This topic is lockedDDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.17054 BrowserJavaVersion: 10.67.2
Run by Sharon at 8:38:00 on 2014-09-05
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.9207.7828 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2011 Deluxe\Planner\PLNRnote.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Nova Development\Greeting Card Factory Workshop 8.0\ReminderApp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://rr.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1BR435NP05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
uRun: [WeatherBug] C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe /fromrunkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ReminderApp] C:\Program Files (x86)\Nova Development\Greeting Card Factory Workshop 8.0\ReminderApp.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Sharon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVENTP~1.LNK - C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2011 Deluxe\Planner\PLNRnote.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{41C63DE6-900B-4DC6-ADEB-4CEA7576E539} : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\uh4rokfq.default-1408223660292\
FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=800236&p=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 133928]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-8-12 1720608]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-8-12 18956064]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-8-12 411936]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-8-12 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-8-12 40392]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfswin7.sys [2013-6-26 768680]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaywin7.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirwin7.sys [2013-6-26 29352]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvolwin7.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-5-15 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-15 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-5-16 1255736]
.
=============== Created Last 30 ================
.
2014-09-04 19:00:30 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{44779AEE-7EF5-4B21-AD5F-5D0BE1D363D7}\offreg.dll
2014-09-04 18:59:41 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{44779AEE-7EF5-4B21-AD5F-5D0BE1D363D7}\mpengine.dll
2014-09-04 13:04:30 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-31 16:52:26 -------- d-----w- C:\Users\Sharon\AppData\Local\Nova Development
2014-08-31 16:50:12 -------- d-----w- C:\Program Files (x86)\Nova Development
2014-08-29 14:33:26 1169712 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3D48645E-742C-42C3-B031-0601980B1F73}\gapaengine.dll
2014-08-29 00:59:52 600064 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-29 00:59:52 523776 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-28 00:55:13 226304 ----a-w- C:\Windows\System32\elshyph.dll
2014-08-28 00:43:14 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-28 00:43:14 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-28 00:43:14 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-26 16:24:00 -------- d-sh--w- C:\$RECYCLE.BIN
2014-08-26 16:17:30 98816 ----a-w- C:\Windows\sed.exe
2014-08-26 16:17:30 256000 ----a-w- C:\Windows\PEV.exe
2014-08-26 16:17:30 208896 ----a-w- C:\Windows\MBR.exe
2014-08-26 16:13:48 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-26 16:00:55 -------- d-----w- C:\AdwCleaner
2014-08-18 19:22:07 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2014-08-18 17:24:48 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-18 17:24:37 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-18 17:24:37 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-08-18 17:24:37 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-08-17 22:20:14 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-08-17 22:20:14 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2014-08-17 15:36:01 -------- d-----w- C:\Users\Sharon\AppData\Roaming\SparkTrust
2014-08-17 15:35:01 -------- d-----w- C:\ProgramData\SparkTrust
2014-08-16 21:02:07 -------- d-----w- C:\Users\Sharon\AppData\Roaming\ProductData
2014-08-16 21:01:04 -------- d-----w- C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2014-08-16 20:29:59 -------- d-----w- C:\FRST
2014-08-16 15:35:24 -------- d-----w- C:\ProgramData\ProductData
2014-08-16 15:34:14 -------- d-----w- C:\ProgramData\IObit
2014-08-16 15:33:35 -------- d-----w- C:\Program Files (x86)\IObit
2014-08-16 15:02:31 -------- d-----w- C:\Program Files (x86)\TotalSystemCare
2014-08-16 02:17:31 -------- d-----w- C:\Users\Sharon\AppData\Roaming\MyTurboPC.com
2014-08-16 02:17:21 -------- d-----w- C:\ProgramData\MyTurboPC.com
2014-08-15 16:22:32 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-15 16:22:32 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-15 16:22:32 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-15 16:22:32 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-15 16:22:31 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-15 16:22:30 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-15 16:22:18 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-15 16:22:18 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-15 11:57:37 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-08-15 11:57:37 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-08-15 11:57:36 529920 ----a-w- C:\Windows\System32\aepdu.dll
2014-08-15 11:57:35 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-08-13 15:13:26 -------- d-----w- C:\Users\Sharon\AppData\Roaming\DiskDefrag
2014-08-12 20:27:38 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll
2014-08-12 20:27:38 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2014-08-12 20:27:38 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2014-08-12 20:27:38 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2014-08-12 20:27:37 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
2014-08-12 20:27:37 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2014-08-12 20:27:18 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-08-12 20:27:18 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-08-12 20:27:18 1283136 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-08-12 20:27:18 1126480 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-08-12 20:27:18 -------- d-----w- C:\Users\Sharon\AppData\Local\NVIDIA Corporation
2014-08-12 20:26:40 609240 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-08-12 20:22:45 -------- d-----w- C:\NVIDIA
2014-08-08 14:51:58 -------- d-----w- C:\ProgramData\d84b8fff6566939a
2014-08-08 14:51:57 -------- d-----w- C:\Users\Sharon\AppData\Local\Packages
2014-08-08 14:51:55 -------- d-----w- C:\Users\Sharon\AppData\Local\Comodo
.
