Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random 60-100 CPU usage.


  • Please log in to reply
1 reply to this topic

#1 pieceofcandy

pieceofcandy

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 09 November 2015 - 01:42 PM

Not sure what's causing it, checked some other websites some people were saying that windows defender ect can cause it, and it seemed like it was at one point so I was able to disable it but it continues to happen. 

 

It'll often shutdown after sitting at high amounts for a while and when I reboot it'll send me into a start up repair, which it won't be able to complete, said unable to repair. Another reboot lets me back in, and everything is back to normal, no problems. 

 

Opened resource manager while it was happening, it showed several of my normal programs, but turning them off didn't lower the CPU usage, and even now after a reboot they're on but no problem.

 

Any help would be appreciated, thanks!

 

 

 

combofix

 

ComboFix 15-11-09.01 - Travis 11/09/2015  23:21:08.1.12 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16298.12554 [GMT -10:00]
Running from: c:\users\Travis\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\Travis\AppData\Local\Temp\0Kraken71ChromaDevProps.dll
c:\users\Travis\AppData\Local\Temp\AFF1.tmp\F_IN_BOX.dll
c:\windows\SysWow64\logs
c:\windows\SysWow64\logs\Game - R3d Logs\2014-10-12T19-56-49_r3dlog.txt
c:\windows\SysWow64\tmp5C14.tmp
c:\windows\SysWow64\tmpCDB.tmp
c:\windows\SysWow64\tmpD0B.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2015-10-10 to 2015-11-10  )))))))))))))))))))))))))))))))
.
.
2015-11-10 10:19 . 2015-11-10 10:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-11-09 15:47 . 2015-10-13 09:47 11140960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6235DDEA-FA27-4178-84B0-617842310FBB}\mpengine.dll
2015-11-07 21:01 . 2015-10-13 09:47 11140960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-11-06 01:50 . 2015-11-06 01:50 -------- d-----w- c:\users\Travis\AppData\Roaming\java
2015-11-06 01:45 . 2015-11-06 01:49 -------- d-----w- c:\program files (x86)\Minecraft
2015-10-30 18:40 . 2015-11-09 18:26 -------- d-----w- c:\users\Travis\AppData\Roaming\Curse Client
2015-10-30 07:53 . 2015-10-30 07:53 57344 ----a-r- c:\users\Travis\AppData\Roaming\Microsoft\Installer\{002CFA1B-7085-4489-A1CD-DAFC05BAA545}\NewShortcut2_004CA6CE20F84A5EAA175F820D52B1AC.exe
2015-10-30 07:53 . 2015-10-30 07:53 53248 ----a-r- c:\users\Travis\AppData\Roaming\Microsoft\Installer\{002CFA1B-7085-4489-A1CD-DAFC05BAA545}\ARPPRODUCTICON.exe
2015-10-28 07:50 . 2015-07-01 07:50 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ED77B37C-9103-404B-BE7E-1D161FA40CD3}\gapaengine.dll
2015-10-16 09:34 . 2015-10-16 09:34 -------- d-----w- c:\programdata\PlaysTV
2015-10-12 13:45 . 2015-10-03 02:18 102520 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-09 18:13 . 2015-04-05 18:37 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-30 13:16 . 2013-05-24 22:44 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-10-30 13:16 . 2013-05-24 22:44 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-10-05 19:50 . 2014-12-28 11:58 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-10-05 19:50 . 2014-12-28 11:58 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-05 19:50 . 2013-06-18 21:10 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-10-05 09:07 . 2015-10-05 09:07 57344 ----a-r- c:\users\Travis\AppData\Roaming\Microsoft\Installer\{9E835F39-6633-4D1C-92CC-006F4D2F5E08}\NewShortcut11_98798AFA4B0B41FAA9B8FF8835A64952.exe
2015-10-05 09:07 . 2015-10-05 09:07 57344 ----a-r- c:\users\Travis\AppData\Roaming\Microsoft\Installer\{9E835F39-6633-4D1C-92CC-006F4D2F5E08}\NewShortcut1_3F3768693B314C7692F69858832BE52C.exe
2015-10-05 09:07 . 2015-10-05 09:07 53248 ----a-r- c:\users\Travis\AppData\Roaming\Microsoft\Installer\{9E835F39-6633-4D1C-92CC-006F4D2F5E08}\ARPPRODUCTICON.exe
2015-10-03 05:06 . 2015-08-15 19:28 3573832 ----a-w- c:\windows\system32\nvapi64.dll
2015-10-03 05:06 . 2015-08-15 19:28 3154104 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-10-03 05:06 . 2015-08-15 19:28 17395512 ----a-w- c:\windows\system32\nvwgf2umx.dll
2015-10-03 05:06 . 2015-08-15 19:28 12769408 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-10-03 05:06 . 2013-05-20 21:59 112944 ----a-w- c:\windows\system32\OpenCL.dll
2015-10-03 05:06 . 2013-05-20 21:59 105080 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-10-03 02:49 . 2013-05-20 21:59 6358648 ----a-w- c:\windows\system32\nvcpl.dll
2015-10-03 02:49 . 2013-05-20 21:59 2982520 ----a-w- c:\windows\system32\nvsvc64.dll
2015-10-03 02:49 . 2013-05-25 09:18 2554488 ----a-w- c:\windows\system32\nvsvcr.dll
2015-10-03 02:49 . 2013-05-20 21:59 938800 ----a-w- c:\windows\system32\nvvsvc.exe
2015-10-03 02:49 . 2013-05-20 21:59 62768 ----a-w- c:\windows\system32\nvshext.dll
2015-10-03 02:49 . 2013-05-20 21:59 385328 ----a-w- c:\windows\system32\nvmctray.dll
2015-10-01 09:33 . 2013-05-20 21:59 5284082 ----a-w- c:\windows\system32\nvcoproc.bin
2015-09-14 00:29 . 2015-09-22 17:54 1898288 ----a-w- c:\windows\system32\nvdispco6435598.dll
2015-09-14 00:29 . 2015-09-22 17:54 1558832 ----a-w- c:\windows\system32\nvdispgenco6435598.dll
2015-09-07 08:50 . 2015-09-07 12:23 3568840 ----a-w- c:\windows\SysWow64\GameMon.des
2015-08-27 00:37 . 2014-10-24 12:49 1423120 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-08-27 00:37 . 2014-10-24 12:49 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-08-27 00:36 . 2014-10-24 12:49 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-08-27 00:36 . 2014-10-24 12:49 1710568 ----a-w- c:\windows\system32\nvspcap64.dll
