ComboFix 15-08-06.01 - dell 08/08/2015 13:54:17.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1256.966.1033.18.3983.2593 [GMT 3:00] Running from: c:\users\dell\Desktop\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886} FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\dell\AppData\Local\Temp\VPN_43CC\B7091C83.dll c:\users\dell\ZHPDiag3.exe c:\windows\regsvr32.exe c:\windows\security\logs\scecomp.log c:\windows\SysWow64\DEBUG.log c:\windows\TEMP\VPN_F425\48616C33.dll c:\windows\TEMP\VPN_F425\B7091C83.dll E:\install.exe . . ((((((((((((((((((((((((( Files Created from 2015-07-08 to 2015-08-08 ))))))))))))))))))))))))))))))) . . 2015-08-08 10:58 . 2015-08-08 10:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-08-08 10:14 . 2015-08-01 17:55 77624 ----a-w- c:\windows\system32\drivers\eagleGet.sys 2015-08-08 10:14 . 2015-08-08 10:14 -------- d-----w- c:\users\dell\AppData\Roaming\EagleGet 2015-08-08 10:14 . 2015-08-08 10:14 -------- d-----w- c:\programdata\EagleGet 2015-08-08 10:14 . 2015-08-08 10:14 -------- d-----w- c:\program files (x86)\Common Files\EagleGet 2015-08-08 10:14 . 2015-08-08 10:14 -------- d-----w- c:\program files (x86)\EagleGet 2015-08-08 09:38 . 2015-08-08 09:43 -------- d-----w- C:\AdwCleaner 2015-08-07 17:55 . 2015-08-08 10:21 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-08-07 17:55 . 2015-08-07 17:55 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2015-08-07 17:55 . 2015-08-07 17:55 -------- d-----w- c:\programdata\Malwarebytes 2015-08-07 17:55 . 2015-06-18 05:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2015-08-07 17:55 . 2015-06-18 05:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-08-07 17:55 . 2015-06-18 05:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-08-07 15:43 . 2015-08-08 10:34 -------- d-----w- c:\users\dell\AppData\Roaming\ZHP 2015-08-06 20:20 . 2015-06-11 13:15 429568 ----a-w- c:\windows\system32\wksprt.exe 2015-08-06 20:20 . 2015-06-11 17:57 53248 ----a-w- c:\windows\SysWow64\tsgqec.dll 2015-08-06 20:20 . 2015-06-11 17:57 856064 ----a-w- c:\windows\SysWow64\rdvidcrl.dll 2015-08-06 20:20 . 2015-06-11 17:57 6131200 ----a-w- c:\windows\SysWow64\mstscax.dll 2015-08-06 20:20 . 2015-06-11 17:56 7077376 ----a-w- c:\windows\system32\mstscax.dll 2015-08-06 20:20 . 2015-06-11 17:56 62976 ----a-w- c:\windows\system32\tsgqec.dll 2015-08-06 20:20 . 2015-06-11 17:56 1057792 ----a-w- c:\windows\system32\rdvidcrl.dll 2015-08-06 19:58 . 2014-12-11 17:47 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe 2015-08-06 19:24 . 2015-06-09 18:03 3180544 ----a-w- c:\windows\system32\rdpcorets.dll 2015-08-06 19:24 . 2015-06-09 18:03 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll 2015-08-06 19:24 . 2015-06-03 20:17 243200 ----a-w- c:\windows\system32\rdpudd.dll 2015-08-06 19:20 . 2015-08-06 19:20 -------- d-----w- c:\program files\Synaptics 2015-08-06 07:51 . 2013-10-02 04:38 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui 2015-08-06 07:51 . 2013-10-02 01:10 44544 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll 2015-08-06 07:51 . 2013-10-02 02:22 56832 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys 2015-08-06 07:51 . 2013-10-02 02:11 13824 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2015-08-06 07:51 . 2013-10-02 02:08 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2015-08-06 07:51 . 