Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 16-04-22.01 - TOSHIBA 24/04/2016 20:08:51.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8152.6022 [GMT 2:00]
Running from: c:\users\TOSHIBA\Desktop\ComboFix.exe
AV: ESET Smart Security 9.0.349.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 9.0.375.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2016-03-24 to 2016-04-24 )))))))))))))))))))))))))))))))
.
.
2016-04-24 18:15 . 2016-04-24 18:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2016-04-24 18:15 . 2016-04-24 18:15 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp
2016-04-24 18:15 . 2016-04-24 18:15 -------- d-----w- c:\users\Guest\AppData\Local\temp
2016-04-24 18:15 . 2016-04-24 18:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-04-24 18:15 . 2016-04-24 18:15 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2016-04-23 23:06 . 2016-04-23 23:46 -------- d-----w- C:\NPE
2016-04-23 23:00 . 2016-04-23 23:14 -------- d-----w- C:\UsbFix
2016-04-23 21:43 . 2016-04-23 21:43 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2016-04-22 23:03 . 2016-04-24 09:36 -------- d-----w- C:\FRST
2016-04-22 09:19 . 2016-03-17 01:45 11686560 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38D82154-1426-4C9B-8949-BF895BDFF412}\mpengine.dll
2016-04-20 22:08 . 2016-04-20 23:38 -------- d-----w- c:\users\TOSHIBA\Doctor Web
2016-04-20 21:40 . 2016-04-20 23:57 -------- d-----w- c:\programdata\SecTaskMan
2016-04-19 22:45 . 2016-04-19 22:45 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2016-04-17 15:16 . 2016-04-17 15:16 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2016-04-13 10:49 . 2016-03-16 18:50 156672 ----a-w- c:\windows\system32\mtxoci.dll
2016-04-13 10:49 . 2016-03-16 18:28 111616 ----a-w- c:\windows\SysWow64\mtxoci.dll
2016-04-13 10:49 . 2016-03-16 18:28 176128 ----a-w- c:\windows\SysWow64\msorcl32.dll
2016-04-13 10:49 . 2016-03-16 18:27 286720 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaora.dll
2016-04-13 10:47 . 2016-03-16 00:16 760320 ----a-w- c:\windows\system32\samsrv.dll
2016-04-13 10:47 . 2016-03-16 00:16 106496 ----a-w- c:\windows\system32\samlib.dll
2016-04-13 10:47 . 2016-03-15 23:53 60416 ----a-w- c:\windows\SysWow64\samlib.dll
2016-04-08 11:17 . 2016-04-04 18:14 38120 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-04-08 11:17 . 2016-04-04 18:02 1169408 ----a-w- c:\windows\system32\aeinv.dll
2016-04-08 11:17 . 2016-04-02 13:08 1386496 ----a-w- c:\windows\system32\appraiser.dll
2016-04-06 11:37 . 2016-04-06 11:37 -------- d-----w- c:\program files\Malwarebytes
2016-04-02 09:29 . 2016-04-24 16:36 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-04-02 09:28 . 2016-04-02 09:28 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-04-02 09:28 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-04-02 09:28 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-04-02 09:28 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-04-01 11:03 . 2016-03-17 18:04 698368 ----a-w- c:\windows\system32\generaltel.dll
2016-04-01 11:03 . 2016-03-23 14:02 215040 ----a-w- c:\windows\system32\aepic.dll
2016-04-01 11:03 . 2016-03-17 18:04 499200 ----a-w- c:\windows\system32\devinv.dll
2016-04-01 11:03 . 2016-03-17 18:04 279040 ----a-w- c:\windows\system32\invagent.dll
2016-04-01 11:03 . 2016-03-17 18:04 76800 ----a-w- c:\windows\system32\acmigration.dll
2016-03-31 12:39 . 2016-03-31 12:39 -------- d-----w- c:\program files (x86)\Common Files\Skype
2016-03-29 18:28 . 2016-04-20 01:13 -------- d-----w- c:\program files (x86)\ZHPFix
2016-03-29 01:37 . 2016-03-29 01:37 -------- d-----w- c:\users\TOSHIBA\AppData\Local\TempTaskUpdateDetection3E51398E-B540-4901-BBC7-5FEF2ED345AB
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-24 14:02 . 2016-01-27 15:44 59776 ----a-w- c:\windows\system32\drivers\farflt.sys
