Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicious activity is detected. Your Account is locked


  • This topic is locked This topic is locked
61 replies to this topic

#1 CJB445

CJB445

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 AM

Posted 10 July 2015 - 11:49 AM

Suspicious activity detected. Your account is locked.

This will not allow me to access my Hotmail or live accounts.

It ask me to change my password, then ask for credit card information.

I did not do that. I can access these accounts on any other device with no problems.

I have having the same problem in Internet Explorer, Google Chrome, and Firefox.

 

I am running windows7 64bit on an HP Pavilion desktop.

I cannot run McAfee, Rkill, or Malwarebytes, even in safemode.

I ran FRST but it will not allow me to copy and paste into my browser so I attached the FRST and Addition files.

 

My internet explorer only seems to work in safemode.

Thnak you.

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:28 PM

Posted 12 July 2015 - 06:47 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 CJB445

CJB445
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 AM

Posted 12 July 2015 - 12:54 PM

Thank you for your response.

I downloaded aswMBR.exe to my desktop. But it will not run. I also tried in safe mode, but still no good.

I have downloaded Rkill and Malwarebytes before but they also will not run.

 

I cannot run my McAfee.



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:28 PM

Posted 13 July 2015 - 02:55 AM

Then we´d have a look from 'outside'...

 

 

Scan with FRST (Recovery Environment)


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.


To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt


  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 CJB445

CJB445
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 AM

Posted 13 July 2015 - 10:35 AM


I ran FRST, here ids the log.

Thanks

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-07-2015

Ran by SYSTEM on MININT-R0J8T8U on 13-07-2015 10:09:23

Running from F:\

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 10

Boot Mode: Recovery

 

The current controlset is ControlSet001

ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

 

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-24] (IDT, Inc.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2010-10-21] (Hewlett-Packard )

HKLM\...\Run: [lxbxmon.exe] => C:\Program Files (x86)\Lexmark 7100 Series\lxbxmon.exe [205744 2007-05-11] (Lexmark International, Inc.)

HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark 7100 Series\ezprint.exe [103344 2007-05-11] (Lexmark International Inc.)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc)

HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [533872 2015-01-13] (McAfee, Inc.)

HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)

HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-04] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)

HKU\Owner\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\Owner\Desktop\rkillscr.scr

Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-11-25]

ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

BootExecute: autocheck autochk * sdnclean64.exe

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-03-27] (SUPERAntiSpyware.com)

S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)

S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)

S2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian)

S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)

S2 lxbx_device; C:\Windows\system32\lxbxcoms.exe [566704 2007-03-22] ( )

S2 lxbx_device; C:\Windows\SysWOW64\lxbxcoms.exe [537520 2007-03-22] ( )

S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-02-19] (McAfee, Inc.)

S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-01-13] (McAfee, Inc.)

S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)

S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)

S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)

S2 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2015-01-07] (McAfee, Inc.)

S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)

S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)

S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)

S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)

S2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)

S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc)

S2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-12] (DEVGURU Co., LTD.)

S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)

S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)

S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)

S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)

S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)

S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)

S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)

S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)

S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-07-13 06:50 - 2015-07-13 06:50 - 02133504 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe

2015-07-12 09:41 - 2015-07-12 09:41 - 05200384 _____ (AVAST Software) C:\Users\Owner\Desktop\aswmbr.exe

2015-07-10 08:34 - 2015-07-10 08:34 - 00050431 _____ C:\Users\Owner\Desktop\F.txt

2015-07-10 08:07 - 2015-07-10 08:07 - 00036736 _____ C:\Users\Owner\Desktop\Addition.txt

2015-07-10 08:05 - 2015-07-10 08:07 - 00050434 _____ C:\Users\Owner\Desktop\FRST.txt

2015-07-10 08:05 - 2015-07-10 08:05 - 02112512 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe

2015-07-10 07:22 - 2015-07-10 07:22 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Owner\Downloads\cbSetup.exe

2015-07-07 07:18 - 2015-07-07 07:18 - 00000085 _____ C:\Windows\wininit.ini

2015-07-07 07:01 - 2015-07-07 07:01 - 00024134 _____ C:\ComboFix.txt

2015-07-05 06:31 - 2015-07-05 07:37 - 00037807 _____ C:\Users\Owner\Downloads\Task_Master_FF2020.xlsx

2015-07-04 09:39 - 2015-07-04 09:39 - 00000000 ____D C:\Users\Owner\AppData\Local\{71F4D517-2D25-4690-9AC3-BDD919972866}

2015-07-03 07:55 - 2015-07-03 07:56 - 00000000 ____D C:\Users\Owner\AppData\Local\{41310203-1F37-41E0-9CCD-462279205344}

2015-07-03 07:51 - 2015-07-03 07:51 - 00000000 ____D C:\Users\Owner\Desktop\Trixie old ph 072015

2015-07-01 16:45 - 2015-07-01 16:45 - 04718584 _____ (Avira Operations GmbH & Co. KG) C:\Users\Owner\Downloads\avira_en_av_55948974c41b0__ws.exe

2015-07-01 16:43 - 2015-07-01 16:43 - 00219699 _____ C:\Users\Owner\AppData\Local\census.cache

2015-07-01 16:43 - 2015-07-01 16:43 - 00104039 _____ C:\Users\Owner\AppData\Local\ars.cache

2015-07-01 16:42 - 2015-07-01 16:42 - 00000010 _____ C:\Users\Owner\AppData\Local\sponge.last.runtime.cache

2015-07-01 16:35 - 2015-07-01 16:35 - 02073512 _____ (Trend Micro Inc.) C:\Users\Owner\Downloads\HousecallLauncher.exe

2015-07-01 16:35 - 2015-07-01 16:35 - 00000036 _____ C:\Users\Owner\AppData\Local\housecall.guid.cache

2015-07-01 16:32 - 2015-07-01 16:33 - 14243008 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall.exe

2015-07-01 16:31 - 2015-07-01 16:31 - 05481336 _____ (Avast Software s.r.o.) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online_cnet.exe

2015-07-01 16:26 - 2015-07-01 16:26 - 04928968 _____ (AVG Technologies) C:\Users\Owner\Downloads\avg_free_stb_all_5961p1_177.exe

2015-07-01 16:09 - 2015-07-01 16:09 - 00000000 ____D C:\Users\Owner\Downloads\Autoruns

2015-07-01 16:08 - 2015-07-01 16:08 - 00593693 _____ C:\Users\Owner\Downloads\Autoruns.zip

2015-07-01 12:13 - 2015-07-01 12:13 - 00000000 ____D C:\Users\Owner\Documents\ProcAlyzer Dumps

2015-07-01 12:06 - 2015-07-01 12:06 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking

2015-07-01 11:38 - 2015-07-01 11:38 - 02077392 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\IE11-Windows6.1 (1).exe

2015-07-01 09:22 - 2015-07-01 09:22 - 00931408 _____ (Google Inc.) C:\Users\Owner\Downloads\ChromeSetup (1).exe

2015-06-30 09:42 - 2015-06-30 09:42 - 07726856 _____ (McAfee, Inc.) C:\Users\Owner\Downloads\Setup_serial_W4htPcUnlYLeiuwRorb6Ig2_key.exe

2015-06-30 08:33 - 2015-06-30 08:33 - 00000000 ____D C:\Users\Owner\AppData\Local\{71EEA6DC-C656-4EF9-9773-68693C06D8E5}

2015-06-30 08:32 - 2015-06-30 08:32 - 00000000 ____D C:\Users\Owner\Desktop\50th Forest anniv 2015

2015-06-27 06:48 - 2015-06-27 06:49 - 00347816 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\MicrosoftFixit.wu.Run(1).exe

2015-06-27 06:32 - 2015-06-27 06:32 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2015-06-27 06:32 - 2015-06-27 06:32 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Mozilla

