ComboFix 14-09-22.01 - owner 09/23/2014 16:23:06.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8082.6309 [GMT -4:00]
Running from: c:\users\owner\Desktop\ComboFix.exe
AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1409937465.bdinstall.bin
c:\programdata\1410018147.bdinstall.bin
c:\programdata\1410018152.bdinstall.bin
c:\users\owner\System
c:\users\owner\System\win_qs8.jqx
c:\users\owner\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2014-08-23 to 2014-09-23 )))))))))))))))))))))))))))))))
.
.
2014-09-23 20:28 . 2014-09-23 20:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-23 15:09 . 2013-11-11 23:25 64856 ----a-w- c:\windows\system32\klfphc.dll
2014-09-23 15:08 . 2011-06-02 18:39 66616 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2014-09-23 15:08 . 2011-06-02 18:39 84536 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2014-09-23 15:08 . 2014-09-23 15:08 -------- d-----w- c:\program files (x86)\Common Files\InfoWatch
2014-09-23 15:08 . 2014-09-23 15:08 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2014-09-23 15:08 . 2014-09-23 18:13 92768 ----a-w- c:\windows\system32\drivers\klflt.sys
2014-09-23 15:08 . 2014-09-23 18:13 628288 ----a-w- c:\windows\system32\drivers\klif.sys
2014-09-23 08:29 . 2014-09-15 06:08 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B6EEA016-28A3-4609-B6B2-A8000AE7BC4A}\mpengine.dll
2014-09-22 15:47 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2014-09-22 15:46 . 2014-09-22 15:47 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-22 15:46 . 2014-09-22 15:47 -------- d-----w- c:\program files\iTunes
2014-09-22 15:46 . 2014-09-22 15:47 -------- d-----w- c:\program files (x86)\iTunes
2014-09-22 15:46 . 2014-09-22 15:46 -------- d-----w- c:\program files\iPod
2014-09-22 15:46 . 2014-09-22 15:46 -------- d-----w- c:\program files\Common Files\Apple
2014-09-22 15:46 . 2014-09-22 15:46 -------- d-----w- c:\program files\Bonjour
2014-09-22 15:46 . 2014-09-22 15:46 -------- d-----w- c:\program files (x86)\Bonjour
2014-09-22 03:44 . 2014-09-22 03:44 -------- d-----w- c:\program files (x86)\MetaGeek
2014-09-22 02:46 . 2014-09-22 02:46 -------- d-----w- c:\program files\Angry IP Scanner
2014-09-20 02:54 . 2010-11-21 03:25 1212928 ----a-w- c:\program files\Windows Media Player\WMPDMC.exe
2014-09-20 02:53 . 2010-11-21 03:24 1212416 ----a-w- c:\program files\Common Files\System\Ole DB\sqloledb.dll
2014-09-20 02:49 . 2010-11-21 03:25 1456128 ----a-w- c:\program files (x86)\Windows Photo Viewer\PhotoViewer.dll
2014-09-20 02:48 . 2010-01-10 01:34 1828608 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL
2014-09-20 02:47 . 2009-07-14 01:41 1071616 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwLatin.dll
2014-09-20 02:47 . 2010-11-21 03:23 745472 ----a-w- c:\program files\Common Files\System\Ole DB\msdasql.dll
2014-09-20 02:47 . 2009-07-14 01:15 286720 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaora.dll
2014-09-20 02:47 . 2010-11-21 03:25 1221632 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\mip.exe
2014-09-20 02:47 . 2009-07-14 01:29 4305408 ----a-w- c:\program files\Microsoft Games\Minesweeper\MineSweeper.dll
2014-09-20 02:46 . 2009-07-14 01:15 1383936 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\micaut.dll
2014-09-20 02:45 . 2010-03-11 04:44 193928 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\LICLUA.EXE
2014-09-20 02:38 . 2010-11-21 03:25 2164224 ----a-w- c:\program files\Windows Journal\Journal.exe
2014-09-20 02:37 . 2010-11-21 03:25 2484224 ----a-w- c:\program files\Windows Photo Viewer\ImagingEngine.dll
