ComboFix 15-01-22.02 - Clockwork 01/25/2015  21:28:35.2.2 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.8191.6578 [GMT -8:00]
Running from: c:\users\Clockwork\Desktop\ComboFix.exe
Command switches used :: c:\users\Clockwork\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
FILE ::
"c:\users\Clockwork\AppData\Local\Temp\Low\~nsu.tmp\Au_.exe"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe --> c:\windows\explorer.exe
.
(((((((((((((((((((((((((   Files Created from 2014-12-26 to 2015-01-26  )))))))))))))))))))))))))))))))
.
.
2015-01-26 05:31 . 2015-01-26 05:31	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-01-26 00:57 . 2015-01-26 00:57	--------	d-----w-	c:\users\Clockwork\AppData\Roaming\OpenOffice
2015-01-26 00:56 . 2015-01-26 00:56	--------	d-----w-	c:\program files (x86)\OpenOffice 4
2015-01-26 00:22 . 2015-01-26 03:20	--------	d-----w-	C:\FRST
2015-01-26 00:16 . 2015-01-26 00:16	--------	d-----w-	c:\windows\ERUNT
2015-01-26 00:11 . 2015-01-26 00:13	--------	d-----w-	C:\AdwCleaner
2015-01-25 23:54 . 2015-01-25 23:54	--------	d-----w-	C:\_OTL
2015-01-25 22:22 . 2015-01-25 22:22	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2015-01-25 21:55 . 2015-01-25 21:55	--------	d-----w-	c:\program files (x86)\VideoLAN
2015-01-25 21:11 . 2015-01-25 21:50	--------	d-----w-	c:\users\Clockwork\AppData\Roaming\DAEMON Tools Lite
2015-01-25 21:11 . 2015-01-25 21:11	386680	----a-w-	c:\windows\system32\drivers\sptd.sys
2015-01-25 21:11 . 2015-01-25 21:11	--------	d-----w-	c:\program files (x86)\DAEMON Tools Lite
2015-01-25 21:10 . 2015-01-25 21:50	--------	d-----w-	c:\programdata\DAEMON Tools Lite
2015-01-24 10:56 . 2015-01-24 10:56	820072	----a-w-	c:\program files\Common Files\System\SysMenu64.dll
2015-01-24 10:56 . 2015-01-24 10:56	649064	----a-w-	c:\program files\Common Files\System\SysMenu.dll
2015-01-21 17:26 . 2015-01-21 17:26	--------	d-----w-	c:\program files (x86)\Common Files\Java
2015-01-17 11:51 . 2015-01-17 11:51	--------	d-----w-	c:\users\Clockwork\AppData\Roaming\PhotoScape
2015-01-14 05:50 . 2015-01-18 09:46	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2015-01-13 09:47 . 2015-01-13 09:47	--------	d-----w-	c:\users\Clockwork\AppData\Roaming\Yahoo!
2015-01-13 09:45 . 2015-01-22 07:02	--------	d-----w-	c:\program files (x86)\Yahoo!
2015-01-02 01:46 . 2015-01-02 01:16	174112	----a-w-	c:\windows\SysWow64\EasyAntiCheat.exe
2015-01-01 20:16 . 2015-01-01 20:16	--------	d-----w-	c:\users\Clockwork\AppData\Local\capcom
2014-12-30 05:09 . 2010-06-02 12:55	77656	----a-w-	c:\windows\system32\XAPOFX1_5.dll
2014-12-30 05:09 . 2010-06-02 12:55	518488	----a-w-	c:\windows\system32\XAudio2_7.dll
2014-12-30 05:09 . 2010-06-02 12:55	176984	----a-w-	c:\windows\system32\xactengine3_7.dll
2014-12-30 05:09 . 2010-05-26 19:41	511328	----a-w-	c:\windows\system32\d3dx10_43.dll
2014-12-30 05:09 . 2010-05-26 19:41	470880	----a-w-	c:\windows\SysWow64\d3dx10_43.dll
2014-12-30 05:09 . 2010-05-26 19:41	276832	----a-w-	c:\windows\system32\d3dx11_43.dll
2014-12-30 05:09 . 2010-05-26 19:41	2526056	----a-w-	c:\windows\system32\D3DCompiler_43.dll
2014-12-30 05:09 . 2010-05-26 19:41	248672	----a-w-	c:\windows\SysWow64\d3dx11_43.dll
2014-12-30 05:09 . 2010-05-26 19:41	1907552	----a-w-	c:\windows\system32\d3dcsx_43.dll
2014-12-30 05:09 . 2010-05-26 19:41	2401112	----a-w-	c:\windows\system32\D3DX9_43.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-21 17:25 . 2014-12-13 04:05	111016	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2015-01-21 17:25 . 2014-12-13 04:04	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-18 05:07 . 2014-11-18 06:35	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-18 05:07 . 2014-11-18 06:35	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-18 22:50 . 2014-11-18 22:50	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2014-11-17 10:08 . 2014-11-18 05:56	11632448	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C898CB5-363A-43E6-A7F1-4697FA060F46}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R4 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - ASWVMM
*Deregistered* - aswMBR
*Deregistered* - aswVmm
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2014-10-14 12697368]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Clockwork\AppData\Roaming\Mozilla\Firefox\Profiles\u3jstsw3.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-BattlEye for A2 - c:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
AddRemove-Search Module Plus - c:\program files\Common Files\Goobzo\GBUpdatePlus\smUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-01-25  21:32:51
ComboFix-quarantined-files.txt  2015-01-26 05:32
ComboFix2.txt  2015-01-26 03:46
.
Pre-Run: 353,061,859,328 bytes free
Post-Run: 353,039,282,176 bytes free
.
- - End Of File - - D2D122D436AC2EE736B0575D23C4A2A3
A36C5E4F47E84449FF07ED3517B43A31