2015-06-27 06:32 - 2015-06-27 06:32 - 00000000 ____D C:\Users\Owner\AppData\Local\Mozilla

2015-06-27 06:32 - 2015-06-27 06:32 - 00000000 ____D C:\ProgramData\Mozilla

2015-06-27 06:32 - 2015-06-27 06:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2015-06-27 06:32 - 2015-06-27 06:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2015-06-27 06:30 - 2015-06-27 06:30 - 00243408 _____ C:\Users\Owner\Downloads\Firefox Setup Stub 38.0.5.exe

2015-06-26 06:17 - 2015-06-26 06:18 - 02244096 _____ C:\Users\Owner\Desktop\adwcleaner_4.207.exe

2015-06-23 07:32 - 2015-07-07 07:20 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2

2015-06-23 07:32 - 2015-07-01 12:18 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

2015-06-22 18:50 - 2015-06-22 21:58 - 00000000 ____D C:\ProgramData\Iapramnabied

2015-06-22 18:48 - 2015-06-22 18:52 - 00000000 ____D C:\Users\Owner\AppData\Local\bvxvyvyg

2015-06-22 18:45 - 2015-06-22 18:53 - 00000000 ____D C:\ProgramData\omwFWhxm

2015-06-22 18:45 - 2015-06-22 18:45 - 00000258 __RSH C:\Users\Owner\ntuser.pol

2015-06-22 11:42 - 2015-06-22 11:42 - 04176437 _____ C:\Users\Owner\Desktop\tdsskiller.zip

2015-06-22 11:02 - 2015-06-22 11:02 - 00000000 ____D C:\Users\Owner\AppData\Roaming\NewspaperDirect

2015-06-22 06:08 - 2015-06-22 06:08 - 00347816 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\MicrosoftFixit.wu.Run.exe

2015-06-20 19:54 - 2015-06-20 19:54 - 00931408 _____ (Google Inc.) C:\Users\Owner\Downloads\ChromeSetup.exe

2015-06-20 07:44 - 2015-06-20 07:45 - 15015152 _____ (Macrovision Corporation) C:\Users\Owner\Downloads\CM_Setup_NA_2703.exe

2015-06-19 18:00 - 2015-06-19 18:00 - 00000000 ____D C:\Users\Owner\AppData\Local\{8081EBB3-0464-49A1-A5C0-F2F21812D941}

2015-06-16 19:50 - 2015-06-16 19:50 - 00000000 ____D C:\Users\Owner\AppData\Local\{AC86788D-02A9-4F35-A812-5821DCC2C87C}

2015-06-13 07:12 - 2015-05-22 10:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll

2015-06-13 07:12 - 2015-05-22 10:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll

2015-06-13 07:12 - 2015-05-22 10:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll

2015-06-13 07:12 - 2015-05-22 10:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll

2015-06-13 07:12 - 2015-05-22 10:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll

2015-06-13 07:12 - 2015-05-22 10:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll

2015-06-13 07:12 - 2015-05-21 05:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll

2015-06-13 07:12 - 2015-04-29 10:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll

2015-06-13 07:12 - 2015-04-29 10:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\spwmp.dll

2015-06-13 07:12 - 2015-04-29 10:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\msdxm.ocx

2015-06-13 07:12 - 2015-04-29 10:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\dxmasf.dll

2015-06-13 07:12 - 2015-04-29 10:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL

2015-06-13 07:12 - 2015-04-29 10:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll

2015-06-13 07:12 - 2015-04-29 10:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll

2015-06-13 07:12 - 2015-04-29 10:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx

2015-06-13 07:12 - 2015-04-29 10:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll

2015-06-13 07:12 - 2015-04-29 10:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL

2015-06-13 07:11 - 2015-05-22 10:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll

2015-06-13 07:10 - 2015-05-25 10:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll

2015-06-13 07:10 - 2015-05-25 10:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\System32\diagtrack.dll

2015-06-13 07:10 - 2015-05-25 10:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll

2015-06-13 07:10 - 2015-05-25 10:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll

2015-06-13 07:10 - 2015-05-25 10:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll

2015-06-13 07:10 - 2015-05-25 10:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2015-06-13 07:09 - 2015-05-25 10:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2015-06-13 07:09 - 2015-05-25 10:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2015-06-13 07:09 - 2015-05-25 10:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2015-06-13 07:09 - 2015-05-25 10:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll

2015-06-13 07:09 - 2015-05-25 10:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\System32\tdh.dll

2015-06-13 07:09 - 2015-05-25 10:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll

2015-06-13 07:09 - 2015-05-25 10:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll

2015-06-13 07:09 - 2015-05-25 10:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll

2015-06-13 07:09 - 2015-05-25 10:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll

2015-06-13 07:09 - 2015-05-25 10:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2015-06-13 07:09 - 2015-05-25 10:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll

2015-06-13 07:09 - 2015-05-25 10:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2015-06-13 07:09 - 2015-05-25 10:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll

2015-06-13 07:09 - 2015-05-25 10:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll

2015-06-13 07:09 - 2015-05-25 10:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\System32\sechost.dll

2015-06-13 07:09 - 2015-05-25 10:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll

2015-06-13 07:09 - 2015-05-25 10:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll

2015-06-13 07:09 - 2015-05-25 10:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll

2015-06-13 07:09 - 2015-05-25 10:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll

2015-06-13 07:09 - 2015-05-25 10:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll

2015-06-13 07:09 - 2015-05-25 10:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll

2015-06-13 07:09 - 2015-05-25 10:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll

2015-06-13 07:09 - 2015-05-25 10:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\System32\tracerpt.exe

2015-06-13 07:09 - 2015-05-25 10:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe

2015-06-13 07:09 - 2015-05-25 10:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe

2015-06-13 07:09 - 2015-05-25 10:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe

2015-06-13 07:09 - 2015-05-25 10:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\System32\logman.exe

2015-06-13 07:09 - 2015-05-25 10:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe

2015-06-13 07:09 - 2015-05-25 10:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\System32\typeperf.exe

2015-06-13 07:09 - 2015-05-25 10:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll

2015-06-13 07:09 - 2015-05-25 10:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\relog.exe

2015-06-13 07:09 - 2015-05-25 10:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe

2015-06-13 07:09 - 2015-05-25 10:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll

2015-06-13 07:09 - 2015-05-25 10:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\System32\diskperf.exe

2015-06-13 07:09 - 2015-05-25 10:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll

2015-06-13 07:09 - 2015-05-25 10:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll

2015-06-13 07:09 - 2015-05-25 10:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll

2015-06-13 07:09 - 2015-05-25 10:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll

2015-06-13 07:09 - 2015-05-25 10:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 10:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 10:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 10:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 10:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 10:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 10:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 10:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 10:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 10:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 10:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 10:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 10:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 10:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 10:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 10:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 10:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 10:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 10:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 10:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 10:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 10:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 10:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 10:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 10:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 10:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 10:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 10:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 10:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-06-13 07:09 - 2015-05-25 10:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-06-13 07:09 - 2015-05-25 10:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2015-06-13 07:09 - 2015-05-25 10:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2015-06-13 07:09 - 2015-05-25 10:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll

2015-06-13 07:09 - 2015-05-25 10:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2015-06-13 07:09 - 2015-05-25 10:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-06-13 07:09 - 2015-05-25 10:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2015-06-13 07:09 - 2015-05-25 10:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2015-06-13 07:09 - 2015-05-25 10:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll

