API tools faq
paste
Advertisement
Guest User

TH Combofix report

a guest
Jul 25th, 2015
14
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 38.43 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 15-07-23.01 - Caleb 07/25/2015 0:43.1.8 - x64
  2. Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16279.13213 [GMT -4:00]
  3. Running from: c:\users\Caleb\Downloads\ComboFix.exe
  4. AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
  5. SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
  6. SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  7. .
  8. .
  9. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
  10. .
  11. .
  12. C:\install.exe
  13. c:\programdata\PCDr\6664\AddOnDownloaded\2c507aa3-5c72-4011-b9e1-3928beb6f336.dll
  14. c:\programdata\PCDr\6664\AddOnDownloaded\5d59ed02-c0da-4e0e-8811-16a3d0b6a87d.dll
  15. c:\programdata\PCDr\6664\AddOnDownloaded\964840d8-cf70-45c0-a3db-802e021f9658.dll
  16. c:\programdata\PCDr\6664\AddOnDownloaded\9b664440-a1fb-457f-a208-c519fea54f87.dll
  17. c:\programdata\PCDr\6664\AddOnDownloaded\9bf708b5-617d-4352-8ecd-ff95912dcb95.dll
  18. c:\programdata\PCDr\6664\AddOnDownloaded\bb97e28d-bdfb-4fa4-902d-264275c5cb1b.dll
  19. c:\windows\SysWow64\Packet.dll
  20. c:\windows\SysWow64\wpcap.dll
  21. .
  22. Infected copy of c:\windows\SysWow64\Version.dll was found and disinfected
  23. Restored copy from - c:\windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.1.7600.16385_none_14d4a552b2395165\version.dll
  24. .
  25. .
  26. ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
  27. .
  28. .
  29. -------\Service_NPF
  30. .
  31. .
  32. ((((((((((((((((((((((((( Files Created from 2015-06-25 to 2015-07-25 )))))))))))))))))))))))))))))))
  33. .
  34. .
  35. 2015-07-25 04:52 . 2015-07-25 04:52 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
  36. 2015-07-25 04:50 . 2015-07-25 04:50 -------- d-----w- c:\users\Default\AppData\Local\temp
  37. 2015-07-25 04:41 . 2015-07-25 04:41 -------- d-----w- C:\AdwCleaner
  38. 2015-07-24 17:56 . 2015-07-24 17:56 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{02442E57-5F7B-4704-AD31-F146068A695A}\offreg.2848.dll
  39. 2015-07-23 20:35 . 2015-07-23 20:35 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{02442E57-5F7B-4704-AD31-F146068A695A}\offreg.6676.dll
  40. 2015-07-22 17:49 . 2015-07-22 17:49 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{02442E57-5F7B-4704-AD31-F146068A695A}\offreg.6252.dll
  41. 2015-07-22 17:25 . 2015-07-22 17:25 -------- d-----w- c:\users\Caleb\AppData\Local\CEF
  42. 2015-07-21 20:39 . 2015-07-21 20:39 -------- d-----w- c:\users\Caleb\AppData\Roaming\Trove
  43. 2015-07-21 05:01 . 2015-07-21 05:01 -------- d-----w- c:\program files\CCleaner
  44. 2015-07-21 04:29 . 2015-07-21 04:29 -------- d-----w- c:\windows\SysWow64\NV
  45. 2015-07-21 04:29 . 2015-07-21 04:29 -------- d-----w- c:\windows\system32\NV
  46. 2015-07-21 04:24 . 2015-07-03 04:28 47976 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
  47. 2015-07-21 04:24 . 2015-07-03 04:28 65896 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
  48. 2015-07-20 17:14 . 2015-07-20 17:14 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{02442E57-5F7B-4704-AD31-F146068A695A}\offreg.7076.dll
  49. 2015-07-19 06:51 . 2015-06-25 18:09 814280 ----a-w- c:\program files\Internet Explorer\iexplore.exe
  50. 2015-07-19 06:48 . 2015-05-09 18:26 493504 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
  51. 2015-07-19 00:50 . 2015-07-19 06:46 -------- d-----w- c:\program files (x86)\Armadillo Run Demo
  52. 2015-07-18 16:44 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{02442E57-5F7B-4704-AD31-F146068A695A}\mpengine.dll
  53. 2015-07-15 19:34 . 2015-07-15 19:34 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
  54. 2015-07-15 03:24 . 2015-07-15 03:24 18524336 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
  55. 2015-07-14 15:01 . 2015-07-14 15:01 -------- d-----w- c:\users\Caleb\AppData\Local\Targem
  56. 2015-07-13 23:49 . 2015-07-14 00:00 -------- d-----w- c:\programdata\Gyazo
  57. 2015-07-07 07:46 . 2015-07-07 07:46 189136 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\LICLUA.EXE
  58. .