2014-09-20 02:33 . 2010-03-25 00:28 416096 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\C2RICONS.EXE
2014-09-18 03:53 . 2014-09-18 03:53 -------- d-----w- C:\_OTL
2014-09-15 21:53 . 2014-09-15 21:53 -------- d-----w- c:\program files (x86)\Notepad++
2014-09-15 13:43 . 2014-09-15 13:43 -------- d-----w- C:\zoek
2014-09-11 20:30 . 2014-09-18 03:49 -------- d-----w- C:\RegBackup
2014-09-11 20:24 . 2014-09-11 20:24 -------- d-----w- c:\program files (x86)\Tweaking.com
2014-09-11 11:26 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-11 11:26 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-10 20:59 . 2014-09-20 03:28 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2014-09-10 11:24 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-10 11:24 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-09-10 11:16 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-10 11:16 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-09-10 11:15 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-09-10 11:15 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-10 11:15 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-09-10 11:15 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-09-10 11:15 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-09-10 11:15 . 2014-09-05 02:10 578048 ----a-w- c:\windows\system32\aepdu.dll
2014-09-10 11:15 . 2014-09-05 02:05 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-09-08 16:23 . 2014-09-12 02:34 -------- d-----w- C:\FRST
2014-09-08 16:12 . 2014-09-08 16:12 -------- d-----w- c:\windows\ERUNT
2014-09-08 15:22 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-09-08 15:21 . 2014-09-08 15:23 -------- d-----w- C:\AdwCleaner
2014-09-07 17:16 . 2014-09-07 17:16 -------- d-----w- c:\programdata\Crossword Man
2014-09-07 17:16 . 2014-09-07 17:16 -------- d-----w- c:\program files (x86)\Crossword Man
2014-09-06 15:42 . 2014-09-06 15:42 -------- d-----w- c:\programdata\bdch
2014-09-05 20:12 . 2014-09-05 20:13 -------- d-----w- c:\windows\SysWow64\C2MP
2014-09-04 14:51 . 2014-09-23 19:37 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-04 12:50 . 2014-09-04 12:50 188304 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-09-03 18:38 . 2014-09-03 22:44 -------- d-----w- c:\program files (x86)\Common Files\Steam
2014-09-03 18:38 . 2014-09-20 02:53 -------- d-----w- c:\program files (x86)\Steam
2014-09-03 15:50 . 2014-09-03 15:50 -------- d-----w- c:\program files (x86)\Ruiware
2014-09-03 05:36 . 2014-09-03 05:36 -------- d-----w- c:\programdata\Golden Frog, GmbH
2014-09-03 05:33 . 2014-09-19 23:19 -------- d-----w- c:\program files (x86)\VyprVPN
2014-09-02 17:33 . 2014-09-02 17:35 -------- d-----r- c:\program files (x86)\Skype
2014-09-02 17:33 . 2014-09-02 17:33 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-09-02 17:33 . 2014-09-03 04:50 -------- d-----w- c:\programdata\Skype
2014-09-02 02:49 . 2014-09-02 02:49 -------- d-----w- c:\programdata\GNU
2014-09-02 02:49 . 2014-09-02 02:49 -------- d-----w- c:\program files (x86)\GNU
2014-09-01 20:47 . 2014-09-01 20:47 -------- d-----w- c:\program files (x86)\Common Files\Solveig Multimedia
2014-09-01 20:47 . 2014-09-01 20:47 -------- d-----w- c:\program files (x86)\Solveig Multimedia
2014-09-01 05:49 . 2014-09-01 05:51 -------- d-----w- c:\programdata\VirtualizedApplications
2014-09-01 05:49 . 2014-09-01 05:49 231768 ----a-w- c:\windows\system32\drivers\veracrypt.sys
2014-09-01 05:48 . 2014-09-01 05:49 -------- d-----w- c:\program files\VeraCrypt
2014-09-01 04:54 . 2014-09-01 04:54 -------- d-----w- c:\programdata\Stardock
2014-09-01 04:54 . 2014-09-01 04:54 -------- d-----w- c:\program files (x86)\Stardock