2015-06-13 07:09 - 2015-05-25 10:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2015-06-13 07:09 - 2015-05-25 10:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-06-13 07:09 - 2015-05-25 10:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2015-06-13 07:09 - 2015-05-25 10:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2015-06-13 07:09 - 2015-05-25 10:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2015-06-13 07:09 - 2015-05-25 10:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe

2015-06-13 07:09 - 2015-05-25 10:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe

2015-06-13 07:09 - 2015-05-25 10:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2015-06-13 07:09 - 2015-05-25 10:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe

2015-06-13 07:09 - 2015-05-25 10:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe

2015-06-13 07:09 - 2015-05-25 10:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2015-06-13 07:09 - 2015-05-25 10:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe

2015-06-13 07:09 - 2015-05-25 09:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2015-06-13 07:09 - 2015-05-25 09:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2015-06-13 07:09 - 2015-05-25 09:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2015-06-13 07:09 - 2015-05-25 09:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2015-06-13 07:09 - 2015-05-25 09:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2015-06-13 07:09 - 2015-05-25 09:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2015-06-13 07:09 - 2015-05-25 09:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2015-06-13 07:09 - 2015-05-25 09:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2015-06-13 07:09 - 2015-05-25 09:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 09:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 09:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 09:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 09:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 09:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 09:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 09:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 09:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 09:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 09:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 09:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 09:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 09:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 09:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 09:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 09:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 09:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 09:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 09:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 09:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 09:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 09:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 09:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 09:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\UtcResources.dll

2015-06-13 07:09 - 2015-05-25 08:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2015-06-13 07:09 - 2015-05-25 08:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2015-06-13 07:09 - 2015-05-25 08:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 08:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 08:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2015-06-13 07:09 - 2015-05-25 08:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2015-06-13 07:09 - 2015-04-24 10:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll

2015-06-13 07:09 - 2015-04-24 09:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll

2015-06-13 07:08 - 2015-05-25 09:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys

2015-06-13 07:08 - 2015-04-10 19:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\stream.sys

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-07-13 10:09 - 2013-12-04 17:25 - 00000000 ____D C:\FRST

2015-07-13 07:02 - 2011-10-13 11:47 - 01420325 _____ C:\Windows\WindowsUpdate.log

2015-07-13 07:01 - 2014-01-03 07:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-07-13 06:58 - 2015-03-28 12:43 - 00000000 ____D C:\Users\Owner\AppData\Roaming\tor

2015-07-13 06:52 - 2012-01-17 09:42 - 00000000 ____D C:\Users\Owner\Desktop\Unemployment2012

2015-07-13 06:34 - 2015-02-06 07:01 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0421dc6d26710.job

2015-07-13 06:06 - 2014-11-15 11:01 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d001068b6241bc.job

2015-07-13 06:06 - 2013-03-06 12:42 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-07-13 05:36 - 2009-07-13 20:45 - 00024608 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-07-13 05:36 - 2009-07-13 20:45 - 00024608 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-07-13 05:22 - 2012-01-12 17:44 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A26F41B8-602D-4214-A556-E33261498559}

2015-07-13 05:21 - 2013-03-06 12:42 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-07-12 09:46 - 2012-05-15 20:05 - 00000000 ___RD C:\Users\Owner\Desktop\Unused

2015-07-12 09:45 - 2011-10-13 11:58 - 00000000 ____D C:\ProgramData\PDFC

2015-07-12 09:45 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-07-12 09:45 - 2009-07-13 20:51 - 00136510 _____ C:\Windows\setupact.log

2015-07-10 08:47 - 2012-08-16 07:53 - 02833408 ___SH C:\Users\Owner\Desktop\Thumbs.db

2015-07-10 08:40 - 2012-02-08 15:00 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps

2015-07-10 07:37 - 2012-05-31 15:57 - 00330752 ___SH C:\Users\Owner\Downloads\Thumbs.db

2015-07-10 07:26 - 2013-11-26 12:13 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11

2015-07-09 15:44 - 2013-08-11 18:28 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForOwner

2015-07-09 15:44 - 2013-08-11 18:28 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForOwner.job

2015-07-08 17:02 - 2014-01-03 07:14 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-07-08 17:02 - 2013-11-26 07:41 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-07-08 17:02 - 2013-11-26 07:41 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-07-08 17:01 - 2015-04-15 09:01 - 17597104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2015-07-07 20:00 - 2010-11-20 19:47 - 00907942 _____ C:\Windows\PFRO.log

2015-07-07 19:14 - 2012-01-12 17:11 - 00000000 ____D C:\users\Owner

2015-07-07 18:53 - 2012-02-21 12:54 - 00000000 ____D C:\Program Files\Lx_cats

2015-07-07 09:36 - 2013-12-04 13:07 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-07-07 08:57 - 2013-12-02 07:31 - 00000000 ____D C:\AdwCleaner

2015-07-07 07:15 - 2013-08-05 17:53 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2015-07-07 07:13 - 2011-10-13 11:46 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2015-07-07 07:01 - 2013-12-02 07:58 - 00000000 ____D C:\Qoobox

2015-07-07 06:59 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini

2015-07-07 06:10 - 2015-03-27 09:17 - 05632562 ____R (Swearware) C:\Users\Owner\Desktop\ComboFix.exe

2015-07-05 07:11 - 2015-01-24 17:20 - 00000000 ____D C:\Users\Owner\Documents\DeAnn's Word Docs

2015-07-03 08:33 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

2015-07-03 07:57 - 2009-07-13 21:13 - 00782470 _____ C:\Windows\System32\PerfStringBackup.INI

2015-07-01 12:14 - 2012-01-12 15:29 - 00000000 ____D C:\ProgramData\Recovery

2015-07-01 11:50 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2015-07-01 11:38 - 2013-12-17 18:44 - 00042180 _____ C:\Windows\IE11_main.log

2015-07-01 09:14 - 2012-06-11 06:28 - 00000000 ____D C:\Windows\Minidump

2015-07-01 09:14 - 2012-01-12 15:10 - 00269928 ____N C:\Windows\Minidump\070115-12261-01.dmp

2015-06-30 09:37 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD

2015-06-30 08:54 - 2013-11-13 06:02 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2015-06-30 07:17 - 2013-12-17 08:38 - 00000000 ____D C:\Users\Owner\Desktop\1213 unemploy

2015-06-27 06:05 - 2015-03-27 08:29 - 00312924 _____ C:\Windows\System32\CFG3938609321

2015-06-26 05:55 - 2013-01-20 14:25 - 00000000 ____D C:\ProgramData\Adobe

2015-06-26 05:52 - 2015-04-05 20:58 - 00000000 ___SD C:\Windows\System32\GWX

2015-06-26 05:52 - 2013-12-02 07:58 - 00000000 ____D C:\Windows\erdnt

2015-06-26 05:52 - 2012-02-22 19:57 - 00000000 ____D C:\ProgramData\pdf995

2015-06-26 05:52 - 2012-02-22 07:51 - 00000000 ____D C:\Windows\System32\Macromed

2015-06-26 05:52 - 2011-10-13 11:51 - 00000000 ____D C:\ProgramData\RoxioNow

2015-06-26 05:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration

2015-06-22 18:52 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\GroupPolicy

2015-06-19 05:25 - 2014-11-12 16:25 - 00000000 __SHD C:\Users\Owner\AppData\Local\EmieBrowserModeList

2015-06-19 05:25 - 2014-04-18 04:57 - 00000000 __SHD C:\Users\Owner\AppData\Local\EmieUserList

2015-06-19 05:25 - 2014-04-18 04:57 - 00000000 __SHD C:\Users\Owner\AppData\Local\EmieSiteList

2015-06-15 16:35 - 2012-12-25 20:19 - 00004109 _____ C:\lxbx.log

2015-06-14 15:16 - 2009-07-13 20:45 - 00346560 _____ C:\Windows\System32\FNTCACHE.DAT

