Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Keep getting attacked by malicious websites

  • 06-08-2014 2:37am
    #1
    Cyber Ghost
    Banned (with Prison Access) Posts: 382 ✭✭


    Yesterday I got a pop up from my AVG protection about some site they had to block.

    So I installed Malwarebyte's anti malware to do a scan and they found some stuff so I just quarantined the items. However every few minutes I get told by Malware that it blocked another site, eg:

    Z3DglZS.png

    I went to that contentfinder and tried to delete it but the system wouldn't let me. I have a feeling this all happened when I installed "keepvid" a few days ago. I've deleted it since but am still getting this stuff attacking me.


Comments

  • #2
    salamanca22
    Registered Users, Registered Users 2 Posts: 1,179 ✭✭✭salamanca22


    Run a virus scan in safe mode and remove the infected files.


  • #3
    Cyber Ghost
    Banned (with Prison Access) Posts: 382 ✭✭Cyber Ghost


    salamanca22 wrote: »
    Run a virus scan in safe mode and remove the infected files.

    So just boot in safe mode and run Malwarebytes?


  • #4
    salamanca22
    Registered Users, Registered Users 2 Posts: 1,179 ✭✭✭salamanca22


    I would run both AVG and Malwarebytes in safe mode. This will give the best results. Ofcourse do not run them at the same time.


  • #5
    jsa112
    Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    post the mbam log too


  • #6
    Cyber Ghost
    Banned (with Prison Access) Posts: 382 ✭✭Cyber Ghost


    Hi guys.
    Ran combo fix and it appears to have worked.
    It was able to delete the "contentfinder" and other files I wasn't able to delete myself.
    I also ran those scans in safe mode just to be sure.
    Thanks for help.
    I will post Combo Fix log below as I don't know how to attach file.

