Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all,
Vanilla are planning an update to the site on April 24th (next Wednesday). It is a major PHP8 update which is expected to boost performance across the site. The site will be down from 7pm and it is expected to take about an hour to complete. We appreciate your patience during the update.
Thanks all.

Stubborn Garda virus

Options
135

Comments

  • Options
    #62
    HelpWithIT
    Registered Users Posts: 276 ✭✭HelpWithIT


    Any I've dealt with came from the following..  Porn sites, free film sites, free soccer sites (first row sports) and one from Facebook message


  • Options
    #63
    chem
    Registered Users Posts: 1,230 ✭✭✭chem


    Hi I have this on my laptop. I have the user split to user 1 and the other is the admin. I can use the admin user, but its the user 1 that has the virus! I tried running norton in the admin user, but it did not clear up the problem. Can I scan the user 1 part from the admin?? Hope that makes sence to people!!


  • Options
    #64
    mp22
    Moderators, Business & Finance Moderators, Regional South Moderators Posts: 6,854 Mod ✭✭✭✭mp22


    Use malwarebytes to scan the pc.and yes you can use it from the admin account.


  • Options
    #65
    funsboro
    Registered Users Posts: 25 funsboro


    Hi folks I used the posts on here to get rid of it a month ago- thanks a mil- the guy in the local computer shop wanted to charge me €170 to do it BUT its back and very nasty this time. I can't do the safe mode option but was able to do the safe mode with the command prompt hit after the system rescue ran the loch screen appeared again before I could run malware/hitman.
    I think because there's two users on the machine it won't let me in on the user that's locked- is there anyway to bypass this? Or am I as well off just doing the USB thing? I presume you won't be able to download to the USB on a lot of pcs but should be allowed in an Internet cafe?

    Thanks again boardsies ;)


  • Options
    #66
    BloodBath
    Registered Users Posts: 10,299 ✭✭✭✭BloodBath


    Did you not install anything to prevent it after the first time? The likes of avast will stop the majority of this infections from ever happening in the first place.


  • Advertisement
  • Options
    #67
    diaduit73
    Registered Users Posts: 32 diaduit73


    170 euro, that's dear.

    I got this virus twice, both times from link to a soccer website I got from two different youtube videos. The first time I panicked because I hadn't a clue what it was and brought it into a computer shop right away which cost me 50 euro (I thought that was a lot until I read funsboro's post above).

    I looked up the internet for ways to get rid of it, the Garda website has information on it but not great instructions for getting rid of it. The best site I found was actually the Met police website in the UK (I wasn't expecting that) so I printed it off. The second time I got the virus I followed their instructions and got rid of it for free.

    Pressing F8 like mad on start up wouldn't work. I had to remove the battery at the back of the laptop to get it to open in safe mode.


  • Options
    #68
    Sala
    Registered Users Posts: 1,494 ✭✭✭Sala


    I got this on my work PC (definitely not looking at dodgy sites!). I ran a scan last week and nothing came up but couldn't get in today for ages. f8 didn't work. Anyway after many times restarting I got in and as per advice I saw on the net installed Microsoft Security essentials and ran it - found the virus, cleaned it up... do I need to do anything else??


  • Options
    #69
    simon360
    Registered Users Posts: 775 ✭✭✭simon360


    Just to ask do you have to download anything to get a virus or can it be found in the cache of Chrome and other browsers?


  • Options
    #70
    funsboro
    Registered Users Posts: 25 funsboro


    BloodBath wrote: »
    Did you not install anything to prevent it after the first time? The likes of avast will stop the majority of this infections from ever happening in the first place.

    I have McAfee on it but it looks to be able to bypass that.


  • Options
    #71
    funsboro
    Registered Users Posts: 25 funsboro


    simon360 wrote: »
    Just to ask do you have to download anything to get a virus or can it be found in the cache of Chrome and other browsers?

    I wasn't downloading anything - had been watching greys anatomy - streeaming it only- on the free site so I reckon that's the cause ...


  • Advertisement
  • Options
    #72
    Sparks43
    Registered Users Posts: 4,056 ✭✭✭Sparks43


    Most AV software is useless against this.

    Best way i have found to prevent it is this

    Dont use internet explorer
    And always use an Adblock with either Chrome or Firefox


  • Options
    #73
    simon360
    Registered Users Posts: 775 ✭✭✭simon360


    Have Adblock Plus on Chrome and run a virus scan with MBAM nearly daily on my computer as it only takes 20 mins or so with the SSD. My worst nightmare is this!


  • Options
    #74
    funsboro
    Registered Users Posts: 25 funsboro


    Sparks43 wrote: »
    Most AV software is useless against this.