==================== Find3M ====================
.
2014-08-15 00:53:33 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-15 00:53:33 699568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-24 12:10:54 2240000 ----a-w- C:\Windows\System32\wininet.dll
2014-07-24 12:09:37 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-24 12:09:33 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-24 12:09:33 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-07-24 12:09:00 1508864 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-24 10:52:27 1766400 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-24 10:51:27 2861568 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-24 10:51:22 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-24 10:51:22 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-07-24 10:51:02 1440768 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-24 10:33:52 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-24 10:29:20 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-24 09:37:18 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2014-07-24 09:32:28 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-07-02 18:55:43 6783776 ----a-w- C:\Windows\System32\nvcpl.dll
2014-07-02 18:55:43 3522392 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-07-02 18:55:41 935368 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-07-02 18:55:41 62808 ----a-w- C:\Windows\System32\nvshext.dll
2014-07-02 18:55:41 386520 ----a-w- C:\Windows\System32\nvmctray.dll
2014-07-02 10:14:12 3826628 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-16 02:10:19 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
.
============= FINISH: 8:38:20.02 ===============
Pop ups all the time on computer [Solved]
#91
Posted 05 September 2014 - 07:00 AM
- Topic Starter
-
- Member
-
- 512 posts
Member
#92
Posted 05 September 2014 - 07:03 AM
- Topic Starter
-
- Member
-
- 512 posts
Member
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 5/15/2014 7:57:11 PM
System Uptime: 9/5/2014 1:03:24 AM (7 hours ago)
.
Motherboard: PEGATRON CORPORATION | | TRUCKEE
Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz | CPU 1 | 2668/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 413.493 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP176: 9/5/2014 7:49:06 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Reader XI (11.0.08)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Greeting Card Factory Workshop 8.0
Hallmark Card Studio 2011 Deluxe
HP Deskjet 3050A J611 series Basic Device Software
HP Deskjet 3050A J611 series Help
HP Photo Creations
Java 7 Update 67
Java Auto Updater
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 4.5.1
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Mozilla Firefox 31.0 (x86 en-US)
NVIDIA 3D Vision Controller Driver 340.50
NVIDIA 3D Vision Driver 340.52
NVIDIA Control Panel 340.52
NVIDIA GeForce Experience 2.1.1
NVIDIA Graphics Driver 340.52
NVIDIA HD Audio Driver 1.3.30.1
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.1220
NVIDIA ShadowPlay 15.3.33
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 15.3.33
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.23
PowerProducer
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SHIELD Streaming
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition
.
==== Event Viewer Messages From Past Week ========
.
9/4/2014 7:13:43 AM, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).
9/4/2014 3:08:22 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
9/4/2014 3:07:55 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort5.
9/2/2014 3:23:10 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
9/1/2014 6:31:36 PM, Error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).
8/31/2014 2:24:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
.
