ComboFix 15-08-08.01 - leg0817 08/08/2015 19:14:44.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6038.3636 [GMT -4:00] Running from: c:\users\leg0817\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\PCDr\6664\AddOnDownloaded\4be0f894-14b5-47db-8c3d-c2d05b86d161.dll c:\programdata\PCDr\6664\AddOnDownloaded\5d59ed02-c0da-4e0e-8811-16a3d0b6a87d.dll c:\programdata\PCDr\6664\AddOnDownloaded\9ad177b0-ddcd-4cf6-ac35-969dc98b22db.dll c:\programdata\PCDr\6664\AddOnDownloaded\bb97e28d-bdfb-4fa4-902d-264275c5cb1b.dll c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2015-07-08 to 2015-08-08 ))))))))))))))))))))))))))))))) . . 2015-08-08 23:22 . 2015-08-08 23:22 -------- d-----w- c:\users\Public\AppData\Local\temp 2015-08-08 23:22 . 2015-08-08 23:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-08-08 16:51 . 2015-08-08 16:51 -------- d-----w- c:\users\leg0817\AppData\Roaming\Uninstaller Tool(Comodo Forums) 2015-08-08 05:29 . 2015-08-08 05:29 -------- d-----w- c:\users\leg0817\Tracing 2015-08-08 05:16 . 2015-08-08 05:16 -------- d-----w- c:\users\leg0817\AppData\Roaming\AVAST Software 2015-08-08 05:16 . 2015-08-08 05:18 -------- d-----w- c:\windows\SysWow64\vbox 2015-08-08 05:16 . 2015-08-08 05:18 -------- d-----w- c:\windows\system32\vbox 2015-08-08 05:15 . 2015-08-08 05:15 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2015-08-08 05:15 . 2015-08-08 05:15 90968 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2015-08-08 05:15 . 2015-08-08 05:15 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2015-08-08 05:15 . 2015-08-08 05:15 447944 ----a-w- c:\windows\system32\drivers\aswSP.sys 2015-08-08 05:15 . 2015-08-08 05:15 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2015-08-08 05:15 . 2015-08-08 05:15 274808 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2015-08-08 05:15 . 2015-08-08 05:15 150672 ----a-w- c:\windows\system32\drivers\aswStm.sys 2015-08-08 05:15 . 2015-08-08 05:15 1048856 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2015-08-08 05:15 . 2015-08-08 05:15 115152 ----a-w- c:\windows\system32\drivers\ngvss.sys 2015-08-08 05:15 . 2015-08-08 05:15 378880 ----a-w- c:\windows\system32\aswBoot.exe 2015-08-08 05:15 . 2015-08-08 05:15 43112 ----a-w- c:\windows\avastSS.scr 2015-08-08 05:15 . 2015-08-08 05:15 -------- d-----w- c:\program files\AVAST Software 2015-08-08 05:07 . 2015-08-08 05:07 -------- d-----w- c:\programdata\AVAST Software 2015-08-08 03:18 . 2015-07-21 11:25 12222168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E494BB8B-184F-4F2D-8565-C54CC0B6C623}\mpengine.dll 2015-08-05 01:58 . 2011-12-08 20:40 117248 ----a-w- c:\windows\system32\drivers\cyhid.sys 2015-08-05 01:57 . 2011-12-08 20:40 79872 ----a-w- c:\windows\system32\drivers\cymfltr.sys 2015-08-05 01:57 . 2015-08-05 01:57 -------- d-----w- c:\program files\Cypress 2015-08-05 01:57 . 2011-12-08 20:40 13824 ----a-w- c:\windows\system32\drivers\cykbfltr.sys 2015-08-05 01:57 . 2015-08-05 01:57 -------- d-----w- c:\users\leg0817\AppData\Roaming\Cypress 2015-08-05 01:57 . 2015-08-05 01:57 -------- d-----w- c:\users\leg0817\AppData\Roaming\Cypress Semiconductor, Inc 2015-08-04 22:46 . 2015-08-04 22:46 -------- d-----w- c:\users\leg0817\AppData\Local\CEF 2015-08-04 21:05 . 2015-08-04 21:05 -------- d-----w- c:\users\leg0817\AppData\Local\SlimWare Utilities Inc 2015-08-04 18:16 . 2015-08-08 11:23 -------- d-----w- C:\FRST 2015-08-01 21:50 . 2015-08-01 21:50 119808 ----a-r- c:\users\leg0817\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe 2015-08-01 21:04 . 2015-08-01 21:04 -------- d-----w- c:\users\leg0817\AppData\Local\Secunia PSI 2015-08-01 21:03 . 2015-08-01 21:03 -------- d-----w- c:\program files (x86)\Secunia 2015-08-01 20:09 . 2015-08-06 02:47 -------- d-----w- c:\users\leg0817\AppData\Local\CrashDumps 2015-08-01 20:07 . 2015-08-04 21:07 -------- d-----w- c:\program files (x86)\SlimComputer 2015-08-01 04:58 . 2015-08-01 04:58 -------- d-----w- c:\program files\Common Files\AV 2015-07-31 18:56 . 