2016-04-23 02:08 . 2012-07-31 00:39 286966 ----a-w- C:\DUMP3a32.tmp
2016-04-19 23:17 . 2014-10-06 20:34 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-04-13 11:38 . 2013-08-28 20:27 135176864 ----a-w- c:\windows\system32\MRT.exe
2016-04-06 08:18 . 2010-11-21 03:27 453280 ------w- c:\windows\system32\MpSigStub.exe
2016-03-19 00:54 . 2015-11-16 10:21 84800 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2016-03-19 00:54 . 2015-11-16 10:21 53384 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2016-03-19 00:54 . 2015-11-16 10:21 198096 ----a-w- c:\windows\system32\drivers\epfw.sys
2016-03-19 00:54 . 2015-11-16 10:21 264552 ----a-w- c:\windows\system32\drivers\eamonm.sys
2016-03-17 22:24 . 2016-04-13 10:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-03-14 18:15 . 2015-11-23 23:50 642328 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2016-03-14 12:14 . 2015-07-10 15:37 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-03-14 12:14 . 2015-07-10 15:37 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-03-09 12:05 . 2016-03-09 12:05 14800 ----a-w- c:\windows\WiseHDInfo64.dll
2016-03-02 17:40 . 2015-10-28 16:18 2 --s-atr- c:\windows\winstart.bat
2016-02-17 10:41 . 2016-02-17 10:41 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2016-02-12 18:52 . 2016-03-04 12:08 98816 ----a-w- c:\windows\system32\wudriver.dll
2016-02-12 18:52 . 2016-03-04 12:08 3169792 ----a-w- c:\windows\system32\wucltux.dll
2016-02-12 18:52 . 2016-03-04 12:08 192512 ----a-w- c:\windows\system32\wuwebv.dll
2016-02-12 18:44 . 2016-03-04 12:08 91136 ----a-w- c:\windows\system32\WinSetupUI.dll
2016-02-12 18:39 . 2016-03-04 12:08 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll
2016-02-12 18:22 . 2016-03-04 12:08 2610688 ----a-w- c:\windows\system32\wuaueng.dll
2016-02-12 18:19 . 2016-03-04 12:08 709120 ----a-w- c:\windows\system32\wuapi.dll
2016-02-12 18:18 . 2016-03-04 12:08 140288 ----a-w- c:\windows\system32\wuauclt.exe
2016-02-12 18:18 . 2016-03-04 12:08 37888 ----a-w- c:\windows\system32\wuapp.exe
2016-02-12 18:18 . 2016-03-04 12:08 36864 ----a-w- c:\windows\system32\wups.dll
2016-02-12 18:18 . 2016-03-04 12:08 37888 ----a-w- c:\windows\system32\wups2.dll
2016-02-12 18:18 . 2016-03-04 12:08 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2016-02-12 18:06 . 2016-03-04 12:08 573440 ----a-w- c:\windows\SysWow64\wuapi.dll
2016-02-12 18:05 . 2016-03-04 12:08 93696 ----a-w- c:\windows\SysWow64\wudriver.dll
2016-02-12 18:05 . 2016-03-04 12:08 30208 ----a-w- c:\windows\SysWow64\wups.dll
2016-02-12 18:05 . 2016-03-04 12:08 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2016-02-09 09:57 . 2016-03-09 09:09 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2016-02-09 09:57 . 2016-03-09 09:09 14634496 ----a-w- c:\windows\system32\wmp.dll
2016-02-09 09:56 . 2016-03-09 09:09 5120 ----a-w- c:\windows\system32\msdxm.ocx
2016-02-09 09:56 . 2016-03-09 09:09 5120 ----a-w- c:\windows\system32\dxmasf.dll
2016-02-09 09:55 . 2016-03-09 09:09 30720 ----a-w- c:\windows\system32\seclogon.dll
2016-02-09 09:54 . 2016-03-09 09:09 9728 ----a-w- c:\windows\system32\spwmp.dll
2016-02-09 09:51 . 2016-03-09 09:09 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2016-02-09 09:13 . 2016-03-09 09:09 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx
2016-02-09 09:13 . 2016-03-09 09:09 4096 ----a-w- c:\windows\SysWow64\dxmasf.dll
2016-02-09 09:13 . 2016-03-09 09:09 8192 ----a-w- c:\windows\SysWow64\spwmp.dll
2016-02-05 18:56 . 2016-03-16 00:34 20480 ----a-w- c:\windows\system32\tbs.dll
2016-02-05 18:54 . 2016-03-09 09:09 41472 ----a-w- c:\windows\system32\lpk.dll
2016-02-05 18:54 . 2016-03-16 00:34 109568 ----a-w- c:\windows\system32\fveapibase.dll