==== End Of File ===========================
#93
Posted 05 September 2014 - 02:53 PM
-
- Expert
-
- 4,568 posts
GeekU Minion
No progress 
OK, let's try to approach it differently.
Scan with Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware and save it to your desktop.
- Install the progam and select update.
- Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
- Click the Scan tab, choose Threat Scan is checked and click Scan Now.
- If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
- Upon completion of the scan (or after the reboot), click the History tab.
- Click Application Logs and double-click the Scan Log.
- At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.
#94
Posted 05 September 2014 - 03:25 PM
- Topic Starter
-
- Member
-
- 512 posts
Member
Hi, I do have this downloaded for when I got this the man who put windows 7 on here also put on Malwarebytes Anti Malware one here. I don't believe I have ever did any of the scans you want me to do so I will go ahead and do them. I do have a question for you. Can I remove all these downloads on my desktop now? No big deal just wondering. I sit here and shake my head for it seems like this machine should act right, right? I really could have done something to it unknowingly. Sorry about all this trouble.
#95
Posted 05 September 2014 - 03:33 PM
-
- Expert
-
- 4,568 posts
GeekU Minion
Hi Sharon 
You may make a folder on your desktop and put them there. But I prefer to have all of them available if necessary.
In case you've MBAM installed, just run a scan as instructed and post the logfile.
#96
Posted 05 September 2014 - 04:33 PM
- Topic Starter
-
- Member
-
- 512 posts
Member
Nothing was detected. About MBAM I don't have that one on the desktop. Have a good weekend.
#97
Posted 06 September 2014 - 06:18 AM
-
- Expert
-
- 4,568 posts
GeekU Minion
OK. Taking a bigger hammer.
Scan with ComboFix
This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!
Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.
- Right-click on icon and select
Run as Administrator to start the tool. - Accept the disclaimer and agree if prompted to install Recovery Console.
- Do not take any actions while ComboFix goes through your System - it may cause it to stall!
- This scan may take some time!
- When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).
Include that log in your next reply.
If you'll encounter any issues with internet connection after running ComboFix, please visit this link. If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine. Don't forget to re-enable your previously switched-off protection software!
#98
Posted 06 September 2014 - 03:16 PM
- Topic Starter
-
- Member
-
- 512 posts
Member
ComboFix 14-09-05.01 - Sharon 09/06/2014 16:12:23.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.9207.7723 [GMT -4:00]
Running from: c:\users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W3B5Y1K7\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-08-06 to 2014-09-06 )))))))))))))))))))))))))))))))
.
.
2014-09-06 20:15 . 2014-09-06 20:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-06 14:45 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B99F42B5-AD89-4F11-9DB9-500E24A31DF7}\mpengine.dll
2014-09-05 15:30 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-05 14:51 . 2014-09-05 14:51 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-08-31 16:52 . 2014-08-31 16:52 -------- d-----w- c:\users\Sharon\AppData\Local\Nova Development
2014-08-31 16:50 . 2014-08-31 16:50 -------- d-----w- c:\program files (x86)\Nova Development
2014-08-29 14:33 . 2014-08-19 17:33 1169712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D48645E-742C-42C3-B031-0601980B1F73}\gapaengine.dll
2014-08-29 00:59 . 2013-12-21 09:39 600064 ----a-w- c:\windows\system32\vbscript.dll
2014-08-29 00:59 . 2013-12-21 07:56 523776 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-08-28 23:34 . 2014-09-01 23:42 -------- d-----w- c:\programdata\Yahoo!