  59. .
  60. .
  61. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  62. .
  63. 2015-07-25 04:19 . 2014-07-14 01:30 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
  64. 2015-07-15 03:24 . 2013-06-11 04:45 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
  65. 2015-07-15 03:24 . 2013-06-11 04:45 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
  66. 2015-07-14 19:06 . 2013-11-04 01:56 1423120 ----a-w- c:\windows\SysWow64\nvspcap.dll
  67. 2015-07-14 19:06 . 2014-11-09 08:18 1316184 ----a-w- c:\windows\SysWow64\nvspbridge.dll
  68. 2015-07-14 19:05 . 2014-11-09 08:18 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
  69. 2015-07-14 19:05 . 2013-11-04 01:56 1710056 ----a-w- c:\windows\system32\nvspcap64.dll
  70. 2015-07-14 15:44 . 2013-08-27 19:09 33856 ---ha-w- c:\windows\system32\hamachi.sys
  71. 2015-07-03 12:43 . 2013-06-15 18:11 130333168 ----a-w- c:\windows\system32\MRT.exe
  72. 2015-07-03 04:28 . 2013-11-04 01:54 69992 ----a-w- c:\windows\system32\nvaudcap64v.dll
  73. 2015-06-23 17:30 . 2010-11-21 03:27 300704 ------w- c:\windows\system32\MpSigStub.exe
  74. 2015-06-17 09:10 . 2015-02-22 05:53 15866992 ----a-w- c:\windows\system32\nvd3dumx.dll
  75. 2015-06-17 09:10 . 2014-04-27 02:13 1567576 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
  76. 2015-06-17 09:10 . 2013-08-27 12:53 938752 ----a-w- c:\windows\SysWow64\nvumdshim.dll
  77. 2015-06-17 09:10 . 2013-06-11 06:18 17724600 ----a-w- c:\windows\system32\nvwgf2umx.dll
  78. 2015-06-17 09:10 . 2013-06-11 06:18 1099992 ----a-w- c:\windows\system32\nvumdshimx.dll
  79. 2015-06-17 09:10 . 2013-06-11 06:18 176904 ----a-w- c:\windows\system32\nvinitx.dll
  80. 2015-06-17 09:10 . 2013-06-11 06:18 155280 ----a-w- c:\windows\SysWow64\nvinit.dll
  81. 2015-06-17 09:10 . 2013-06-11 06:18 12855416 ----a-w- c:\windows\SysWow64\nvd3dum.dll
  82. 2015-06-17 09:10 . 2013-06-11 06:17 3395648 ----a-w- c:\windows\system32\nvapi64.dll
  83. 2015-06-17 09:10 . 2013-06-11 06:17 2997544 ----a-w- c:\windows\SysWow64\nvapi.dll
  84. 2015-06-17 06:48 . 2013-06-11 06:37 937616 ----a-w- c:\windows\system32\nvvsvc.exe
  85. 2015-06-17 06:48 . 2013-06-11 06:37 74896 ----a-w- c:\windows\system32\nv3dappshextr.dll
  86. 2015-06-17 06:48 . 2013-06-11 06:37 62792 ----a-w- c:\windows\system32\nvshext.dll
  87. 2015-06-17 06:48 . 2013-06-11 06:37 385168 ----a-w- c:\windows\system32\nvmctray.dll
  88. 2015-06-17 06:48 . 2013-06-11 06:37 2558792 ----a-w- c:\windows\system32\nvsvcr.dll
  89. 2015-06-17 06:48 . 2013-06-11 06:37 1059472 ----a-w- c:\windows\system32\nv3dappshext.dll
  90. 2015-06-17 06:48 . 2013-06-11 06:37 6873232 ----a-w- c:\windows\system32\nvcpl.dll
  91. 2015-06-17 06:48 . 2013-06-11 06:37 3492168 ----a-w- c:\windows\system32\nvsvc64.dll
  92. 2015-06-09 10:51 . 2014-10-27 20:22 627920 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
  93. 2015-06-02 14:11 . 2013-06-11 06:37 4421614 ----a-w- c:\windows\system32\nvcoproc.bin
  94. 2015-05-25 18:01 . 2015-07-19 06:51 44032 ----a-w- c:\windows\apppatch\acwow64.dll
  95. 2015-05-01 13:17 . 2015-05-14 03:21 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
  96. 2015-05-01 13:16 . 2015-05-14 03:21 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
  97. .
  98. .
  99. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  100. .
  101. .
  102. *Note* empty entries & legit default entries are not shown
  103. REGEDIT4
  104. .
  105. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
  106. @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
  107. [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
  108. 2015-06-16 14:08 1730264 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
  109. .
  110. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
  111. @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
  112. [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
  113. 2015-06-16 14:08 1730264 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
  114. .
  115. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
  116. @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