    ComboFix 14-08-05.01 - John 06/08/2014 3:55.1.6 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.4080.2157 [GMT 1:00]
    Running from: c:\users\John\Desktop\ComboFix.exe
    AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\John\AppData\Local\CommonLauncher.exe
    c:\users\John\AppData\Local\ContentFinder.exe
    c:\users\John\AppData\Local\msvcp100.dll
    c:\users\John\AppData\Local\msvcr100.dll
    c:\users\John\AppData\Local\QtCore4.dll
    c:\users\John\AppData\Roaming\Roaming
    D:\install.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-07-06 to 2014-08-06 )))))))))))))))))))))))))))))))
    .
    .
    2014-08-05 18:02 . 2014-08-05 23:12 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-08-05 18:02 . 2014-08-05 18:02
    d
    w- c:\program files (x86)\Malwarebytes Anti-Malware
    2014-08-05 18:02 . 2014-08-05 18:02
    d
    w- c:\programdata\Malwarebytes
    2014-08-05 18:02 . 2014-05-12 06:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-08-05 18:02 . 2014-05-12 06:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-08-05 18:02 . 2014-05-12 06:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-08-04 00:14 . 2014-07-04 21:53 338992 ----a-w- c:\windows\system32\WiredTools64.dll
    2014-08-04 00:14 . 2014-07-04 21:53 296080 ----a-w- c:\windows\SysWow64\WiredTools.dll
    2014-08-04 00:13 . 2014-08-05 18:18
    d
    w- c:\programdata\DSearchLink
    2014-08-04 00:13 . 2014-04-20 04:40 13108224 ----a-w- c:\users\John\AppData\Local\QtWebKit4.dll
    2014-08-04 00:13 . 2014-04-20 02:43 8587264 ----a-w- c:\users\John\AppData\Local\QtGui4.dll
    2014-08-04 00:13 . 2014-04-20 02:38 1053184 ----a-w- c:\users\John\AppData\Local\QtNetwork4.dll
    2014-08-04 00:13 . 2013-03-18 17:45 1122304 ----a-w- c:\users\John\AppData\Local\libeay32.dll
    2014-08-04 00:13 . 2013-03-18 17:45 274432 ----a-w- c:\users\John\AppData\Local\ssleay32.dll
    2014-08-04 00:13 . 2014-08-05 17:58
    d
    w- c:\program files (x86)\keepvid
    2014-08-01 15:11 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
    2014-08-01 15:11 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
    2014-08-01 15:11 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
    2014-08-01 15:11 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
    2014-08-01 15:11 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
    2014-08-01 15:11 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
    2014-08-01 15:11 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
    2014-08-01 15:11 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
    2014-08-01 15:11 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
    2014-08-01 15:11 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
    2014-08-01 15:09 . 2014-05-14 08:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
    2014-08-01 15:09 . 2014-05-14 08:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
    2014-08-01 15:09 . 2014-05-14 08:20 36864 ----a-w- c:\windows\system32\wuapp.exe
    2014-08-01 15:09 . 2014-05-14 08:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
    2014-07-30 22:57 . 2014-07-30 22:58
    d
    w- c:\program files (x86)\PokerStars.Beta
    2014-07-28 17:06 . 2014-07-28 17:06
    d
    w- c:\users\John\AppData\Local\Windows Live Writer
    2014-07-28 17:06 . 2014-07-28 17:06
    d
    w- c:\users\John\AppData\Roaming\Windows Live Writer
    2014-07-20 18:11 . 2014-07-20 18:11
    d
    w- c:\users\John\AppData\Local\HearthstoneTracker
    2014-07-20 18:11 . 2014-07-20 18:11
    d
    w- c:\program files (x86)\HearthstoneTracker
    2014-07-20 10:11 . 2014-07-20 10:11
    d
    w- c:\users\John\AppData\Local\Microsoft Games
    2014-07-12 23:36 . 2014-05-17 02:35 44744 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
    2014-07-12 23:35 . 2014-07-12 23:36
    d
    w- c:\programdata\Hotspot Shield
    2014-07-12 23:35 . 2014-07-12 23:36
    d
    w- c:\program files (x86)\Hotspot Shield
    2014-07-12 23:35 . 2014-07-12 23:35
    d
    w- c:\users\John\AppData\Roaming\Hotspot Shield
    2014-07-09 04:26 . 2014-07-09 04:26
    d-sh--w- c:\users\John\AppData\Local\EmieUserList
    2014-07-09 04:26 . 2014-07-09 04:26
    d-sh--w- c:\users\John\AppData\Local\EmieSiteList
    2014-07-08 21:12 . 2014-06-03 10:02 1719296 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
    2014-07-08 21:12 . 2014-06-03 10:02 1380864 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
    2014-07-08 21:12 . 2014-06-03 10:02 1389568 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