2015-06-14 15:14 - 2014-12-11 07:05 - 00000000 ____D C:\Windows\System32\appraiser

2015-06-14 15:14 - 2014-05-07 07:53 - 00000000 ___SD C:\Windows\System32\CompatTel

2015-06-13 11:37 - 2012-01-17 10:01 - 00000000 ____D C:\ProgramData\Microsoft Help

2015-06-13 11:34 - 2013-08-14 15:06 - 00000000 ____D C:\Windows\System32\MRT

2015-06-13 11:28 - 2012-01-17 21:17 - 140135120 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

 

==================== Known DLLs (Whitelisted) ================

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

==================== Restore Points =========================

 

Restore point made on: 2015-07-08 18:06:07

Restore point made on: 2015-07-10 07:39:21

 

==================== Memory info ===========================

 

Percentage of memory in use: 18%

Total physical RAM: 5616.6 MB

Available physical RAM: 4601.12 MB

Total Virtual: 5614.8 MB

Available Virtual: 4589.59 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:919.77 GB) (Free:792.62 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive e: (HP_RECOVERY) (Fixed) (Total:11.65 GB) (Free:1.39 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive f: (Jun 30 2015) (CDROM) (Total:4.38 GB) (Free:4.12 GB) UDF

Drive x: (Boot) (Fixed) (Total:0.12 GB) (Free:0.12 GB) NTFS

Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1B419FC8)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=919.8 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=11.6 GB) - (Type=07 NTFS)

 

 

LastRegBack: 2015-07-13 05:21

 

==================== End of log ============================



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:28 PM

Posted 14 July 2015 - 01:28 AM

Please post the content of C:\combofix.txt... :rolleyes:


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 CJB445

CJB445
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 AM

Posted 14 July 2015 - 10:05 PM

Combo fix log. Thanks
 
ComboFix 15-07-12.01 - Owner 07/14/2015  21:19:12.18.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5617.3855 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
FW: McAfee Firewall *Disabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2015-06-15 to 2015-07-15  )))))))))))))))))))))))))))))))
.
.
2015-07-15 03:00 . 2015-07-15 03:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-07-15 03:00 . 2015-07-15 03:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-15 02:08 . 2015-07-15 02:08 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{21996F1D-5167-4BF5-ACDE-75C6382210BC}\offreg.dll
2015-06-27 14:32 . 2015-06-27 14:32 -------- d-----w- c:\users\Owner\AppData\Local\Mozilla
2015-06-27 14:32 . 2015-06-27 14:32 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2015-06-23 15:32 . 2015-07-01 20:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2015-06-23 15:32 . 2015-07-07 15:20 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2015-06-23 02:50 . 2015-06-23 05:58 -------- d-----w- c:\programdata\Iapramnabied
2015-06-23 02:48 . 2015-06-23 02:52 -------- d-----w- c:\users\Owner\AppData\Local\bvxvyvyg
2015-06-23 02:45 . 2015-06-23 02:53 -------- d-----w- c:\programdata\omwFWhxm
2015-06-22 19:02 . 2015-06-22 19:02 -------- d-----w- c:\users\Owner\AppData\Roaming\NewspaperDirect
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-15 02:02 . 2013-11-26 15:41 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-15 02:02 . 2013-11-26 15:41 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-15 02:01 . 2015-04-15 17:01 18009776 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-06-13 19:28 . 2012-01-18 05:17 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-06-05 14:59 . 2015-01-04 16:19 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-05-25 18:24 . 2015-06-13 15:09 5569984 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-05-25 18:23 . 2015-06-13 15:09 155584 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-05-25 18:23 . 2015-06-13 15:09 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-05-25 18:21 . 2015-06-13 15:09 1728960 ----a-w- c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-13 15:09 243712 ----a-w- c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-13 15:09 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-13 15:09 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-13 15:09 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-13 15:10 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-13 15:09 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-05-25 18:19 . 2015-06-13 15:09 879104 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-13 15:09 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-05-25 18:19 . 2015-06-13 15:09 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-05-25 18:19 . 2015-06-13 15:09 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-05-25 18:19 . 2015-06-13 15:09 503808 ----a-w- c:\windows\system32\srcore.dll
2015-05-25 18:19 . 2015-06-13 15:09 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-13 15:09 50176 ----a-w- c:\windows\system32\srclient.dll
2015-05-25 18:19 . 2015-06-13 15:09 28160 ----a-w- c:\windows\system32\secur32.dll
2015-05-25 18:19 . 2015-06-13 15:09 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-25 18:19 . 2015-06-13 15:09 314880 ----a-w- c:\windows\system32\msv1_0.dll
2015-05-25 18:19 . 2015-06-13 15:09 309760 ----a-w- c:\windows\system32\ncrypt.dll
2015-05-25 18:19 . 2015-06-13 15:09 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-05-25 18:19 . 2015-06-13 15:10 728576 ----a-w- c:\windows\system32\kerberos.dll
2015-05-25 18:19 . 2015-06-13 15:10 424960 ----a-w- c:\windows\system32\KernelBase.dll
2015-05-25 18:19 . 2015-06-13 15:10 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-05-25 18:19 . 2015-06-13 15:10 1162752 ----a-w- c:\windows\system32\kernel32.dll
2015-05-25 18:18 . 2015-06-13 15:09 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-05-25 18:18 . 2015-06-13 15:09 22016 ----a-w- c:\windows\system32\credssp.dll
2015-05-25 18:18 . 2015-06-13 15:09 879104 ----a-w- c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-13 15:09 404992 ----a-w- c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-13 15:09 47104 ----a-w- c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-13 15:09 112640 ----a-w- c:\windows\system32\smss.exe
2015-05-25 18:18 . 2015-06-13 15:09 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-05-25 18:18 . 2015-06-13 15:09 43008 ----a-w- c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-13 15:09 104448 ----a-w- c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-13 15:09 31232 ----a-w- c:\windows\system32\lsass.exe
2015-05-25 18:18 . 2015-06-13 15:09 19456 ----a-w- c:\windows\system32\diskperf.exe
2015-05-25 18:18 . 2015-06-13 15:09 338432 ----a-w- c:\windows\system32\conhost.exe
2015-05-25 18:18 . 2015-06-13 15:09 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-05-25 18:14 . 2015-06-13 15:09 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-05-25 18:14 . 2015-06-13 15:09 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-05-25 18:11 . 2015-06-13 15:09 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 18:11 . 2015-06-13 15:09 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 18:11 . 2015-06-13 15:09 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 18:11 . 2015-06-13 15:09 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 18:11 . 2015-06-13 15:09 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 18:11 . 2015-06-13 15:09 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 18:11 . 2015-06-13 15:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-25 18:11 . 2015-06-13 15:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-25 18:11 . 2015-06-13 15:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 18:11 . 2015-06-13 15:09 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 18:11 . 2015-06-13 15:09 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 18:11 . 2015-06-13 15:09 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 18:11 . 2015-06-13 15:09 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 18:11 . 2015-06-13 15:09 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 18:11 . 2015-06-13 15:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 18:11 . 2015-06-13 15:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-25 18:11 . 2015-06-13 15:09 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-05-25 18:11 . 2015-06-13 15:09 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-25 18:11 . 2015-06-13 15:09 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 18:11 . 2015-06-13 15:09 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-25 18:11 . 2015-06-13 15:09 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 18:11 . 2015-06-13 15:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 18:11 . 2015-06-13 15:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 18:11 . 2015-06-13 15:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 18:11 . 2015-06-13 15:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 18:11 . 2015-06-13 15:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 18:11 . 2015-06-13 15:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 18:11 . 2015-06-13 15:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 18:11 . 2015-06-13 15:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-25 18:11 . 2015-06-13 15:09 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-05-25 18:07 . 2015-06-13 15:09 3989440 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07 . 2015-06-13 15:09 3934144 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04 . 2015-06-13 15:09 1310744 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-05-25 18:01 . 2015-06-13 15:09 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-05-25 18:01 . 2015-06-13 15:09 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-05-25 18:01 . 2015-06-13 15:09 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2015-05-25 18:01 . 2015-06-13 15:09 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-05-25 18:01 . 2015-06-13 15:09 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-25 18:01 . 2015-06-13 15:09 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-13 15:09 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-05-25 18:01 . 2015-06-13 15:09 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-05-25 18:01 . 2015-06-13 15:09 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2015-05-25 18:01 . 2015-06-13 15:09 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-05-25 18:01 . 2015-06-13 15:10 551424 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-05-25 18:01 . 2015-06-13 15:09 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2015-05-25 18:01 . 2015-06-13 15:09 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-05-25 18:01 . 2015-06-13 15:09 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-25 18:00 . 2015-06-13 15:09 40448 ----a-w- c:\windows\SysWow64\typeperf.exe
2015-05-25 18:00 . 2015-06-13 15:09 364544 ----a-w- c:\windows\SysWow64\tracerpt.exe
2015-05-25 18:00 . 2015-06-13 15:09 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2015-05-25 18:00 . 2015-06-13 15:09 37888 ----a-w- c:\windows\SysWow64\relog.exe
2015-05-25 18:00 . 2015-06-13 15:09 82944 ----a-w- c:\windows\SysWow64\logman.exe
2015-05-25 18:00 . 2015-06-13 15:09 17408 ----a-w- c:\windows\SysWow64\diskperf.exe
2015-05-25 18:00 . 2015-06-13 15:09 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-05 658424]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2015-01-13 533872]
"mcpltui_exe"="c:\program files\Common~1\McAfee\Platform\mcuicnt.exe" [2014-09-17 643064]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-04 336384]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{90140000-003D-0000-0000-0000000FF1CE}"="del" [X]
"{90140000-0018-0409-0000-0000000FF1CE}"="del" [X]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HRBlockDirect.lnk - c:\program files (x86)\HRBlockDirect\HRBlockDirect.exe -auto [2014-2-6 10416168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [x]
R2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
R2 mccspsvc;McAfee CSP Service;c:\program files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe;c:\program files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [x]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [x]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys;c:\windows\SYSNATIVE\drivers\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-15 02:07 991048 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.134\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-26 02:02]
.
2015-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-06 20:42]
.
2015-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-06 20:42]
.
2015-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d001068b6241bc.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-06 20:42]
.
2015-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d0421dc6d26710.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-06 20:42]
.
2015-07-14 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-24 1128448]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2010-10-21 37888]
"lxbxmon.exe"="c:\program files (x86)\Lexmark 7100 Series\lxbxmon.exe" [2007-05-11 205744]
"EzPrint"="c:\program files (x86)\Lexmark 7100 Series\ezprint.exe" [2007-05-11 103344]
"LXBXCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXBXtime.dll" [2007-03-22 28672]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5vk7pbqi.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-07-14  22:02:36
ComboFix-quarantined-files.txt  2015-07-15 03:02
ComboFix2.txt  2015-07-07 15:01
ComboFix3.txt  2015-06-30 17:17
ComboFix4.txt  2015-06-30 14:11
ComboFix5.txt  2015-07-15 02:16
.
Pre-Run: 851,012,325,376 bytes free
Post-Run: 850,571,177,984 bytes free
.
- - End Of File - - D128942361F2526074D0CABC40E6F75A
A36C5E4F47E84449FF07ED3517B43A31