2015-07-31 18:56 -------- d-----w- c:\program files (x86)\iTunes 2015-07-31 18:56 . 2015-07-31 18:56 -------- d-----w- c:\program files\iPod 2015-07-31 18:56 . 2015-07-31 18:58 -------- d-----w- c:\program files\iTunes 2015-07-30 21:24 . 2015-07-30 21:24 -------- d-----w- c:\program files (x86)\Dell Update 2015-07-19 19:47 . 2015-07-19 19:47 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2015-07-19 19:47 . 2015-07-19 19:46 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2015-07-19 19:47 . 2015-07-19 19:46 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2015-07-19 19:47 . 2015-07-19 19:46 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2015-07-19 19:47 . 2015-07-19 19:46 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll 2015-07-19 19:46 . 2015-07-19 19:46 -------- d-----w- c:\program files (x86)\QuickTime 2015-07-18 02:23 . 2015-07-18 02:23 -------- d-----w- c:\program files (x86)\Common Files\Java 2015-07-17 04:53 . 2013-09-28 02:56 285208 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2015-07-17 04:05 . 2015-07-17 04:08 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2015-07-17 04:05 . 2015-07-17 04:07 -------- d-----w- c:\programdata\RogueKiller 2015-07-15 02:15 . 2015-07-15 02:15 19198128 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2015-07-15 01:44 . 2015-08-06 03:14 -------- d-----w- c:\users\leg0817\AppData\Local\Popcorn Time 2015-07-15 00:28 . 2015-06-20 19:57 49664 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll 2015-07-15 00:27 . 2015-06-20 18:26 2427392 ----a-w- c:\windows\system32\wininet.dll 2015-07-15 00:27 . 2015-06-23 15:49 950784 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2015-07-15 00:27 . 2015-06-20 19:49 417792 ----a-w- c:\windows\system32\html.iec 2015-07-15 00:27 . 2015-06-20 18:08 382976 ----a-w- c:\program files\Internet Explorer\IEShims.dll 2015-07-15 00:27 . 2015-06-20 19:48 88064 ----a-w- c:\windows\system32\MshtmlDac.dll 2015-07-15 00:27 . 2015-06-20 19:08 199680 ----a-w- c:\windows\system32\msrating.dll 2015-07-15 00:27 . 2015-06-20 19:07 1016832 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2015-07-14 05:30 . 2015-07-14 05:30 -------- d-----w- c:\users\leg0817\AppData\Local\TempTaskUpdateDetectionCB76B970-C735-4E26-BB26-DE58FD4AFF5C 2015-07-14 00:05 . 2015-07-15 00:01 -------- dc----w- c:\programdata\{8AF32939-989B-460A-8726-CA2C776032A1} 2015-07-12 22:44 . 2015-07-12 22:44 -------- d-----w- C:\logs 2015-07-12 22:44 . 2015-07-12 22:44 -------- d-----w- C:\iolo 2015-07-12 21:43 . 2015-07-12 21:43 -------- d-----w- c:\users\leg0817\AppData\Roaming\NVIDIA 2015-07-12 19:19 . 2015-07-13 03:30 -------- d-----w- c:\program files (x86)\SlimCleaner 2015-07-11 02:09 . 2015-07-11 02:09 -------- d-----w- C:\701b9042a7fa23a795 2015-07-10 13:39 . 2015-08-01 03:04 -------- d-----w- C:\$Windows.~BT . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-08-04 06:40 . 2014-10-22 01:32 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-07-31 19:44 . 2014-08-30 23:21 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-07-31 19:44 . 2014-08-30 23:21 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-07-30 21:50 . 2014-08-31 21:09 907984 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe 2015-07-18 02:22 . 2014-10-26 02:31 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2015-07-03 12:43 . 2014-08-29 05:19 130333168 ----a-w- c:\windows\system32\MRT.exe 2015-06-23 17:30 . 2010-11-21 03:27 300704 ------w- c:\windows\system32\MpSigStub.exe 2015-06-18 12:41 . 2014-10-22 01:32 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2015-06-18 12:41 . 2014-10-22 01:32 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-06-18 12:41 . 2014-10-22 01:32 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-06-17 04:23 . 2015-06-17 04:23 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2015-06-17 04:23 . 2015-06-17 04:23 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2015-05-25 18:24 . 