2013-10-02 01:48 56832 ----a-w- c:\windows\system32\MsRdpWebAccess.dll 2015-08-06 07:51 . 2013-10-02 01:48 18944 ----a-w- c:\windows\system32\wksprtPS.dll 2015-08-06 07:51 . 2013-10-02 00:14 50176 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll 2015-08-06 07:51 . 2013-10-02 00:14 17920 ----a-w- c:\windows\SysWow64\wksprtPS.dll 2015-08-06 07:51 . 2013-10-01 23:31 1147392 ----a-w- c:\windows\system32\mstsc.exe 2015-08-06 07:51 . 2013-10-01 22:34 1068544 ----a-w- c:\windows\SysWow64\mstsc.exe 2015-08-06 07:50 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys 2015-08-06 07:50 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll 2015-08-06 07:50 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll 2015-08-06 07:48 . 2015-03-14 03:21 1632768 ----a-w- c:\windows\system32\dwmcore.dll 2015-08-06 07:48 . 2015-03-14 03:04 1372160 ----a-w- c:\windows\SysWow64\dwmcore.dll 2015-08-06 07:48 . 2015-03-14 03:21 82944 ----a-w- c:\windows\system32\dwmapi.dll 2015-08-06 07:48 . 2015-03-14 03:04 67584 ----a-w- c:\windows\SysWow64\dwmapi.dll 2015-08-06 07:48 . 2015-07-28 20:05 774656 ----a-w- c:\windows\system32\invagent.dll 2015-08-06 07:48 . 2015-07-28 20:05 743424 ----a-w- c:\windows\system32\generaltel.dll 2015-08-06 07:48 . 2015-07-28 20:05 437760 ----a-w- c:\windows\system32\devinv.dll 2015-08-06 07:48 . 2015-07-28 20:05 1116672 ----a-w- c:\windows\system32\appraiser.dll 2015-08-06 07:48 . 2015-07-28 20:05 69120 ----a-w- c:\windows\system32\acmigration.dll 2015-08-06 07:48 . 2015-07-28 19:55 1148416 ----a-w- c:\windows\system32\aeinv.dll 2015-08-06 07:48 . 2015-07-28 20:09 17344 ----a-w- c:\windows\system32\CompatTelRunner.exe 2015-08-06 07:48 . 2015-07-28 20:05 227328 ----a-w- c:\windows\system32\aepdu.dll 2015-08-04 09:51 . 2015-08-08 09:46 -------- d-sh--w- c:\users\dell\IntelGraphicsProfiles 2015-08-04 08:06 . 2015-08-06 07:57 -------- d-----w- c:\windows\system32\wbem\ar-SA 2015-08-04 08:06 . 2015-08-04 08:06 -------- d-----w- c:\windows\system32\wbem\fr-FR 2015-08-04 07:55 . 2009-07-13 15:53 3584 ----a-w- c:\windows\system32\Spool\prtprocs\x64\ar-SA\LXKPTPRC.DLL.mui 2015-08-03 07:46 . 2015-05-09 18:26 493504 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll 2015-07-27 18:08 . 2015-07-08 03:45 178976 ----a-w- c:\windows\system32\drivers\TeeDriverx64.sys 2015-07-27 18:08 . 2012-08-17 18:57 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll 2015-07-21 17:38 . 2015-07-15 03:19 41984 ----a-w- c:\windows\system32\lpk.dll 2015-07-21 17:38 . 2015-07-15 01:59 372224 ----a-w- c:\windows\system32\atmfd.dll 2015-07-21 17:38 . 2015-07-15 01:52 299008 ----a-w- c:\windows\SysWow64\atmfd.dll 2015-07-21 17:38 . 2015-07-15 03:19 100864 ----a-w- c:\windows\system32\fontsub.dll 2015-07-21 17:38 . 2015-07-15 03:19 14336 ----a-w- c:\windows\system32\dciman32.dll 2015-07-21 17:38 . 2015-07-15 03:19 46080 ----a-w- c:\windows\system32\atmlib.dll 2015-07-21 17:38 . 2015-07-15 02:55 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2015-07-21 17:38 . 2015-07-15 02:55 10240 ----a-w- c:\windows\SysWow64\dciman32.dll 2015-07-21 17:38 . 2015-07-15 02:55 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2015-07-21 17:38 . 2015-07-15 02:54 25600 ----a-w- c:\windows\SysWow64\lpk.dll 2015-07-15 11:29 . 2015-06-02 00:07 254976 ----a-w- c:\windows\system32\cewmdm.dll 2015-07-15 11:29 . 2015-06-01 23:47 210432 ----a-w- c:\windows\SysWow64\cewmdm.dll 2015-07-15 11:29 . 