2014-08-28 00:55 . 2014-08-28 00:55 226304 ----a-w- c:\windows\system32\elshyph.dll
2014-08-28 00:43 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-28 00:43 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-28 00:43 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-26 16:14 . 2014-08-26 16:14 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-08-26 16:13 . 2014-08-26 16:13 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-26 16:13 . 2014-08-26 16:13 -------- d-----w- c:\program files (x86)\Java
2014-08-26 16:00 . 2014-08-26 16:02 -------- d-----w- C:\AdwCleaner
2014-08-18 19:22 . 2014-08-18 19:35 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-08-18 17:24 . 2014-09-06 20:00 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-18 17:24 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-18 17:24 . 2014-05-12 11:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-18 17:24 . 2014-05-12 11:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-17 22:20 . 2014-08-18 17:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-08-17 22:20 . 2014-08-18 17:46 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2014-08-17 15:36 . 2014-08-17 15:36 -------- d-----w- c:\users\Sharon\AppData\Roaming\SparkTrust
2014-08-17 15:35 . 2014-08-17 15:37 -------- d-----w- c:\programdata\SparkTrust
2014-08-16 21:02 . 2014-08-23 00:07 -------- d-----w- c:\users\Sharon\AppData\Roaming\ProductData
2014-08-16 21:01 . 2014-08-16 21:01 -------- d-----w- c:\programdata\{D76294E6-03B8-4971-AF2E-3F846161A690}
2014-08-16 20:29 . 2014-08-16 20:45 -------- d-----w- C:\FRST
2014-08-16 15:35 . 2014-08-16 15:35 -------- d-----w- c:\users\Sharon\AppData\Roaming\Apple Computer
2014-08-16 15:35 . 2014-09-04 11:13 -------- d-----w- c:\programdata\ProductData
2014-08-16 15:34 . 2014-08-16 20:59 -------- d-----w- c:\programdata\IObit
2014-08-16 15:33 . 2014-08-16 15:35 -------- d-----w- c:\program files (x86)\IObit
2014-08-16 15:02 . 2014-08-16 20:48 -------- d-----w- c:\program files (x86)\TotalSystemCare
2014-08-16 02:17 . 2014-08-16 02:17 -------- d-----w- c:\users\Sharon\AppData\Roaming\MyTurboPC.com
2014-08-16 02:17 . 2014-08-16 02:33 -------- d-----w- c:\programdata\MyTurboPC.com
2014-08-15 16:22 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-15 16:22 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-15 16:22 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-15 16:22 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-15 16:22 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-15 16:22 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-15 16:22 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-15 16:22 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-15 11:58 . 2014-06-25 02:05 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-08-15 11:57 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-15 11:57 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-15 11:57 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-08-15 11:57 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-13 15:13 . 2014-09-01 12:43 -------- d-----w- c:\users\Sharon\AppData\Roaming\DiskDefrag
2014-08-12 20:27 . 2010-05-26 15:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2014-08-12 20:27 . 2010-05-26 15:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2014-08-12 20:27 . 2010-05-26 15:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2014-08-12 20:27 . 2010-05-26 15:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2014-08-12 20:27 . 2010-05-26 15:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2014-08-12 20:27 . 2010-05-26 15:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2014-08-12 20:27 . 2014-08-12 20:41 -------- d-----w- c:\users\Sharon\AppData\Local\NVIDIA Corporation
2014-08-12 20:27 . 2014-07-25 14:01 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-08-12 20:27 . 2014-07-25 14:01 1126480 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-08-12 20:27 . 2014-07-25 14:01 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-08-12 20:27 . 2014-07-25 14:01 1283136 ----a-w- c:\windows\system32\nvspcap64.dll
2014-08-12 20:27 . 2014-08-12 20:27 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2014-08-12 20:26 . 2014-07-02 17:44 609240 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-08-12 20:22 . 2014-08-12 20:22 -------- d-----w- C:\NVIDIA
2014-08-11 23:55 . 2014-08-11 23:55 -------- d-----w- c:\program files\Microsoft Silverlight
2014-08-11 23:55 . 2014-08-11 23:55 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2014-08-08 14:51 . 2014-08-08 15:47 -------- d-----w- c:\programdata\d84b8fff6566939a
