Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

can''t run superantispyware "not valid win32 application"


  • This topic is locked This topic is locked
29 replies to this topic

#1 Achaemenid

Achaemenid

  • Members
  • 425 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 07 August 2015 - 12:42 PM

This started happening to me when I had my previous HDD. I could not run many anti-virus anti-malware scanners because windows would tell me they were not "valid win32 application.' 

 

I thought it was because my old HDD was shot. 

 

But I am getting the same thing on a brand new HDD. 

 

I don't know if this is a virus or not. I find it hard to believe I could have the same virus from one HDD to another unless it came through my USB, or through one of the sites I habitually visit. 

 

If it is not a virus perhaps it can be moved to software forum. 

 

any suggestions appreciated.  



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,541 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:55 AM

Posted 08 August 2015 - 08:34 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running now?
Wait for further instructions.

#3 Achaemenid

Achaemenid
  • Topic Starter

  • Members
  • 425 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 08 August 2015 - 02:20 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/9/2015
Scan Time: 1:54 AM
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.08.08.03
Rootkit Database: v2015.08.06.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7
CPU: x64
File System: NTFS
User: Sony
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 343325
Time Elapsed: 18 min, 48 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.OpenCandy, C:\Users\Sony\Desktop\PGMS DESK\SetupImgBurn_2.5.8.0.exe, , [303344c25536a2940b59056d5ea72ed2], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#4 Achaemenid

Achaemenid
  • Topic Starter

  • Members
  • 425 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 08 August 2015 - 02:57 PM

something strange happens to the downloads. I am using Chrono download mgr for Chrome

 

A certain amount will download and the progress indicator to the left will show it in the download window. Then the download will stop and it will say 0B/s, 99 days to finish.  And it will stop there. 

 

Then I download it again and it will download a little bit more so it will be a few bytes ahead, but that will stop too

 

then I do new download. on and on. 

 

https://www.sendspace.com/file/dzc50t

 

It finally downloaded, but when i tried to run it I got the same answer: "not a win32 application."  I can't run FARBAR


Edited by Achaemenid, 08 August 2015 - 03:23 PM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,541 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:55 AM

Posted 09 August 2015 - 07:10 AM

Try this one.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

If still getting the error message "not a win32 application." then the malware is possibly corrupting the downloaded file.

If you can download the file to a flash drive from an other good computer.
Copy the file to the desktop of the problem computer and run it.

Post the log if you can.

#6 Achaemenid

Achaemenid
  • Topic Starter

  • Members
  • 425 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 09 August 2015 - 12:57 PM

I am having a lot of trouble downloading lately and even before I change HDD's and changed from Win 7 pro to Ultimate. 

 

I downloaded doPDF and tried to run it to create a pdf but suddenly it said my license was not valid.  I have always used doPDF free. 

 

I will run the zoek test now. 



#7 Achaemenid

Achaemenid
  • Topic Starter

  • Members
  • 425 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 09 August 2015 - 03:14 PM

Zoek would not complete. it stopped after a few minutes and froze.   This file is not what it produced, it is what I copied after it froze. 

 
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Sony on Mon 08/10/2015 at  1:16:29.71.
Microsoft Windows 7 Ultimate  6.1.7600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Sony\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
===== Runcheck  1:17:47.94 =====
 