2016-02-05 18:54 . 2016-03-09 09:09 100864 ----a-w- c:\windows\system32\fontsub.dll
2016-02-05 18:53 . 2016-03-09 09:09 14336 ----a-w- c:\windows\system32\dciman32.dll
2016-02-05 18:53 . 2016-03-09 09:09 46080 ----a-w- c:\windows\system32\atmlib.dll
2016-02-05 18:50 . 2016-03-09 09:09 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2016-02-05 18:44 . 2016-03-09 09:09 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2016-02-05 18:42 . 2016-03-09 09:09 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2016-02-05 17:48 . 2016-03-09 09:09 372736 ----a-w- c:\windows\system32\atmfd.dll
2016-02-05 17:43 . 2016-03-09 09:09 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2016-02-05 17:43 . 2016-03-09 09:09 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2016-02-05 17:33 . 2016-03-16 00:34 15360 ----a-w- c:\windows\SysWow64\tbs.dll
2016-02-05 01:19 . 2016-03-09 09:09 381440 ----a-w- c:\windows\system32\mfds.dll
2016-02-04 18:41 . 2016-03-09 09:09 296448 ----a-w- c:\windows\SysWow64\mfds.dll
2016-02-03 18:58 . 2016-03-09 09:11 862208 ----a-w- c:\windows\system32\oleaut32.dll
2016-02-03 18:52 . 2016-03-09 09:11 84992 ----a-w- c:\windows\system32\asycfilt.dll
2016-02-03 18:49 . 2016-03-09 09:11 572416 ----a-w- c:\windows\SysWow64\oleaut32.dll
2016-02-03 18:43 . 2016-03-09 09:11 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll
2016-02-03 18:07 . 2016-03-09 09:11 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2016-02-02 18:57 . 2016-03-16 00:34 511488 ----a-w- c:\windows\system32\rpcss.dll
2016-02-01 19:08 . 2016-03-16 00:34 114624 ----a-w- c:\windows\system32\consent.exe
2016-02-01 18:59 . 2016-03-16 00:34 3243008 ----a-w- c:\windows\system32\msi.dll
2016-02-01 18:59 . 2016-03-16 00:34 504320 ----a-w- c:\windows\system32\msihnd.dll
2016-02-01 18:59 . 2016-03-16 00:34 25088 ----a-w- c:\windows\system32\msimsg.dll
2016-02-01 18:56 . 2016-03-16 00:34 1940992 ----a-w- c:\windows\system32\authui.dll
2016-02-01 18:56 . 2016-03-16 00:34 70144 ----a-w- c:\windows\system32\appinfo.dll
2016-02-01 18:49 . 2016-03-16 00:34 2364928 ----a-w- c:\windows\SysWow64\msi.dll
2016-02-01 18:49 . 2016-03-16 00:34 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2016-02-01 18:49 . 2016-03-16 00:34 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2016-02-01 18:45 . 2016-03-16 00:34 1805824 ----a-w- c:\windows\SysWow64\authui.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-04-19 22:42 1741104 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-04-19 22:42 1741104 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-04-19 22:42 1741104 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Exploit"="c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe" [2016-01-29 2622432]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Malwarebytes Anti-Ransomware.lnk - c:\program files\Malwarebytes\Anti-Ransomware\mbarw.exe [2016-4-6 653280]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-2 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoThemesTab"= 0 (0x0)
"NoDispAppearence"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleNetIDList"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"RequireSignedAppInit_DLLs"=0 (0x0)
"AppInit_DLLs"=c:\progra~2\KeyCryptSDK\KeyCrypt32(1).dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\kissvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\kyrdl.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ESETCleanersDriver;ESET Cleaner Service;c:\windows\system32\Drivers\ESETCleanersDriver.sys;c:\windows\SYSNATIVE\Drivers\ESETCleanersDriver.sys [x]
R3 farflt;farflt;c:\windows\system32\drivers\farflt.sys;c:\windows\SYSNATIVE\drivers\farflt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