2014-08-08 14:51 . 2014-08-08 14:51 -------- d-----w- c:\users\Sharon\AppData\Local\Packages
2014-08-08 14:51 . 2014-08-08 14:51 -------- d-----w- c:\users\Sharon\AppData\Local\Comodo
2014-08-08 14:51 . 2014-08-08 14:51 -------- d-----w- c:\users\Guest
2014-08-08 14:51 . 2014-08-08 14:51 -------- d-----w- c:\users\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-19 17:33 . 2014-05-16 21:08 1169712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-08-15 16:26 . 2014-05-15 21:31 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-08-15 00:53 . 2014-05-16 01:35 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-15 00:53 . 2014-05-16 01:35 699568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-02 20:48 . 2014-05-15 21:20 75040 ----a-w- c:\windows\system32\OpenCL.dll
2014-07-02 20:48 . 2014-05-15 21:20 61912 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-07-02 20:48 . 2014-03-21 03:03 18626304 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-07-02 20:48 . 2014-03-21 03:03 16122344 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-07-02 20:48 . 2014-03-21 03:03 965312 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-07-02 20:48 . 2014-03-21 03:02 14498552 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-07-02 20:48 . 2014-03-21 03:02 3196816 ----a-w- c:\windows\system32\nvapi64.dll
2014-07-02 20:48 . 2014-03-21 03:02 2814656 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-07-02 18:55 . 2014-05-15 21:21 6783776 ----a-w- c:\windows\system32\nvcpl.dll
2014-07-02 18:55 . 2014-05-15 21:21 3522392 ----a-w- c:\windows\system32\nvsvc64.dll
2014-07-02 18:55 . 2014-05-15 21:21 935368 ----a-w- c:\windows\system32\nvvsvc.exe
2014-07-02 18:55 . 2014-05-15 21:21 62808 ----a-w- c:\windows\system32\nvshext.dll
2014-07-02 18:55 . 2014-05-15 21:21 386520 ----a-w- c:\windows\system32\nvmctray.dll
2014-07-02 10:14 . 2014-05-15 21:21 3826628 ----a-w- c:\windows\system32\nvcoproc.bin
2014-06-18 02:18 . 2014-07-09 16:33 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 16:33 646144 ----a-w- c:\windows\SysWow64\osk.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 2676584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"ReminderApp"="c:\program files (x86)\Nova Development\Greeting Card Factory Workshop 8.0\ReminderApp.exe" [2010-04-09 144672]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
.
c:\users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Event Planner Reminder.lnk - c:\program files (x86)\Creative Home\Hallmark Card Studio 2011 Deluxe\Planner\PLNRnote.exe [2010-12-20 365960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfswin7.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaywin7.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirwin7.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvolwin7.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-16 00:53]
.
2014-09-06 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2014-05-18 22:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://rr.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\uh4rokfq.default-1408223660292\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com/?hps=249
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=800236&p=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-WeatherBug - c:\program files\Earth Networks\WeatherBug\WeatherBug.exe
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{E0A9340B-C01B-42C1-9910-C307D7BE4756}\WeatherBugSetup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-09-06 16:17:17
ComboFix-quarantined-files.txt 2014-09-06 20:17
ComboFix2.txt 2014-08-26 16:23
.
Pre-Run: 444,055,052,288 bytes free
Post-Run: 447,137,329,152 bytes free
.
- - End Of File - - BD091B36F3B42A48B2DDFF7C5C3FA98B
A36C5E4F47E84449FF07ED3517B43A31
#99
Posted 07 September 2014 - 01:50 PM
- Topic Starter
-
- Member
-
- 512 posts
Member
Okay, ever since I downloaded ComboFix, I am getting a blue screen and I have to manually shut my computer down to get rid of it. Not sure what is causing this. I hope you have some ideas cause I don't. Tried to do a system restore but I still can't do that for the machine doesn't co-operate with me on that at all. I know you are gone. Just wanted to tell you what was going on here.
#100
Posted 08 September 2014 - 12:03 AM
-
- Expert
-
- 4,568 posts
GeekU Minion
I don't see anything here what may cause the issues you are facing with the BlueScreen. Will Investigate it further. Fix with ComboFix
Let's prepare a Script for ComboFix to mark some things for being deleted.
- Press the
+ R on your keyboard at the same time. - A Run window should appear in the lower left corner. Type in notepad.exe and press Enter.