2015-06-25 08:57 3207168 ----a-w- c:\windows\system32\win32k.sys 2015-07-15 11:29 . 2015-06-17 17:47 404992 ----a-w- c:\windows\system32\gdi32.dll 2015-07-15 11:29 . 2015-06-17 17:37 312320 ----a-w- c:\windows\SysWow64\gdi32.dll 2015-07-15 11:29 . 2015-06-27 02:47 814080 ----a-w- c:\windows\system32\jscript9diag.dll 2015-07-15 11:29 . 2015-06-27 02:43 5923840 ----a-w- c:\windows\system32\jscript9.dll 2015-07-15 11:29 . 2015-06-27 01:58 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll 2015-07-15 11:29 . 2015-06-27 01:39 4520448 ----a-w- c:\windows\SysWow64\jscript9.dll 2015-07-15 11:18 . 2015-07-04 18:07 2087424 ----a-w- c:\windows\system32\ole32.dll 2015-07-15 11:18 . 2015-07-04 17:48 1414656 ----a-w- c:\windows\SysWow64\ole32.dll 2015-07-15 11:18 . 2015-04-27 19:23 188416 ----a-w- c:\windows\system32\cryptsvc.dll 2015-07-15 11:18 . 2015-04-27 19:04 143872 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2015-07-15 11:18 . 2015-04-27 19:04 1174528 ----a-w- c:\windows\SysWow64\crypt32.dll 2015-07-15 11:18 . 2015-04-27 19:23 229376 ----a-w- c:\windows\system32\wintrust.dll 2015-07-15 11:18 . 2015-04-27 19:23 1480192 ----a-w- c:\windows\system32\crypt32.dll 2015-07-15 11:18 . 2015-04-27 19:23 140288 ----a-w- c:\windows\system32\cryptnet.dll 2015-07-15 11:18 . 2015-04-27 19:05 179200 ----a-w- c:\windows\SysWow64\wintrust.dll 2015-07-15 11:18 . 2015-04-27 19:04 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2015-07-10 13:39 . 2015-08-02 12:10 -------- d-----w- C:\$Windows.~BT . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-07-16 12:06 . 2014-09-15 05:24 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-07-16 12:06 . 2014-09-15 05:24 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-07-03 05:43 . 2014-10-15 16:23 130333168 ----a-w- c:\windows\system32\MRT.exe 2015-06-16 22:01 . 2015-06-16 22:01 1202856 ----a-w- c:\windows\SysWow64\FM20.DLL 2015-06-10 09:54 . 2015-06-10 09:54 81768 ----a-w- c:\windows\system32\drivers\ksapi.sys 2015-06-10 09:54 . 2015-06-10 09:54 56680 ----a-w- c:\windows\system32\drivers\ksapi64.sys 2015-06-04 22:46 . 2015-07-02 03:42 376832 ----a-w- c:\windows\system32\IntelOpenCL64.dll 2015-06-04 22:46 . 2015-07-02 03:42 286720 ----a-w- c:\windows\SysWow64\IntelOpenCL32.dll 2015-06-04 22:46 . 2015-07-02 03:42 5120 ----a-w- c:\windows\system32\igfxLHMLibv2_0.dll 2015-06-04 22:46 . 2015-07-02 03:42 5120 ----a-w- c:\windows\system32\igfxLHMLib.dll 2015-06-04 22:46 . 2015-07-02 03:42 384000 ----a-w- c:\windows\system32\igfxOSP.dll 2015-06-04 22:46 . 2015-07-02 03:42 31448 ----a-w- c:\windows\system32\igfxexps.dll 2015-06-04 22:46 . 2015-07-02 03:42 30720 ----a-w- c:\windows\SysWow64\igfxexps32.dll 2015-06-04 22:46 . 2015-07-02 03:42 194664 ----a-w- c:\windows\system32\igfxext.exe 2015-06-04 22:46 . 2015-07-02 03:42 10240 ----a-w- c:\windows\system32\igfxEMLibv2_0.dll 2015-06-04 22:46 . 2015-07-02 03:42 10240 ----a-w- c:\windows\system32\igfxEMLib.dll 2015-06-04 22:46 . 2015-07-02 03:42 280680 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe 2015-06-04 22:46 . 2015-07-02 03:42 218848 ----a-w- c:\windows\system32\iglhcp64.dll 2015-06-04 22:46 . 2015-07-02 03:42 183840 ----a-w- c:\windows\SysWow64\iglhcp32.dll 2015-06-04 22:46 . 2015-07-02 03:42 183296 ----a-w- c:\windows\system32\igfxCoIn_v4226.dll 2015-06-04 22:46 . 