    Best way i have found to prevent it is this

    Dont use internet explorer
    And always use an Adblock with either Chrome or Firefox

    Cool will try and sort it out tomorrow night, thanks again


  • Options
    #75
    demanufactured
    Closed Accounts Posts: 5,756 ✭✭✭demanufactured


    C:\Documents and Settings\UserName\Application Data\skype.dat

    Locate that file using some boot able media and delete it.


  • Options
    #76
    carzony
    Registered Users Posts: 2,780 ✭✭✭carzony


    Anyone got any advice for me here lads? I know f.all about computers but my mate had a go and tried a few different methods but all he said was somthing about not having restore points or something like that?

    Going mad because I just spent 30 euro on a new battery :mad::mad:


  • Options
    #77
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    download and run combofix

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix


  • Options
    #78
    hearny
    Registered Users Posts: 953 ✭✭✭hearny


    Reboot the PC in safe mode with networking.

    type explorer.exe

    Browse to
    C:\Documents and Settings\YOURUSERNAME\Application Data\

    delete the file skype.dat.

    Reboot and that should get you working again.

    Download Malwarebytes update the definitions and run a full scan.
    Remove anything it finds.


  • Options
    #79
    hearny
    Registered Users Posts: 953 ✭✭✭hearny


    Meant to say update your version of Java as that is how it gets nto your machine, and clear your Java cache. (Control Panel -> Java -> Somewhere in here Im on a Mac so I cant remember)


  • Options
    #80
    fitzcoff
    Registered Users Posts: 528 ✭✭✭fitzcoff


    hi

    I have had the garda virus on a laptop a while back and kind boardsies came to my help.

    It's my dad's laptop and it was dropped back to me again last night with the virus again.

    I went into safe mode with networking and the laptop opens in safe mode then starts to log off and then says it's shutting down. it nosies and then I'm left with a white screen.

    I tried starting it in normal mode and it opens a blank white screen, My dad said that the garda virus had been on the screen.

    So I am at a loss as to what to do,

    Anyone have any pointers or should I just bring it into a shop?

    Thanks in advance


  • Options
    #81
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    can you do the steps in post #2 here

    http://www.geekstogo.com/forum/topic/288388-unbootable-system-tutorial/


  • Advertisement
  • Options
    #82
    fitzcoff
    Registered Users Posts: 528 ✭✭✭fitzcoff


    ASJ112 wrote: »
    can you do the steps in post #2 here

    http://www.geekstogo.com/forum/topic/288388-unbootable-system-tutorial/

    it is asking me for the user password and i have tried entering the one I thought it was and it will not leave me go further than that .


  • Options
    #83
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    Have you done this step with another machine ?


    For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

    Plug the flashdrive into the infected PC.


  • Options
    #84
    fitzcoff
    Registered Users Posts: 528 ✭✭✭fitzcoff


    Thanks to ASJ112 , I managed to get something started below is the log

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-04-2013
    Ran by SYSTEM on 25-04-2013 22:14:34
    Running from H:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Recovery
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6602856 2011-01-11] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-20] (Synaptics Incorporated)
    HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [615584 2011-03-01] (Atheros Commnucations)
    HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [379552 2011-03-01] (Atheros Commnucations)
    HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-07-21] (Hewlett-Packard Company)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
    HKLM-x32\...\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
    HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
    HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
    HKU\martin\...\Run: [Google Update] "C:\Users\martin\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-12-25] (Google Inc.)
    HKU\martin\...\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [247768 2012-06-20] (TomTom)
    HKU\martin\...\Run: [Adobe CSx Manager] C:\Users\martin\AppData\Roaming\873997d3-3f3a-4807-a625-a0032ed6e158ad\dfaaaedead.exe [3072 2013-03-29] ()
    HKU\martin\...\Winlogon: [Shell] explorer.exe,C:\Users\martin\AppData\Roaming\skype.dat [58368 2011-11-16] ()

    ==================== Services (Whitelisted) =================

    S2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-01] (Atheros)
    S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [399432 2012-09-29] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [676936 2012-09-29] (Malwarebytes Corporation)
    S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
    S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
    S2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-02-24] (Xobni Corporation)