--- Create Environment Variables  1:17:50.45 
--- Create System Restore Point  1:18:01.12 
--- Checking Input  1:18:40.01 
--- AU AppData Check  1:19:15.44 
--- Remove From Windows Installer  1:19:19.84 
--- Registry HKLM Software Check  1:21:40.10 
--- Quick Launch Shortcut Check  1:22:07.26 
--- IE Startpage Check  1:22:19.22 
--- Program Files DB Check  1:23:01.24 
--- C:\Users\Default\AppData\Roaming DB Check  1:24:24.27 
--- C:\Users\Default User\AppData\Roaming DB Check  1:24:24.27 
--- C:\Users\Sony\AppData\Roaming DB Check  1:24:24.27 
--- C:\Windows\SysNative\config\systemprofile\AppData\Roaming DB Check  1:24:24.27 
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming DB Check  1:24:24.27 
--- C:\Windows\serviceprofiles\networkservice\AppData\Roaming DB Check  1:24:24.27 
--- C:\Windows\serviceprofiles\Localservice\AppData\Roaming DB Check  1:24:24.27 
--- C:\Users\Sony DB Check  1:28:27.98 
--- C:\PROGRA~3 DB Check  1:28:58.66 
--- C:\Users\Default\AppData\Local DB Check  1:29:05.22 
--- C:\Users\Default User\AppData\Local DB Check  1:29:05.22 
--- C:\Users\Sony\AppData\Local DB Check  1:29:05.22 
--- C:\Windows\SysNative\config\systemprofile\AppData\Local DB Check  1:29:05.22 
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Local DB Check  1:29:05.22 
--- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check  1:29:05.22 
--- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check  1:29:05.22 
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check  1:31:53.85 
--- C:\Users\Sony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check  1:32:11.79 
--- Tasks DB Check  1:32:23.20 
--- Downloads DB Check  1:32:29.97 
--- C:\Users\Sony\AppData\LocalLow DB Check  1:32:37.52 
--- C:\Windows\SysNative\config\systemprofile\AppData\LocalLow DB Check  1:32:37.52 
--- C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow DB Check  1:32:37.52 
--- C:\Windows\serviceprofiles\Localservice\AppData\LocalLow DB Check  1:32:37.52 
--- Tasks2 DB Check  1:33:50.45 
--- Documents DB Check  1:34:42.02 
--- C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\ndlwy6bo.default DB Check  1:34:55.72 
--- C:\Users\Public\Desktop DB Check  1:34:59.91 
--- C:\Users\Sony\Desktop DB Check  1:35:09.65 
--- Services DB Check  1:35:26.42 
--- FF prefs.js DB Check  1:36:09.93 
=============================================
 
I will try running it once more. 


#8 Achaemenid

Achaemenid
  • Topic Starter

  • Members
  • 425 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 09 August 2015 - 03:34 PM

# AdwCleaner v4.208 - Logfile created 10/08/2015 at 03:29:28
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 7 Ultimate  (x64)
# Username : Sony - SONY-PC
# Running from : C:\Users\Sony\Desktop\adwcleaner_4.208.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\prefs.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v8.0.7600.16385
 
 
-\\ Mozilla Firefox v39.0.3 (x86 en-US)
 
 
-\\ Google Chrome v44.0.2403.130
 
 
*************************
 
AdwCleaner[R0].txt - [1192 bytes] - [10/08/2015 03:19:38]
AdwCleaner[R1].txt - [945 bytes] - [10/08/2015 03:28:18]
AdwCleaner[S0].txt - [875 bytes] - [10/08/2015 03:29:28]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [933  bytes] ##########


#9 Achaemenid

Achaemenid
  • Topic Starter

  • Members
  • 425 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 09 August 2015 - 04:40 PM

I tried zoek a second time. It hangs. 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,541 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:55 AM

Posted 10 August 2015 - 07:58 AM

Run the Zoek tool and just paste the following in the Code box.

autoclean;

Can you get it to complete?

#11 Achaemenid

Achaemenid
  • Topic Starter

  • Members
  • 425 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 10 August 2015 - 04:04 PM

Run the Zoek tool and just paste the following in the Code box.

autoclean;

Can you get it to complete?

I don't think so. It just seems to hang after a few lines. 

 

Zoek cannot be shut down. I have to do a restart to get it to stop. 

 

There about 20 options at the bottom of the zoek screen.  Would it do any good to check any of these?



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,541 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:55 AM

Posted 11 August 2015 - 07:33 AM

No sure something is blocking all programs.

Rename zoek.exe to zoek.com and try to run the fix I suggested.
Make sure you right click on the zoek.com and select run as an Administrator.

If that fails and you wish to try some of the options select the following one option at a time.
Empty Temp
Auto Clean
Do a Quick scan


If all fails try this tool.

Please Download and run the ComboFix tool.

How to use ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Follow the instructions on the page.

Post the content of the C:\ComboFix.txt file for my review.

p.s.
When all is well you can remove the tool by following the Uninstall instructions on the same page.

#13 Achaemenid

Achaemenid
  • Topic Starter

  • Members
  • 425 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 12 August 2015 - 05:55 AM

No sure something is blocking all programs.

Rename zoek.exe to zoek.com and try to run the fix I suggested.
Make sure you right click on the zoek.com and select run as an Administrator.

....

If all fails try this tool.

Please Download and run the ComboFix tool.
....

p.s.
When all is well you can remove the tool by following the Uninstall instructions on the same page.

zoek would not work. There is no file extension name on the icon, so I right clicked and changed the name to .com but when it ran it showed it was called zoek.com.exe. 

