirc.exe
 
Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.
--------------------------------------------------------------------------------
 
Step 1:
FRST Script:
Please download this attached txt.gif  fixlist.txt   4.25KB   0 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.
 
Step 2:
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Have a nice day.

Attached Files


Edited by olgun52, 18 February 2015 - 01:11 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 coyora

coyora
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 17 February 2015 - 10:37 PM

I am in the process of following the steps one by one...

 

Here's the information about the files you asked about:

 

[b][roankun] Abnormal-kei Joshi 03.zip   =  chapter 3 of a manga, a comic book

 

Unique Legend - Volume 3 (Light).mobi =  volume 3 of a novel

Ark Volume 03 [Ilya].mobi[/b]  = volume 3 of a novel

 

 

I will make a new reply every time I complete a step, because now my computer's turning off by itself sometimes (it says overheating).



#6 coyora

coyora
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 17 February 2015 - 10:56 PM

Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.

 C:\sysreset\mirc.exe
 
Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.

 

I *re*analyzed the file.

 

Here is the link to the virus total page:

 

https://www.virustotal.com/en/file/c1fcf3e3d89d549b90261fa166537ebaedee2cb6962c3ce28287b9f4db4eba71/analysis/1424231310/



#7 coyora

coyora
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 17 February 2015 - 11:09 PM

Uninstalling a Program using Add/Remove Program

I recommend the uninstalling of the below listed program(s).

  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

ask.com --->Here

SweetIM Toolbar or SweetPacks Toolbar -->Here

  • Reboot your computer

 

For this step, I don't see any programs listed with similar names.  

 

Do you want screenshots of my installed programs?

 

Can I take the FRST steps without uninstalling these first?

 

Should I search out the program names and delete them?

 

Thanks so much for all your help Yilmaz!!! You are a rock star~~~~



#8 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:55 AM

Posted 18 February 2015 - 01:28 PM

Hi coyora;

I will make a new reply every time I complete a step, because now my computer's turning off by itself sometimes (it says overheating).

I understand.

Do you want screenshots of my installed programs?

No,thank you.

Should I search out the program names and delete them?

No. we will delete  them

 

You are a rock star~~~~  :hello: Greetings from Turkey.

 

You can now run all the steps. Thanks.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 coyora

coyora
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 19 February 2015 - 01:22 AM

Step 1:
FRST Script:
Please download this attached txt.gif  fixlist.txt   4.25KB   0 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.

 