- In the shown window paste in the following script:
Folder:: c:\programdata\SparkTrust c:\users\Sharon\AppData\Roaming\SparkTrust c:\programdata\d84b8fff6566939a c:\users\Sharon\AppData\Local\Packages c:\users\Sharon\AppData\Local\Comodo c:\users\Sharon\AppData\Roaming\ProductData c:\programdata\{D76294E6-03B8-4971-AF2E-3F846161A690} c:\programdata\ProductData c:\programdata\IObit c:\program files (x86)\IObit c:\program files (x86)\TotalSystemCare c:\users\Sharon\AppData\Roaming\MyTurboPC.com c:\programdata\MyTurboPC.com DDS:: uStart Page = hxxp://rr.com/ DirLook:: C:\AdwCleaner C:\FRST - Go to File menu and select Save as.
- Make sure that the Save as type option is set to Text files (*.txt) and the place to save will be your desktop.
- Name the file CFScript and select Save.
Your CFScript.txt file should appear on your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
- Now drag your CFScript file and drop it onto the icon:
- This will start ComboFix. Let it run uninterrupted!
- A reboot may be needed during this run. Allow it.
- When finished, it shall produce a log for you at C:\ComboFix.txt and display it.
Please include that log in your next reply. If you'll encounter any issues with internet connection after running ComboFix, please visit this link. If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine. Do not forget to turn on your previously switched-off protection software!
After that let's try another one with FRST.
Scan with Farbar Recovery Scan Tool
Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.
- Right-click on icon and select Run as Administrator to start the tool.
> Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run. - When the tool opens click Yes to disclaimer.
- Make sure that Addition option is checked.
- Press Scan button and wait.
- The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.
#101
Posted 08 September 2014 - 09:21 AM
- Topic Starter
-
- Member
-
- 512 posts
Member
#102
Posted 08 September 2014 - 09:40 AM
- Topic Starter
-
- Member
-
- 512 posts
Member
#103
Posted 08 September 2014 - 05:43 PM
- Topic Starter
-
- Member
-
- 512 posts
Member
It just is not on my desktop and no matter how many times I do this there is no Combo fix icon there. Sorry, I have tried and tried to re-do this and it does not matter for the icon is not on the desktop. I think that is the one that made my computer turn blue. I don't know. Going to take my hubby to the Dr. tomorrow and will be home in the evening.
#104
Posted 09 September 2014 - 12:01 AM
-
- Expert
-
- 4,568 posts
GeekU Minion
OK, I see where the problem is.
You have downloaded ComboFix, but saved it in Temporary Internet Files:
Running from: c:\users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W3B5Y1K7\ComboFix.exe
Please obtain a fresh copy and place it on the desktop
ComboFix download link
Below you will find instructions about changing download destination to your desktop (Credits to BrianDrab):
Please use the appropriate instructions below depending on the browser you are using.
Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.
Choose Settings. at the bottom of the screen click the "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. 
Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.
Internet Explorer - Click the Tools menu in the upper right-corner of the browser. 
Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
#105
Posted 09 September 2014 - 12:43 PM
- Topic Starter
-
- Member
-
- 512 posts
Member
All right, I now know what happened before. My computer would not let the download go through so the admistrator took over and a blue box came up in the left corner and finished the scan. Then it saved it to my C disk. I have tried and tried to get just what you wanted. I hope this is right. Bad day..Not good news about my husband. I am glad I am taxing my mind for right now I don't want to think.
ComboFix 14-09-09.01 - Sharon 09/09/2014 12:49:52.3.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.9207.7618 [GMT -4:00]
Running from: c:\users\Sharon\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-08-09 to 2014-09-09 )))))))))))))))))))))))))))))))
.
.