    2014-07-08 21:12 . 2014-06-03 10:02 1354240 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2014-07-08 21:12 . 2014-06-03 09:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2014-07-08 21:12 . 2014-06-30 02:09 519168 ----a-w- c:\windows\system32\aepdu.dll
    2014-07-08 21:12 . 2014-06-30 02:04 424448 ----a-w- c:\windows\system32\aeinv.dll
    2014-07-08 21:09 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
    2014-07-08 21:09 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2014-07-08 21:09 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-07-21 09:10 . 2014-05-10 19:10 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-07-21 09:10 . 2014-05-10 19:10 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-07-09 02:03 . 2014-05-10 17:03 96441528 ----a-w- c:\windows\system32\MRT.exe
    2014-06-30 11:43 . 2014-06-30 11:43 152344 ----a-w- c:\windows\system32\drivers\avgdiska.sys
    2014-06-17 18:31 . 2014-06-17 18:31 101184 ----a-w- c:\windows\system32\stkMonitor.dll
    2014-06-17 15:21 . 2014-06-17 15:21 235800 ----a-w- c:\windows\system32\drivers\avgldx64.sys
    2014-06-17 15:07 . 2014-06-17 15:07 328984 ----a-w- c:\windows\system32\drivers\avgloga.sys
    2014-06-17 15:06 . 2014-06-17 15:06 269080 ----a-w- c:\windows\system32\drivers\avgtdia.sys
    2014-06-17 15:06 . 2014-06-17 15:06 190744 ----a-w- c:\windows\system32\drivers\avgidsha.sys
    2014-06-17 15:06 . 2014-06-17 15:06 242968 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
    2014-06-17 15:06 . 2014-06-17 15:06 123672 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
    2014-06-17 15:06 . 2014-06-17 15:06 31512 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
    2014-05-23 02:28 . 2014-05-23 02:28 127872 ----a-w- c:\windows\system32\amdhcp64.dll
    2014-05-23 02:28 . 2014-05-23 02:28 117560 ----a-w- c:\windows\SysWow64\amdhcp32.dll
    2014-05-23 02:28 . 2014-05-23 02:28 78432 ----a-w- c:\windows\system32\atimpc64.dll
    2014-05-23 02:28 . 2014-05-23 02:28 78432 ----a-w- c:\windows\system32\amdpcom64.dll
    2014-05-23 02:28 . 2014-05-23 02:28 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2014-05-23 02:28 . 2014-05-23 02:28 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    2014-05-23 02:28 . 2014-04-16 02:43 143304 ----a-w- c:\windows\system32\atiuxp64.dll
    2014-05-23 02:28 . 2014-05-23 02:28 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2014-05-23 02:28 . 2014-04-16 02:43 117584 ----a-w- c:\windows\system32\atiu9p64.dll
    2014-05-23 02:28 . 2014-04-16 02:43 99520 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2014-05-23 02:28 . 2014-04-16 02:43 1328352 ----a-w- c:\windows\system32\aticfx64.dll
    2014-05-23 02:28 . 2014-04-16 02:43 1108432 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2014-05-23 02:27 . 2014-04-16 02:43 10516488 ----a-w- c:\windows\system32\atidxx64.dll
    2014-05-23 02:27 . 2014-05-23 02:27 9015224 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2014-05-23 02:27 . 2014-04-16 02:43 7102496 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2014-05-23 02:27 . 2014-04-16 02:43 6879016 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2014-05-23 02:27 . 2014-04-16 02:43 7892000 ----a-w- c:\windows\system32\atiumd6a.dll
    2014-05-23 02:27 . 2014-04-16 02:43 8108312 ----a-w- c:\windows\system32\atiumd64.dll
    2014-05-23 02:24 . 2014-05-23 02:24 276192 ----a-w- c:\windows\system32\drivers\amdacpksd.sys
    2014-05-23 02:22 . 2014-05-23 02:22 15950336 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2014-05-23 01:55 . 2014-05-23 01:55 27529216 ----a-w- c:\windows\system32\atio6axx.dll
    2014-05-23 01:47 . 2014-05-23 01:47 231424 ----a-w- c:\windows\system32\clinfo.exe
    2014-05-23 01:47 . 2014-05-23 01:47 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
    2014-05-23 01:47 . 2014-05-23 01:47 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
    2014-05-23 01:47 . 2014-05-23 01:47 86528 ----a-w- c:\windows\system32\OVDecode64.dll
    2014-05-23 01:47 . 2014-05-23 01:47 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2014-05-23 01:47 . 2014-05-23 01:47 32874496 ----a-w- c:\windows\system32\amdocl64.dll
    2014-05-23 01:46 . 2014-05-23 01:46 127488 ----a-w- c:\windows\system32\mantle64.dll
    2014-05-23 01:45 . 2014-05-23 01:45 113664 ----a-w- c:\windows\SysWow64\mantle32.dll
    2014-05-23 01:45 . 2014-05-23 01:45 5224960 ----a-w- c:\windows\system32\amdmantle64.dll
    2014-05-23 01:45 . 2014-04-16 02:20 27841024 ----a-w- c:\windows\SysWow64\amdocl.dll