2015-08-25 18:46 . 2015-09-03 19:37 1558648 ----a-w- c:\windows\system32\nvdispgenco6435582.dll
2015-08-25 18:46 . 2015-09-03 19:37 1898288 ----a-w- c:\windows\system32\nvdispco6435582.dll
2015-08-13 02:03 . 2015-08-13 02:03 96528 ----a-w- c:\windows\system32\dns-sd.exe
2015-08-13 02:03 . 2015-08-13 02:03 86288 ----a-w- c:\windows\system32\dnssd.dll
2015-08-13 02:03 . 2015-08-13 02:03 61712 ----a-w- c:\windows\system32\jdns_sd.dll
2015-08-13 02:03 . 2015-08-13 02:03 213264 ----a-w- c:\windows\system32\dnssdX.dll
2015-08-13 02:03 . 2015-08-13 02:03 84240 ----a-w- c:\windows\SysWow64\dns-sd.exe
2015-08-13 02:03 . 2015-08-13 02:03 72976 ----a-w- c:\windows\SysWow64\dnssd.dll
2015-08-13 02:03 . 2015-08-13 02:03 50960 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2015-08-13 02:03 . 2015-08-13 02:03 178960 ----a-w- c:\windows\SysWow64\dnssdX.dll
2014-04-11 05:52 . 2014-04-11 05:52 14883840 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 194824 ----a-w- c:\users\Travis\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 194824 ----a-w- c:\users\Travis\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 194824 ----a-w- c:\users\Travis\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 194824 ----a-w- c:\users\Travis\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 194824 ----a-w- c:\users\Travis\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 194824 ----a-w- c:\users\Travis\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 194824 ----a-w- c:\users\Travis\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 194824 ----a-w- c:\users\Travis\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2015-11-05 3011152]
"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2015-09-23 8538648]
"Copy"="c:\users\Travis\AppData\Roaming\Copy\CopyAgent.exe" [2015-04-09 15410832]
"MusicManager"="c:\users\Travis\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2015-08-13 7646208]
"Gyazo"="c:\program files (x86)\Gyazo\GyStation.exe" [2015-08-20 3098424]
"GoogleChromeAutoLaunch_39608C24DBEA26FD09AA576BA35FFEF2"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-10-20 870728]
"SkinsSpotlightsReplay"="c:\users\Travis\Desktop\SkinSpotlightsReplays.RELEASE.exe" [2015-02-22 1180160]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-09-16 8461224]
"Dropbox Update"="c:\users\Travis\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-07-13 134512]
"uTorrent"="c:\users\Travis\AppData\Roaming\uTorrent\uTorrent.exe" [2015-10-13 1822048]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-09-28 57975424]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2015-10-08 3638768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2012-02-24 1885088]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-12 205336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-03 1021128]
"Kraken71ChromaHelper"="c:\program files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe" [2015-02-03 1600320]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2015-07-09 592704]
"PlaysTV"="c:\program files (x86)\PlaysTV\playstv_launcher.exe" [2015-10-19 56080]
.
c:\users\Travis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Curse.lnk - c:\users\Travis\AppData\Roaming\Curse Client\Bin\Curse.exe /startup [2015-9-30 7149960]
CurseClientStartup.ccip [2014-12-4 0]
Dropbox.lnk - c:\users\Travis\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-4 36711472]
Samsung Magician.lnk - c:\program files (x86)\Samsung SSD Magician\Samsung Magician.exe  /AUTOHIDE [2015-9-23 2952096]
Verizon Wireless Software Utility Application for Android – Samsung.lnk - c:\users\Travis\AppData\Roaming\VERIZON\UA_ar\UA.exe [2015-10-5 1245504]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com [2014-4-10 14883840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 BAPIDRV;BAPIDRV;c:\windows\system32\DRIVERS\BAPIDRV64.sys;c:\windows\SYSNATIVE\DRIVERS\BAPIDRV64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys;c:\windows\SYSNATIVE\DRIVERS\SteelBus64.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_T;NTIOLib_1_0_T;c:\program files (x86)\MSI\OTPService\NTIOLib_X64.sys;c:\program files (x86)\MSI\OTPService\NTIOLib_X64.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;c:\windows\system32\drivers\RzMaelstromVAD.sys;c:\windows\SYSNATIVE\drivers\RzMaelstromVAD.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [x]
R4 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R4 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
R4 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
R4 MSI_OTPService;MSI_OTPService;c:\program files (x86)\MSI\OTPService\OTPService.exe;c:\program files (x86)\MSI\OTPService\OTPService.exe [x]
R4 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [x]
S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [x]
S2 DisplayFusionService;DisplayFusionService;c:\program files (x86)\DisplayFusion\DisplayFusionService.exe;c:\program files (x86)\DisplayFusion\DisplayFusionService.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys;c:\windows\SYSNATIVE\drivers\rzpnk.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 cmudaxp;ASUS Xonar DX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Pro Webcam C920(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3hub.sys [x]
S3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3xhc.sys [x]
S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
S3 rzudd;Razer Keyboard Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys;c:\windows\SYSNATIVE\DRIVERS\sxuptp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NVSTREAMKMS
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ   w3svc was
