ComboFix 15-11-05.01 - JSK 11/07/2015 20:29:58.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8147.6848 [GMT -8:00]
Running from: c:\users\JSK\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\JSK\AppData\Local\Icelax.exe
.
.
((((((((((((((((((((((((( Files Created from 2015-10-08 to 2015-11-08 )))))))))))))))))))))))))))))))
.
.
2015-11-08 04:32 . 2015-11-08 04:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-11-07 05:26 . 2015-11-07 05:26 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AAFFCB8C-97A2-4DD3-A612-773A0CFF7943}\offreg.3576.dll
2015-11-07 05:14 . 2015-11-07 05:15 -------- d-----w- C:\AdwCleaner
2015-11-07 04:37 . 2015-11-07 04:51 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-11-07 04:37 . 2015-11-07 04:49 -------- d-----w- c:\programdata\RogueKiller
2015-11-07 03:57 . 2015-11-07 03:58 -------- d-----w- C:\FRST
2015-11-07 03:53 . 2015-11-07 03:53 -------- d-----w- c:\windows\system32\appmgmt
2015-11-07 03:26 . 2015-11-07 03:53 -------- d-----w- c:\users\JSK\AppData\Roaming\Opera Software
2015-11-07 03:26 . 2015-11-07 03:53 -------- d-----w- c:\users\JSK\AppData\Local\Opera Software
2015-11-07 03:26 . 2015-11-07 03:53 -------- d-----w- c:\program files (x86)\Opera
2015-11-07 03:24 . 2015-11-07 03:25 -------- d-----w- c:\users\JSK\AppData\Roaming\Desktop Improver
2015-11-07 03:24 . 2015-11-07 03:31 -------- d-----w- c:\users\JSK\AppData\Local\dimp_en_152010136
2015-11-07 03:24 . 2015-11-07 03:24 -------- d-----w- c:\program files (x86)\dimp_en_152010136
2015-11-07 03:24 . 2015-11-07 03:56 -------- d-----w- c:\program files (x86)\Desktop Improver
2015-11-07 03:24 . 2015-11-07 03:24 -------- d-----w- c:\program files (x86)\WebDnsio
2015-11-07 03:23 . 2015-11-07 03:23 -------- d-----w- c:\program files (x86)\execnowait
2015-11-07 03:23 . 2015-11-07 03:23 -------- d-----w- c:\windows\Quicky Translator
2015-11-07 03:21 . 2015-11-07 03:29 -------- d-----w- c:\program files (x86)\Windows 7 Activator
2015-11-07 03:18 . 2015-11-07 03:18 -------- d-----w- c:\users\JSK\AppData\Roaming\AVAST Software
2015-11-07 03:17 . 2015-11-07 03:17 97648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-11-07 03:17 . 2015-11-07 03:17 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-11-07 03:17 . 2015-11-07 03:17 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-11-07 03:17 . 2015-11-07 03:17 449992 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-11-07 03:17 . 2015-11-07 03:17 386096 ----a-w- c:\windows\system32\aswBoot.exe
2015-11-07 03:17 . 2015-11-07 03:17 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-11-07 03:17 . 2015-11-07 03:17 273784 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-11-07 03:17 . 2015-11-07 03:17 154256 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-11-07 03:17 . 2015-11-07 03:17 1059656 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-11-07 03:17 . 2015-11-07 03:17 43112 ----a-w- c:\windows\avastSS.scr
2015-11-07 03:17 . 2015-11-07 03:17 -------- d-----w- c:\program files\AVAST Software
2015-11-07 03:17 . 2015-11-07 03:17 -------- d-----w- c:\programdata\AVAST Software
2015-11-07 02:36 . 2015-11-07 02:36 -------- d-----w- c:\users\JSK\AppData\Roaming\Curse Advertising
2015-11-07 02:21 . 2015-11-07 02:21 -------- d-----w- c:\users\JSK\AppData\Local\Blizzard Entertainment
2015-11-07 02:21 . 2015-11-07 02:21 -------- d-----w- c:\programdata\Blizzard Entertainment
2015-11-07 02:21 . 2015-11-08 04:28 -------- d-----w- c:\users\JSK\AppData\Local\Battle.net
2015-11-07 02:21 . 2015-11-07 02:21 -------- d-----w- c:\users\JSK\AppData\Roaming\Battle.net
2015-11-07 02:20 . 2015-11-07 02:20 -------- d-----w- c:\programdata\Battle.net
2015-11-06 08:16 . 2015-10-13 09:47 11140960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AAFFCB8C-97A2-4DD3-A612-773A0CFF7943}\mpengine.dll
2015-11-04 13:18 . 2015-11-04 13:18 82432 ----a-w- c:\users\JSK\AppData\Roaming\Microsoft\MSXML2\msxml4r.dll
2015-11-04 13:18 . 2015-11-04 13:18 44544 ----a-w- c:\users\JSK\AppData\Roaming\Microsoft\MSXML2\msxml4a.dll
2015-11-04 13:18 . 2015-11-04 13:18 1275392 ----a-w- c:\users\JSK\AppData\Roaming\Microsoft\MSXML2\msxml4.dll
2015-11-03 05:14 . 2015-11-07 05:16 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-03 05:14 . 2015-11-03 05:14 -------- d-----w- c:\programdata\Malwarebytes