 

At first I could not download combofix. Finally got it. Whoever or whatever is sending in the problem may be infecting the browsers through sites I visit. So they may be creating clones or infecting the sites directly. Just my uninformed guess. 

 

I disabled ESET, SPYBOT, and EMSISOFT and my FIREWALL. The scan says Windows Defender was enabled. I did not know I even had it.  I can disable it and run the scan again if you want. 

 

====================================================

 

ComboFix 15-08-08.01 - Sony 08/12/2015  17:40:11.1.8 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.6125.4341 [GMT 7:00]
Running from: c:\users\Sony\Desktop\ComboFix.exe
AV: Emsisoft Anti-Malware *Disabled/Updated* {2F44E1F9-850B-1C7A-0E56-EB2E0A3E20C9}
AV: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Emsisoft Anti-Malware *Disabled/Updated* {9425001D-A331-13F4-34E6-D05C71B96A74}
SP: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2015-07-12 to 2015-08-12  )))))))))))))))))))))))))))))))
.
.
2015-08-12 10:46 . 2015-08-12 10:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-09 20:19 . 2015-08-09 20:29 -------- d-----w- C:\AdwCleaner
2015-08-09 18:14 . 2015-08-09 18:14 -------- d-----w- C:\zoek_backup
2015-08-09 10:12 . 2015-08-09 10:12 -------- d-----w- c:\program files (x86)\Softland
2015-08-09 10:11 . 2015-08-09 10:11 -------- d-----w- c:\programdata\regid.2008-09.org.wixtoolset
2015-08-09 10:11 . 2015-08-09 10:12 -------- d-----w- c:\programdata\Package Cache
2015-08-08 23:08 . 2015-08-08 23:08 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14596476-108F-417B-92B4-95466C9C1697}\offreg.764.dll
2015-08-08 22:31 . 2015-08-08 22:31 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2015-08-08 18:45 . 2015-08-09 19:31 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-08 18:45 . 2015-08-08 18:45 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-08-08 18:45 . 2015-08-08 18:45 -------- d-----w- c:\programdata\Malwarebytes
2015-08-08 18:45 . 2015-06-18 01:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-08-08 18:45 . 2015-06-18 01:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-08-08 18:45 . 2015-06-18 01:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-08-08 18:19 . 2015-08-08 18:19 -------- d-----w- c:\program files (x86)\qBittorrent
2015-08-08 00:07 . 2015-08-08 20:11 -------- d-----w- c:\program files\7-Zip
2015-08-07 18:19 . 2015-08-07 18:19 -------- d-----w- c:\program files\CCleaner
2015-08-07 18:16 . 2015-08-07 18:16 -------- d-----w- c:\programdata\QFX Software
2015-08-07 18:16 . 2015-06-03 13:43 224208 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2015-08-07 17:44 . 2015-08-07 17:44 -------- d-----w- c:\programdata\Emsisoft
2015-08-07 16:44 . 2015-03-23 17:17 135800 ----a-w- c:\windows\system32\drivers\epp64.sys
2015-08-07 16:44 . 2015-08-12 10:33 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2015-08-06 23:08 . 2015-08-06 23:08 -------- d-----w- c:\windows\SysWow64\drivers\UMDF\it-IT
2015-08-06 23:08 . 2015-08-06 23:08 -------- d-----w- c:\windows\SysWow64\0410
2015-08-06 23:08 . 2015-08-06 23:08 -------- d-----w- c:\windows\system32\0410
2015-08-06 23:06 . 2015-08-06 23:06 -------- d-----w- c:\windows\SysWow64\drivers\UMDF\ja-JP
2015-08-06 23:06 . 2015-08-06 23:06 -------- d-----w- c:\windows\SysWow64\0411
2015-08-06 23:06 . 2015-08-06 23:06 -------- d-----w- c:\windows\system32\0411
2015-08-06 23:03 . 2015-08-07 06:40 -------- d-----w- c:\windows\system32\drivers\UMDF\el-GR
2015-08-06 23:01 . 2015-08-07 06:39 -------- d-----w- c:\windows\SysWow64\drivers\ro-RO
2015-08-06 23:01 . 2015-08-07 06:41 -------- d-----w- c:\windows\ro-RO
2015-08-06 23:01 . 2015-08-07 06:39 -------- d-----w- c:\windows\SysWow64\drivers\pl-PL
2015-08-06 23:01 . 2015-08-07 06:39 -------- d-----w- c:\windows\SysWow64\pl
2015-08-06 23:01 . 2015-08-07 06:39 -------- d-----w- c:\windows\SysWow64\wbem\pl-PL
2015-08-06 23:01 . 2015-08-07 06:41 -------- d-----w- c:\windows\pl-PL
2015-08-06 23:00 . 2015-08-07 06:40 -------- d-----w- c:\windows\system32\drivers\UMDF\pl-PL
2015-08-06 23:00 . 2015-08-07 06:40 -------- d-----w- c:\windows\system32\drivers\pl-PL