#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:28 PM

Posted 15 July 2015 - 05:53 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is saved to.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 CJB445

CJB445
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 AM

Posted 16 July 2015 - 11:54 AM

I will be away from my computer . I will get back to you on Friday evening.

Thanks



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:28 PM

Posted 17 July 2015 - 04:23 AM

OK :)


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 CJB445

CJB445
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 AM

Posted 18 July 2015 - 06:02 PM

I ran the combo script, see posted log.

I downloaded Malwarebytes to my desktop, but it will not run. Also will not run in safe mode.

I still can not open my McAfee.

Do you still want me to try the ESET?

 

 

 

ComboFix 15-07-18.01 - Owner 07/18/2015  16:53:33.19.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5617.2893 [GMT -5:00]

Running from: c:\users\Owner\Desktop\ComboFix.exe

Command switches used :: c:\users\Owner\Desktop\CFScript.txt

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}

FW: McAfee Firewall *Disabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Iapramnabied

c:\programdata\Iapramnabied\dat.dat

c:\programdata\omwFWhxm

c:\programdata\omwFWhxm\info.dat

c:\programdata\omwFWhxm\NhyVJWGZl.dat

c:\users\Owner\AppData\Local\bvxvyvyg

c:\users\Owner\AppData\Local\bvxvyvyg\bahvxfk

c:\users\Owner\AppData\Local\bvxvyvyg\mkfvxfk

c:\users\Owner\AppData\Local\bvxvyvyg\pbqrmvbub

c:\users\Owner\AppData\Local\bvxvyvyg\pvpqbjobmlpfqlovvawq

c:\users\Owner\AppData\Local\bvxvyvyg\qokvxfk

c:\users\Owner\AppData\Local\bvxvyvyg\rfobmlpfqlovvawq

c:\users\Owner\AppData\Local\bvxvyvyg\rpboobmlpfqlovvawq

c:\users\Owner\AppData\Local\bvxvyvyg\ycfvxfk

.

.

(((((((((((((((((((((((((   Files Created from 2015-06-18 to 2015-07-18  )))))))))))))))))))))))))))))))

.

.

2015-07-18 22:00 . 2015-07-18 22:00       --------   d-----w- c:\users\Public\AppData\Local\temp

2015-07-18 22:00 . 2015-07-18 22:00       --------   d-----w- c:\users\Default\AppData\Local\temp

2015-07-18 21:47 . 2015-07-18 21:47       69000    ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{21996F1D-5167-4BF5-ACDE-75C6382210BC}\offreg.dll

2015-06-27 14:32 . 2015-06-27 14:32       --------   d-----w- c:\users\Owner\AppData\Local\Mozilla

2015-06-27 14:32 . 2015-06-27 14:32       --------   d-----w- c:\program files (x86)\Mozilla Maintenance Service

2015-06-23 15:32 . 2015-07-01 20:18       --------   d-----w- c:\programdata\Spybot - Search & Destroy

2015-06-23 15:32 . 2015-07-07 15:20       --------   d-----w- c:\program files (x86)\Spybot - Search & Destroy 2

2015-06-22 19:02 . 2015-06-22 19:02       --------   d-----w-               c:\users\Owner\AppData\Roaming\NewspaperDirect

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2015-07-15 02:02 . 2013-11-26 15:41       778416  ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2015-07-15 02:02 . 2013-11-26 15:41       142512  ----a-w-               c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2015-07-15 02:01 . 2015-04-15 17:01       18009776            ----a-w-               c:\windows\SysWow64\FlashPlayerInstaller.exe

2015-06-13 19:28 . 2012-01-18 05:17       140135120          ----a-w- c:\windows\system32\MRT.exe

2015-06-05 14:59 . 2015-01-04 16:19       97888    ----a-w-               c:\windows\SysWow64\WindowsAccessBridge-32.dll

2015-05-25 18:24 . 2015-06-13 15:09       5569984              ----a-w- c:\windows\system32\ntoskrnl.exe

2015-05-25 18:23 . 2015-06-13 15:09       155584  ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2015-05-25 18:23 . 2015-06-13 15:09       95680    ----a-w- c:\windows\system32\drivers\ksecdd.sys

2015-05-25 18:21 . 2015-06-13 15:09       1728960              ----a-w- c:\windows\system32\ntdll.dll