2014-09-01 04:01 . 2014-09-01 04:01 230840 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2014-09-01 03:50 . 2014-09-01 03:50 -------- d-----w- c:\program files\Axantum
2014-08-31 20:29 . 2014-09-20 02:49 -------- d-----w- c:\program files (x86)\Password Safe
2014-08-31 19:56 . 2014-08-31 19:56 -------- d-----w- c:\programdata\Hewlett-Packard
2014-08-31 19:56 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2014-08-31 18:24 . 2014-09-20 02:49 -------- d-----w- c:\program files (x86)\PhraseExpress
2014-08-31 18:24 . 2014-08-31 18:24 -------- d-----w- c:\programdata\PhraseExpress
2014-08-31 18:08 . 2014-09-20 02:52 -------- d-----w- c:\program files (x86)\Sonos
2014-08-31 18:08 . 2014-09-23 16:00 -------- d-----w- c:\programdata\Sonos,_Inc
2014-08-31 17:58 . 2014-09-23 15:08 -------- dc----w- c:\windows\system32\DRVSTORE
2014-08-31 17:58 . 2014-09-23 15:08 -------- d-----w- c:\windows\ELAMBKUP
2014-08-31 17:58 . 2014-09-23 19:37 -------- d-----w- c:\programdata\Kaspersky Lab
2014-08-31 17:14 . 2014-09-21 03:25 -------- d-----w- c:\program files (x86)\EfficientPIM
2014-08-31 16:36 . 2014-08-31 16:36 -------- d-----w- c:\programdata\RoboForm
2014-08-31 16:36 . 2014-08-31 16:36 -------- d-----w- c:\program files (x86)\Siber Systems
2014-08-30 20:35 . 2014-08-30 20:35 -------- d-----w- c:\programdata\Auslogics
2014-08-28 22:04 . 2013-09-17 14:47 41984 ----a-w- c:\windows\system32\drivers\USB3Ver.dll
2014-08-28 21:57 . 2014-08-28 21:57 -------- d-----w- c:\program files (x86)\Renesas Electronics
2014-08-28 21:56 . 2014-08-28 21:56 -------- d-----w- c:\programdata\Downloaded Installations
2014-08-28 21:49 . 2014-08-28 21:49 -------- d-----w- c:\program files (x86)\ASM104xUSB3
2014-08-28 21:39 . 2014-08-28 21:39 -------- d-----w- c:\windows\SysWow64\sda
2014-08-28 21:39 . 2012-06-13 22:24 9888912 ----a-w- c:\windows\SysWow64\RtsUStoricon.dll
2014-08-28 21:39 . 2012-06-13 22:24 422544 ----a-w- c:\windows\system32\RtsUStor.dll
2014-08-28 21:39 . 2012-06-13 22:24 252048 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2014-08-28 21:31 . 2014-08-28 21:31 -------- d-----w- c:\program files\DIFX
2014-08-28 21:31 . 2014-08-28 21:41 -------- d-----w- c:\program files (x86)\ASUS
2014-08-28 21:28 . 2014-08-28 21:57 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2014-08-28 21:28 . 2014-08-28 21:39 -------- d-----w- c:\program files (x86)\Realtek
2014-08-28 21:27 . 2014-08-30 20:31 -------- d-----w- c:\windows\Panther
2014-08-28 21:22 . 2012-07-04 14:55 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2014-08-28 21:03 . 2014-08-30 07:01 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2014-08-28 21:03 . 2014-08-28 21:03 -------- d-----w- c:\windows\PCHEALTH
2014-08-28 21:03 . 2014-08-28 21:03 -------- d-----w- c:\program files\Microsoft Office
2014-08-28 21:00 . 2014-09-20 17:30 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-08-28 21:00 . 2014-08-28 21:00 -------- d-----w- c:\programdata\Malwarebytes
2014-08-28 21:00 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-28 21:00 . 2014-05-12 11:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-28 21:00 . 2014-05-12 11:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-28 21:00 . 2014-09-20 02:53 -------- d-----w- c:\program files\CDBurnerXP
2014-08-28 20:59 . 2014-08-28 20:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-08-28 20:59 . 2014-08-28 20:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-08-28 20:59 . 2014-08-28 20:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-08-28 20:59 . 2014-08-28 20:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-08-28 20:59 . 2014-08-28 20:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-08-28 20:59 . 2014-09-22 15:46 -------- d-----w- c:\programdata\Apple Computer
