ComboFix 15-10-09.01 - martin 14/10/2015 19:09:21.1.2 - x64 NETWORK Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.1900.1125 [GMT 10:00] Running from: c:\users\martin\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWow64\Packet.dll c:\windows\SysWow64\pthreadVC.dll c:\windows\SysWow64\wpcap.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_NPF . . ((((((((((((((((((((((((( Files Created from 2015-09-14 to 2015-10-14 ))))))))))))))))))))))))))))))) . . 2015-10-13 17:16 . 2015-10-13 17:16 13312 ----a-w- c:\windows\SysWow64\drivers\vdi2otq4.sys 2015-10-13 17:16 . 2015-10-13 17:16 7168 ----a-w- c:\windows\SysWow64\drivers\uti2otq4.sys 2015-10-10 11:02 . 2015-10-13 17:34 -------- d-----w- C:\FRST 2015-10-10 10:30 . 2015-10-10 18:18 -------- d-----w- C:\AdwCleaner 2015-10-07 11:00 . 2015-10-07 11:00 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F088FAA-F4C3-4AF6-9575-3428F2E3A594}\offreg.1384.dll 2015-10-06 09:49 . 2015-10-10 18:39 -------- d-----w- c:\users\martin\AppData\Local\ElevatedDiagnostics 2015-10-06 04:27 . 2015-10-06 04:27 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F088FAA-F4C3-4AF6-9575-3428F2E3A594}\offreg.4388.dll 2015-10-01 22:09 . 2015-10-01 22:09 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F088FAA-F4C3-4AF6-9575-3428F2E3A594}\offreg.4584.dll 2015-10-01 21:02 . 2015-10-01 21:02 -------- d-----w- c:\program files\Common Files\Adobe 2015-10-01 20:56 . 2015-10-02 07:33 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2015-10-01 20:55 . 2012-04-23 17:01 10864 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2015-10-01 20:55 . 2013-07-18 17:01 56336 ------w- c:\windows\system32\drivers\PxHlpa64.sys 2015-10-01 20:55 . 2012-04-23 17:01 11376 ------w- c:\windows\system32\drivers\cdralw2k.sys 2015-10-01 20:53 . 2015-10-01 20:53 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine 2015-10-01 20:53 . 2015-10-01 20:53 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared 2015-09-27 09:31 . 2015-09-27 09:32 -------- d-----w- C:\6516a07bf36bb85e217c5dcb7476 2015-09-26 10:40 . 2015-09-26 10:40 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F088FAA-F4C3-4AF6-9575-3428F2E3A594}\offreg.1276.dll 2015-09-22 10:57 . 2015-09-22 10:57 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F088FAA-F4C3-4AF6-9575-3428F2E3A594}\offreg.1484.dll 2015-09-18 09:29 . 2015-09-18 09:29 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F088FAA-F4C3-4AF6-9575-3428F2E3A594}\offreg.4456.dll 2015-09-17 18:49 . 2015-10-14 09:07 -------- d-----w- c:\users\martin\AppData\Roaming\tor 2015-09-17 08:15 . 2015-09-17 08:15 -------- d-----w- c:\program files\Common Files\Microsoft 2015-09-16 10:10 . 2015-09-16 10:10 -------- d-----w- c:\users\martin\AppData\Local\GWX 2015-09-15 10:33 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll 2015-09-15 10:33 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-09-15 10:18 . 2015-08-15 05:39 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll 2015-09-15 09:21 . 2015-07-15 18:10 1743360 ----a-w- c:\windows\system32\sysmain.dll 2015-09-15 09:21 . 2015-07-15 18:15 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys 2015-09-15 09:21 . 2015-07-15 18:10 11264 ----a-w- c:\windows\system32\msmmsp.dll 2015-09-15 09:21 . 2015-07-15 18:02 2560 ----a-w- c:\windows\system32\drivers\en-US\mountmgr.sys.mui 2015-09-15 09:20 . 2015-05-25 18:18 404992 ----a-w- c:\windows\system32\tracerpt.exe 2015-09-15 09:20 . 2015-05-25 18:00 364544 ----a-w- c:\windows\SysWow64\tracerpt.exe 2015-09-15 09:19 . 2015-05-25 18:19 113664 ----a-w- c:\windows\system32\sechost.dll 2015-09-15 09:19 . 2015-05-25 18:18 104448 ----a-w- c:\windows\system32\logman.exe 2015-09-15 09:19 . 