2015-05-25 18:19 . 2015-06-13 15:09       243712  ----a-w- c:\windows\system32\wow64.dll

2015-05-25 18:19 . 2015-06-13 15:09       362496  ----a-w- c:\windows\system32\wow64win.dll

2015-05-25 18:19 . 2015-06-13 15:09       13312    ----a-w- c:\windows\system32\wow64cpu.dll

2015-05-25 18:19 . 2015-06-13 15:09       215040  ----a-w- c:\windows\system32\winsrv.dll

2015-05-25 18:19 . 2015-06-13 15:10       1255424              ----a-w- c:\windows\system32\diagtrack.dll

2015-05-25 18:19 . 2015-06-13 15:09       210944  ----a-w- c:\windows\system32\wdigest.dll

2015-05-25 18:19 . 2015-06-13 15:09       879104  ----a-w- c:\windows\system32\tdh.dll

2015-05-25 18:19 . 2015-06-13 15:09       86528    ----a-w- c:\windows\system32\TSpkg.dll

2015-05-25 18:19 . 2015-06-13 15:09       136192  ----a-w- c:\windows\system32\sspicli.dll

2015-05-25 18:19 . 2015-06-13 15:09       29184    ----a-w- c:\windows\system32\sspisrv.dll

2015-05-25 18:19 . 2015-06-13 15:09       503808  ----a-w- c:\windows\system32\srcore.dll

2015-05-25 18:19 . 2015-06-13 15:09       113664  ----a-w- c:\windows\system32\sechost.dll

2015-05-25 18:19 . 2015-06-13 15:09       50176    ----a-w- c:\windows\system32\srclient.dll

2015-05-25 18:19 . 2015-06-13 15:09       28160    ----a-w- c:\windows\system32\secur32.dll

2015-05-25 18:19 . 2015-06-13 15:09       342016  ----a-w- c:\windows\system32\schannel.dll

2015-05-25 18:19 . 2015-06-13 15:09       314880  ----a-w- c:\windows\system32\msv1_0.dll

2015-05-25 18:19 . 2015-06-13 15:09       309760  ----a-w- c:\windows\system32\ncrypt.dll

2015-05-25 18:19 . 2015-06-13 15:09       16384    ----a-w- c:\windows\system32\ntvdm64.dll

2015-05-25 18:19 . 2015-06-13 15:10       728576  ----a-w- c:\windows\system32\kerberos.dll

2015-05-25 18:19 . 2015-06-13 15:10       424960  ----a-w- c:\windows\system32\KernelBase.dll

2015-05-25 18:19 . 2015-06-13 15:10       1461760              ----a-w- c:\windows\system32\lsasrv.dll

2015-05-25 18:19 . 2015-06-13 15:10       1162752              ----a-w- c:\windows\system32\kernel32.dll

2015-05-25 18:18 . 2015-06-13 15:09       43520    ----a-w- c:\windows\system32\csrsrv.dll

2015-05-25 18:18 . 2015-06-13 15:09       22016    ----a-w- c:\windows\system32\credssp.dll

2015-05-25 18:18 . 2015-06-13 15:09       879104  ----a-w- c:\windows\system32\advapi32.dll

2015-05-25 18:18 . 2015-06-13 15:09       404992  ----a-w- c:\windows\system32\tracerpt.exe

2015-05-25 18:18 . 2015-06-13 15:09       47104    ----a-w- c:\windows\system32\typeperf.exe

2015-05-25 18:18 . 2015-06-13 15:09       112640  ----a-w- c:\windows\system32\smss.exe

2015-05-25 18:18 . 2015-06-13 15:09       296960  ----a-w- c:\windows\system32\rstrui.exe

2015-05-25 18:18 . 2015-06-13 15:09       43008    ----a-w- c:\windows\system32\relog.exe

2015-05-25 18:18 . 2015-06-13 15:09       104448  ----a-w- c:\windows\system32\logman.exe

2015-05-25 18:18 . 2015-06-13 15:09       31232    ----a-w- c:\windows\system32\lsass.exe

2015-05-25 18:18 . 2015-06-13 15:09       19456    ----a-w- c:\windows\system32\diskperf.exe

2015-05-25 18:18 . 2015-06-13 15:09       338432  ----a-w- c:\windows\system32\conhost.exe

2015-05-25 18:18 . 2015-06-13 15:09       64000    ----a-w- c:\windows\system32\auditpol.exe

2015-05-25 18:14 . 2015-06-13 15:09       60416    ----a-w- c:\windows\system32\msobjs.dll

2015-05-25 18:14 . 2015-06-13 15:09       146432  ----a-w- c:\windows\system32\msaudite.dll

2015-05-25 18:11 . 2015-06-13 15:09       4608      ---ha-w-               c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2015-05-25 18:11 . 2015-06-13 15:09       4608      ---ha-w-               c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2015-05-25 18:11 . 2015-06-13 15:09       4096      ---ha-w-               c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2015-05-25 18:11 . 2015-06-13 15:09       4096      ---ha-w-               c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2015-05-25 18:11 . 2015-06-13 15:09       3584      ---ha-w-               c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-05-25 18:11 . 2015-06-13 15:09       3584      ---ha-w-               c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2015-05-25 18:11 . 2015-06-13 15:09       3072      ---ha-w-               c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2015-05-25 18:11 . 2015-06-13 15:09       3072      ---ha-w-               c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2015-05-25 18:11 . 2015-06-13 15:09       3072      ---ha-w-               c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2015-05-25 18:11 . 2015-06-13 15:09       4096      ---ha-w-               c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2015-05-25 18:11 . 2015-06-13 15:09       3584      ---ha-w-               c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2015-05-25 18:11 . 2015-06-13 15:09       3584      ---ha-w-               c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2015-05-25 18:11 . 2015-06-13 15:09       3584      ---ha-w-               c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2015-05-25 18:11 . 2015-06-13 15:09       3584      ---ha-w-               c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2015-05-25 18:11 . 2015-06-13 15:09       3072      ---ha-w-               c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2015-05-25 18:11 . 2015-06-13 15:09       3072      ---ha-w-               c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2015-05-25 18:11 . 2015-06-13 15:09       6656      ----a-w- c:\windows\system32\apisetschema.dll

2015-05-25 18:11 . 2015-06-13 15:09       6144      ---ha-w-               c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2015-05-25 18:11 . 2015-06-13 15:09       4096      ---ha-w-               c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2015-05-25 18:11 . 2015-06-13 15:09       5120      ---ha-w-               c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2015-05-25 18:11 . 2015-06-13 15:09       3584      ---ha-w-               c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2015-05-25 18:11 . 2015-06-13 15:09       3072      ---ha-w-               c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2015-05-25 18:11 . 2015-06-13 15:09       3072      ---ha-w-               c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2015-05-25 18:11 . 2015-06-13 15:09       3072      ---ha-w-               c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2015-05-25 18:11 . 2015-06-13 15:09       3072      ---ha-w-               c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2015-05-25 18:11 . 2015-06-13 15:09       3072      ---ha-w-               c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2015-05-25 18:11 . 2015-06-13 15:09       3072      ---ha-w-               c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2015-05-25 18:11 . 2015-06-13 15:09       3072      ---ha-w-               c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2015-05-25 18:11 . 2015-06-13 15:09       3072      ---ha-w-               c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2015-05-25 18:11 . 2015-06-13 15:09       686080  ----a-w- c:\windows\system32\adtschema.dll

2015-05-25 18:07 . 2015-06-13 15:09       3989440              ----a-w-               c:\windows\SysWow64\ntkrnlpa.exe

2015-05-25 18:07 . 2015-06-13 15:09       3934144              ----a-w-               c:\windows\SysWow64\ntoskrnl.exe