2015-07-02 03:42 1137120 ----a-w- c:\windows\system32\iglhsip64.dll 2015-06-04 22:46 . 2015-07-02 03:42 1133000 ----a-w- c:\windows\SysWow64\iglhsip32.dll 2015-06-04 22:46 . 2014-10-01 16:54 530536 ----a-w- c:\windows\system32\igfxEM.exe 2015-06-04 22:46 . 2014-10-01 16:54 384104 ----a-w- c:\windows\system32\igfxTray.exe 2015-06-04 22:46 . 2014-10-01 16:54 252416 ----a-w- c:\windows\system32\igfxLHM.dll 2015-06-04 22:46 . 2014-10-01 16:54 247400 ----a-w- c:\windows\system32\igfxHK.exe 2015-06-04 22:46 . 2015-07-02 03:42 10948400 ----a-w- c:\windows\system32\igdumdim64.dll 2015-06-04 22:46 . 2015-07-02 03:42 86528 ----a-w- c:\windows\system32\igfxCUIServicePS.dll 2015-06-04 22:46 . 2015-07-02 03:42 255488 ----a-w- c:\windows\system32\igfxCPL.cpl 2015-06-04 22:46 . 2015-07-02 03:42 69632 ----a-w- c:\windows\system32\igfxDHLibv2_0.dll 2015-06-04 22:46 . 2015-07-02 03:42 59392 ----a-w- c:\windows\system32\igfxDHLib.dll 2015-06-04 22:46 . 2015-07-02 03:42 10752 ----a-w- c:\windows\system32\igfxDILib.dll 2015-06-04 22:46 . 2015-07-02 03:42 10240 ----a-w- c:\windows\system32\igfxDILibv2_0.dll 2015-06-04 22:46 . 2015-07-02 03:42 2027008 ----a-w- c:\windows\system32\igfxcmjit64.dll 2015-06-04 22:46 . 2015-07-02 03:42 188496 ----a-w- c:\windows\system32\igfxcmrt64.dll 2015-06-04 22:46 . 2015-07-02 03:42 184832 ----a-w- c:\windows\system32\igfx11cmrt64.dll 2015-06-04 22:46 . 2015-07-02 03:42 1758208 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll 2015-06-04 22:46 . 2015-07-02 03:42 159096 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll 2015-06-04 22:46 . 2015-07-02 03:42 155136 ----a-w- c:\windows\SysWow64\igfx11cmrt32.dll 2015-06-04 22:46 . 2014-10-01 16:54 670208 ----a-w- c:\windows\system32\igfxDH.dll 2015-06-04 22:46 . 2014-10-01 16:54 319080 ----a-w- c:\windows\system32\igfxCUIService.exe 2015-06-04 22:46 . 2014-10-01 16:54 276480 ----a-w- c:\windows\system32\igfxDI.dll 2015-06-04 22:46 . 2014-10-01 16:54 220160 ----a-w- c:\windows\system32\igfxDTCM.dll 2015-06-04 22:46 . 2014-09-15 03:35 4587608 ----a-w- c:\windows\system32\igdusc64.dll 2015-06-04 22:46 . 2014-09-15 03:35 3628160 ----a-w- c:\windows\SysWow64\igdusc32.dll 2015-06-04 22:46 . 2015-07-02 03:42 454760 ----a-w- c:\windows\system32\igdmd64.dll 2015-06-04 22:46 . 2015-07-02 03:42 366680 ----a-w- c:\windows\SysWow64\igdmd32.dll 2015-06-04 22:46 . 2015-07-02 03:42 1985536 ----a-w- c:\windows\system32\igdrcl64.dll 2015-06-04 22:46 . 2015-07-02 03:42 1784320 ----a-w- c:\windows\SysWow64\igdrcl32.dll 2015-06-04 22:46 . 2015-07-02 03:42 3788728 ----a-w- c:\windows\system32\drivers\igdkmd64.sys 2015-06-04 22:46 . 2014-09-15 03:35 10474552 ----a-w- c:\windows\SysWow64\igdumdim32.dll 2015-06-04 22:46 . 2015-07-02 03:42 365568 ----a-w- c:\windows\system32\igdbcl64.dll 2015-06-04 22:46 . 2015-07-02 03:42 320512 ----a-w- c:\windows\SysWow64\igdbcl32.dll 2015-06-04 22:46 . 2015-07-02 03:42 22905344 ----a-w- c:\windows\system32\igdfcl64.dll 2015-06-04 22:46 . 2015-07-02 03:42 17837568 ----a-w- c:\windows\SysWow64\igdfcl32.dll 2015-06-04 22:46 . 2015-07-02 03:42 162304 ----a-w- c:\windows\system32\igdail64.dll 2015-06-04 22:46 . 2015-07-02 03:42 143872 ----a-w- c:\windows\SysWow64\igdail32.dll 2015-06-04 22:46 . 2015-07-02 03:42 224256 ----a-w- c:\windows\system32\igdde64.dll 2015-06-04 22:46 . 2015-07-02 03:42 185856 ----a-w- c:\windows\SysWow64\igdde32.dll 2015-06-04 22:46 . 