2015-06-12 23:16 5569984 ----a-w- c:\windows\system32\ntoskrnl.exe 2015-05-25 18:21 . 2015-06-12 23:16 1728960 ----a-w- c:\windows\system32\ntdll.dll 2015-05-25 18:19 . 2015-06-12 23:16 243712 ----a-w- c:\windows\system32\wow64.dll 2015-05-25 18:19 . 2015-06-12 23:15 362496 ----a-w- c:\windows\system32\wow64win.dll 2015-05-25 18:19 . 2015-06-12 23:15 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2015-05-25 18:19 . 2015-06-12 23:16 215040 ----a-w- c:\windows\system32\winsrv.dll 2015-05-25 18:19 . 2015-06-12 23:16 1255424 ----a-w- c:\windows\system32\diagtrack.dll 2015-05-25 18:19 . 2015-06-12 23:16 879104 ----a-w- c:\windows\system32\tdh.dll 2015-05-25 18:19 . 2015-06-12 23:16 503808 ----a-w- c:\windows\system32\srcore.dll 2015-05-25 18:19 . 2015-06-12 23:16 113664 ----a-w- c:\windows\system32\sechost.dll 2015-05-25 18:19 . 2015-06-12 23:15 50176 ----a-w- c:\windows\system32\srclient.dll 2015-05-25 18:19 . 2015-06-12 23:15 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2015-05-25 18:19 . 2015-06-12 23:16 424960 ----a-w- c:\windows\system32\KernelBase.dll 2015-05-25 18:19 . 2015-06-12 23:16 1162752 ----a-w- c:\windows\system32\kernel32.dll 2015-05-25 18:18 . 2015-06-12 23:15 43520 ----a-w- c:\windows\system32\csrsrv.dll 2015-05-25 18:18 . 2015-06-12 23:16 879104 ----a-w- c:\windows\system32\advapi32.dll 2015-05-25 18:18 . 2015-06-12 23:16 404992 ----a-w- c:\windows\system32\tracerpt.exe 2015-05-25 18:18 . 2015-06-12 23:15 47104 ----a-w- c:\windows\system32\typeperf.exe 2015-05-25 18:18 . 2015-06-12 23:15 112640 ----a-w- c:\windows\system32\smss.exe 2015-05-25 18:18 . 2015-06-12 23:16 296960 ----a-w- c:\windows\system32\rstrui.exe 2015-05-25 18:18 . 2015-06-12 23:15 43008 ----a-w- c:\windows\system32\relog.exe 2015-05-25 18:18 . 2015-06-12 23:16 104448 ----a-w- c:\windows\system32\logman.exe 2015-05-25 18:18 . 2015-06-12 23:15 19456 ----a-w- c:\windows\system32\diskperf.exe 2015-05-25 18:18 . 2015-06-12 23:16 338432 ----a-w- c:\windows\system32\conhost.exe 2015-05-25 18:11 . 2015-06-12 23:15 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-25 18:11 . 2015-06-12 23:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-25 18:11 . 2015-06-12 23:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-05-25 18:11 . 2015-06-12 23:15 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-25 18:11 . 2015-06-12 23:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-05-25 18:11 . 2015-06-12 23:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-25 18:11 . 2015-06-12 23:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-05-25 18:11 . 2015-06-12 23:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-05-25 18:11 . 2015-06-12 23:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-25 18:11 . 2015-06-12 23:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-25 18:11 . 2015-06-12 23:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-25 18:11 . 2015-06-12 23:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-05-25 18:11 . 2015-06-12 23:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-05-25 18:11 . 2015-06-12 23:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-25 18:11 . 2015-06-12 23:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-05-25 18:11 . 2015-06-12 23:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-05-25 18:11 . 2015-06-12 23:15 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-05-25 18:11 . 2015-06-12 23:15 6656 ----a-w- c:\windows\system32\apisetschema.dll 2015-05-25 18:11 . 2015-06-12 23:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-05-25 18:11 . 2015-06-12 23:15 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-05-25 18:11 . 2015-06-12 23:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-05-25 18:11 . 2015-06-12 23:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-05-25 18:11 . 2015-06-12 23:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-25 18:11 . 2015-06-12 23:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-05-25 18:11 . 