2015-05-25 18:04 . 2015-06-13 15:09       1310744              ----a-w- c:\windows\SysWow64\ntdll.dll

2015-05-25 18:01 . 2015-06-13 15:09       172032  ----a-w- c:\windows\SysWow64\wdigest.dll

2015-05-25 18:01 . 2015-06-13 15:09       65536    ----a-w- c:\windows\SysWow64\TSpkg.dll

2015-05-25 18:01 . 2015-06-13 15:09       635392  ----a-w- c:\windows\SysWow64\tdh.dll

2015-05-25 18:01 . 2015-06-13 15:09       43008    ----a-w- c:\windows\SysWow64\srclient.dll

2015-05-25 18:01 . 2015-06-13 15:09       248832  ----a-w- c:\windows\SysWow64\schannel.dll

2015-05-25 18:01 . 2015-06-13 15:09       92160    ----a-w- c:\windows\SysWow64\sechost.dll

2015-05-25 18:01 . 2015-06-13 15:09       22016    ----a-w- c:\windows\SysWow64\secur32.dll

2015-05-25 18:01 . 2015-06-13 15:09       221184  ----a-w- c:\windows\SysWow64\ncrypt.dll

2015-05-25 18:01 . 2015-06-13 15:09       14336    ----a-w- c:\windows\SysWow64\ntvdm64.dll

2015-05-25 18:01 . 2015-06-13 15:09       259584  ----a-w- c:\windows\SysWow64\msv1_0.dll

2015-05-25 18:01 . 2015-06-13 15:10       551424  ----a-w- c:\windows\SysWow64\kerberos.dll

2015-05-25 18:01 . 2015-06-13 15:09       17408    ----a-w- c:\windows\SysWow64\credssp.dll

2015-05-25 18:01 . 2015-06-13 15:09       641536  ----a-w- c:\windows\SysWow64\advapi32.dll

2015-05-25 18:01 . 2015-06-13 15:09       44032    ----a-w- c:\windows\apppatch\acwow64.dll

2015-05-25 18:00 . 2015-06-13 15:09       40448    ----a-w- c:\windows\SysWow64\typeperf.exe

2015-05-25 18:00 . 2015-06-13 15:09       364544  ----a-w- c:\windows\SysWow64\tracerpt.exe

2015-05-25 18:00 . 2015-06-13 15:09       25600    ----a-w- c:\windows\SysWow64\setup16.exe

2015-05-25 18:00 . 2015-06-13 15:09       37888    ----a-w- c:\windows\SysWow64\relog.exe

2015-05-25 18:00 . 2015-06-13 15:09       82944    ----a-w- c:\windows\SysWow64\logman.exe

2015-05-25 18:00 . 2015-06-13 15:09       17408    ----a-w- c:\windows\SysWow64\diskperf.exe

2015-05-25 18:00 . 2015-06-13 15:09       50176    ----a-w- c:\windows\SysWow64\auditpol.exe

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-05 658424]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2015-01-13 533872]

"mcpltui_exe"="c:\program files\Common~1\McAfee\Platform\mcuicnt.exe" [2014-09-17 643064]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-04 336384]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]

.

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HRBlockDirect.lnk - c:\program files (x86)\HRBlockDirect\HRBlockDirect.exe -auto [2014-2-6 10416168]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute       REG_MULTI_SZ                 autocheck autochk *\0\0sdnclean64.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [x]

R2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]

R2 mccspsvc;McAfee CSP Service;c:\program files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe;c:\program files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [x]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]

R2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]

R2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]

R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]

R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]

R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]

S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]

S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [x]

S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]

S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]

S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [x]

S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]

S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]

S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys;c:\windows\SYSNATIVE\drivers\usbfilter.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2015-07-15 02:07             991048  ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.134\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2015-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-26 02:02]

.

2015-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-06 20:42]

.

2015-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-06 20:42]

.

2015-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d001068b6241bc.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-06 20:42]

.

2015-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d0421dc6d26710.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-06 20:42]

.

2015-07-14 c:\windows\Tasks\HPCeeScheduleForOwner.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-24 1128448]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2010-10-21 37888]

"lxbxmon.exe"="c:\program files (x86)\Lexmark 7100 Series\lxbxmon.exe" [2007-05-11 205744]

"EzPrint"="c:\program files (x86)\Lexmark 7100 Series\ezprint.exe" [2007-05-11 103344]

"LXBXCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXBXtime.dll" [2007-03-22 28672]

.

------- Supplementary Scan -------

.

uStart Page = https://www.yahoo.com/?fr=yset_ie_syc_oracle&type=hpset

uLocal Page = c:\windows\system32\blank.htm

mStart Page = about:blank

mLocal Page = c:\windows\SYSTEM32\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB

FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5vk7pbqi.default\

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.18"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2015-07-18  17:03:19

ComboFix-quarantined-files.txt  2015-07-18 22:03

ComboFix2.txt  2015-07-15 03:02

ComboFix3.txt  2015-07-07 15:01

ComboFix4.txt  2015-06-30 17:17

ComboFix5.txt  2015-07-18 21:51

.

Pre-Run: 850,557,648,896 bytes free

Post-Run: 850,130,919,424 bytes free

.

- - End Of File - - 7F698E58FF1A8BF555988A7CEF16BB8B

A36C5E4F47E84449FF07ED3517B43A31



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:28 PM

Posted 19 July 2015 - 12:52 PM

Please follow these instructions to do a clean reinstall of MBAM.

When finished, run a scan and post the log.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 CJB445

CJB445
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 AM

Posted 19 July 2015 - 01:43 PM

Well, I downloaded the Mbam clean to my desktop but it will not run. Also tried in safe mode, still will not run. Thanks



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:28 PM

Posted 20 July 2015 - 08:29 AM

Windows Repair (all-in-one)

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 2 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool indicates that the Check Disk is needed click on Do It button next to 2. Check Disk.
In that case make sure you restart computer.

p22004342.gif


Once the above is done go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22004343.gif


Go to Step 4 and under "System Restore" click on Create button:

p22004346.gif


Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

p22004347.gif

Post Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 CJB445

CJB445
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 AM

Posted 20 July 2015 - 10:02 PM

The checkdisk took many hours, but finally finished.

Windows repair log.

Thanks.

 

Tweaking.com - Windows Repair v3.2.5

--------------------------------------------------------------------------------

 

System Variables

--------------------------------------------------------------------------------

OS: Windows 7 Home Premium

OS Architecture: 64-bit

OS Version: 6.1.7601

OS Service Pack: Service Pack 1

Computer Name: OWNER-HP

Windows Drive: C:\

Windows Path: C:\Windows

Program Files: C:\Program Files

Program Files (x86): C:\Program Files (x86)

Current Profile: C:\Users\Owner

Current Profile SID: S-1-5-21-3620870084-1625368287-1718614045-1000

Current Profile Classes: S-1-5-21-3620870084-1625368287-1718614045-1000_Classes

Profiles Location: C:\Users

Profiles Location 2: C:\Windows\ServiceProfiles

Local Settings AppData: C:\Users\Owner\AppData\Local

--------------------------------------------------------------------------------

 

System Information

--------------------------------------------------------------------------------

System Up Time: 0 Days 00:20:56

 

Process Count: 35

Commit Total: 988.21 MB

Commit Limit: 10.97 GB

Commit Peak: 1.13 GB

Handle Count: 7438

Kernel Total: 467.96 MB

Kernel Paged: 379.79 MB

Kernel Non Paged: 88.17 MB

System Cache: 4.53 GB

Thread Count: 364

--------------------------------------------------------------------------------

 

Memory Before Cleaning with CleanMem

--------------------------------------------------------------------------------

Memory Total: 5.48 GB

Memory Used: 1.15 GB(20.8836%)

Memory Avail.: 4.34 GB

--------------------------------------------------------------------------------

 

Cleaning Memory Before Starting Repairs...