here's the fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2015 01
Ran by Larissa at 2015-02-18 20:10:31 Run:1
Running from C:\Users\Larissa\Desktop
Loaded Profiles: Larissa (Available profiles: Larissa)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3411609374-3622566518-3407021004-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {855E7394-CBE2-4B8E-8E48-C3AF45E5318A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {855E7394-CBE2-4B8E-8E48-C3AF45E5318A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {EE234FF5-13D5-4CD0-AE74-C2D92F0B9458} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {855E7394-CBE2-4B8E-8E48-C3AF45E5318A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {EE234FF5-13D5-4CD0-AE74-C2D92F0B9458} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
SearchScopes: HKU\S-1-5-21-3411609374-3622566518-3407021004-1000 -> DefaultScope {855E7394-CBE2-4B8E-8E48-C3AF45E5318A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3411609374-3622566518-3407021004-1000 -> {855E7394-CBE2-4B8E-8E48-C3AF45E5318A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3411609374-3622566518-3407021004-1000 -> {EE234FF5-13D5-4CD0-AE74-C2D92F0B9458} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
BHO-x32: No Name -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} ->  No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - No Name - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} -  No File
Toolbar: HKU\S-1-5-21-3411609374-3622566518-3407021004-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Plugin: (Native Client) - C:\Users\Larissa\AppData\Local\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java™ Platform SE 6 U17) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll No File
CHR Profile: C:\Users\Larissa\AppData\Local\Google\Chrome\User Data\Default
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\sysreset\mirc.exe
CustomCLSID: HKU\S-1-5-21-3411609374-3622566518-3407021004-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Larissa\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
Task: {1645EEBA-19DA-44B3-BEB8-BBC904CD5099} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
2009-02-27 09:56 - 2009-02-27 09:56 - 00016768 _____ () C:\Program Files (x86)\Adobe\Reader 9.0\Reader\viewerps.dll
EmptyTemp:
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found. 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3411609374-3622566518-3407021004-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{855E7394-CBE2-4B8E-8E48-C3AF45E5318A}" => Key deleted successfully.
HKCR\CLSID\{855E7394-CBE2-4B8E-8E48-C3AF45E5318A} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EE234FF5-13D5-4CD0-AE74-C2D92F0B9458}" => Key deleted successfully.
HKCR\CLSID\{EE234FF5-13D5-4CD0-AE74-C2D92F0B9458} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{855E7394-CBE2-4B8E-8E48-C3AF45E5318A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{855E7394-CBE2-4B8E-8E48-C3AF45E5318A} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EE234FF5-13D5-4CD0-AE74-C2D92F0B9458}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{EE234FF5-13D5-4CD0-AE74-C2D92F0B9458} => Key not found. 
HKU\S-1-5-21-3411609374-3622566518-3407021004-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3411609374-3622566518-3407021004-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{855E7394-CBE2-4B8E-8E48-C3AF45E5318A}" => Key deleted successfully.
HKCR\CLSID\{855E7394-CBE2-4B8E-8E48-C3AF45E5318A} => Key not found. 
"HKU\S-1-5-21-3411609374-3622566518-3407021004-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EE234FF5-13D5-4CD0-AE74-C2D92F0B9458}" => Key deleted successfully.
HKCR\CLSID\{EE234FF5-13D5-4CD0-AE74-C2D92F0B9458} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => Key not found. 
HKCR\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} => Value not found.
HKCR\Wow6432Node\CLSID\{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} => Key not found. 
HKU\S-1-5-21-3411609374-3622566518-3407021004-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.71.2" => Key deleted successfully.
C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2" => Key deleted successfully.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\Larissa\AppData\Local\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => Moved successfully.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll not found.
C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll not found.
CHR Profile: C:\Users\Larissa\AppData\Local\Google\Chrome\User Data\Default => Error: No automatic fix found for this entry.
catchme => Service deleted successfully.
C:\sysreset\mirc.exe => Moved successfully.
"HKU\S-1-5-21-3411609374-3622566518-3407021004-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1645EEBA-19DA-44B3-BEB8-BBC904CD5099}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1645EEBA-19DA-44B3-BEB8-BBC904CD5099}" => Key deleted successfully.
C:\Windows\System32\Tasks\avast! Emergency Update => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avast! Emergency Update" => Key deleted successfully.
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\viewerps.dll => Moved successfully.
EmptyTemp: => Removed 260.6 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 20:11:56 ====
 
 
 
I rebooted the system


#10 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:55 AM

Posted 19 February 2015 - 11:32 AM

Hi coyora,
 
Thanks for the Logs.
 
Step 1:
Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 2:
Ensure your external and/or USB drives are inserted during the scan
Please be sure to run our tools with administrator rights.

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

Have a great day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 coyora

coyora
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 19 February 2015 - 10:17 PM

Sorry Yilmaz, I fell asleep last night waiting for the log for this:

 

Step 2:
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Here's the log:

 

# AdwCleaner v4.111 - Logfile created 18/02/2015 at 20:32:29
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Larissa - SATORI
# Running from : C:\Users\Larissa\Desktop\adwcleaner_4.111.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Larissa\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Larissa\AppData\LocalLow\HPAppData
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17631
 
 
-\\ Google Chrome v
 
 
*************************
 
AdwCleaner[R0].txt - [1038 bytes] - [18/02/2015 20:25:45]
AdwCleaner[S0].txt - [975 bytes] - [18/02/2015 20:32:29]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1033  bytes] ##########
 
 
Thanks so much for your hard work!!!