  117. [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
  118. 2015-06-16 14:08 1730264 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
  119. .
  120. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
  121. @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
  122. [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
  123. 2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
  124. .
  125. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
  126. @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
  127. [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
  128. 2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
  129. .
  130. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
  131. @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
  132. [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
  133. 2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
  134. .
  135. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
  136. @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
  137. [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
  138. 2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
  139. .
  140. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
  141. @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
  142. [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
  143. 2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
  144. .
  145. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
  146. @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
  147. [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
  148. 2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
  149. .
  150. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
  151. @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
  152. [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
  153. 2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
  154. .
  155. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
  156. @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
  157. [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
  158. 2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
  159. .
  160. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
  161. @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
  162. [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
  163. 2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
  164. .
  165. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  166. "Steam"="c:\program files (x86)\Steam\steam.exe" [2015-07-23 2895552]
  167. "WhatPulse"="c:\program files (x86)\WhatPulse2\whatpulse.exe" [2014-12-08 3563520]
  168. "Akamai NetSession Interface"="c:\users\Caleb\AppData\Local\Akamai\netsession_win.exe" [2014-10-30 4673432]
  169. "GoogleChromeAutoLaunch_36965A81DD909523F7BF6769949A7463"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-07-13 813896]
  170. "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-06-01 8358680]
  171. .
  172. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  173. "RUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" [2011-09-20 115048]
  174. "Alienware Survey"="c:\program files (x86)\Alienware Customer Surveys\AlienSurvey.exe" [2013-03-09 7390264]
  175. "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2013-03-28 1058880]
  176. "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
  177. "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-11-04 5223016]
  178. "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2015-07-14 5579624]
  179. .
  180. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  181. "ConsentPromptBehaviorAdmin"= 5 (0x5)
  182. "ConsentPromptBehaviorUser"= 3 (0x3)
  183. "EnableUIADesktopToggle"= 0 (0x0)
  184. "SoftwareSASGeneration"= 1 (0x1)
  185. .
  186. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
  187. "LoadAppInit_DLLs"=1 (0x1)
  188. "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\nvinit.dll
  189. .
  190. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
  191. @=""
  192. .