    2014-05-23 01:43 . 2014-05-23 01:43 65024 ----a-w- c:\windows\system32\OpenCL.dll
    2014-05-23 01:43 . 2014-04-16 02:17 58880 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2014-05-23 01:40 . 2014-05-23 01:40 23028224 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2014-05-23 01:38 . 2014-05-23 01:38 366592 ----a-w- c:\windows\system32\atiapfxx.exe
    2014-05-23 01:38 . 2014-05-23 01:38 62464 ----a-w- c:\windows\system32\aticalrt64.dll
    2014-05-23 01:38 . 2014-05-23 01:38 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2014-05-23 01:37 . 2014-05-23 01:37 55808 ----a-w- c:\windows\system32\aticalcl64.dll
    2014-05-23 01:37 . 2014-05-23 01:37 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2014-05-23 01:37 . 2014-05-23 01:37 4180992 ----a-w- c:\windows\SysWow64\amdmantle32.dll
    2014-05-23 01:37 . 2014-05-23 01:37 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
    2014-05-23 01:35 . 2014-05-23 01:35 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2014-05-23 01:31 . 2014-05-23 01:31 91648 ----a-w- c:\windows\system32\mantleaxl64.dll
    2014-05-23 01:30 . 2014-05-23 01:30 85504 ----a-w- c:\windows\SysWow64\mantleaxl32.dll
    2014-05-23 01:27 . 2014-05-23 01:27 48128 ----a-w- c:\windows\system32\amdmmcl6.dll
    2014-05-23 01:27 . 2014-05-23 01:27 37888 ----a-w- c:\windows\SysWow64\amdmmcl.dll
    2014-05-23 01:25 . 2014-04-16 01:30 442368 ----a-w- c:\windows\system32\atidemgy.dll
    2014-05-23 01:25 . 2014-05-23 01:25 31232 ----a-w- c:\windows\system32\atimuixx.dll
    2014-05-23 01:25 . 2014-05-23 01:25 588800 ----a-w- c:\windows\system32\atieclxx.exe
    2014-05-23 01:25 . 2014-05-23 01:25 239616 ----a-w- c:\windows\system32\atiesrxx.exe
    2014-05-23 01:24 . 2014-05-23 01:24 190976 ----a-w- c:\windows\system32\atitmm64.dll
    2014-05-23 01:18 . 2014-05-23 01:18 826368 ----a-w- c:\windows\system32\coinst_14.200.dll
    2014-05-23 01:12 . 2014-04-16 01:09 1207296 ----a-w- c:\windows\system32\atiadlxx.dll
    2014-05-23 01:12 . 2014-04-16 01:08 898560 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2014-05-23 01:12 . 2014-05-23 01:12 75264 ----a-w- c:\windows\system32\atig6pxx.dll
    2014-05-23 01:12 . 2014-05-23 01:12 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2014-05-23 01:12 . 2014-05-23 01:12 69632 ----a-w- c:\windows\system32\atiglpxx.dll
    2014-05-23 01:12 . 2014-05-23 01:12 146944 ----a-w- c:\windows\system32\atig6txx.dll
    2014-05-23 01:12 . 2014-04-16 01:07 133632 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2014-05-23 01:11 . 2014-05-23 01:11 557056 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2014-05-23 01:11 . 2014-05-23 01:11 95744 ----a-w- c:\windows\system32\amdave64.dll
    2014-05-23 01:11 . 2014-05-23 01:11 90112 ----a-w- c:\windows\SysWow64\amdave32.dll
    2014-05-23 01:11 . 2014-05-23 01:11 89088 ----a-w- c:\windows\system32\atisamu64.dll
    2014-05-23 01:11 . 2014-05-23 01:11 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll
    2014-05-23 01:05 . 2014-05-23 01:05 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2014-05-22 20:56 . 2014-05-22 20:56 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
    2014-05-22 20:52 . 2014-05-22 20:52 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
    2014-05-17 00:42 . 2014-05-17 00:42 42184 ----a-w- c:\windows\system32\drivers\taphss6.sys
    2014-05-11 23:27 . 2014-05-11 23:27 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
    2014-05-11 23:26 . 2014-05-11 23:26 235008 ----a-w- c:\windows\system32\elshyph.dll
    2014-05-11 23:26 . 2014-05-11 23:26 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
    2014-05-11 23:26 . 2014-05-11 23:26 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2014-05-11 23:26 . 2014-05-11 23:26 182272 ----a-w- c:\windows\SysWow64\msls31.dll
    2014-05-11 23:26 . 2014-05-11 23:26 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
    2014-05-11 23:26 . 2014-05-11 23:26 337408 ----a-w- c:\windows\SysWow64\html.iec
    2014-05-11 23:26 . 2014-05-11 23:26 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2014-05-11 23:26 . 2014-05-11 23:26 139264 ----a-w- c:\windows\SysWow64\wextract.exe
    2014-05-11 23:26 . 2014-05-11 23:26 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
    2014-05-11 23:26 . 2014-05-11 23:26 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
    2014-05-11 23:26 . 2014-05-11 23:26 13312 ----a-w- c:\windows\SysWow64\mshta.exe