2015-07-02 03:42 8520192 ----a-w- c:\windows\system32\ig7icd64.dll 2015-06-04 22:46 . 2015-07-02 03:42 6503424 ----a-w- c:\windows\SysWow64\ig7icd32.dll 2015-06-04 22:46 . 2014-09-15 03:35 12218376 ----a-w- c:\windows\system32\igd10iumd64.dll 2015-06-04 22:46 . 2014-09-15 03:35 11793480 ----a-w- c:\windows\SysWow64\igd10iumd32.dll 2015-06-04 22:46 . 2015-07-02 03:42 545384 ----a-w- c:\windows\system32\DPTopologyAppv2_0.exe 2015-06-04 22:46 . 2015-07-02 03:42 399464 ----a-w- c:\windows\system32\CustomModeAppv2_0.exe 2015-06-04 22:46 . 2015-07-02 03:42 959592 ----a-w- c:\windows\system32\GfxUIEx.exe 2015-06-04 22:46 . 2015-07-02 03:42 545896 ----a-w- c:\windows\system32\DPTopologyApp.exe 2015-06-04 22:46 . 2015-07-02 03:42 4362344 ----a-w- c:\windows\system32\Gfxv4_0.exe 2015-06-04 22:46 . 2015-07-02 03:42 4358760 ----a-w- c:\windows\system32\Gfxv2_0.exe 2015-06-04 22:46 . 2015-07-02 03:42 399976 ----a-w- c:\windows\system32\CustomModeApp.exe 2015-06-04 22:46 . 2015-07-02 03:42 154728 ----a-w- c:\windows\system32\difx64.exe 2015-05-25 18:24 . 2015-06-10 07:07 5569984 ----a-w- c:\windows\system32\ntoskrnl.exe 2015-05-25 18:21 . 2015-06-10 07:07 1728960 ----a-w- c:\windows\system32\ntdll.dll 2015-05-25 18:19 . 2015-06-10 07:06 243712 ----a-w- c:\windows\system32\wow64.dll 2015-05-25 18:19 . 2015-06-10 07:06 362496 ----a-w- c:\windows\system32\wow64win.dll 2015-05-25 18:19 . 2015-06-10 07:06 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2015-05-25 18:19 . 2015-06-10 07:06 215040 ----a-w- c:\windows\system32\winsrv.dll 2015-05-25 18:19 . 2015-06-10 07:07 1255424 ----a-w- c:\windows\system32\diagtrack.dll 2015-05-25 18:19 . 2015-06-10 07:06 879104 ----a-w- c:\windows\system32\tdh.dll 2015-05-25 18:19 . 2015-06-10 07:06 503808 ----a-w- c:\windows\system32\srcore.dll 2015-05-25 18:19 . 2015-06-10 07:06 113664 ----a-w- c:\windows\system32\sechost.dll 2015-05-25 18:19 . 2015-06-10 07:06 50176 ----a-w- c:\windows\system32\srclient.dll 2015-05-25 18:19 . 2015-06-10 07:06 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2015-05-25 18:19 . 2015-06-10 07:07 424960 ----a-w- c:\windows\system32\KernelBase.dll 2015-05-25 18:19 . 2015-06-10 07:07 1162752 ----a-w- c:\windows\system32\kernel32.dll 2015-05-25 18:18 . 2015-06-10 07:06 43520 ----a-w- c:\windows\system32\csrsrv.dll 2015-05-25 18:18 . 2015-06-10 07:07 879104 ----a-w- c:\windows\system32\advapi32.dll 2015-05-25 18:18 . 2015-06-10 07:06 47104 ----a-w- c:\windows\system32\typeperf.exe 2015-05-25 18:18 . 2015-06-10 07:06 404992 ----a-w- c:\windows\system32\tracerpt.exe 2015-05-25 18:18 . 2015-06-10 07:06 112640 ----a-w- c:\windows\system32\smss.exe 2015-05-25 18:18 . 2015-06-10 07:06 296960 ----a-w- c:\windows\system32\rstrui.exe 2015-05-25 18:18 . 2015-06-10 07:06 43008 ----a-w- c:\windows\system32\relog.exe 2015-05-25 18:18 . 2015-06-10 07:06 104448 ----a-w- c:\windows\system32\logman.exe 2015-05-25 18:18 . 2015-06-10 07:06 19456 ----a-w- c:\windows\system32\diskperf.exe 2015-05-25 18:18 . 2015-06-10 07:06 338432 ----a-w- c:\windows\system32\conhost.exe 2015-05-25 18:11 . 