R3 pwftap;PRIVATE WiFi Adapter;c:\windows\system32\DRIVERS\pwftap.sys;c:\windows\SYSNATIVE\DRIVERS\pwftap.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R4 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe;c:\windows\SYSNATIVE\GFNEXSrv.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R4 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
R4 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [x]
R4 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\ekbdflt.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 MB3Service;MB3Service;c:\program files\Malwarebytes\Anti-Ransomware\MBAMService.exe;c:\program files\Malwarebytes\Anti-Ransomware\MBAMService.exe [x]
S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NovaPdfServer;novaPDF Server;c:\program files\Softland\novaPDF 8\Server\novapdfs.exe;c:\program files\Softland\novaPDF 8\Server\novapdfs.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-22 21:03 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.87\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-03-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-10 12:14]
.
2015-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-04-21 11:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-04-19 22:42 2348848 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-04-19 22:42 2348848 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-04-19 22:42 2348848 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\KeyCryptSDK\KeyCrypt64(1).dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-88354160.sys
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1870027983-4264097883-3264919129-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6D985EE8-D9A6-CB7F-1C2E-989A34D0789B}*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-04-24 20:17:40
ComboFix-quarantined-files.txt 2016-04-24 18:17
.
Pre-Run: 252,927,299,584 bytes free
Post-Run: 252,775,890,944 bytes free
.
- - End Of File - - 60D3F2F2F0B24B3F956E3885066A1660
5B5E648D12FCADC244C1EC30318E1EB9
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8152.6022 [GMT 2:00]
Running from: c:\users\TOSHIBA\Desktop\ComboFix.exe
AV: ESET Smart Security 9.0.349.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 9.0.375.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2016-03-24 to 2016-04-24 )))))))))))))))))))))))))))))))
.
.
2016-04-24 18:15 . 2016-04-24 18:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2016-04-24 18:15 . 2016-04-24 18:15 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp
2016-04-24 18:15 . 2016-04-24 18:15 -------- d-----w- c:\users\Guest\AppData\Local\temp
2016-04-24 18:15 . 2016-04-24 18:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-04-24 18:15 . 2016-04-24 18:15 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2016-04-23 23:06 . 2016-04-23 23:46 -------- d-----w- C:\NPE
2016-04-23 23:00 . 2016-04-23 23:14 -------- d-----w- C:\UsbFix
2016-04-23 21:43 . 2016-04-23 21:43 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2016-04-22 23:03 . 2016-04-24 09:36 -------- d-----w- C:\FRST
2016-04-22 09:19 . 2016-03-17 01:45 11686560 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38D82154-1426-4C9B-8949-BF895BDFF412}\mpengine.dll
2016-04-20 22:08 . 2016-04-20 23:38 -------- d-----w- c:\users\TOSHIBA\Doctor Web
2016-04-20 21:40 . 2016-04-20 23:57 -------- d-----w- c:\programdata\SecTaskMan
2016-04-19 22:45 . 2016-04-19 22:45 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2016-04-17 15:16 . 2016-04-17 15:16 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2016-04-13 10:49 . 2016-03-16 18:50 156672 ----a-w- c:\windows\system32\mtxoci.dll
2016-04-13 10:49 . 2016-03-16 18:28 111616 ----a-w- c:\windows\SysWow64\mtxoci.dll
2016-04-13 10:49 . 2016-03-16 18:28 176128 ----a-w- c:\windows\SysWow64\msorcl32.dll
2016-04-13 10:49 . 2016-03-16 18:27 286720 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaora.dll