2015-05-25 18:00 82944 ----a-w- c:\windows\SysWow64\logman.exe 2015-09-15 09:19 . 2015-05-25 18:01 92160 ----a-w- c:\windows\SysWow64\sechost.dll 2015-09-15 09:19 . 2015-05-25 18:18 47104 ----a-w- c:\windows\system32\typeperf.exe 2015-09-15 09:19 . 2015-05-25 18:18 43008 ----a-w- c:\windows\system32\relog.exe 2015-09-15 09:19 . 2015-05-25 18:00 40448 ----a-w- c:\windows\SysWow64\typeperf.exe 2015-09-15 09:19 . 2015-05-25 18:00 37888 ----a-w- c:\windows\SysWow64\relog.exe 2015-09-15 09:19 . 2015-05-25 18:18 19456 ----a-w- c:\windows\system32\diskperf.exe 2015-09-15 09:19 . 2015-05-25 18:00 17408 ----a-w- c:\windows\SysWow64\diskperf.exe 2015-09-15 09:05 . 2015-06-02 00:07 254976 ----a-w- c:\windows\system32\cewmdm.dll 2015-09-15 08:55 . 2015-07-10 17:51 44032 ----a-w- c:\windows\system32\tsgqec.dll 2015-09-15 08:55 . 2015-07-10 17:51 3722752 ----a-w- c:\windows\system32\mstscax.dll 2015-09-15 08:55 . 2015-07-10 17:51 158720 ----a-w- c:\windows\system32\aaclient.dll 2015-09-15 08:55 . 2015-07-10 17:34 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll 2015-09-15 08:55 . 2015-07-10 17:34 3221504 ----a-w- c:\windows\SysWow64\mstscax.dll 2015-09-15 08:55 . 2015-07-10 17:33 131584 ----a-w- c:\windows\SysWow64\aaclient.dll 2015-09-15 08:43 . 2015-07-15 03:17 2048 ----a-w- c:\windows\system32\tzres.dll 2015-09-15 08:43 . 2015-07-15 02:54 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2015-09-15 08:42 . 2015-07-09 17:58 82944 ----a-w- c:\windows\system32\dwmapi.dll 2015-09-15 08:42 . 2015-07-09 17:58 1632256 ----a-w- c:\windows\system32\dwmcore.dll 2015-09-15 08:42 . 2015-07-09 17:42 67584 ----a-w- c:\windows\SysWow64\dwmapi.dll 2015-09-15 08:42 . 2015-07-09 17:42 1372160 ----a-w- c:\windows\SysWow64\dwmcore.dll 2015-09-15 08:42 . 2015-07-15 03:19 52736 ----a-w- c:\windows\system32\basesrv.dll 2015-09-15 08:41 . 2015-07-01 20:49 260096 ----a-w- c:\windows\system32\WebClnt.dll 2015-09-15 08:41 . 2015-07-01 20:48 102912 ----a-w- c:\windows\system32\davclnt.dll 2015-09-15 08:41 . 2015-07-01 20:30 206848 ----a-w- c:\windows\SysWow64\WebClnt.dll 2015-09-15 08:41 . 2015-07-01 20:30 82432 ----a-w- c:\windows\SysWow64\davclnt.dll 2015-09-15 08:40 . 2015-06-17 17:47 404992 ----a-w- c:\windows\system32\gdi32.dll 2015-09-15 08:40 . 2015-06-17 17:37 312320 ----a-w- c:\windows\SysWow64\gdi32.dll 2015-09-15 08:36 . 2015-04-24 18:17 633856 ----a-w- c:\windows\system32\comctl32.dll 2015-09-15 08:36 . 2015-04-24 17:56 530432 ----a-w- c:\windows\SysWow64\comctl32.dll 2015-09-15 08:36 . 2015-07-04 18:07 2087424 ----a-w- c:\windows\system32\ole32.dll 2015-09-15 08:36 . 2015-07-04 17:48 1414656 ----a-w- c:\windows\SysWow64\ole32.dll 2015-09-15 08:36 . 2015-04-27 19:23 188416 ----a-w- c:\windows\system32\cryptsvc.dll 2015-09-15 08:36 . 2015-04-27 19:04 143872 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2015-09-15 08:36 . 2015-04-27 19:23 229376 ----a-w- c:\windows\system32\wintrust.dll 2015-09-15 08:36 . 2015-04-27 19:23 1480192 ----a-w- c:\windows\system32\crypt32.dll 2015-09-15 08:36 . 2015-04-27 19:23 140288 ----a-w- c:\windows\system32\cryptnet.dll 2015-09-15 08:36 . 2015-04-27 19:05 179200 ----a-w- c:\windows\SysWow64\wintrust.dll 2015-09-15 08:36 . 2015-04-27 19:04 1174528 ----a-w- c:\windows\SysWow64\crypt32.dll 2015-09-15 08:36 . 2015-04-27 19:04 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2015-09-15 08:35 . 2015-06-15 21:45 3242496 ----a-w- c:\windows\system32\msi.dll 2015-09-15 08:35 . 2015-06-15 21:45 504320 ----a-w- c:\windows\system32\msihnd.dll 2015-09-15 08:35 . 2015-06-15 21:44 128000 ----a-w- c:\windows\system32\msiexec.exe 2015-09-15 08:35 . 