  193. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
  194. "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
  195. "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
  196. "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
  197. "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
  198. .
  199. R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe;c:\program files\Alienware\Command Center\AlienFusionService.exe [x]
  200. R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
  201. R2 DellDataVault;Dell Data Vault;c:\program files\Dell\DellDataVault\DellDataVault.exe ;c:\program files\Dell\DellDataVault\DellDataVault.exe [x]
  202. R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
  203. R3 DDDriver;DDDriver;c:\windows\system32\drivers\DDDriver64Dcsa.sys;c:\windows\SYSNATIVE\drivers\DDDriver64Dcsa.sys [x]
  204. R3 DellProf;DellProf;c:\windows\system32\drivers\DellProf.sys;c:\windows\SYSNATIVE\drivers\DellProf.sys [x]
  205. R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
  206. R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
  207. R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
  208. R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
  209. R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
  210. R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
  211. R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
  212. R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
  213. R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
  214. R4 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
  215. R4 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
  216. S0 aswRvrt;avast! Revert; [x]
  217. S0 aswVmm;avast! VM Monitor; [x]
  218. S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
  219. S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
  220. S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
  221. S2 AlienFXWindowsService;AlienFXWindowsService;c:\program files\Alienware\Command Center\AlienFXWindowsService.exe;c:\program files\Alienware\Command Center\AlienFXWindowsService.exe [x]
  222. S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
  223. S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
  224. S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
  225. S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
  226. S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
  227. S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
  228. S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
  229. S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
  230. S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
  231. S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
  232. S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
  233. S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
  234. S2 MSI_ODD_Service;MSI_ODD_Service;c:\program files (x86)\msi\ODD Monitor\ODD_Monitor.exe;c:\program files (x86)\msi\ODD Monitor\ODD_Monitor.exe [x]
  235. S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
  236. S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
  237. S2 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
  238. S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
  239. S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
  240. S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys;c:\windows\SYSNATIVE\drivers\rzpnk.sys [x]
  241. S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE;c:\program files (x86)\AlienRespawn\sftservice.EXE [x]
  242. S2 SupportAssistAgent;Dell SupportAssist Agent;c:\program files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe;c:\program files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [x]
  243. S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
  244. S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
  245. S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]
  246. S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
  247. S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
  248. S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
  249. S3 NTIOLib_X64;NTIOLib_X64;c:\program files (x86)\msi\ODD Monitor\NTIOLib_X64.sys;c:\program files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [x]
  250. S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
  251. S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
  252. S3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3hub.sys [x]
  253. S3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3xhc.sys [x]
  254. .
  255. .
  256. --- Other Services/Drivers In Memory ---
  257. .
  258. *NewlyCreated* - WS2IFSL
  259. .
  260. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
  261. 2015-07-14 15:38 991048 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.134\Installer\chrmstp.exe
  262. .
  263. Contents of the 'Scheduled Tasks' folder
  264. .
  265. 2015-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
  266. - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11 03:24]
  267. .
  268. 2015-07-25 c:\windows\Tasks\EPSON XP-410 Series Invitation {08C5BE64-69A3-44A8-8043-188E2CE1418E}.job
  269. - c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE [2013-10-16 05:20]
  270. .
  271. 2015-07-25 c:\windows\Tasks\EPSON XP-410 Series Update {08C5BE64-69A3-44A8-8043-188E2CE1418E}.job
  272. - c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE [2013-10-16 05:20]
  273. .
  274. 2015-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  275. - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-24 23:52]
  276. .
  277. 2015-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  278. - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-24 23:52]
  279. .
  280. 2015-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3232754702-2565239759-2421808633-1001Core.job
  281. - c:\users\Caleb\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-04 23:47]
  282. .
  283. 2015-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3232754702-2565239759-2421808633-1001UA.job
  284. - c:\users\Caleb\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-04 23:47]
  285. .
  286. .
  287. --------- X64 Entries -----------
  288. .
  289. .