2016-04-13 10:47 . 2016-03-16 00:16 760320 ----a-w- c:\windows\system32\samsrv.dll
2016-04-13 10:47 . 2016-03-16 00:16 106496 ----a-w- c:\windows\system32\samlib.dll
2016-04-13 10:47 . 2016-03-15 23:53 60416 ----a-w- c:\windows\SysWow64\samlib.dll
2016-04-08 11:17 . 2016-04-04 18:14 38120 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-04-08 11:17 . 2016-04-04 18:02 1169408 ----a-w- c:\windows\system32\aeinv.dll
2016-04-08 11:17 . 2016-04-02 13:08 1386496 ----a-w- c:\windows\system32\appraiser.dll
2016-04-06 11:37 . 2016-04-06 11:37 -------- d-----w- c:\program files\Malwarebytes
2016-04-02 09:29 . 2016-04-24 16:36 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-04-02 09:28 . 2016-04-02 09:28 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-04-02 09:28 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-04-02 09:28 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-04-02 09:28 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-04-01 11:03 . 2016-03-17 18:04 698368 ----a-w- c:\windows\system32\generaltel.dll
2016-04-01 11:03 . 2016-03-23 14:02 215040 ----a-w- c:\windows\system32\aepic.dll
2016-04-01 11:03 . 2016-03-17 18:04 499200 ----a-w- c:\windows\system32\devinv.dll
2016-04-01 11:03 . 2016-03-17 18:04 279040 ----a-w- c:\windows\system32\invagent.dll
2016-04-01 11:03 . 2016-03-17 18:04 76800 ----a-w- c:\windows\system32\acmigration.dll
2016-03-31 12:39 . 2016-03-31 12:39 -------- d-----w- c:\program files (x86)\Common Files\Skype
2016-03-29 18:28 . 2016-04-20 01:13 -------- d-----w- c:\program files (x86)\ZHPFix
2016-03-29 01:37 . 2016-03-29 01:37 -------- d-----w- c:\users\TOSHIBA\AppData\Local\TempTaskUpdateDetection3E51398E-B540-4901-BBC7-5FEF2ED345AB
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-24 14:02 . 2016-01-27 15:44 59776 ----a-w- c:\windows\system32\drivers\farflt.sys
2016-04-23 02:08 . 2012-07-31 00:39 286966 ----a-w- C:\DUMP3a32.tmp
2016-04-19 23:17 . 2014-10-06 20:34 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-04-13 11:38 . 2013-08-28 20:27 135176864 ----a-w- c:\windows\system32\MRT.exe
2016-04-06 08:18 . 2010-11-21 03:27 453280 ------w- c:\windows\system32\MpSigStub.exe
2016-03-19 00:54 . 2015-11-16 10:21 84800 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2016-03-19 00:54 . 2015-11-16 10:21 53384 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2016-03-19 00:54 . 2015-11-16 10:21 198096 ----a-w- c:\windows\system32\drivers\epfw.sys
2016-03-19 00:54 . 2015-11-16 10:21 264552 ----a-w- c:\windows\system32\drivers\eamonm.sys
2016-03-17 22:24 . 2016-04-13 10:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-03-14 18:15 . 2015-11-23 23:50 642328 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2016-03-14 12:14 . 2015-07-10 15:37 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-03-14 12:14 . 2015-07-10 15:37 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-03-09 12:05 . 2016-03-09 12:05 14800 ----a-w- c:\windows\WiseHDInfo64.dll
2016-03-02 17:40 . 2015-10-28 16:18 2 --s-atr- c:\windows\winstart.bat
2016-02-17 10:41 . 2016-02-17 10:41 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2016-02-12 18:52 . 2016-03-04 12:08 98816 ----a-w- c:\windows\system32\wudriver.dll
2016-02-12 18:52 . 2016-03-04 12:08 3169792 ----a-w- c:\windows\system32\wucltux.dll
2016-02-12 18:52 . 2016-03-04 12:08 192512 ----a-w- c:\windows\system32\wuwebv.dll
2016-02-12 18:44 . 2016-03-04 12:08 91136 ----a-w- c:\windows\system32\WinSetupUI.dll
2016-02-12 18:39 . 2016-03-04 12:08 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll
2016-02-12 18:22 . 2016-03-04 12:08 2610688 ----a-w- c:\windows\system32\wuaueng.dll
2016-02-12 18:19 . 2016-03-04 12:08 709120 ----a-w- c:\windows\system32\wuapi.dll