2015-06-10 07:06 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 07:06 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 07:06 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 07:06 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 07:06 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KSS"="c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2014-06-15 202080] "uTorrent"="c:\users\dell\AppData\Roaming\uTorrent\uTorrent.exe" [2015-08-01 1693024] "GoogleChromeAutoLaunch_9FD5ED0742D873E78F8A54709BF48770"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-07-31 813896] "EagleGet"="c:\program files (x86)\EagleGet\Eagleget.exe" [2015-08-01 1868800] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-09-12 959176] "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2014-09-15 296520] "Sabre OADP Util"="e:\sabre\Apps\OADP\OADPUtil.exe" [2009-07-08 528448] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ SnagIt 9.lnk - c:\program files (x86)\TechSmith\SnagIt 9\SnagIt32.exe [2008-5-15 6822728] SoftEther VPN Client Manager Startup.lnk - c:\program files\SoftEther VPN Client\vpncmgr_x64.exe /startup [2015-2-26 4600376] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 AVP15.0.0;ÎÏãÉ Kaspersky Anti-Virus 15.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] R2 RealPlayerUpdateSvc;RealPlayer Update Service;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 athrusb;TP-LINK Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys;c:\windows\SYSNATIVE\DRIVERS\athrxusb.sys [x] R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 ksapi64;ksapi64;c:\windows\system32\drivers\ksapi64.sys;c:\windows\SYSNATIVE\drivers\ksapi64.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 ReviverSoft Smart Alerts Service;ReviverSoft Smart Alerts Service;c:\program files\ReviverSoft\PC Reviver\ReviverSoft Smart Alerts Service.exe;c:\program files\ReviverSoft\PC Reviver\ReviverSoft Smart Alerts Service.exe [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x] S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x] S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x] S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x] S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x] S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x] S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x] S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 egGetSvc;egGetSvc;c:\program files (x86)\EagleGet\EGMonitor.exe;c:\program files (x86)\EagleGet\EGMonitor.exe [x] S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [x] S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x] S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x] S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x] S2 RealPlayer Cloud Service;RealPlayer Cloud Service;c:\program files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe;c:\program files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [x] S2 SabrePrint;Sabre Print Service;e:\sabre\Apps\OADP\Oadp.exe;e:\sabre\Apps\OADP\Oadp.exe [x] S2 SEVPNCLIENT;SoftEther VPN Client;c:\program files\SoftEther VPN Client\vpnclient_x64.exe;c:\program files\SoftEther VPN Client\vpnclient_x64.exe [x] S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x] S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x] S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x] S3 eagleGet;eagleGet;c:\windows\system32\Drivers\eagleGet.sys;c:\windows\SYSNATIVE\Drivers\eagleGet.sys [x] S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [x] S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x] S3 int0800;Intel 28F320C3 Flash Update Device Driver