  290. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
  291. @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
  292. [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
  293. 2015-06-16 14:59 2335448 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
  294. .
  295. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
  296. @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
  297. [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
  298. 2015-06-16 14:59 2335448 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
  299. .
  300. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
  301. @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
  302. [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
  303. 2015-06-16 14:59 2335448 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
  304. .
  305. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
  306. @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
  307. [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
  308. 2015-05-05 03:08 184856 ----a-w- c:\users\Caleb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
  309. .
  310. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
  311. @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
  312. [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
  313. 2015-05-05 03:08 184856 ----a-w- c:\users\Caleb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
  314. .
  315. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
  316. @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
  317. [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
  318. 2015-05-05 03:08 184856 ----a-w- c:\users\Caleb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
  319. .
  320. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
  321. @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
  322. [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
  323. 2015-05-05 03:08 184856 ----a-w- c:\users\Caleb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
  324. .
  325. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
  326. @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
  327. [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
  328. 2015-05-05 03:08 184856 ----a-w- c:\users\Caleb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
  329. .
  330. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
  331. @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
  332. [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
  333. 2015-05-05 03:08 184856 ----a-w- c:\users\Caleb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
  334. .
  335. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
  336. @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
  337. [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
  338. 2015-05-05 03:08 184856 ----a-w- c:\users\Caleb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
  339. .
  340. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
  341. @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
  342. [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
  343. 2015-05-05 03:08 184856 ----a-w- c:\users\Caleb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
  344. .
  345. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
  346. @="{472083B0-C522-11CF-8763-00608CC02F24}"
  347. [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
  348. 2014-10-25 17:26 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
  349. .
  350. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
  351. @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
  352. [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
  353. 2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
  354. .
  355. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
  356. @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
  357. [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
  358. 2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
  359. .
  360. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
  361. @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
  362. [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
  363. 2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
  364. .
  365. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
  366. @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
  367. [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
  368. 2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
  369. .
  370. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
  371. @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
  372. [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
  373. 2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
  374. .
  375. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
  376. @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
  377. [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
  378. 2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
  379. .
  380. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
  381. @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
  382. [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
  383. 2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
  384. .
  385. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
  386. @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
  387. [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
  388. 2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
  389. .
  390. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
  391. @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
  392. [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
  393. 2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
  394. .
  395. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  396. "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-12-11 7666392]
  397. "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-12-11 1391472]
  398. "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
  399. "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
  400. "Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
  401. "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-07-14 1710056]
  402. "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-07-14 2631824]
  403. "Launch Keyboard CI"="c:\program files\Alienware\Alienware TactX Keyboard CI\txkbci.exe" [2012-07-11 3439928]
  404. "Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2012-07-25 12656]
  405. .
  406. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
  407. "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
  408. .
  409. ------- Supplementary Scan -------
  410. .
  411. uLocal Page = c:\windows\system32\blank.htm
  412. uStart Page = hxxp://www.google.com/
  413. mLocal Page = c:\windows\SysWOW64\blank.htm
  414. uInternet Settings,ProxyOverride = *.local;<local>
  415. IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
  416. IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
  417. Trusted Zone: clonewarsadventures.com
  418. Trusted Zone: dell.com
  419. Trusted Zone: freerealms.com
  420. Trusted Zone: sharepoint.com\wvk12
  421. Trusted Zone: sharepoint.com\wvk12-my
  422. Trusted Zone: soe.com
  423. Trusted Zone: sony.com
  424. Trusted Zone: vizzed.com\www
  425. TCP: Interfaces\{6FE99A6E-6012-4547-9371-BE7AAE4BDD2E}: NameServer = 8.8.8.8,8.8.4.4
  426. .
  427. - - - - ORPHANS REMOVED - - - -
  428. .