#12 coyora

coyora
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 19 February 2015 - 10:28 PM

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
Here's the contents of the log:
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Larissa on Thu 02/19/2015 at 17:19:31.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/19/2015 at 17:25:42.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#13 coyora

coyora
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 19 February 2015 - 11:50 PM

Step 1:
Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply
 
Here's the logs:
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/19/2015
Scan Time: 5:32:56 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
 
 
 
Malware Database: v2015.02.20.03
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Larissa
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 358266
Time Elapsed: 1 hr, 1 min, 54 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Update, 2/19/2015 5:32:14 PM, SYSTEM, SATORI, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, 
Update, 2/19/2015 5:32:14 PM, SYSTEM, SATORI, Manual, Rootkit Database, 2014.11.18.1, 2015.2.3.1, 
Update, 2/19/2015 5:32:31 PM, SYSTEM, SATORI, Manual, Malware Database, 2014.11.20.6, 2015.2.20.3, 
Scan, 2/19/2015 6:34:54 PM, SYSTEM, SATORI, Manual, Start:2/19/2015 5:32:56 PM, Duration:1 hr 1 min 54 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
 
(end)
 


#14 coyora

coyora
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 20 February 2015 - 12:27 AM

Thank you so much for helping me with this Yilmaz!!  After the malware's gone, is it okay if I ask some advice on not getting infected again?  I want to avoid using up so much of someone else's time again (>.<)

 

Lots of aloha from Hawaii~~~

 

Step 2:

Ensure your external and/or USB drives are inserted during the scan
Please be sure to run our tools with administrator rights.

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

Have a great day.

 

Here's the log:

 