2016-02-12 18:18 . 2016-03-04 12:08 140288 ----a-w- c:\windows\system32\wuauclt.exe
2016-02-12 18:18 . 2016-03-04 12:08 37888 ----a-w- c:\windows\system32\wuapp.exe
2016-02-12 18:18 . 2016-03-04 12:08 36864 ----a-w- c:\windows\system32\wups.dll
2016-02-12 18:18 . 2016-03-04 12:08 37888 ----a-w- c:\windows\system32\wups2.dll
2016-02-12 18:18 . 2016-03-04 12:08 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2016-02-12 18:06 . 2016-03-04 12:08 573440 ----a-w- c:\windows\SysWow64\wuapi.dll
2016-02-12 18:05 . 2016-03-04 12:08 93696 ----a-w- c:\windows\SysWow64\wudriver.dll
2016-02-12 18:05 . 2016-03-04 12:08 30208 ----a-w- c:\windows\SysWow64\wups.dll
2016-02-12 18:05 . 2016-03-04 12:08 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2016-02-09 09:57 . 2016-03-09 09:09 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2016-02-09 09:57 . 2016-03-09 09:09 14634496 ----a-w- c:\windows\system32\wmp.dll
2016-02-09 09:56 . 2016-03-09 09:09 5120 ----a-w- c:\windows\system32\msdxm.ocx
2016-02-09 09:56 . 2016-03-09 09:09 5120 ----a-w- c:\windows\system32\dxmasf.dll
2016-02-09 09:55 . 2016-03-09 09:09 30720 ----a-w- c:\windows\system32\seclogon.dll
2016-02-09 09:54 . 2016-03-09 09:09 9728 ----a-w- c:\windows\system32\spwmp.dll
2016-02-09 09:51 . 2016-03-09 09:09 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2016-02-09 09:13 . 2016-03-09 09:09 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx
2016-02-09 09:13 . 2016-03-09 09:09 4096 ----a-w- c:\windows\SysWow64\dxmasf.dll
2016-02-09 09:13 . 2016-03-09 09:09 8192 ----a-w- c:\windows\SysWow64\spwmp.dll
2016-02-05 18:56 . 2016-03-16 00:34 20480 ----a-w- c:\windows\system32\tbs.dll
2016-02-05 18:54 . 2016-03-09 09:09 41472 ----a-w- c:\windows\system32\lpk.dll
2016-02-05 18:54 . 2016-03-16 00:34 109568 ----a-w- c:\windows\system32\fveapibase.dll
2016-02-05 18:54 . 2016-03-09 09:09 100864 ----a-w- c:\windows\system32\fontsub.dll
2016-02-05 18:53 . 2016-03-09 09:09 14336 ----a-w- c:\windows\system32\dciman32.dll
2016-02-05 18:53 . 2016-03-09 09:09 46080 ----a-w- c:\windows\system32\atmlib.dll
2016-02-05 18:50 . 2016-03-09 09:09 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2016-02-05 18:44 . 2016-03-09 09:09 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2016-02-05 18:42 . 2016-03-09 09:09 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2016-02-05 17:48 . 2016-03-09 09:09 372736 ----a-w- c:\windows\system32\atmfd.dll
2016-02-05 17:43 . 2016-03-09 09:09 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2016-02-05 17:43 . 2016-03-09 09:09 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2016-02-05 17:33 . 2016-03-16 00:34 15360 ----a-w- c:\windows\SysWow64\tbs.dll
2016-02-05 01:19 . 2016-03-09 09:09 381440 ----a-w- c:\windows\system32\mfds.dll
2016-02-04 18:41 . 2016-03-09 09:09 296448 ----a-w- c:\windows\SysWow64\mfds.dll
2016-02-03 18:58 . 2016-03-09 09:11 862208 ----a-w- c:\windows\system32\oleaut32.dll
2016-02-03 18:52 . 2016-03-09 09:11 84992 ----a-w- c:\windows\system32\asycfilt.dll
2016-02-03 18:49 . 2016-03-09 09:11 572416 ----a-w- c:\windows\SysWow64\oleaut32.dll
2016-02-03 18:43 . 2016-03-09 09:11 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll
2016-02-03 18:07 . 2016-03-09 09:11 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2016-02-02 18:57 . 2016-03-16 00:34 511488 ----a-w- c:\windows\system32\rpcss.dll
2016-02-01 19:08 . 2016-03-16 00:34 114624 ----a-w- c:\windows\system32\consent.exe
2016-02-01 18:59 . 2016-03-16 00:34 3243008 ----a-w- c:\windows\system32\msi.dll
2016-02-01 18:59 . 2016-03-16 00:34 504320 ----a-w- c:\windows\system32\msihnd.dll
2016-02-01 18:59 . 2016-03-16 00:34 25088 ----a-w- c:\windows\system32\msimsg.dll
2016-02-01 18:56 . 2016-03-16 00:34 1940992 ----a-w- c:\windows\system32\authui.dll