    ==================== Drivers (Whitelisted) ====================

    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)
    S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
    S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-04-25 22:14 - 2013-04-25 22:14 - 00000000 ____D C:\FRST
    2013-04-22 07:45 - 2013-04-25 04:29 - 00000004 ____A C:\Users\martin\AppData\Roaming\skype.ini
    2013-04-21 04:24 - 2013-04-25 04:28 - 00000784 ____A C:\Windows\setupact.log
    2013-04-21 04:24 - 2013-04-21 04:24 - 00000000 ____A C:\Windows\setuperr.log
    2013-04-18 09:26 - 2013-04-18 09:26 - 00000000 ____D C:\Users\martin\AppData\Local\{43BD7E91-CB87-4452-B01A-5B9DBB22DA2F}
    2013-04-17 12:38 - 2013-04-17 12:39 - 00000000 ____D C:\Users\martin\Documents\New folder (5)
    2013-04-17 12:37 - 2013-04-19 14:11 - 00000000 ____D C:\Users\martin\Documents\New folder (4)
    2013-04-17 12:21 - 2011-04-04 08:39 - 00024294 ____A C:\Users\martin\Documents\mairead farrell.bmp
    2013-04-17 11:48 - 2013-04-17 11:48 - 00000000 ____D C:\Users\martin\AppData\Local\{E24C7EBF-D01E-4ADA-9703-177C8D14176E}
    2013-04-17 11:47 - 2013-04-17 11:47 - 00000000 ____D C:\Users\martin\AppData\Local\{91E31053-2001-475A-AD2F-0689FF9E0378}
    2013-04-17 11:43 - 2013-04-17 11:43 - 00000000 ____D C:\Users\martin\AppData\Local\{6EE4F6C8-075F-4B96-AAE6-D08FCBFC37E1}
    2013-04-10 13:54 - 2013-02-21 22:57 - 17817088 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-04-10 13:54 - 2013-02-21 22:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-04-10 13:54 - 2013-02-21 22:27 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-04-10 13:54 - 2013-02-21 22:21 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-04-10 13:54 - 2013-02-21 22:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-04-10 13:54 - 2013-02-21 22:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2013-04-10 13:54 - 2013-02-21 22:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2013-04-10 13:54 - 2013-02-21 22:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-04-10 13:54 - 2013-02-21 22:15 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-04-10 13:54 - 2013-02-21 22:15 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2013-04-10 13:54 - 2013-02-21 22:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2013-04-10 13:54 - 2013-02-21 22:14 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-04-10 13:54 - 2013-02-21 22:13 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-04-10 13:54 - 2013-02-21 22:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2013-04-10 13:54 - 2013-02-21 22:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-04-10 13:54 - 2013-02-21 22:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-04-10 13:54 - 2013-02-21 20:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-04-10 13:54 - 2013-02-21 19:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-04-10 13:54 - 2013-02-21 19:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-04-10 13:54 - 2013-02-21 19:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-04-10 13:54 - 2013-02-21 19:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-04-10 13:54 - 2013-02-21 19:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2013-04-10 13:54 - 2013-02-21 19:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2013-04-10 13:54 - 2013-02-21 19:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-04-10 13:54 - 2013-02-21 19:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-04-10 13:54 - 2013-02-21 19:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2013-04-10 13:54 - 2013-02-21 19:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2013-04-10 13:54 - 2013-02-21 19:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-04-10 13:54 - 2013-02-21 19:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-04-10 13:54 - 2013-02-21 19:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-04-10 13:54 - 2013-02-21 19:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2013-04-10 13:54 - 2013-02-21 19:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-04-10 11:40 - 2013-02-14 22:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
    2013-04-10 11:40 - 2013-02-14 20:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2013-04-10 11:39 - 2013-02-14 22:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
    2013-04-10 11:39 - 2013-02-14 22:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
    2013-04-10 11:39 - 2013-02-14 20:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
    2013-04-10 11:39 - 2013-02-14 19:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2013-04-10 11:35 - 2013-03-01 22:04 - 01655656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2013-04-10 11:35 - 2013-02-28 19:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-04-10 11:29 - 2013-03-18 22:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2013-04-10 11:29 - 2013-03-18 21:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
    2013-04-10 11:29 - 2013-03-18 21:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2013-04-10 11:29 - 2013-03-18 21:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2013-04-10 11:29 - 2013-03-18 20:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2013-04-10 11:29 - 2013-03-18 19:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
    2013-04-10 11:29 - 2013-01-23 22:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
    2013-03-30 04:25 - 2013-03-30 04:25 - 00000000 ____D C:\Users\martin\AppData\Local\{624EFD0C-8FF7-4812-AAB5-60C1FCE71183}
    2013-03-29 13:23 - 2013-03-29 13:23 - 00000000 ____D C:\Users\martin\AppData\Local\{4A8F0A75-28E9-49F4-9A07-EBDC7FA67C59}
    2013-03-29 12:48 - 2013-03-30 06:56 - 00000000 ____D C:\Users\martin\Documents\101COACH
    2013-03-29 01:28 - 2013-03-29 01:28 - 00000000 ____D C:\Users\martin\AppData\Roaming\873997d3-3f3a-4807-a625-a0032ed6e158ad
    2013-03-26 08:04 - 2013-02-11 20:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys

    ==================== One Month Modified Files and Folders =======

    2013-04-25 22:14 - 2013-04-25 22:14 - 00000000 ____D C:\FRST
    2013-04-25 04:29 - 2013-04-22 07:45 - 00000004 ____A C:\Users\martin\AppData\Roaming\skype.ini
    2013-04-25 04:29 - 2012-12-27 13:13 - 00000035 ____A C:\Users\Public\Documents\AtherosServiceConfig.ini
    2013-04-25 04:29 - 2012-11-30 15:45 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-04-25 04:29 - 2011-04-24 14:38 - 00000000 ____D C:ProgramData\PDFC
    2013-04-25 04:28 - 2013-04-21 04:24 - 00000784 ____A C:\Windows\setupact.log
    2013-04-25 04:28 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-04-24 23:39 - 2011-12-25 06:00 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-963050305-668444556-3006111060-1000UA.job
    2013-04-24 23:33 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-04-24 23:33 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-04-24 23:30 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-04-24 23:29 - 2012-12-04 00:41 - 01203785 ____A C:\Windows\WindowsUpdate.log
    2013-04-22 08:13 - 2012-09-07 14:47 - 00000000 ____D C:\Users\martin\Documents\Youcam
    2013-04-22 08:12 - 2011-12-28 02:53 - 00000000 ____D C:\Users\martin\AppData\Local\CrashDumps
    2013-04-22 07:59 - 2012-11-30 15:45 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-04-22 07:59 - 2011-12-25 03:52 - 00000000 ____D C:\Users\martin\Documents\Bluetooth Folder
    2013-04-22 07:39 - 2012-04-09 06:40 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2013-04-22 07:39 - 2011-12-26 07:19 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
    2013-04-22 00:48 - 2009-07-13 21:08 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2013-04-21 04:24 - 2013-04-21 04:24 - 00000000 ____A C:\Windows\setuperr.log
    2013-04-20 12:39 - 2011-12-25 06:00 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-963050305-668444556-3006111060-1000Core.job
    2013-04-19 14:11 - 2013-04-17 12:37 - 00000000 ____D C:\Users\martin\Documents\New folder (4)
    2013-04-19 11:00 - 2012-04-16 10:14 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleFormartin.job
    2013-04-18 09:26 - 2013-04-18 09:26 - 00000000 ____D C:\Users\martin\AppData\Local\{43BD7E91-CB87-4452-B01A-5B9DBB22DA2F}
    2013-04-17 12:39 - 2013-04-17 12:38 - 00000000 ____D C:\Users\martin\Documents\New folder (5)
    2013-04-17 11:48 - 2013-04-17 11:48 - 00000000 ____D C:\Users\martin\AppData\Local\{E24C7EBF-D01E-4ADA-9703-177C8D14176E}
    2013-04-17 11:47 - 2013-04-17 11:47 - 00000000 ____D C:\Users\martin\AppData\Local\{91E31053-2001-475A-AD2F-0689FF9E0378}
    2013-04-17 11:43 - 2013-04-17 11:43 - 00000000 ____D C:\Users\martin\AppData\Local\{6EE4F6C8-075F-4B96-AAE6-D08FCBFC37E1}
    2013-04-16 12:30 - 2011-04-24 14:27 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
    2013-04-16 12:30 - 2011-02-10 11:23 - 00000000 ____D C:\SWSetup
    2013-04-11 06:52 - 2009-07-13 20:45 - 00343728 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-04-10 13:55 - 2011-12-25 04:31 - 00000000 ____D C:ProgramData\Microsoft Help
    2013-04-10 11:42 - 2011-12-25 06:05 - 00002370 ____A C:\Users\martin\Desktop\Google Chrome.lnk
    2013-04-02 02:34 - 2010-11-20 19:27 - 00282744 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2013-03-30 06:56 - 2013-03-29 12:48 - 00000000 ____D C:\Users\martin\Documents\101COACH
    2013-03-30 04:25 - 2013-03-30 04:25 - 00000000 ____D C:\Users\martin\AppData\Local\{624EFD0C-8FF7-4812-AAB5-60C1FCE71183}
    2013-03-29 13:23 - 2013-03-29 13:23 - 00000000 ____D C:\Users\martin\AppData\Local\{4A8F0A75-28E9-49F4-9A07-EBDC7FA67C59}
    2013-03-29 01:28 - 2013-03-29 01:28 - 00000000 ____D C:\Users\martin\AppData\Roaming\873997d3-3f3a-4807-a625-a0032ed6e158ad

    Other Malware:
    ===========
    C:\Users\martin\AppData\Roaming\skype.dat
    C:\Users\martin\AppData\Roaming\skype.ini