2015-06-12 23:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-05-25 18:11 . 2015-06-12 23:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-05-25 18:11 . 2015-06-12 23:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-25 18:11 . 2015-06-12 23:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-05-25 18:11 . 2015-06-12 23:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-05-25 18:07 . 2015-06-12 23:16 3989440 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2015-05-25 18:07 . 2015-06-12 23:16 3934144 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2015-05-25 18:04 . 2015-06-12 23:16 1310744 ----a-w- c:\windows\SysWow64\ntdll.dll 2015-05-25 18:01 . 2015-06-12 23:16 635392 ----a-w- c:\windows\SysWow64\tdh.dll 2015-05-25 18:01 . 2015-06-12 23:15 43008 ----a-w- c:\windows\SysWow64\srclient.dll 2015-05-25 18:01 . 2015-06-12 23:15 92160 ----a-w- c:\windows\SysWow64\sechost.dll 2015-05-25 18:01 . 2015-06-12 23:15 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2015-05-25 18:01 . 2015-06-12 23:16 641536 ----a-w- c:\windows\SysWow64\advapi32.dll 2015-05-25 18:01 . 2015-06-12 23:15 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2015-05-25 18:00 . 2015-06-12 23:15 40448 ----a-w- c:\windows\SysWow64\typeperf.exe 2015-05-25 18:00 . 2015-06-12 23:16 364544 ----a-w- c:\windows\SysWow64\tracerpt.exe 2015-05-25 18:00 . 2015-06-12 23:15 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2015-05-25 18:00 . 2015-06-12 23:15 37888 ----a-w- c:\windows\SysWow64\relog.exe 2015-05-25 18:00 . 2015-06-12 23:16 82944 ----a-w- c:\windows\SysWow64\logman.exe 2015-05-25 18:00 . 2015-06-12 23:15 17408 ----a-w- c:\windows\SysWow64\diskperf.exe 2015-05-25 17:59 . 2015-06-12 23:15 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2015-05-25 17:59 . 2015-06-12 23:15 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll 2015-05-25 17:55 . 2015-06-12 23:15 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2015-05-25 17:55 . 2015-06-12 23:15 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-25 17:55 . 2015-06-12 23:15 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-25 17:55 . 2015-06-12 23:15 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2015-05-25 17:55 . 2015-06-12 23:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2015-05-25 17:55 . 2015-06-12 23:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll 2015-05-25 17:55 . 2015-06-12 23:15 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-25 17:55 . 2015-06-12 23:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-25 17:55 . 2015-06-12 23:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2015-05-25 17:55 . 2015-06-12 23:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-25 17:55 . 2015-06-12 23:15 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2015-05-25 17:55 . 2015-06-12 23:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-25 17:55 . 2015-06-12 23:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2015-05-25 17:55 . 2015-06-12 23:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-25 17:55 . 2015-06-12 23:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-25 17:55 . 2015-06-12 23:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-25 17:55 . 2015-06-12 23:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll 2015-05-25 17:55 . 2015-06-12 23:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2015-06-16 14:08 1730264 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2015-06-16 14:08 1730264 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2015-06-16 14:08 1730264 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoogleChromeAutoLaunch_F636EC19ECCD09EC8FE106333DDEF567"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-07-31 813896] "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-06-01 8358680] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-08-08 6109776] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x] R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x] R4 