ComboFix 15-02-16.01 - Larissa 02/19/2015  19:01:54.3.1 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1979.1319 [GMT -10:00]
Running from: c:\users\Larissa\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2015-01-20 to 2015-02-20  )))))))))))))))))))))))))))))))
.
.
2015-02-20 05:10 . 2015-02-20 05:10 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-02-20 05:10 . 2015-02-20 05:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-19 06:25 . 2015-02-19 06:32 -------- d-----w- C:\AdwCleaner
2015-02-16 23:49 . 2015-02-19 06:11 -------- d-----w- C:\FRST
2015-02-13 06:18 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-13 06:18 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-13 06:18 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
2015-02-13 06:18 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-12 14:54 . 2015-02-12 14:54 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2CFC8C99-574E-4B2F-AA61-C749452311C5}\offreg.dll
2015-02-12 13:21 . 2015-02-12 13:21 -------- d-----w- c:\windows\Temp051DCE62-4C02-3FCC-EB7B-DC4C45105747-Signatures
2015-02-12 07:51 . 2014-12-15 14:13 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2CFC8C99-574E-4B2F-AA61-C749452311C5}\mpengine.dll
2015-02-11 17:04 . 2015-02-04 03:16 609280 ----a-w- c:\windows\system32\generaltel.dll
2015-02-11 17:04 . 2015-02-04 03:16 762368 ----a-w- c:\windows\system32\invagent.dll
2015-02-11 17:04 . 2015-02-04 03:16 894976 ----a-w- c:\windows\system32\appraiser.dll
2015-02-11 17:04 . 2015-02-04 03:13 1098752 ----a-w- c:\windows\system32\aeinv.dll
2015-02-11 17:04 . 2015-02-04 03:16 414720 ----a-w- c:\windows\system32\devinv.dll
2015-02-11 17:04 . 2015-01-27 23:36 1239720 ----a-w- c:\windows\system32\aitstatic.exe
2015-02-11 17:04 . 2015-02-04 03:16 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-02-11 17:04 . 2015-02-04 03:16 192000 ----a-w- c:\windows\system32\aepic.dll
2015-02-11 17:02 . 2015-01-12 02:48 584192 ----a-w- c:\windows\system32\vbscript.dll
2015-02-11 17:01 . 2014-12-12 05:31 1480192 ----a-w- c:\windows\system32\crypt32.dll
2015-02-11 17:01 . 2014-12-12 05:07 1174528 ----a-w- c:\windows\SysWow64\crypt32.dll
2015-02-11 17:01 . 2014-11-26 03:53 861696 ----a-w- c:\windows\system32\oleaut32.dll
2015-02-11 17:01 . 2014-11-26 03:32 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2015-02-11 17:01 . 2014-10-04 02:10 3722752 ----a-w- c:\windows\system32\mstscax.dll
2015-02-11 17:01 . 2014-10-04 01:42 3221504 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-02-11 17:01 . 2014-10-04 01:42 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2015-02-11 17:00 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
2015-02-11 17:00 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-02-11 16:59 . 2015-01-14 06:09 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-02-11 16:59 . 2015-01-14 05:44 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-02-11 16:59 . 2015-01-14 05:44 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-02-11 16:59 . 2015-01-14 06:05 503808 ----a-w- c:\windows\system32\srcore.dll
2015-02-11 16:59 . 2015-01-14 06:04 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-02-11 16:59 . 2015-01-14 06:05 50176 ----a-w- c:\windows\system32\srclient.dll
2015-02-11 16:59 . 2015-01-14 05:41 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-02-11 16:58 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
2015-02-11 06:59 . 2015-01-12 09:28 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2746C246-43C2-4387-AF71-1A2987A9436E}\gapaengine.dll
2015-02-11 06:58 . 2014-12-15 14:13 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-01-22 01:03 . 2015-01-22 01:03 7838928 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2015-01-22 01:03 . 2015-01-22 01:03 7603896 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2015-01-22 00:59 . 2015-01-22 00:59 624360 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\ACEES.DLL
2015-01-22 00:59 . 2015-01-22 00:59 390360 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\ACEEXCL.DLL
2015-01-22 00:59 . 2015-01-22 00:59 320224 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\ACEOLEDB.DLL
2015-01-22 00:59 . 2015-01-22 00:59 1670344 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\ACECORE.DLL
2015-01-22 00:59 . 2015-01-22 00:59 159952 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\ACETXT.DLL
2015-01-22 00:59 . 2015-01-22 00:59 432376 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\ACEDAO.DLL
2015-01-22 00:58 . 2015-01-22 00:58 3618488 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\1033\MSOINTL.DLL
2015-01-22 00:58 . 2015-01-22 00:58 235192 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\1033\OSFINTL.DLL
2015-01-22 00:58 . 2015-01-22 00:58 82664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
2015-01-22 00:58 . 2015-01-22 00:58 81238200 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
2015-01-22 00:58 . 2015-01-22 00:58 700616 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\WXPNSE.DLL
2015-01-22 00:58 . 2015-01-22 00:58 1625248 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\RICHED20.DLL
2015-01-22 00:58 . 2015-01-22 00:58 5736144 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2015-01-22 00:58 . 2015-01-22 00:58 550072 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOSQM.EXE
2015-01-22 00:58 . 2015-01-22 00:58 5435576 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2015-01-22 00:58 . 2015-01-22 00:58 26476728 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-20 03:32 . 2015-01-11 04:01 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-12 13:07 . 2011-10-23 19:38 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-01-12 09:28 . 2015-01-13 17:28 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-12-31 11:14 . 2011-10-20 05:56 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-19 03:06 . 2015-01-14 04:46 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 04:46 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-11 17:47 . 2015-01-14 04:46 52736 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-12-06 04:17 . 2015-01-14 04:46 303616 ----a-w- c:\windows\system32\nlasvc.dll