    ==================== Known DLLs (Whitelisted) ================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2013-03-09 11:23:18
    Restore point made on: 2013-03-13 01:27:17
    Restore point made on: 2013-03-13 15:29:01
    Restore point made on: 2013-03-17 07:09:34
    Restore point made on: 2013-03-20 10:21:59
    Restore point made on: 2013-03-24 05:48:20
    Restore point made on: 2013-03-26 14:14:44
    Restore point made on: 2013-03-31 03:45:35
    Restore point made on: 2013-04-04 08:59:38
    Restore point made on: 2013-04-08 04:02:31
    Restore point made on: 2013-04-10 13:53:24
    Restore point made on: 2013-04-16 09:03:47
    Restore point made on: 2013-04-16 09:19:38
    Restore point made on: 2013-04-16 09:19:53
    Restore point made on: 2013-04-20 01:47:27

    ==================== Memory info ===========================

    Percentage of memory in use: 22%
    Total physical RAM: 2933.86 MB
    Available physical RAM: 2272.66 MB
    Total Pagefile: 2932 MB
    Available Pagefile: 2260.54 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.88 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:283.96 GB) (Free:230.32 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
    Drive e: (RECOVERY) (Fixed) (Total:13.83 GB) (Free:1.72 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]
    Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32 (Disk=0 Partition=4)
    Drive h: (CORSAIR) (Removable) (Total:0.97 GB) (Free:0.97 GB) FAT (Disk=1 Partition=1)
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 Online 992 MB 0 B

    Partitions of Disk 0:
    ===============

    Disk ID: 434CBBC6

    Partition ### Type Size Offset
    Partition 1 Primary 199 MB 1024 KB
    Partition 2 Primary 283 GB 200 MB
    Partition 3 Primary 13 GB 284 GB
    Partition 4 Primary 103 MB 297 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---
    * Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---
    * Volume 2 C NTFS Partition 283 GB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---
    * Volume 3 E RECOVERY NTFS Partition 13 GB Healthy

    =========================================================

    Disk: 0
    Partition 4
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---
    * Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Disk ID: B354FC99

    Partition ### Type Size Offset
    Partition 1 Primary 991 MB 16 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 06
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---
    * Volume 5 H CORSAIR FAT Removable 991 MB Healthy

    =========================================================
    ============================== MBR & Partition Table ==================

    ====================================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 434CBBC6)
    Partition 1: (Active) - (Size=199 MB) - (Type=07) (NTFS)
    Partition 2: (Not Active) - (Size=284 GB) - (Type=07) (NTFS)
    Partition 3: (Not Active) - (Size=14 GB) - (Type=07) (NTFS)
    Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

    ====================================================================
    Disk: 1 (Size: 992 MB) (Disk ID: B354FC99)
    Partition 1: (Active) - (Size=992 MB) - (Type=06)


    Last Boot: 2013-04-14 04:12

    ==================== End Of Log ============================


  • Options
    #85
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    do you recognise these folders ?

    2013-04-17 12:38 - 2013-04-17 12:39 - 00000000 ____D C:\Users\martin\Documents\New folder (5)
    2013-04-17 12:37 - 2013-04-19 14:11 - 00000000 ____D C:\Users\martin\Documents\New folder (4)
    2013-03-29 12:48 - 2013-03-30 06:56 - 00000000 ____D C:\Users\martin\Documents\101COACH



    Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt


    HKU\martin\...\Run: [Adobe CSx Manager] C:\Users\martin\AppData\Roaming\873997d3-3f3a-4807-a625-a0032ed6e158ad\dfaaaedead.exe [3072 2013-03-29] ()
    HKU\martin\...\Winlogon: [Shell] explorer.exe,C:\Users\martin\AppData\Roaming\skype.dat [58368 2011-11-16] ()
    2013-04-22 07:45 - 2013-04-25 04:29 - 00000004 ____A C:\Users\martin\AppData\Roaming\skype.ini
    C:\Users\martin\AppData\Roaming\skype.dat


    Start your computer into System Recovery Options, as we've done previously.
    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


  • Options
    #86
    fitzcoff
    Registered Users Posts: 528 ✭✭✭fitzcoff


    I think the folders are of photos that he would have saved. I'm almost positive that the coach one is.

    the log is

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-04-2013
    Ran by SYSTEM at 2013-04-25 23:11:52 Run:1
    Running from D:\
    Boot Mode: Recovery
    ==============================================

    HKEY_USERS\martin\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe CSx Manager value not found.
    HKEY_USERS\martin\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell value deleted successfully.
    C:\Users\martin\AppData\Roaming\skype.ini moved successfully.
    C:\Users\martin\AppData\Roaming\skype.dat moved successfully.