2015-06-15 21:43 337408 ----a-w- c:\windows\SysWow64\msihnd.dll 2015-09-15 08:35 . 2015-06-15 21:43 2364416 ----a-w- c:\windows\SysWow64\msi.dll 2015-09-15 08:35 . 2015-06-15 21:42 73216 ----a-w- c:\windows\SysWow64\msiexec.exe 2015-09-15 08:35 . 2015-06-15 21:42 25088 ----a-w- c:\windows\system32\msimsg.dll 2015-09-15 08:35 . 2015-06-15 21:37 25088 ----a-w- c:\windows\SysWow64\msimsg.dll 2015-09-15 08:32 . 2015-07-09 17:57 193536 ----a-w- c:\windows\system32\notepad.exe 2015-09-15 08:28 . 2015-07-10 17:51 14177280 ----a-w- c:\windows\system32\shell32.dll 2015-09-15 08:27 . 2015-09-15 08:27 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F088FAA-F4C3-4AF6-9575-3428F2E3A594}\offreg.4100.dll 2015-09-15 08:23 . 2015-08-19 18:18 11745192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F088FAA-F4C3-4AF6-9575-3428F2E3A594}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-09-26 09:48 . 2014-06-04 13:02 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-09-26 09:48 . 2011-10-15 00:58 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-08-26 08:37 . 2015-05-01 02:43 134753440 ----a-w- c:\windows\system32\MRT.exe 2015-07-22 17:53 . 2015-09-15 08:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2015-04-26 43816] "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2015-04-26 43816] "CAHeadless"="c:\program files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2013-09-02 1400224] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440] "HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-09-29 169528] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-03-20 60712] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944] . c:\users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R1 vdi2otq4;AVZ-BC Kernel Driver;c:\windows\system32\Drivers\vdi2otq4.sys;c:\windows\SYSNATIVE\Drivers\vdi2otq4.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [x] R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x] R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 uti2otq4;AVZ Kernel Driver;c:\windows\system32\Drivers\uti2otq4.sys;c:\windows\SYSNATIVE\Drivers\uti2otq4.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\drivers\PxHlpa64.sys [x] S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x] S2 AdobeActiveFileMonitor12.0;Adobe Active File Monitor V12;c:\program files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x] S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2015-10-12 c:\windows\Tasks\HPCeeScheduleFormartin.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-09-15 7466600] "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-09-30 43320] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-04-06 169768] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2015-06-01 183216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2015-06-01 411056] "Persistence"="c:\windows\system32\igfxpers.exe" [2015-06-01 453552] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-06-02 472984] . ------- Supplementary Scan ------- . uStart Page = https://www.google.com.au/?gfe_rd=cr&ei=NCKNU5ngBMyN8Qf5s4CQBA&gws_rd=ssl uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 10.150.0.1 8.8.4.4 8.8.8.8 . - - - - ORPHANS REMOVED - - - - . HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_185_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_185_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.19" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2015-10-14 19:26:31 - machine was rebooted ComboFix-quarantined-files.txt 2015-10-14 09:26 . Pre-Run: 329,295,806,464 bytes free Post-Run: 328,792,481,792 bytes free . - - End Of File - - A3E27E8258C37D1A14F0841380B468F2