2014-12-06 03:50 . 2015-01-14 04:46 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50 . 2015-01-14 04:46 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2014-12-02 10:26 . 2015-01-07 04:39 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD7025C8-05B9-4984-A562-49FE11168B2C}\mpengine.dll
1999-06-19 00:37 . 2013-06-18 06:58 36864 ----a-w- c:\program files\internet explorer\plugins\lfbmp11n.dll
2003-04-10 19:20 . 2013-06-18 07:03 30208 ----a-w- c:\program files\internet explorer\plugins\lfbmp13n.dll
2003-04-10 19:20 . 2013-06-18 07:03 35840 ----a-w- c:\program files\internet explorer\plugins\lfcal13n.dll
1999-06-17 03:17 . 2013-06-18 06:58 273920 ----a-w- c:\program files\internet explorer\plugins\LFCMP11n.DLL
2003-04-10 19:28 . 2013-06-18 07:03 406528 ----a-w- c:\program files\internet explorer\plugins\LFCMP13n.DLL
2003-04-10 19:20 . 2013-06-18 07:03 47104 ----a-w- c:\program files\internet explorer\plugins\lfgif13n.dll
2003-04-10 19:21 . 2013-06-18 07:03 18944 ----a-w- c:\program files\internet explorer\plugins\lfmsp13n.dll
2003-04-10 19:21 . 2013-06-18 07:03 26624 ----a-w- c:\program files\internet explorer\plugins\lfpcx13n.dll
2003-04-10 19:32 . 2013-06-18 07:03 181760 ----a-w- c:\program files\internet explorer\plugins\Lfpng13n.dll
2003-04-10 19:21 . 2013-06-18 07:03 55808 ----a-w- c:\program files\internet explorer\plugins\lfpsd13n.dll
1999-06-19 00:37 . 2013-06-18 06:58 27648 ----a-w- c:\program files\internet explorer\plugins\lftga11n.dll
2003-04-10 19:21 . 2013-06-18 07:03 24576 ----a-w- c:\program files\internet explorer\plugins\lftga13n.dll
2002-09-27 21:04 . 2013-06-18 07:03 4033084 ----a-w- c:\program files\internet explorer\plugins\libex.dll
1999-08-31 22:23 . 2013-06-18 06:58 2714885 ----a-w- c:\program files\internet explorer\plugins\library.dll
1999-06-17 03:08 . 2013-06-18 06:58 234496 ----a-w- c:\program files\internet explorer\plugins\LTDIS11n.dll
2003-04-10 19:18 . 2013-06-18 07:03 269824 ----a-w- c:\program files\internet explorer\plugins\LTDIS13n.dll
1999-06-08 05:27 . 2013-06-18 06:58 226816 ----a-w- c:\program files\internet explorer\plugins\ltefx11n.dll
2003-04-05 01:55 . 2013-06-18 07:03 206848 ----a-w- c:\program files\internet explorer\plugins\ltefx13n.dll
1999-06-17 03:09 . 2013-06-18 06:58 110592 ----a-w- c:\program files\internet explorer\plugins\ltfil11n.DLL
2003-04-10 19:18 . 2013-06-18 07:03 144384 ----a-w- c:\program files\internet explorer\plugins\ltfil13n.DLL
1999-06-17 03:10 . 2013-06-18 06:58 124416 ----a-w- c:\program files\internet explorer\plugins\ltimg11n.dll
2003-04-10 19:19 . 2013-06-18 07:03 447488 ----a-w- c:\program files\internet explorer\plugins\ltimg13n.dll
1999-06-11 02:41 . 2013-06-18 06:58 301568 ----a-w- c:\program files\internet explorer\plugins\ltkrn11n.dll
2003-04-10 19:18 . 2013-06-18 07:03 446464 ----a-w- c:\program files\internet explorer\plugins\ltkrn13n.dll
2006-04-11 14:08 . 2013-06-18 07:03 237568 ----a-w- c:\program files\internet explorer\plugins\mwex.dll
2001-12-04 23:20 . 2013-06-18 06:58 233537 ----a-w- c:\program files\internet explorer\plugins\MWPro.dll
2001-10-16 20:59 . 2013-06-18 06:58 61440 ----a-w- c:\program files\internet explorer\plugins\paint.dll
2006-04-11 14:09 . 2013-06-18 07:03 57344 ----a-w- c:\program files\internet explorer\plugins\paintex.dll
2007-02-09 21:23 . 2013-06-18 07:03 118784 ----a-w- c:\program files\internet explorer\plugins\speech.dll
2006-04-11 14:10 . 2013-06-18 07:03 143360 ----a-w- c:\program files\internet explorer\plugins\spriteex.dll
2002-01-31 03:08 . 2013-06-18 06:58 143360 ----a-w- c:\program files\internet explorer\plugins\sprites.dll
2003-04-21 22:09 . 2013-06-18 07:03 245408 ----a-w- c:\program files\internet explorer\plugins\unicows.dll
1998-07-12 11:13 . 2013-06-18 06:58 53760 ----a-w- c:\program files\internet explorer\plugins\zlib.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-22 00:59 1729744 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-22 00:59 1729744 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-22 00:59 1729744 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-12-12 7394584]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2014-10-14 784904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-27 271744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBET;USB 2.0 WebCAM;c:\windows\system32\DRIVERS\ETdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ETdrv.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15 00:52]
.
2015-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15 00:52]
.
2015-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3411609374-3622566518-3407021004-1000Core.job
- c:\users\Larissa\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-08 19:11]
.
2015-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3411609374-3622566518-3407021004-1000UA.job
- c:\users\Larissa\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-08 19:11]
.
2015-02-19 c:\windows\Tasks\HPCeeScheduleForLarissa.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-22 01:03 2334928 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-22 01:03 2334928 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-22 01:03 2334928 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-01-29 6160928]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-13 995840]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-23 1331288]
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-mbamchameleon
AddRemove-mIRC - c:\sysreset\mirc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-02-19  19:14:16
ComboFix-quarantined-files.txt  2015-02-20 05:14
ComboFix2.txt  2015-01-11 09:24
ComboFix3.txt  2015-01-11 07:03
.
Pre-Run: 124,004,282,368 bytes free
Post-Run: 123,718,316,032 bytes free
.
- - End Of File - - E3856A09216C4BFB8EFBEE8ED1985554
E2A9C3A524E2AFE3D0EC7B71691F43CB
 