2014-08-28 20:59 . 2014-08-28 20:59 -------- d-----w- c:\program files (x86)\QuickTime
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-23 18:13 . 2013-11-11 23:25 458336 ----a-w- c:\windows\system32\drivers\kl1.sys
2014-09-23 18:13 . 2012-08-02 19:09 29792 ----a-w- c:\windows\system32\drivers\klim6.sys
2014-09-15 13:06 . 2010-11-21 03:27 278152 ------w- c:\windows\system32\MpSigStub.exe
2014-08-28 18:39 . 2014-08-28 18:39 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-08-13 17:15 . 2014-08-13 17:15 45384 ----a-w- c:\windows\SysWow64\DiscHandler.exe
2014-08-12 23:00 . 2014-08-12 23:00 4575232 ----a-w- c:\windows\SysWow64\GPhotos.scr
2014-08-12 06:30 . 2014-08-12 06:30 4009984 ----a-w- c:\windows\system32\ffmpeg.dll
2014-08-12 06:30 . 2014-08-12 06:30 474624 ----a-w- c:\windows\system32\ff_kernelDeint.dll
2014-08-12 06:30 . 2014-08-12 06:30 127488 ----a-w- c:\windows\system32\ff_vfw.dll
2014-08-12 06:30 . 2014-08-12 06:30 4374016 ----a-w- c:\windows\system32\ffdshow.ax
2014-08-12 06:29 . 2014-08-12 06:29 631296 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2014-08-12 06:29 . 2014-08-12 06:29 156672 ----a-w- c:\windows\system32\ff_libmad.dll
2014-08-12 06:29 . 2014-08-12 06:29 116224 ----a-w- c:\windows\system32\ff_liba52.dll
2014-08-12 06:29 . 2014-08-12 06:29 114688 ----a-w- c:\windows\system32\ff_wmv9.dll
2014-08-12 06:29 . 2014-08-12 06:29 222720 ----a-w- c:\windows\system32\ff_libdts.dll
2014-08-12 06:29 . 2014-08-12 06:29 183296 ----a-w- c:\windows\system32\ff_unrar.dll
2014-08-12 06:29 . 2014-08-12 06:29 1532928 ----a-w- c:\windows\system32\ff_samplerate.dll
2014-08-12 06:29 . 2014-08-12 06:29 190464 ----a-w- c:\windows\system32\libmpeg2_ff.dll
2014-08-12 02:30 . 2014-08-12 02:30 3916288 ----a-w- c:\windows\SysWow64\ffmpeg.dll
2014-08-12 02:30 . 2014-08-12 02:30 112640 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2014-08-12 02:30 . 2014-08-12 02:30 3502080 ----a-w- c:\windows\SysWow64\ffdshow.ax
2014-08-12 02:29 . 2014-08-12 02:29 271360 ----a-w- c:\windows\SysWow64\TomsMoComp_ff.dll
2014-08-12 02:29 . 2014-08-12 02:29 99840 ----a-w- c:\windows\SysWow64\ff_wmv9.dll
2014-08-12 02:29 . 2014-08-12 02:29 157184 ----a-w- c:\windows\SysWow64\ff_unrar.dll
2014-08-12 02:29 . 2014-08-12 02:29 211968 ----a-w- c:\windows\SysWow64\ff_libdts.dll
2014-08-12 02:29 . 2014-08-12 02:29 1525760 ----a-w- c:\windows\SysWow64\ff_samplerate.dll
2014-08-12 02:29 . 2014-08-12 02:29 147456 ----a-w- c:\windows\SysWow64\ff_libmad.dll
2014-08-12 02:29 . 2014-08-12 02:29 114688 ----a-w- c:\windows\SysWow64\ff_liba52.dll
2014-08-12 02:29 . 2014-08-12 02:29 136704 ----a-w- c:\windows\SysWow64\libmpeg2_ff.dll
2014-08-06 21:45 . 2014-08-06 23:31 11530960 ----a-w- c:\windows\system32\drivers\NETwsw00.sys
2014-07-23 04:12 . 2014-07-23 04:12 875680 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-23 01:10 . 2014-07-23 01:10 869536 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2014-09-23 15:53 458944 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"WinPatrol"="c:\program files (x86)\Ruiware\WinPatrol\winpatrol.exe" [2014-07-21 1154112]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2014-08-31 111320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-09-14 328064]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2012-10-17 205184]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-09-17 292088]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2013-11-11 356128]
.