v6.4;c:\windows\system32\DRIVERS\flashud.sys;c:\windows\SYSNATIVE\DRIVERS\flashud.sys [x] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x] S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x] S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0005.sys;c:\windows\SYSNATIVE\DRIVERS\Neo_0005.sys [x] S3 SEE;SoftEther Ethernet Layer Driver;c:\windows\system32\drivers\see.sys;c:\windows\SYSNATIVE\drivers\see.sys [x] S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - EAGLEGET *Deregistered* - IDMWFP . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-08-06 12:14 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.130\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2015-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-15 12:06] . 2015-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-22 15:57] . 2015-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-22 15:57] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoftEther VPN Client UI Helper"="c:\program files\SoftEther VPN Client\vpnclient_x64.exe" [2015-02-26 4409400] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtDCpl64.exe" [2014-10-13 2908888] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm IE: Download all links with EagleGet - c:\program files (x86)\EagleGet\IEGraberBHO.dll/202 IE: Download with EagleGet - c:\program files (x86)\EagleGet\IEGraberBHO.dll/201 IE: Ê&ÕÏíÑ Åáì Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 DPF: {469C92F9-CA8E-4C3E-9AD4-F74EEF097BCA} - hxxp://diagnostic.amadeus.com/travelagencies/Cabs/DS_Diagnostic.cab DPF: {F96020DD-C373-44A0-82B6-064EF0AEEAE3} - hxxp://certificates.amadeusvista.com/sgwadmin/RegSiteTools.cab FF - ProfilePath - c:\users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\xwibiqxs.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.malwarebytes.org/restorebrowser//?scr=90Qw8888 . . ------- File Associations ------- . inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1 txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) AddRemove-Foxit Reader Packages - c:\users\dell\AppData\Roaming\0F1L1I1P0H1L1E1E1F\Foxit Reader Packages\uninstaller.exe AddRemove-Sabre VPN - c:\windows\system32\javaws.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-506657601-157788839-3318356469-1000_Classes\Wow6432Node\CLSID\{1d5668b3-2383-4391-aba0-61edb98964a9}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:00000084 "Therad"=dword:0000001d "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,dc,05,18,32,cf,93,32,4e,e4,11,5f,10,64,31,20,6f,20,75,37,16,e8,8b,\ . [HKEY_USERS\S-1-5-21-506657601-157788839-3318356469-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):37,f2,17,5f,64,a0,26,61,79,2d,08,35,c0,de,9d,63,e5,1b,e1,ce,90, 7b,5e,3c,37,1e,69,f6,af,b0,86,5e,69,c1,c3,8c,3a,96,62,19,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.18" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amadeus.net] @DACL=(02 0000) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amadeuscruise.com] @DACL=(02 0000) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amadeusferry.com] @DACL=(02 0000) . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2015-08-08 13:59:58 ComboFix-quarantined-files.txt 2015-08-08 10:59 . Pre-Run: 40,319,840,256 bytes free Post-Run: 41,795,014,656 bytes free . - - End Of File - - 67350F7A1E638E7F120BF11130EB3FAB A36C5E4F47E84449FF07ED3517B43A31