2014-09-09 16:52 . 2014-09-09 16:52 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-09-09 16:52 . 2014-09-09 16:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-09 16:52 . 2014-09-09 16:52 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-09-09 16:15 . 2014-09-09 16:15 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2BAEB93-C535-4D51-BE0F-7B4AD71B4387}\offreg.dll
2014-09-09 16:14 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2BAEB93-C535-4D51-BE0F-7B4AD71B4387}\mpengine.dll
2014-09-08 18:47 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-05 14:51 . 2014-09-05 14:51 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-08-31 16:52 . 2014-08-31 16:52 -------- d-----w- c:\users\Sharon\AppData\Local\Nova Development
2014-08-31 16:50 . 2014-08-31 16:50 -------- d-----w- c:\program files (x86)\Nova Development
2014-08-29 14:33 . 2014-08-19 17:33 1169712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D48645E-742C-42C3-B031-0601980B1F73}\gapaengine.dll
2014-08-29 00:59 . 2013-12-21 09:39 600064 ----a-w- c:\windows\system32\vbscript.dll
2014-08-29 00:59 . 2013-12-21 07:56 523776 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-08-28 23:34 . 2014-09-01 23:42 -------- d-----w- c:\programdata\Yahoo!
2014-08-28 00:55 . 2014-08-28 00:55 226304 ----a-w- c:\windows\system32\elshyph.dll
2014-08-28 00:43 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-28 00:43 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-28 00:43 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-26 16:14 . 2014-08-26 16:14 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-08-26 16:13 . 2014-08-26 16:13 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-26 16:13 . 2014-08-26 16:13 -------- d-----w- c:\program files (x86)\Java
2014-08-26 16:00 . 2014-08-26 16:02 -------- d-----w- C:\AdwCleaner
2014-08-18 19:22 . 2014-08-18 19:35 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-08-18 17:24 . 2014-09-09 12:26 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-18 17:24 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-18 17:24 . 2014-05-12 11:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-18 17:24 . 2014-05-12 11:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-17 22:20 . 2014-08-18 17:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-08-17 22:20 . 2014-08-18 17:46 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2014-08-17 15:36 . 2014-08-17 15:36 -------- d-----w- c:\users\Sharon\AppData\Roaming\SparkTrust
2014-08-17 15:35 . 2014-08-17 15:37 -------- d-----w- c:\programdata\SparkTrust
2014-08-16 21:02 . 2014-08-23 00:07 -------- d-----w- c:\users\Sharon\AppData\Roaming\ProductData
2014-08-16 21:01 . 2014-08-16 21:01 -------- d-----w- c:\programdata\{D76294E6-03B8-4971-AF2E-3F846161A690}
2014-08-16 20:29 . 2014-08-16 20:45 -------- d-----w- C:\FRST
2014-08-16 15:35 . 2014-08-16 15:35 -------- d-----w- c:\users\Sharon\AppData\Roaming\Apple Computer
2014-08-16 15:35 . 2014-09-04 11:13 -------- d-----w- c:\programdata\ProductData
2014-08-16 15:34 . 2014-08-16 20:59 -------- d-----w- c:\programdata\IObit
2014-08-16 15:33 . 2014-08-16 15:35 -------- d-----w- c:\program files (x86)\IObit
2014-08-16 15:02 . 2014-08-16 20:48 -------- d-----w- c:\program files (x86)\TotalSystemCare
2014-08-16 02:17 . 2014-08-16 02:17 -------- d-----w- c:\users\Sharon\AppData\Roaming\MyTurboPC.com
2014-08-16 02:17 . 2014-08-16 02:33 -------- d-----w- c:\programdata\MyTurboPC.com
2014-08-15 16:22 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-15 16:22 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-15 16:22 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-15 16:22 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-15 16:22 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-15 16:22 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-15 16:22 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-15 16:22 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-15 11:58 . 2014-06-25 02:05 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-08-15 11:57 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-15 11:57 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-15 11:57 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-08-15 11:57 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-13 15:13 . 2014-09-01 12:43 -------- d-----w- c:\users\Sharon\AppData\Roaming\DiskDefrag