    2014-05-11 23:26 . 2014-05-11 23:26 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2014-05-11 23:26 . 2014-05-11 23:26 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2014-05-11 23:26 . 2014-05-11 23:26 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2014-05-11 23:26 . 2014-05-11 23:26 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2014-05-11 23:26 . 2014-05-11 23:26 942592 ----a-w- c:\windows\system32\jsIntl.dll
    2014-05-11 23:26 . 2014-05-11 23:26 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2014-05-11 23:26 . 2014-05-11 23:26 247808 ----a-w- c:\windows\system32\msls31.dll
    2014-05-11 23:26 . 2014-05-11 23:26 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
    2010-05-06 15:14 433648 ----a-w- c:\programdata\Partner\Partner.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HearthstoneTracker"="c:\program files (x86)\HearthstoneTracker\HearthCap.exe" [2014-03-26 8130048]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-07-10 5187088]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-05-22 767200]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    .
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [x]
    R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 cpuz135;cpuz135;c:\users\John\AppData\Local\Temp\cpuz135\cpuz135_x64.sys;c:\users\John\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
    R3 cpuz137;cpuz137;c:\windows\TEMP\cpuz137\cpuz137_x64.sys;c:\windows\TEMP\cpuz137\cpuz137_x64.sys [x]
    R3 GPUZ;GPUZ;c:\windows\TEMP\GPUZ.sys;c:\windows\TEMP\GPUZ.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe;c:\programdata\Partner\Partner.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys;c:\windows\SYSNATIVE\DRIVERS\ahcix64s.sys [x]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
    S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
    S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
    S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
    S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
    S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
    S2 AODDriver4.3;AODDriver4.3;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
    S2 CGVPNCliService;CyberGhost 5 Client Service;c:\program files\CyberGhost 5\Service.exe;c:\program files\CyberGhost 5\Service.exe [x]
    S2 chromoting;Chrome Remote Desktop Service;c:\program files (x86)\Google\Chrome Remote Desktop\36.0.1985.102\remoting_host.exe;c:\program files (x86)\Google\Chrome Remote Desktop\36.0.1985.102\remoting_host.exe [x]
    S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe [x]
    S2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-07-17 23:08 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-15 09:10]
    .
    2014-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-10 15:55]
    .
    2014-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-10 15:55]
    .
    .
    X64 Entries
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
    2010-05-06 15:14 750064 ----a-w- c:\programdata\Partner\Partner64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-12 9955872]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
    .
    Supplementary Scan
    .
    uStart Page = www.google.com
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {{DBA40FC2-19EC-4f76-A23F-C2079FB37A35} - c:\program files (x86)\PokerStars.Beta\PokerStarsUpdate.exe
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{A138D7C5-B9FE-45E3-9147-41220EBA9F3D}: NameServer = 8.8.8.8
    FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\t047ldqw.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-ContentFinder - c:\users\John\AppData\Local\ContentFinder.exe
    Wow6432Node-HKCU-Run-CommonLauncher - c:\users\John\AppData\Local\CommonLauncher.exe
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    Toolbar-Locked - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
    "ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
    "ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
    .
    LOCKED REGISTRY KEYS
    .
    [HKEY_USERS\S-1-5-21-3256101133-610218567-1163638977-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-3256101133-610218567-1163638977-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.14"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-08-06 04:10:40
    ComboFix-quarantined-files.txt 2014-08-06 03:10
    .
    Pre-Run: 77,986,787,328 bytes free
    Post-Run: 77,430,595,584 bytes free
    .
    - - End Of File - - A74769EF0F37E1D5ECE4A192AA4B9AB1


  • Advertisement
Advertisement