    ==== End of Fixlog ====


  • Options
    #87
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    can you boot into normal mode now ?


  • Options
    #88
    fitzcoff
    Registered Users Posts: 528 ✭✭✭fitzcoff


    Yea, working perfectly,

    Thanks so much for your help, it was much appreciated. Sorry for the brain dead questions


  • Options
    #89
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    no need to apologise, we best run another scan as some stuff probably hiding still

    download and run combofix, post its log


    http://www.bleepingcomputer.com/combofix/how-to-use-combofix


  • Options
    #90
    fitzcoff
    Registered Users Posts: 528 ✭✭✭fitzcoff


    ComboFix 13-04-25.01 - martin 25/04/2013 23:42:06.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2934.1316 [GMT 1:00]
    Running from: c:\users\martin\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-03-25 to 2013-04-25 )))))))))))))))))))))))))))))))
    .
    .
    2013-04-26 06:14 . 2013-04-26 06:14
    d
    w- C:\FRST
    2013-04-25 22:47 . 2013-04-25 22:47
    d
    w- c:\users\Default\AppData\Local\temp
    2013-04-25 22:36 . 2013-04-25 22:35 905296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C45C5020-51D3-47D4-A653-92D4C4DDBA7B}\gapaengine.dll
    2013-04-25 22:36 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3373225D-7E72-47B1-AE54-0F222B88070F}\mpengine.dll
    2013-04-25 22:35 . 2013-04-25 22:35
    d
    w- c:\program files (x86)\Common Files\Java
    2013-04-25 22:35 . 2013-04-25 22:34 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-04-25 22:34 . 2013-04-25 22:34
    d
    w- c:\program files (x86)\Java
    2013-04-22 09:00 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-04-10 19:40 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
    2013-04-10 19:40 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
    2013-04-10 19:39 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
    2013-04-10 19:39 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
    2013-04-10 19:39 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
    2013-04-10 19:39 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
    2013-04-10 19:35 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
    2013-04-10 19:35 . 2013-03-02 06:04 1655656 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2013-04-10 19:29 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
    2013-04-10 19:29 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-04-10 19:29 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2013-04-10 19:29 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2013-04-10 19:29 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2013-04-10 19:29 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
    2013-04-10 19:29 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
    2013-03-29 09:28 . 2013-03-29 09:28
    d
    w- c:\users\martin\AppData\Roaming\873997d3-3f3a-4807-a625-a0032ed6e158ad
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-04-25 22:34 . 2012-10-16 19:57 866720 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2013-04-25 22:34 . 2011-04-24 22:43 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2013-04-02 10:34 . 2010-11-21 03:27 282744
    w- c:\windows\system32\MpSigStub.exe
    2013-03-10 22:33 . 2012-11-26 20:37 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-03-10 22:33 . 2012-11-26 20:37 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-03-05 17:14 . 2013-03-05 17:15 317440 ----a-w- c:\windows\system32\drivers\IntcDAud.sys
    2013-03-05 17:14 . 2013-03-05 17:15 14848 ----a-w- c:\windows\system32\IntcDAuC.dll
    2013-03-05 17:14 . 2013-03-05 17:15 98304 ----a-w- c:\windows\SysWow64\iglhcp32.dll
    2013-03-05 17:14 . 2013-03-05 17:15 98304 ----a-w- c:\windows\system32\iglhcp64.dll
    2013-03-05 17:14 . 2013-03-05 17:15 90112 ----a-w- c:\windows\system32\igfxCoIn_v2430.dll
    2013-03-05 17:14 . 2013-03-05 17:15 867020 ----a-w- c:\windows\system32\igkrng575.bin
    2013-03-05 17:14 . 2013-03-05 17:15 510232 ----a-w- c:\windows\system32\igfxsrvc.exe
    2013-03-05 17:14 . 2013-03-05 17:15 378368 ----a-w- c:\windows\system32\igfxTMM.dll
    2013-03-05 17:14 . 2013-03-05 17:15 376832 ----a-w- c:\windows\SysWow64\iglhsip32.dll
    2013-03-05 17:14 . 2013-03-05 17:15 376832 ----a-w- c:\windows\system32\iglhsip64.dll
    2013-03-05 17:14 . 2013-03-05 17:15 167704 ----a-w- c:\windows\system32\igfxtray.exe
    2013-03-05 17:14 . 2013-03-05 17:15 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc
    2013-03-05 17:14 . 2013-03-05 17:15 286208 ----a-w- c:\windows\system32\igfxrsve.lrc