  429. Toolbar-Locked - (no file)
  430. HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
  431. Toolbar-Locked - (no file)
  432. AddRemove-GameStop App - c:\programdata\{1983A45A-60BF-4D72-937F-E9C44B18E38E}\GameStopApp_setup.exe
  433. AddRemove-{2E55EEFD-2162-4A7D-9158-EDB0305603A6} - c:\programdata\{6AACA38B-2810-4B47-BDEC-D7A1F38B1531}\DDV.exe
  434. AddRemove-{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7} - c:\programdata\{1983A45A-60BF-4D72-937F-E9C44B18E38E}\GameStopApp_setup.exe
  435. .
  436. .
  437. .
  438. --------------------- LOCKED REGISTRY KEYS ---------------------
  439. .
  440. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
  441. @Denied: (A 2) (Everyone)
  442. @="FlashBroker"
  443. "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe,-101"
  444. .
  445. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
  446. "Enabled"=dword:00000001
  447. .
  448. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
  449. @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe"
  450. .
  451. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
  452. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  453. .
  454. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
  455. @Denied: (A 2) (Everyone)
  456. @="IFlashBroker6"
  457. .
  458. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
  459. @="{00020424-0000-0000-C000-000000000046}"
  460. .
  461. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
  462. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  463. "Version"="1.0"
  464. .
  465. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
  466. @Denied: (A 2) (Everyone)
  467. @="FlashBroker"
  468. "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe,-101"
  469. .
  470. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
  471. "Enabled"=dword:00000001
  472. .
  473. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
  474. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe"
  475. .
  476. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
  477. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  478. .
  479. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  480. @Denied: (A 2) (Everyone)
  481. @="Shockwave Flash Object"
  482. .
  483. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
  484. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
  485. "ThreadingModel"="Apartment"
  486. .
  487. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
  488. @="0"
  489. .
  490. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
  491. @="ShockwaveFlash.ShockwaveFlash.18"
  492. .
  493. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  494. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
  495. .
  496. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
  497. @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  498. .
  499. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
  500. @="1.0"
  501. .
  502. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  503. @="ShockwaveFlash.ShockwaveFlash"
  504. .
  505. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  506. @Denied: (A 2) (Everyone)
  507. @="Macromedia Flash Factory Object"
  508. .
  509. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  510. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
  511. "ThreadingModel"="Apartment"
  512. .
  513. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  514. @="FlashFactory.FlashFactory.1"
  515. .
  516. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  517. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
  518. .
  519. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  520. @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  521. .
  522. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  523. @="1.0"
  524. .
  525. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  526. @="FlashFactory.FlashFactory"
  527. .
  528. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
  529. @Denied: (A 2) (Everyone)
  530. @="IFlashBroker6"
  531. .
  532. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
  533. @="{00020424-0000-0000-C000-000000000046}"
  534. .
  535. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
  536. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  537. "Version"="1.0"
  538. .
  539. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
  540. @Denied: (A) (Everyone)
  541. "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
  542. .
  543. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
  544. @Denied: (A) (Everyone)
  545. .
  546. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
  547. "Key"="ActionsPane3"
  548. "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
  549. .
  550. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  551. @Denied: (Full) (Everyone)
  552. .
  553. ------------------------ Other Running Processes ------------------------
  554. .
  555. c:\program files\AVAST Software\Avast\AvastSvc.exe
  556. c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
  557. c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
  558. c:\program files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
  559. c:\windows\SysWOW64\PnkBstrA.exe
  560. c:\program files (x86)\AlienRespawn\TOASTER.EXE
  561. c:\program files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
  562. c:\program files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
  563. c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
  564. c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
  565. .
  566. **************************************************************************
  567. .
  568. Completion time: 2015-07-25 00:58:09 - machine was rebooted
  569. ComboFix-quarantined-files.txt 2015-07-25 04:58
  570. .
  571. Pre-Run: 699,681,320,960 bytes free
  572. Post-Run: 700,174,364,672 bytes free
  573. .
  574. - - End Of File - - CCB77F21552363892B17636C578A9C57
  575. 5C616939100B85E558DA92B899A0FC36
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!