2015-11-03 05:14 . 2015-10-05 17:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-11-03 05:14 . 2015-10-05 17:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-11-03 05:14 . 2015-10-05 17:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-10-26 10:00 . 2015-10-26 10:00 -------- d-----w- c:\program files\Microsoft Silverlight
2015-10-26 10:00 . 2015-10-26 10:00 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2015-10-26 10:00 . 2015-10-26 10:00 -------- d-----w- c:\program files (x86)\MSXML 4.0
2015-10-25 10:00 . 2015-10-25 10:00 -------- d-----w- C:\$Windows.~BT
2015-10-24 21:55 . 2015-10-24 21:55 -------- d-----w- c:\programdata\WEBREG
2015-10-24 21:54 . 2015-11-05 15:48 -------- d-----w- c:\users\JSK\AppData\Roaming\HP
2015-10-24 21:31 . 2015-10-24 21:44 -------- d-----w- c:\users\JSK\AppData\Roaming\Apple Computer
2015-10-24 21:31 . 2015-10-24 21:31 -------- d-----w- c:\users\JSK\AppData\Local\Apple Computer
2015-10-24 21:30 . 2015-10-24 21:31 -------- d-----w- c:\program files (x86)\iTunes
2015-10-24 21:30 . 2015-10-24 21:30 -------- d-----w- c:\programdata\Apple Computer
2015-10-24 21:30 . 2015-10-24 21:30 -------- d-----w- c:\program files\iPod
2015-10-24 21:30 . 2015-10-24 21:30 -------- d-----w- c:\users\JSK\AppData\Local\Apple
2015-10-24 21:30 . 2015-10-24 21:30 -------- d-----w- c:\program files (x86)\Apple Software Update
2015-10-24 21:30 . 2015-10-24 21:30 -------- d-----w- c:\program files\Bonjour
2015-10-24 21:30 . 2015-10-24 21:30 -------- d-----w- c:\program files (x86)\Bonjour
2015-10-24 21:30 . 2015-10-24 21:30 -------- d-----w- c:\program files\Common Files\Apple
2015-10-24 21:30 . 2015-10-24 21:30 -------- d-----w- c:\programdata\Apple
2015-10-24 21:30 . 2015-10-24 21:30 -------- d-----w- c:\program files (x86)\Common Files\Apple
2015-10-22 15:16 . 2015-10-22 15:16 -------- d-----w- c:\users\JSK\AppData\Local\Programs
2015-10-17 16:05 . 2015-10-17 16:05 -------- d-----w- c:\program files (x86)\Hewlett-Packard
2015-10-15 19:09 . 2015-10-15 19:09 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2015-10-15 19:09 . 2015-10-15 23:24 -------- d-----w- c:\users\JSK\AppData\Local\Adobe
2015-10-15 10:16 . 2015-09-18 19:22 25432 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-10-15 10:16 . 2015-09-18 19:19 700416 ----a-w- c:\windows\system32\invagent.dll
2015-10-15 10:16 . 2015-09-18 19:19 766464 ----a-w- c:\windows\system32\generaltel.dll
2015-10-15 10:16 . 2015-09-18 19:19 503808 ----a-w- c:\windows\system32\devinv.dll
2015-10-15 10:16 . 2015-09-18 19:19 73216 ----a-w- c:\windows\system32\acmigration.dll
2015-10-15 10:16 . 2015-09-18 19:19 1291264 ----a-w- c:\windows\system32\appraiser.dll
2015-10-15 10:16 . 2015-09-18 19:09 1163776 ----a-w- c:\windows\system32\aeinv.dll
2015-10-13 08:05 . 2015-10-13 08:05 -------- d-----w- c:\users\JSK\AppData\Local\Diagnostics
2015-10-11 10:00 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2015-10-11 10:00 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2015-10-10 23:28 . 2015-10-10 23:28 -------- d-----w- c:\users\JSK\Tracing
2015-10-10 23:27 . 2015-10-10 23:27 -------- d-----w- c:\users\JSK\AppData\Local\Skype
2015-10-10 23:27 . 2015-11-07 04:50 -------- d-----w- c:\users\JSK\AppData\Roaming\Skype
2015-10-10 23:26 . 2015-10-10 23:26 -------- d-----w- c:\program files (x86)\Common Files\Skype
2015-10-10 23:26 . 2015-10-10 23:26 -------- d-----r- c:\program files (x86)\Skype
2015-10-10 23:26 . 2015-10-10 23:26 -------- d-----w- c:\programdata\Skype
2015-10-10 22:59 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2015-10-10 22:59 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2015-10-10 22:59 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2015-10-10 22:59 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2015-10-10 22:59 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2015-10-10 22:59 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2015-10-10 22:59 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2015-10-10 22:59 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2015-10-10 22:59 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2015-10-10 12:16 . 2015-07-30 18:06 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2015-10-10 12:16 . 2015-07-30 18:06 1648128 ----a-w- c:\windows\system32\DWrite.dll
2015-10-10 12:16 . 2015-07-30 18:06 1180160 ----a-w- c:\windows\system32\FntCache.dll