2015-08-06 23:00 . 2015-08-07 06:39 -------- d-----w- c:\windows\system32\wbem\pl-PL
2015-08-06 23:00 . 2015-08-07 06:40 -------- d-----w- c:\windows\system32\pl
2015-08-06 22:59 . 2015-08-06 22:59 -------- d-----w- c:\windows\SysWow64\drivers\UMDF\fr-FR
2015-08-06 22:59 . 2015-08-06 22:59 -------- d-----w- c:\windows\SysWow64\040C
2015-08-06 22:58 . 2015-08-06 22:58 -------- d-----w- c:\windows\system32\040C
2015-08-06 22:54 . 2015-08-07 06:39 -------- d-----w- c:\windows\SysWow64\drivers\sk-SK
2015-08-06 22:54 . 2015-08-07 06:39 -------- d-----w- c:\windows\SysWow64\wbem\sk-SK
2015-08-06 22:54 . 2015-08-09 06:40 -------- d-----w- c:\windows\sk-SK
2015-08-06 22:53 . 2015-08-07 06:40 -------- d-----w- c:\windows\system32\drivers\sk-SK
2015-08-06 22:53 . 2015-08-07 06:39 -------- d-----w- c:\windows\system32\wbem\sk-SK
2015-08-06 21:08 . 2015-08-06 21:08 -------- d-----w- c:\windows\system32\EventProviders
2015-08-06 21:08 . 2015-08-07 06:42 -------- d-----w- C:\6d1ab6dd71bc1e8a95d70c61ebe5
2015-08-06 17:57 . 2015-08-07 06:48 -------- d-----w- c:\windows\SysWow64\wbem\th-TH
2015-08-06 17:57 . 2015-08-06 17:57 -------- d-----w- c:\windows\SysWow64\drivers\th-TH
2015-08-06 17:57 . 2015-08-06 17:57 -------- d-----w- c:\windows\system32\drivers\th-TH
2015-08-06 17:57 . 2015-08-07 06:48 -------- d-----w- c:\windows\system32\wbem\th-TH
2015-08-06 17:56 . 2015-08-06 17:56 -------- d-----w- c:\windows\th-TH
2015-08-06 17:51 . 2015-08-06 17:51 -------- d-----w- c:\windows\fi-FI
2015-08-06 17:51 . 2015-08-06 17:51 -------- d-----w- c:\windows\SysWow64\XPSViewer
2015-08-06 17:51 . 2015-08-06 17:51 -------- d-----w- c:\windows\SysWow64\drivers\fi-FI
2015-08-06 17:51 . 2015-08-07 06:48 -------- d-----w- c:\windows\SysWow64\fi
2015-08-06 17:51 . 2015-08-07 06:48 -------- d-----w- c:\windows\SysWow64\wbem\fi-FI
2015-08-06 17:51 . 2015-08-07 06:48 -------- d-----w- c:\windows\system32\fi
2015-08-06 17:51 . 2015-08-07 06:48 -------- d-----w- c:\windows\system32\drivers\fi-FI
2015-08-06 17:51 . 2015-08-06 17:51 -------- d-----w- c:\windows\system32\drivers\UMDF\fi-FI
2015-08-06 17:51 . 2015-08-07 06:48 -------- d-----w- c:\windows\system32\wbem\fi-FI
2015-08-06 17:45 . 2009-07-13 12:01 3584 ----a-w- c:\windows\system32\Spool\prtprocs\x64\fi-FI\LXKPTPRC.DLL.mui
2015-08-06 16:31 . 2015-08-06 16:31 -------- d-----w- c:\program files\TAP-Windows
2015-08-06 16:16 . 2015-07-21 00:25 12222168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14596476-108F-417B-92B4-95466C9C1697}\mpengine.dll
2015-08-04 19:03 . 2015-08-04 19:03 -------- d-----w- c:\programdata\Softland
2015-08-04 19:02 . 2015-08-09 10:12 -------- d-----w- c:\program files\Softland
2015-08-03 12:18 . 2015-08-10 20:57 -------- d-----w- c:\program files (x86)\KeyScrambler
2015-08-01 12:19 . 2015-08-01 12:45 -------- d-----w- C:\searchplugins
2015-08-01 12:17 . 2015-08-01 12:17 422400 ----a-w- c:\windows\system32\LavasoftTcpService64.dll
2015-08-01 12:17 . 2015-08-01 12:17 342016 ----a-w- c:\windows\SysWow64\LavasoftTcpService.dll
2015-08-01 12:12 . 2015-08-06 10:18 -------- d-----w- c:\program files (x86)\ImgBurn
2015-07-31 21:57 . 2015-08-06 10:11 -------- d-----w- c:\program files\Common Files\AV
2015-07-31 21:31 . 2013-09-20 03:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2015-07-31 21:31 . 2015-08-12 07:43 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2015-07-31 21:31 . 2015-08-06 10:18 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2015-07-31 12:11 . 2015-08-06 10:18 -------- d-----w- c:\program files (x86)\Common Files\Skype
2015-07-31 12:11 . 2015-08-06 10:18 -------- d-----r- c:\program files (x86)\Skype
2015-07-31 12:11 . 2015-08-06 10:11 -------- d-----w- c:\programdata\Skype
2015-07-30 19:21 . 2015-08-05 18:04 -------- d-----w- c:\windows\system32\MRT
2015-07-30 19:13 . 2015-03-19 03:07 5503416 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-07-30 19:13 . 2015-03-19 02:57 3908024 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-07-30 19:13 . 2015-03-19 02:57 3963320 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-07-30 19:13 . 2013-03-19 05:54 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-07-30 19:13 . 2013-03-19 04:53 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2015-07-30 19:13 . 2013-03-19 03:19 112640 ----a-w- c:\windows\system32\smss.exe