    2013-03-05 17:14 . 2013-03-05 17:15 285696 ----a-w- c:\windows\system32\igfxrtha.lrc
    2013-03-05 17:14 . 2013-03-05 17:15 286720 ----a-w- c:\windows\system32\igfxrsky.lrc
    2013-03-05 17:14 . 2013-03-05 17:15 286720 ----a-w- c:\windows\system32\igfxrrus.lrc
    2013-03-05 17:14 . 2013-03-05 17:15 286720 ----a-w- c:\windows\system32\igfxrrom.lrc
    2013-03-05 17:14 . 2013-03-05 17:15 286720 ----a-w- c:\windows\system32\igfxrptg.lrc
    2013-03-05 17:14 . 2013-03-05 17:15 286720 ----a-w- c:\windows\system32\igfxrplk.lrc
    2013-03-05 17:14 . 2013-03-05 17:15 286208 ----a-w- c:\windows\system32\igfxrslv.lrc
    2013-03-05 17:14 . 2013-03-05 17:15 286208 ----a-w- c:\windows\system32\igfxrptb.lrc
    2013-03-05 17:14 . 2013-03-05 17:15 286208 ----a-w- c:\windows\system32\igfxrnor.lrc
    2013-03-05 17:14 . 2010-08-25 20:04 62464 ----a-w- c:\windows\system32\igfxsrvc.dll
    2013-03-05 17:14 . 2013-03-05 17:15 287232 ----a-w- c:\windows\system32\igfxrfra.lrc
    2013-03-05 17:14 . 2013-03-05 17:15 287232 ----a-w- c:\windows\system32\igfxresn.lrc
    2013-03-05 17:14 . 2013-03-05 17:15 286720 ----a-w- c:\windows\system32\igfxrnld.lrc
    2013-03-05 17:14 . 2013-03-05 17:15 286720 ----a-w- c:\windows\system32\igfxrita.lrc
    2013-03-05 17:14 . 2013-03-05 17:15 286720 ----a-w- c:\windows\system32\igfxrhrv.lrc
    2013-03-05 17:14 . 2013-03-05 17:15 286208 ----a-w- c:\windows\system32\igfxrhun.lrc
    2013-03-05 17:14 . 2013-03-05 17:15 286208 ----a-w- c:\windows\system32\igfxrfin.lrc
    2013-03-05 17:14 . 2013-03-05 17:15 285184 ----a-w- c:\windows\system32\igfxrheb.lrc
    2013-03-05 17:14 . 2013-03-05 17:15 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc
    2013-03-05 17:14 . 2013-03-05 17:15 283136 ----a-w- c:\windows\system32\igfxrkor.lrc
    2013-03-05 17:14 . 2013-03-05 17:15 285696 ----a-w- c:\windows\system32\igfxrenu.lrc
    2013-03-05 17:14 . 2013-03-05 17:15 287232 ----a-w- c:\windows\system32\igfxrell.lrc
    2013-03-05 17:14 . 2013-03-05 17:15 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc
    2013-03-05 17:14 . 2013-03-05 17:15 416024 ----a-w- c:\windows\system32\igfxpers.exe
    2013-03-05 17:14 . 2013-03-05 17:15 375296 ----a-w- c:\windows\system32\igfxpph.dll
    2013-03-05 17:14 . 2013-03-05 17:15 286720 ----a-w- c:\windows\system32\igfxrcsy.lrc
    2013-03-05 17:14 . 2013-03-05 17:15 285696 ----a-w- c:\windows\system32\igfxrdan.lrc
    2013-03-05 17:14 . 2013-03-05 17:15 285184 ----a-w- c:\windows\system32\igfxrara.lrc
    2013-03-05 17:14 . 2013-03-05 17:15 282624 ----a-w- c:\windows\system32\igfxrcht.lrc
    2013-03-05 17:14 . 2013-03-05 17:15 282624 ----a-w- c:\windows\system32\igfxrchs.lrc
    2013-03-05 17:14 . 2013-03-05 17:15 239896 ----a-w- c:\windows\system32\igfxext.exe
    2013-03-05 17:14 . 2010-08-25 20:03 9014784 ----a-w- c:\windows\system32\igfxress.dll
    2013-03-05 17:14 . 2013-03-05 17:15 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
    2013-03-05 17:14 . 2013-03-05 17:15 293888 ----a-w- c:\windows\SysWow64\igfxdv32.dll
    2013-03-05 17:14 . 2013-03-05 17:15 28672 ----a-w- c:\windows\system32\igfxexps.dll
    2013-03-05 17:14 . 2013-03-05 17:15 24576 ----a-w- c:\windows\SysWow64\igfxexps32.dll
    2013-03-05 17:14 . 2013-03-05 17:15 142336 ----a-w- c:\windows\system32\igfxdo.dll
    2013-03-05 17:14 . 2013-03-05 17:15 389632 ----a-w- c:\windows\system32\igfxdev.dll
    2013-03-05 17:14 . 2013-03-05 17:15 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
    2013-03-05 17:14 . 2013-03-05 17:15 162816 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
    2013-03-05 17:14 . 2013-03-05 17:15 140288 ----a-w- c:\windows\system32\igfxcmrt64.dll
    2013-03-05 17:14 . 2013-03-05 17:15 105608 ----a-w- c:\windows\system32\igfcg575m.bin
    2013-03-05 17:14 . 2013-03-05 17:15 6310912 ----a-w- c:\windows\SysWow64\igdumd32.dll
    2013-03-05 17:14 . 2013-03-05 17:15 577024 ----a-w- c:\windows\SysWow64\igdumdx32.dll
    2013-03-05 17:14 . 2013-03-05 17:15 12231584 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
    2013-03-05 17:14 . 2010-08-25 20:36 8296960 ----a-w- c:\windows\system32\igdumd64.dll
    2013-03-05 17:14 . 2010-08-25 20:26 14591488 ----a-w- c:\windows\system32\igd10umd64.dll
    2013-03-05 17:14 . 2010-08-25 20:23 12333056 ----a-w- c:\windows\SysWow64\igd10umd32.dll
    2013-03-05 17:14 . 2013-03-05 17:15 18635776 ----a-w- c:\windows\system32\ig4icd64.dll
    2013-03-05 17:14 . 2013-03-05 17:15 13899776 ----a-w- c:\windows\SysWow64\ig4icd32.dll
    2013-03-05 17:14 . 2013-03-05 17:15 128204 ----a-w- c:\windows\system32\igcompkrng575.bin
    2013-03-05 17:14 . 2013-03-05 17:15 94208 ----a-w- c:\windows\system32\IccLibDll_x64.dll