 
edited to add:  the option to install recovery console wasn't offered, but I didn't un-install the combofix I already had, I just downloaded it again and ran it from my desktop.

Edited by coyora, 20 February 2015 - 12:29 AM.


#15 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:55 AM

Posted 20 February 2015 - 10:37 AM

Hi coyora,

I want to avoid using up so much of someone else's time again.
After the malware's gone, is it okay if I ask some advice on not getting infected again?

Thank you for your understanding. I will do informing

edited to add: the option to install recovery console wasn't offered, but I didn't un-install the combofix I already had, I just downloaded it again and ran it from my desktop.

OK.Thank you.

Lots of aloha from Hawaii~~~

Thank you. :hello:

--------------------------

Step 1:

Your Adobe Reader is out of date.

Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader 11.0.00 (XI) to your PC's desktop.
 

  • Uninstall Adobe Reader 9.0 via Start => Control Panel > Uninstall a program
  • Install the new downloaded updated software.

İmportant:

Note that the McAfee Security scan is prechecked. You may wish to uncheck it before downloading.
mcafee-ssp.jpg

----------------

Updating Java and Clearing Cache:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to update.

Please go to Start > Control Panel > Programs and Features > uninstall all the Java Programs you see, now download the latest Java from the following link and install it:

 

Java 6
Java 7

So all java delete.

Now system reboot.

  • Download the latest version of Java Runtime Environment (JRE) 8
  • Recommended Version is 8 Update 31
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows Offline (64-bit) and save the file.
  • Close any programs you may have running - especially your web browser.

java-1.jpg
See this page for instructions on how to clear java's cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Installed Applications and Applets
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

Step 2:

Run Eset Online Scan

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as Administrator command.

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option "Scan Archives" and Remove found threats is ticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

Have a great day.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users