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x] R4 DellDataVault;Dell Data Vault;c:\program files\Dell\DellDataVault\DellDataVault.exe ;c:\program files\Dell\DellDataVault\DellDataVault.exe [x] R4 DellDataVaultWiz;Dell Data Vault Wizard;c:\program files\Dell\DellDataVault\DellDataVaultWiz.exe;c:\program files\Dell\DellDataVault\DellDataVaultWiz.exe [x] R4 DellUpdate;Dell Update Service;c:\program files (x86)\Dell Update\DellUpService.exe;c:\program files (x86)\Dell Update\DellUpService.exe [x] R4 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x] R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] R4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x] R4 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x] R4 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x] R4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x] R4 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x] R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] R4 SupportAssistAgent;Dell SupportAssist Agent;c:\program files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe;c:\program files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [x] R4 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S0 ngvss;ngvss; [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x] S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x] S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x] S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x] S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x] S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x] S3 cyhid;Cypress Input Device;c:\windows\system32\DRIVERS\cyhid.sys;c:\windows\SYSNATIVE\DRIVERS\cyhid.sys [x] S3 cykbfltrService;Cypress Keyboard Filter Driver;c:\windows\system32\DRIVERS\cykbfltr.sys;c:\windows\SYSNATIVE\DRIVERS\cykbfltr.sys [x] S3 cymfltrService;Cypress Trackpad Filter Driver;c:\windows\system32\DRIVERS\cymfltr.sys;c:\windows\SYSNATIVE\DRIVERS\cymfltr.sys [x] S3 DDDriver;DDDriver;c:\windows\system32\drivers\DDDriver64Dcsa.sys;c:\windows\SYSNATIVE\drivers\DDDriver64Dcsa.sys [x] S3 DellProf;DellProf;c:\windows\system32\drivers\DellProf.sys;c:\windows\SYSNATIVE\drivers\DellProf.sys [x] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C60x64.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-08-05 01:48 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.130\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2015-08-08 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe [2015-07-15 02:15] . 2015-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-30 19:44] . 2015-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-26 22:17] . 2015-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-26 22:17] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2015-06-16 14:59 2335448 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2015-06-16 14:59 2335448 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2015-06-16 14:59 2335448 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2015-08-08 05:15 778056 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CyCpIo"="c:\program files\Cypress\TrackPad\CyCpIo.exe" [2011-11-08 2375168] "CyHidWin"="c:\program files\Cypress\TrackPad\CyHidWin.exe" [2011-10-18 2354176] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\leg0817\AppData\Roaming\Mozilla\Firefox\Profiles\klx43wy3.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,52,51,8b,59,d6,70,46,be,08,16,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,52,51,8b,59,d6,70,46,be,08,16,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe . ************************************************************************** . Completion time: 2015-08-08 19:33:45 - machine was rebooted ComboFix-quarantined-files.txt 2015-08-08 23:33 ComboFix2.txt 2015-08-04 06:27 ComboFix3.txt 2015-05-08 04:05 . Pre-Run: 403,915,542,528 bytes free Post-Run: 403,907,080,192 bytes free . - - End Of File - - 5BB086F46CBB252AD05BA9C6F264D989