 

Memory After Cleaning with CleanMem

--------------------------------------------------------------------------------

Memory Total: 5.48 GB

Memory Used: 837.92 MB(14.9187%)

Memory Avail.: 4.67 GB

--------------------------------------------------------------------------------

 

Starting Repairs...

   Started at (7/20/2015 9:37:20 PM)

 

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...

Total Missing 'InstallDate' Fixed: 164

 

01 - Reset Registry Permissions 01/03

   HKEY_CURRENT_USER & Sub Keys

   Start (7/20/2015 9:37:21 PM)

 

   Running Repair Under Current User Account

   Done (7/20/2015 9:37:33 PM)

 

01 - Reset Registry Permissions 02/03

   HKEY_LOCAL_MACHINE & Sub Keys

   Start (7/20/2015 9:37:33 PM)

 

 

Decompressing & Updating Windows Permission File services.txt

Done,  0.19 seconds.

 

   Running Repair Under System Account

   Done (7/20/2015 9:41:10 PM)

 

01 - Reset Registry Permissions 03/03

   HKEY_CLASSES_ROOT & Sub Keys

   Start (7/20/2015 9:41:10 PM)

 

   Running Repair Under System Account

   Done (7/20/2015 9:42:10 PM)

 

03 - Reset Service Permissions

   Start (7/20/2015 9:42:10 PM)

 

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/20/2015 9:42:25 PM)

 

04 - Register System Files

   Start (7/20/2015 9:42:25 PM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/20/2015 9:43:00 PM)

 

05 - Repair WMI

   Start (7/20/2015 9:43:00 PM)

 

   Starting Security Center So We Can Export The Security Info.

 

   Exporting Antivirus Info...

   McAfee Anti-Virus and Anti-Spyware Exported.

 

   Exporting AntiSpyware Info...

   Windows Defender Exported.

   McAfee Anti-Virus and Anti-Spyware Exported.

 

   Exporting 3rd Party Firewall Info...

   McAfee Firewall Exported.

 

   Running Repair Under Current User Account

   Done (7/20/2015 9:44:38 PM)

 

06 - Repair Windows Firewall

   Start (7/20/2015 9:44:38 PM)

   Running Repair Under Current User Account

 

Decompressing & Updating Windows Permission File services.txt

Done,  0.14 seconds.

 

   Running Repair Under System Account

   Done (7/20/2015 9:45:09 PM)

 

07 - Repair Internet Explorer

   Start (7/20/2015 9:45:09 PM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/20/2015 9:45:27 PM)

 

08 - Repair MDAC/MS Jet

   Start (7/20/2015 9:45:27 PM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/20/2015 9:45:31 PM)

 

09 - Repair Hosts File

   Start (7/20/2015 9:45:31 PM)

   Running Repair Under System Account

   Done (7/20/2015 9:45:32 PM)

 

10 - Remove Policies Set By Infections

   Start (7/20/2015 9:45:32 PM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/20/2015 9:45:34 PM)

 

12 - Repair Icons

   Start (7/20/2015 9:45:34 PM)

   Running Repair Under Current User Account

   Done (7/20/2015 9:45:35 PM)

 

13 - Repair Network

   Start (7/20/2015 9:45:36 PM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/20/2015 9:45:52 PM)

 

15 - Repair Proxy Settings

   Start (7/20/2015 9:45:52 PM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/20/2015 9:45:54 PM)

 

17 - Repair Windows Updates

   Start (7/20/2015 9:45:54 PM)

   Running Repair Under Current User Account

 

Decompressing & Updating Windows Permission File services.txt

Done,  0.14 seconds.

 

   Running Repair Under System Account

   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.

   Done (7/20/2015 9:46:17 PM)

 

18 - Repair CD/DVD Missing/Not Working

   Start (7/20/2015 9:46:17 PM)

   iTunes not found, not applying UpperFilters iTunes Reg Key

   Done (7/20/2015 9:46:17 PM)

 

19 - Repair Volume Shadow Copy Service

   Start (7/20/2015 9:46:17 PM)

   Running Repair Under Current User Account

 

Decompressing & Updating Windows Permission File services.txt

Done,  0.14 seconds.

 

   Running Repair Under System Account

   Done (7/20/2015 9:46:37 PM)

 

21 - Repair MSI (Windows Installer)

   Start (7/20/2015 9:46:37 PM)

   Running Repair Under Current User Account

 

Decompressing & Updating Windows Permission File services.txt

Done,  0.14 seconds.

 

   Running Repair Under System Account

   Done (7/20/2015 9:46:47 PM)

 

23.01 - Repair bat Association

   Start (7/20/2015 9:46:47 PM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/20/2015 9:46:49 PM)

 

23.02 - Repair cmd Association

   Start (7/20/2015 9:46:50 PM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/20/2015 9:46:52 PM)

 

23.03 - Repair com Association

   Start (7/20/2015 9:46:52 PM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/20/2015 9:46:54 PM)

 

23.04 - Repair Directory Association

   Start (7/20/2015 9:46:54 PM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/20/2015 9:46:56 PM)

 

23.05 - Repair Drive Association

   Start (7/20/2015 9:46:56 PM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/20/2015 9:46:58 PM)

 

23.06 - Repair exe Association

   Start (7/20/2015 9:46:58 PM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/20/2015 9:47:00 PM)

 

23.07 - Repair Folder Association

   Start (7/20/2015 9:47:00 PM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/20/2015 9:47:02 PM)

 

23.08 - Repair inf Association

   Start (7/20/2015 9:47:02 PM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/20/2015 9:47:04 PM)

 

23.09 - Repair lnk (Shortcuts) Association

   Start (7/20/2015 9:47:04 PM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/20/2015 9:47:06 PM)

 

23.10 - Repair msc Association

   Start (7/20/2015 9:47:06 PM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/20/2015 9:47:08 PM)

 

23.11 - Repair reg Association

   Start (7/20/2015 9:47:09 PM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/20/2015 9:47:11 PM)

 

23.12 - Repair scr Association

   Start (7/20/2015 9:47:11 PM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/20/2015 9:47:13 PM)

 

24 - Repair Windows Safe Mode

   Start (7/20/2015 9:47:13 PM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/20/2015 9:47:15 PM)

 

25 - Repair Print Spooler

   Start (7/20/2015 9:47:15 PM)

   Running Repair Under Current User Account

 

Decompressing & Updating Windows Permission File services.txt

Done,  0.14 seconds.

 

   Running Repair Under System Account

   Done (7/20/2015 9:47:19 PM)

 

26 - Restore Important Windows Services

   Start (7/20/2015 9:47:19 PM)

   Running Repair Under Current User Account

 

Decompressing & Updating Windows Permission File services.txt

Done,  0.14 seconds.

 

   Running Repair Under System Account

   Done (7/20/2015 9:47:26 PM)

 

27 - Set Windows Services To Default Startup

   Start (7/20/2015 9:47:26 PM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/20/2015 9:47:33 PM)

 

   Skipping Repair.

   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.

   Current version: 6.1

 

   Skipping Repair.

   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.

   Current version: 6.1

 

   Skipping Repair.

   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.

   Current version: 6.1

 

31 - Repair Windows 'New' Submenu

   Start (7/20/2015 9:47:34 PM)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (7/20/2015 9:47:36 PM)

 

33 - Repair Performance Counters

   Start (7/20/2015 9:47:36 PM)

   Running Repair Under Current User Account

   Done (7/20/2015 9:47:50 PM)

 

Cleaning up empty logs...

 

All Selected Repairs Done.

   Done at (7/20/2015 9:47:50 PM)

   Total Repair Time: 00:10:31






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users