2015-07-30 19:12 . 2014-09-15 00:44 3195392 ----a-w- c:\windows\system32\win32k.sys
2015-07-30 19:12 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2015-07-30 19:12 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2015-07-30 19:06 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2015-07-30 19:06 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2015-07-30 19:06 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2015-07-30 19:06 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2015-07-30 19:05 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2015-07-30 19:05 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2015-07-30 19:05 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2015-07-30 19:05 . 2012-06-02 08:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2015-07-30 19:05 . 2012-06-02 08:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-07-30 18:59 . 2015-07-30 18:59 -------- d-----w- c:\program files\ESET
2015-07-30 14:15 . 2015-07-30 14:15 -------- d-----w- c:\program files (x86)\Microsoft.NET
2015-07-30 14:14 . 2009-11-25 05:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2015-07-30 14:14 . 2009-11-25 05:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2015-07-30 14:14 . 2009-11-25 05:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2015-07-30 14:14 . 2009-11-25 05:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2015-07-30 14:14 . 2009-11-25 05:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2015-07-30 14:14 . 2009-11-25 05:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2015-07-30 14:14 . 2009-11-25 05:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2015-07-30 14:14 . 2009-11-25 05:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2015-07-30 14:14 . 2009-11-25 05:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2015-07-30 14:14 . 2009-11-25 05:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2015-07-30 12:19 . 2015-07-30 12:19 -------- d-s---w- c:\windows\SysWow64\Microsoft
2015-07-29 19:09 . 2015-07-29 04:16 -------- d-----w- c:\windows\Panther
2015-07-29 16:47 . 2015-08-06 16:31 -------- d-----w- c:\program files\OpenVPN
2015-07-29 16:41 . 2015-07-29 16:41 -------- d-----w- c:\program files (x86)\VS Revo Group
2015-07-29 16:30 . 2015-08-12 10:29 -------- d-----w- c:\program files (x86)\Google
2015-07-29 14:01 . 2015-07-29 14:01 -------- d-----w- c:\program files (x86)\OpenOffice 4
2015-07-29 13:55 . 2015-07-29 13:55 -------- d-----w- c:\program files\redist
2015-07-29 13:55 . 2015-07-29 13:55 -------- d-----w- c:\program files\readmes
2015-07-29 13:55 . 2015-07-29 13:55 -------- d-----w- c:\program files\licenses
2015-07-29 12:51 . 2015-07-29 12:51 -------- d-----w- c:\program files (x86)\SlimBrowser
2015-07-29 12:45 . 2015-07-29 12:45 -------- d-----w- c:\program files (x86)\Slimjet
2015-07-29 05:16 . 2015-07-29 05:16 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2015-07-29 05:15 . 2015-07-29 05:15 -------- d-----w- c:\program files\Adobe
2015-07-29 05:11 . 2015-07-29 05:15 -------- d-----w- c:\program files\Common Files\Adobe
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-13 00:14 . 2015-07-13 00:14 255240 ----a-w- c:\windows\system32\drivers\eamonm.sys
2015-07-13 00:14 . 2015-07-13 00:14 251632 ----a-w- c:\windows\system32\drivers\edevmon.sys
2015-07-13 00:14 . 2015-07-13 00:14 178520 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2015-07-13 00:14 . 2015-07-13 00:14 168208 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2014-08-13 08:48 . 2014-08-13 08:48 478720 ----a-w- c:\program files\setup.exe
2014-08-13 08:48 . 2014-08-13 08:48 2310144 ----a-w- c:\program files\openoffice411.msi
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotPostWindows10UpgradeReInstall"="c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [2015-07-28 1011200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