2015-10-10 12:16 . 2015-07-30 17:57 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2015-10-10 12:16 . 2015-07-30 17:57 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-10-10 12:16 . 2015-02-03 03:31 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-10-10 12:16 . 2015-02-03 03:12 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-10-10 12:16 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-10-10 12:16 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-10-10 12:04 . 2015-10-10 12:08 -------- d-s---w- c:\windows\system32\GWX
2015-10-10 12:04 . 2015-10-10 12:04 -------- d-s---w- c:\windows\SysWow64\GWX
2015-10-10 12:04 . 2015-10-10 12:04 -------- d-----w- c:\windows\SysWow64\Wat
2015-10-10 12:04 . 2015-10-10 12:04 -------- d-----w- c:\windows\system32\Wat
2015-10-10 11:29 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-10-10 11:29 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-10-10 11:28 . 2013-10-15 01:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2015-10-10 11:18 . 2015-10-10 11:18 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-10-10 10:07 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2015-10-10 10:07 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2015-10-10 10:07 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2015-10-10 10:01 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2015-10-10 10:01 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2015-10-10 10:01 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2015-10-10 10:01 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2015-10-10 10:01 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2015-10-10 10:01 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2015-10-10 10:01 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2015-10-10 10:01 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2015-10-10 04:08 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2015-10-10 04:08 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-10-10 04:08 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-10-10 04:08 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-09 10:06 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2015-10-09 10:06 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2015-10-07 00:39 . 2015-10-07 00:39 16896 ----a-w- c:\windows\AsTaskSched.dll
2015-10-04 08:23 . 2015-10-07 00:59 1423120 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-10-04 08:23 . 2015-10-07 00:59 1317192 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-10-04 08:22 . 2015-10-07 00:59 1756608 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-10-04 08:22 . 2015-10-07 00:59 1710568 ----a-w- c:\windows\system32\nvspcap64.dll
2015-10-03 05:06 . 2015-10-07 01:02 112944 ----a-w- c:\windows\system32\OpenCL.dll
2015-10-03 05:06 . 2015-10-07 01:02 105080 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-10-03 05:06 . 2015-10-07 01:01 17395512 ----a-w- c:\windows\system32\nvwgf2umx.dll
2015-10-03 05:06 . 2015-10-07 01:01 12769408 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-10-03 05:06 . 2015-10-07 01:01 3573832 ----a-w- c:\windows\system32\nvapi64.dll
2015-10-03 05:06 . 2015-10-07 01:01 3154104 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-10-03 02:49 . 2015-10-07 01:02 6358648 ----a-w- c:\windows\system32\nvcpl.dll
2015-10-03 02:49 . 2015-10-07 01:02 2982520 ----a-w- c:\windows\system32\nvsvc64.dll
2015-10-03 02:49 . 2015-10-07 01:02 938800 ----a-w- c:\windows\system32\nvvsvc.exe
2015-10-03 02:49 . 2015-10-07 01:02 62768 ----a-w- c:\windows\system32\nvshext.dll
2015-10-03 02:49 . 2015-10-07 01:02 385328 ----a-w- c:\windows\system32\nvmctray.dll
2015-10-03 02:49 . 2015-10-07 01:02 2554488 ----a-w- c:\windows\system32\nvsvcr.dll
2015-10-01 09:33 . 2015-10-07 01:02 5284082 ----a-w- c:\windows\system32\nvcoproc.bin
2015-09-29 02:58 . 2015-10-14 12:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-09-18 22:09 . 2015-10-07 01:01 40280 ----a-w- c:\windows\system32\nvhdap64.dll
2015-09-18 22:09 . 2015-10-07 01:01 204648 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2015-09-18 22:09 . 2015-10-07 01:01 1567576 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2015-09-14 00:29 . 2015-10-07 01:01 1898288 ----a-w- c:\windows\system32\nvdispco6435598.dll