apphost REG_MULTI_SZ   apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2015-11-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-24 13:16]
.
2015-11-10 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2608436937-3668875022-3968070316-1001Core.job
- c:\users\Travis\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-13 13:42]
.
2015-11-10 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2608436937-3668875022-3968070316-1001UA.job
- c:\users\Travis\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-13 13:42]
.
2015-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-24 18:55]
.
2015-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-24 18:55]
.
2015-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2608436937-3668875022-3968070316-1001Core.job
- c:\users\Travis\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-12 10:57]
.
2015-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2608436937-3668875022-3968070316-1001UA.job
- c:\users\Travis\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-12 10:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-10-12 22:08 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-10-12 22:08 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-10-12 22:08 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\users\Travis\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\users\Travis\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\users\Travis\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\users\Travis\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\users\Travis\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\users\Travis\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\users\Travis\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\users\Travis\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1aCopyShExtError]
@="{83BEA36E-7680-4598-A4DF-994426F6E78D}"
[HKEY_CLASSES_ROOT\CLSID\{83BEA36E-7680-4598-A4DF-994426F6E78D}]
2015-01-15 04:52 7772672 ----a-w- c:\users\Travis\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2aCopyShExtSynced]
@="{845B7388-6F85-4F32-9FD5-F02DC7882B89}"
[HKEY_CLASSES_ROOT\CLSID\{845B7388-6F85-4F32-9FD5-F02DC7882B89}]
2015-01-15 04:52 7772672 ----a-w- c:\users\Travis\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3aCopyShExtSyncing]
@="{F6378A7A-F753-449B-AE1B-997A96132E61}"
[HKEY_CLASSES_ROOT\CLSID\{F6378A7A-F753-449B-AE1B-997A96132E61}]
2015-01-15 04:52 7772672 ----a-w- c:\users\Travis\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4aCopyShExtSyncingProg1]
@="{3A511828-777D-46F8-82F4-5B530C1B3D9E}"
[HKEY_CLASSES_ROOT\CLSID\{3A511828-777D-46F8-82F4-5B530C1B3D9E}]
2015-01-15 04:52 7772672 ----a-w- c:\users\Travis\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5aCopyShExtSyncingProg2]
@="{C8C88204-5B14-40EC-BA72-8AEBC762047E}"
[HKEY_CLASSES_ROOT\CLSID\{C8C88204-5B14-40EC-BA72-8AEBC762047E}]
2015-01-15 04:52 7772672 ----a-w- c:\users\Travis\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6aCopyShExtSyncingProg3]
@="{ACFF45C3-3EEB-4351-86C2-6696BA264239}"
[HKEY_CLASSES_ROOT\CLSID\{ACFF45C3-3EEB-4351-86C2-6696BA264239}]
2015-01-15 04:52 7772672 ----a-w- c:\users\Travis\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7aCopyShExtSyncingProg4]
@="{29AF997F-488B-46F0-AE78-7146F1B89CC3}"
[HKEY_CLASSES_ROOT\CLSID\{29AF997F-488B-46F0-AE78-7146F1B89CC3}]
2015-01-15 04:52 7772672 ----a-w- c:\users\Travis\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8aCopyShExtSyncingProg5]
@="{03F9AD29-1C78-4B66-8890-B177B5430C53}"
[HKEY_CLASSES_ROOT\CLSID\{03F9AD29-1C78-4B66-8890-B177B5430C53}]
2015-01-15 04:52 7772672 ----a-w- c:\users\Travis\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-23 1331288]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-08-27 2634872]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-08-27 1710568]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-28 558496]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: LastPass - file://c:\users\Travis\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\Travis\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{5298F658-715C-4295-A7EB-B14410305ECF}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{5298F658-715C-4295-A7EB-B14410305ECF}\0533E41335: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{5298F658-715C-4295-A7EB-B14410305ECF}\2656C6B696E6E2238366: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{5298F658-715C-4295-A7EB-B14410305ECF}\45865644566796C6: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{5298F658-715C-4295-A7EB-B14410305ECF}\45865644566796C623: NameServer = 8.8.8.8,8.8.4.4
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{056D528D-CE28-4194-9BA3-BA2E9197FF8C} - (no file)
ShellIconOverlayIdentifiers-{05B38830-F4E9-4329-978B-1DD28605D202} - (no file)
ShellIconOverlayIdentifiers-{0596C850-7BDD-4C9D-AFDF-873BE6890637} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\37.0.2062.102\Installer\chrmstp.exe
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{056D528D-CE28-4194-9BA3-BA2E9197FF8C} - (no file)
ShellIconOverlayIdentifiers-{05B38830-F4E9-4329-978B-1DD28605D202} - (no file)
ShellIconOverlayIdentifiers-{0596C850-7BDD-4C9D-AFDF-873BE6890637} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
AddRemove-MK LOL - c:\program files (x86)\MKJogo\MK IM\Bin\uInst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\LSI\LoLSummonerInfo.exe
.
**************************************************************************
.
Completion time: 2015-11-10  00:56:37 - machine was rebooted
ComboFix-quarantined-files.txt  2015-11-10 10:56
.
Pre-Run: 9,847,906,304 bytes free
Post-Run: 9,567,391,744 bytes free
.
- - End Of File - - 9079E0F968BE429D94B675805DDBDE7E