2016-02-01 18:56 . 2016-03-16 00:34 70144 ----a-w- c:\windows\system32\appinfo.dll
2016-02-01 18:49 . 2016-03-16 00:34 2364928 ----a-w- c:\windows\SysWow64\msi.dll
2016-02-01 18:49 . 2016-03-16 00:34 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2016-02-01 18:49 . 2016-03-16 00:34 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2016-02-01 18:45 . 2016-03-16 00:34 1805824 ----a-w- c:\windows\SysWow64\authui.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-04-19 22:42 1741104 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-04-19 22:42 1741104 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-04-19 22:42 1741104 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Exploit"="c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe" [2016-01-29 2622432]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Malwarebytes Anti-Ransomware.lnk - c:\program files\Malwarebytes\Anti-Ransomware\mbarw.exe [2016-4-6 653280]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-2 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoThemesTab"= 0 (0x0)
"NoDispAppearence"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleNetIDList"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"RequireSignedAppInit_DLLs"=0 (0x0)
"AppInit_DLLs"=c:\progra~2\KeyCryptSDK\KeyCrypt32(1).dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\kissvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\kyrdl.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ESETCleanersDriver;ESET Cleaner Service;c:\windows\system32\Drivers\ESETCleanersDriver.sys;c:\windows\SYSNATIVE\Drivers\ESETCleanersDriver.sys [x]
R3 farflt;farflt;c:\windows\system32\drivers\farflt.sys;c:\windows\SYSNATIVE\drivers\farflt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
R3 pwftap;PRIVATE WiFi Adapter;c:\windows\system32\DRIVERS\pwftap.sys;c:\windows\SYSNATIVE\DRIVERS\pwftap.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R4 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe;c:\windows\SYSNATIVE\GFNEXSrv.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R4 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
R4 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [x]
R4 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\ekbdflt.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 MB3Service;MB3Service;c:\program files\Malwarebytes\Anti-Ransomware\MBAMService.exe;c:\program files\Malwarebytes\Anti-Ransomware\MBAMService.exe [x]
S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NovaPdfServer;novaPDF Server;c:\program files\Softland\novaPDF 8\Server\novapdfs.exe;c:\program files\Softland\novaPDF 8\Server\novapdfs.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-22 21:03 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.87\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-03-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-10 12:14]
.
2015-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-04-21 11:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-04-19 22:42 2348848 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-04-19 22:42 2348848 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-04-19 22:42 2348848 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\KeyCryptSDK\KeyCrypt64(1).dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-88354160.sys
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1870027983-4264097883-3264919129-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6D985EE8-D9A6-CB7F-1C2E-989A34D0789B}*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-04-24 20:17:40
ComboFix-quarantined-files.txt 2016-04-24 18:17
.
Pre-Run: 252,927,299,584 bytes free
Post-Run: 252,775,890,944 bytes free
.
- - End Of File - - 60D3F2F2F0B24B3F956E3885066A1660
5B5E648D12FCADC244C1EC30318E1EB9