2015-09-14 00:29 . 2015-10-07 01:01 1558832 ----a-w- c:\windows\system32\nvdispgenco6435598.dll
2015-08-12 23:03 . 2015-08-12 23:03 96528 ----a-w- c:\windows\system32\dns-sd.exe
2015-08-12 23:03 . 2015-08-12 23:03 86288 ----a-w- c:\windows\system32\dnssd.dll
2015-08-12 23:03 . 2015-08-12 23:03 61712 ----a-w- c:\windows\system32\jdns_sd.dll
2015-08-12 23:03 . 2015-08-12 23:03 213264 ----a-w- c:\windows\system32\dnssdX.dll
2015-08-12 23:03 . 2015-08-12 23:03 84240 ----a-w- c:\windows\SysWow64\dns-sd.exe
2015-08-12 23:03 . 2015-08-12 23:03 72976 ----a-w- c:\windows\SysWow64\dnssd.dll
2015-08-12 23:03 . 2015-08-12 23:03 50960 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2015-08-12 23:03 . 2015-08-12 23:03 178960 ----a-w- c:\windows\SysWow64\dnssdX.dll
2015-08-11 04:52 . 2015-10-07 00:58 72504 ----a-w- c:\windows\system32\nvaudcap64v.dll
2015-08-11 04:52 . 2015-10-07 00:58 69416 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2015-08-11 04:52 . 2015-10-07 00:58 50472 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-09-15 22:01 1733240 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-09-15 22:01 1733240 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-09-15 22:01 1733240 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-21 291648]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-11-07 7004376]
.
c:\users\JSK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2015-11-6 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
R2 LogiRegistryService;Logitech Gaming Registry Service;c:\program files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe;c:\program files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [x]
R2 MBAMScheduler;MBAMScheduler;f:\malwarebytes anti-malware\mbamscheduler.exe;f:\malwarebytes anti-malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;f:\malwarebytes anti-malware\mbamservice.exe;f:\malwarebytes anti-malware\mbamservice.exe [x]
R2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 xb1usb;Microsoft Xbox One Controller Driver;c:\windows\system32\DRIVERS\xb1usb.sys;c:\windows\SYSNATIVE\DRIVERS\xb1usb.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [x]
S2 LGCoreTemp;Logitech CPU Core Tempurature;c:\program files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys;c:\program files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 LGBusEnum;Logitech Gaming Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGJoyXlCore;Logitech Translation Layer Driver (LGS);c:\windows\system32\drivers\LGJoyXlCore.sys;c:\windows\SYSNATIVE\drivers\LGJoyXlCore.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NVSTREAMKMS
*Deregistered* - NvStreamKms
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-10-26 01:50 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-10-07 00:44]
.
2015-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-10-07 00:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-09-15 21:58 2339032 ----a-w- f:\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-09-15 21:58 2339032 ----a-w- f:\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-09-15 21:58 2339032 ----a-w- f:\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-11-07 03:17 870744 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-08-08 6827664]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2015-09-19 15003256]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-10-04 2654512]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-10-04 1710568]
"iTunesHelper"="F:\iTunesHelper.exe" [2015-10-16 170256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
www.google.com
mStart Page =
https://www.google.com/?trackid=sp-006
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page =
https://www.google.com/search?trackid=sp-006&q={searchTerms}
mSearch Bar =
https://www.google.com/?trackid=sp-006
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - f:\office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - f:\office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
AddRemove-Desktop Improver_is1 - c:\program files (x86)\Desktop Improver\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-11-07 20:34:01
ComboFix-quarantined-files.txt 2015-11-08 04:34
.
Pre-Run: 182,617,186,304 bytes free
Post-Run: 184,218,492,928 bytes free
.
- - End Of File - - 83F5BA9C94754B1CC8611B0B52509109
A36C5E4F47E84449FF07ED3517B43A31