Edited by pieceofcandy, 10 November 2015 - 07:20 AM.


BC AdBot (Login to Remove)

 


#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:04:23 PM

Posted 10 November 2015 - 09:20 AM

The forums here don't suggest the use of ComboFix.

I don't use it simply because I don't know what it does - and there have been lot's of problems with it when used by those who don't know what it does.

So, my question for you is - "Why did you post your ComboFix scan?"

If it was because you think that you're infected - I'd suggest posting over in the Am I Infected forum:  http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/
Please read the pinned topics at the top of the forum for instructions on how to post there.

 

If it was for another reason, then I'd suggest looking at these reports:

1)  Please provide this information (even though you may not be reporting BSOD's) so we can provide a complete analysis (from the Pinned Topic at the top of the forum):  http://www.bleepingcomputer.com/forums/t/576314/blue-screen-of-death-bsod-posting-instructions-windows-10-81-8-7-vista/

2)  Please do the following:
- open Event Viewer (run eventvwr.msc from the "Run" dialog)
- expand the Custom Views category (left click on the > next to the words "Custom Views")
- right click on Administrative Events
- select "Save all Events in Custom View as..."
- save the file as Admin.evtx
- zip up the file (right click on it, select "Send to", select "Compressed (zipped) folder")
- upload it with your next post (if it's too big, then upload it to a free file-hosting service and post a link here).

FYI - If we're looking for Event ID 41 errors (unexplained shutdowns), there's more info on that here:  http://support.microsoft.com/kb/2028504

While waiting for a reply, please monitor your temps with this free utility:  http://www.cpuid.com/softwares/hwmonitor.html


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users