    2013-03-05 17:14 . 2013-03-05 17:15 392472 ----a-w- c:\windows\system32\hkcmd.exe
    2013-03-05 17:14 . 2010-08-25 20:03 110080 ----a-w- c:\windows\system32\hccutils.dll
    2013-03-05 17:14 . 2013-03-05 17:15 4378392 ----a-w- c:\windows\system32\GfxUI.exe
    2013-03-05 17:14 . 2013-03-05 17:15 179992 ----a-w- c:\windows\system32\difx64.exe
    2013-03-05 17:14 . 2013-03-05 17:15 146432 ----a-w- c:\windows\system32\gfxSrvc.dll
    2013-02-12 05:45 . 2013-03-13 09:27 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-02-12 05:45 . 2013-03-13 09:27 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
    2013-02-12 05:45 . 2013-03-13 09:27 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2013-02-12 05:45 . 2013-03-13 09:27 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
    2013-02-12 04:48 . 2013-03-13 09:27 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2013-02-12 04:48 . 2013-03-13 09:27 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
    2013-02-12 04:12 . 2013-03-26 16:04 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-06-21 247768]
    "Adobe CSx Manager"="c:\users\martin\AppData\Roaming\873997d3-3f3a-4807-a625-a0032ed6e158ad\dfaaaedead.exe" [2013-03-29 3072]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
    "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-02-01 656920]
    "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2011-02-25 62184]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-26 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
    S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-01 138400]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-01 76448]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
    S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-28 1817088]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
    S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
    S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-06-21 92632]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-07-23 2320920]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-01 36000]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-01 298656]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-01 28832]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-01 201376]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-01 55456]
    S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-01 154272]
    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-01 280224]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-02-10 31088]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2013-03-05 317440]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
    S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 335464]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-05 436840]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-30 23:45]
    .
    2013-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-30 23:45]
    .
    2013-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-963050305-668444556-3006111060-1000Core.job
    - c:\users\martin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-25 14:00]
    .
    2013-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-963050305-668444556-3006111060-1000UA.job
    - c:\users\martin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-25 14:00]
    .
    2013-04-25 c:\windows\Tasks\HPCeeScheduleFormartin.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    .
    X64 Entries
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856]
    "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-01 615584]
    "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-01 379552]
    "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-05 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-05 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-05 416024]
    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.google.com/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.0.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-BsScanner
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
    "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
    .
    LOCKED REGISTRY KEYS
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-04-25 23:51:07
    ComboFix-quarantined-files.txt 2013-04-25 22:51
    .
    Pre-Run: 247,296,651,264 bytes free
    Post-Run: 246,885,359,616 bytes free
    .
    - - End Of File - - C255E7B751F01D145551663B665BCCE3


  • Advertisement
  • Options
    #91
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    looks good, hows it running ? any problems ?


Advertisement