c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PhraseExpress.lnk - c:\program files (x86)\PhraseExpress\phraseexpress.exe [2014-9-19 22627624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk * \0BootDefrag.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 VyprVPN;VyprVPN;c:\program files (x86)\VyprVPN\VyprVPNService.exe;c:\program files (x86)\VyprVPN\VyprVPNService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys;c:\windows\SYSNATIVE\DRIVERS\CSCrySec.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys;c:\windows\SYSNATIVE\DRIVERS\CSVirtualDiskDrv.sys [x]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 veracrypt;veracrypt;c:\windows\system32\drivers\veracrypt.sys;c:\windows\SYSNATIVE\drivers\veracrypt.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 ATP;ASUS PS/2 Port Input Device;c:\windows\system32\DRIVERS\AsusTP.sys;c:\windows\SYSNATIVE\DRIVERS\AsusTP.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 tapvyprvpn;TAP-VyprVPN Adapter V9;c:\windows\system32\DRIVERS\tapvyprvpn.sys;c:\windows\SYSNATIVE\DRIVERS\tapvyprvpn.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-20 03:22 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-28 20:54]
.
2014-09-23 c:\windows\Tasks\GlaryInitialize 5.job
- c:\program files (x86)\Glary Utilities 5\Initialize.exe [2014-08-18 01:05]
.
2014-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-28 20:52]
.
2014-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-28 20:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2014-09-23 16:08 491200 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"Fences"="c:\program files (x86)\Stardock\Fences\Fences.exe" [2014-05-22 3993744]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2014-05-22 521872]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu -
file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: Fill Forms -
file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: Save Forms -
file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Show RoboForm Toolbar -
file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{20185106-24BF-49B3-9078-6EF5B190DF33}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\
FF - ExtSQL: 2014-08-31 12:36; {22119944-ED35-4ab1-910B-E619EA06A115}; c:\program files (x86)\Siber Systems\AI RoboForm\Firefox
FF - ExtSQL: 2014-08-31 14:55;
anti_banner@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2014-08-31 14:55;
content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2014-08-31 14:55;
online_banking@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2014-08-31 14:55;
url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2014-08-31 14:55;
virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF - ExtSQL: 2014-09-05 16:15; {32da2f20-827d-40aa-a3b4-2fc4a294352e}; c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{32da2f20-827d-40aa-a3b4-2fc4a294352e}
FF - ExtSQL: 2038-01-18 20:14;
betteryoutube@ginatrapani.org; c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\betteryoutube@ginatrapani.org
FF - ExtSQL: !HIDDEN! 2014-08-31 12:36; {22119944-ED35-4ab1-910B-E619EA06A115}; c:\program files (x86)\Siber Systems\AI RoboForm\Firefox
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-EfficientPIM - (no file)
AddRemove-Stardock Fences 2 - c:\program files (x86)\Stardock\Fences\uninstall.exe
AddRemove-TeamViewer 9 - c:\program files (x86)\TeamViewer\Version9\uninstall.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-09-23 16:29:54
ComboFix-quarantined-files.txt 2014-09-23 20:29
.
Pre-Run: 529,126,973,440 bytes free
Post-Run: 528,995,811,328 bytes free
.
- - End Of File - - 8941B506975B3895C21CB2B9803F862E
A36C5E4F47E84449FF07ED3517B43A31