"emsisoft anti-malware"="c:\program files (x86)\emsisoft anti-malware\a2guard.exe" [2015-08-07 4939288]
"KeyScrambler"="c:\program files (x86)\KeyScrambler\keyscrambler.exe" [2015-07-28 509216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-11-30 12:20 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 epp64;epp64;c:\windows\system32\DRIVERS\epp64.sys;c:\windows\SYSNATIVE\DRIVERS\epp64.sys [x]
S2 a2AntiMalware;Emsisoft Protection Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 NovaPdfServer;novaPDF Server;c:\program files\Softland\novaPDF 8\Server\novapdfs.exe;c:\program files\Softland\novaPDF 8\Server\novapdfs.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys;c:\windows\SYSNATIVE\DRIVERS\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsne64.sys;c:\windows\SYSNATIVE\DRIVERS\risdsne64.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys;c:\windows\SYSNATIVE\drivers\keyscrambler.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-12 10:29 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.155\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-29 20:08]
.
2015-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-08-12 10:28]
.
2015-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-08-12 10:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-19 9636896]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-03 446392]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2015-07-08 5595848]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://whatismyipaddress.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: localhost
Trusted Zone: webcompanion.com
TCP: DhcpNameServer = 10.5.50.1 203.176.128.10 203.176.130.34
TCP: Interfaces\{A70945C0-DA4F-4789-A485-631FCADAE01F}: NameServer = 50.28.104.28 50.28.102.53
FF - ProfilePath - c:\users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\ndlwy6bo.default\
FF - prefs.js: browser.startup.homepage - hxxp://whatismyipaddress.com/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Notify-SDWinLogon - SDWinLogon.dll
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_133_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_133_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_133_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_133_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_133.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_133.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_133.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_133.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-08-12  17:48:51
ComboFix-quarantined-files.txt  2015-08-12 10:48
.
Pre-Run: 421,637,730,304 bytes free
Post-Run: 421,520,601,088 bytes free
.
- - End Of File - - 616ED5C7B65948A9425EF3D3E9E4AB0D
A36C5E4F47E84449FF07ED3517B43A31

Edited by Achaemenid, 12 August 2015 - 05:59 AM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,541 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:55 AM

Posted 12 August 2015 - 09:14 AM

Just leave the Windows Defender active.

Rename the Farbar .exe you have downloaded.

In this case, find the farbar FILE and rename it Achaemenid.exe right click on the file and run it as an administrator.

Post the logs for my review.

#15 Achaemenid

Achaemenid
  • Topic Starter

  • Members
  • 425 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 12 August 2015 - 01:57 PM

Just leave the Windows Defender active.

Rename the Farbar .exe you have downloaded.

In this case, find the farbar FILE and rename it Achaemenid.exe right click on the file and run it as an administrator.

Post the logs for my review.

The FARBAR that I had only had about 20 kb, would not download completely which is probably why windows said it was not a "valid win32 application."

 

I was able to get a complete copy with torrent (pirate bay), but that would not run, even after I renamed it as you said. I tried running as admin and just double clicking it. Nothing. 

 

I have noticed that if I uninstall then reinstall Chrome, chrome seems to work better for a little while. 


Edited by Achaemenid, 12 August 2015 - 01:58 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users