2014-08-12 20:27 . 2010-05-26 15:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2014-08-12 20:27 . 2010-05-26 15:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2014-08-12 20:27 . 2010-05-26 15:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2014-08-12 20:27 . 2010-05-26 15:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2014-08-12 20:27 . 2010-05-26 15:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2014-08-12 20:27 . 2010-05-26 15:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2014-08-12 20:27 . 2014-08-12 20:41 -------- d-----w- c:\users\Sharon\AppData\Local\NVIDIA Corporation
2014-08-12 20:27 . 2014-07-25 14:01 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-08-12 20:27 . 2014-07-25 14:01 1126480 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-08-12 20:27 . 2014-07-25 14:01 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-08-12 20:27 . 2014-07-25 14:01 1283136 ----a-w- c:\windows\system32\nvspcap64.dll
2014-08-12 20:27 . 2014-08-12 20:27 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2014-08-12 20:26 . 2014-07-02 17:44 609240 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-08-12 20:22 . 2014-08-12 20:22 -------- d-----w- C:\NVIDIA
2014-08-11 23:55 . 2014-08-11 23:55 -------- d-----w- c:\program files\Microsoft Silverlight
2014-08-11 23:55 . 2014-08-11 23:55 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-19 17:33 . 2014-05-16 21:08 1169712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-08-15 16:26 . 2014-05-15 21:31 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-08-15 00:53 . 2014-05-16 01:35 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-15 00:53 . 2014-05-16 01:35 699568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-02 20:48 . 2014-05-15 21:20 75040 ----a-w- c:\windows\system32\OpenCL.dll
2014-07-02 20:48 . 2014-05-15 21:20 61912 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-07-02 20:48 . 2014-03-21 03:03 18626304 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-07-02 20:48 . 2014-03-21 03:03 16122344 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-07-02 20:48 . 2014-03-21 03:03 965312 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-07-02 20:48 . 2014-03-21 03:02 14498552 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-07-02 20:48 . 2014-03-21 03:02 3196816 ----a-w- c:\windows\system32\nvapi64.dll
2014-07-02 20:48 . 2014-03-21 03:02 2814656 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-07-02 18:55 . 2014-05-15 21:21 6783776 ----a-w- c:\windows\system32\nvcpl.dll
2014-07-02 18:55 . 2014-05-15 21:21 3522392 ----a-w- c:\windows\system32\nvsvc64.dll
2014-07-02 18:55 . 2014-05-15 21:21 935368 ----a-w- c:\windows\system32\nvvsvc.exe
2014-07-02 18:55 . 2014-05-15 21:21 62808 ----a-w- c:\windows\system32\nvshext.dll
2014-07-02 18:55 . 2014-05-15 21:21 386520 ----a-w- c:\windows\system32\nvmctray.dll
2014-07-02 10:14 . 2014-05-15 21:21 3826628 ----a-w- c:\windows\system32\nvcoproc.bin
2014-06-18 02:18 . 2014-07-09 16:33 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 16:33 646144 ----a-w- c:\windows\SysWow64\osk.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 2676584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"ReminderApp"="c:\program files (x86)\Nova Development\Greeting Card Factory Workshop 8.0\ReminderApp.exe" [2010-04-09 144672]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
.
c:\users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Event Planner Reminder.lnk - c:\program files (x86)\Creative Home\Hallmark Card Studio 2011 Deluxe\Planner\PLNRnote.exe [2010-12-20 365960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfswin7.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaywin7.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirwin7.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvolwin7.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-16 00:53]
.
2014-09-09 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2014-05-18 22:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://rr.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\uh4rokfq.default-1408223660292\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com/?hps=249
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=800236&p=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{E0A9340B-C01B-42C1-9910-C307D7BE4756}\WeatherBugSetup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-09-09 12:54:24
ComboFix-quarantined-files.txt 2014-09-09 16:54
ComboFix2.txt 2014-09-06 20:17
ComboFix3.txt 2014-08-26 16:23
.
Pre-Run: 443,445,035,008 bytes free
Post-Run: 443,364,966,400 bytes free
.
- - End Of File - - A1CFD5914E7E018F790F408D6C21754E
A36C5E4F47E84449FF07ED3517B43A31
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
