ComboFix 16-01-31.01 - la ilaha ila allh 02/03/2016  20:06:19.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1256.213.1033.18.2040.1053 [GMT 1:00]
Running from: c:\users\la ilaha ila allh\Downloads\ComboFix.exe
AV: ESET Smart Security 9.0.349.15 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ÌÏÇÑ ÇáÍãÇíÉ ÇáÔÎÕí ESET *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 9.0.349.15 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
c:\windows\system32\DEBUG.log
c:\windows\system32\ReadMe.txt
E:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2016-01-03 to 2016-02-03  )))))))))))))))))))))))))))))))
.
.
2016-02-03 19:11 . 2016-02-03 19:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2016-02-03 18:42 . 2016-02-03 18:48	170200	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-02-03 18:41 . 2015-10-05 08:50	51928	----a-w-	c:\windows\system32\drivers\mwac.sys
2016-02-03 18:41 . 2015-10-05 08:50	94936	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2016-02-03 18:41 . 2015-10-05 08:50	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2016-02-03 18:41 . 2016-02-03 18:41	--------	d-----w-	c:\program files\Malwarebytes Anti-Malware
2016-02-03 18:12 . 2016-02-03 18:12	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5979165-6329-4A82-9123-CE226BC566E8}\offreg.1256.dll
2016-02-03 01:08 . 2016-02-03 01:08	--------	d-----w-	c:\programdata\Malwarebytes
2016-02-03 00:35 . 2016-02-03 00:35	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5979165-6329-4A82-9123-CE226BC566E8}\offreg.408.dll
2016-02-03 00:32 . 2016-02-03 16:53	24688	----a-w-	c:\windows\system32\drivers\TrueSight.sys
2016-02-03 00:32 . 2016-02-03 00:43	--------	d-----w-	c:\programdata\RogueKiller
2016-02-02 23:46 . 2016-02-02 23:46	69632	----a-w-	c:\windows\system32\smss.exe
2016-02-02 23:46 . 2016-02-02 23:46	640512	----a-w-	c:\windows\system32\advapi32.dll
2016-02-02 23:46 . 2016-02-02 23:46	619520	----a-w-	c:\windows\system32\tdh.dll
2016-02-02 23:46 . 2016-02-02 23:46	3969472	----a-w-	c:\windows\system32\ntkrnlpa.exe
2016-02-02 23:46 . 2016-02-02 23:46	3914176	----a-w-	c:\windows\system32\ntoskrnl.exe
2016-02-02 23:46 . 2016-02-02 23:46	38912	----a-w-	c:\windows\system32\csrsrv.dll
2016-02-02 23:46 . 2016-02-02 23:46	1289096	----a-w-	c:\windows\system32\ntdll.dll
2016-02-02 23:46 . 2016-02-02 23:46	338944	----a-w-	c:\windows\system32\drivers\afd.sys
2016-02-02 23:46 . 2016-02-02 23:46	240496	----a-w-	c:\windows\system32\drivers\netio.sys
2016-02-02 23:46 . 2016-02-02 23:46	231424	----a-w-	c:\windows\system32\mswsock.dll
2016-02-02 23:46 . 2016-02-02 23:46	187752	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2016-02-02 23:46 . 2016-02-02 23:46	1294272	----a-w-	c:\windows\system32\drivers\tcpip.sys
2016-02-02 23:46 . 2016-02-02 23:46	49152	----a-w-	c:\windows\system32\taskhost.exe
2016-02-02 23:43 . 2016-02-02 23:43	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2016-02-02 23:41 . 2016-02-02 23:41	1505280	----a-w-	c:\windows\system32\d3d11.dll
2016-02-02 22:37 . 2016-02-03 17:47	--------	d-----w-	c:\programdata\SecTaskMan
2016-02-02 22:37 . 2016-02-02 22:37	--------	d-----w-	c:\program files\Security Task Manager
2016-02-02 22:03 . 2016-02-02 22:03	--------	d-----w-	c:\program files\ESET
2016-02-02 21:02 . 2016-02-02 21:02	--------	d-----w-	C:\found.000
2016-02-02 20:49 . 2016-02-02 20:52	--------	d-----w-	c:\programdata\Malwarebytes Anti-Exploit
2016-02-02 20:34 . 2016-02-02 20:34	--------	d-----w-	c:\program files\CPUID
2016-02-02 19:51 . 2016-02-02 19:51	--------	d-----w-	c:\programdata\GlarySoft
2016-02-02 18:55 . 2016-02-02 18:55	17472	----a-w-	c:\windows\system32\drivers\GUBootStartup.sys
2016-02-02 18:55 . 2016-02-03 17:01	--------	d-----w-	c:\program files\Glary Utilities 5
2016-02-01 19:30 . 2016-02-01 19:30	--------	d-----w-	c:\program files\Microsoft.NET
2016-02-01 18:56 . 2016-02-01 18:56	--------	d-----w-	c:\programdata\regid.1986-12.com.adobe
2016-02-01 18:56 . 2016-02-02 14:44	--------	d-----w-	c:\program files\Common Files\Adobe
2016-02-01 18:46 . 2016-02-01 18:46	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5979165-6329-4A82-9123-CE226BC566E8}\offreg.4264.dll
2016-01-31 20:10 . 2016-01-31 20:10	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5979165-6329-4A82-9123-CE226BC566E8}\offreg.5168.dll
2016-01-31 19:56 . 2009-03-28 11:55	937449	----a-w-	c:\windows\system32\libeay32.dll
2016-01-31 19:56 . 2008-06-29 19:48	188760	----a-w-	c:\windows\system32\libssl32.dll
2016-01-31 19:41 . 2016-01-31 20:00	--------	d-----w-	C:\dvbdream
2016-01-31 19:18 . 2016-01-31 19:18	--------	d-----w-	c:\programdata\Technisat
2016-01-31 19:18 . 2016-01-31 19:18	--------	d-----w-	c:\program files\DVBViewer TE2
2016-01-31 19:18 . 2016-01-31 19:18	--------	d-----w-	c:\program files\MainConcept
2016-01-31 19:17 . 2016-01-31 19:19	--------	d-----w-	c:\program files\TechniSat DVB
2016-01-31 19:17 . 2016-01-31 19:17	--------	d--h--w-	c:\program files\InstallShield Installation Information
2016-01-31 19:16 . 2016-01-31 19:16	--------	d-----w-	c:\program files\Common Files\InstallShield
2016-01-31 19:16 . 2010-05-10 08:09	627288	----a-w-	c:\windows\system32\drivers\SkyNET.sys
2016-01-30 19:38 . 2016-01-30 19:38	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5979165-6329-4A82-9123-CE226BC566E8}\offreg.3588.dll
2016-01-28 23:34 . 2016-01-28 23:34	--------	d-----w-	c:\programdata\TechSmith
2016-01-28 23:34 . 2016-01-28 23:34	--------	d-----w-	c:\program files\TechSmith
2016-01-27 22:17 . 2016-01-27 22:17	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2016-01-27 21:13 . 2016-01-27 21:13	85616	----a-w-	c:\windows\system32\RtNicProp32.dll
2016-01-27 21:13 . 2016-01-27 21:13	109648	----a-w-	c:\windows\system32\RTNUninst32.dll
2016-01-27 21:13 . 2016-01-27 21:13	769280	----a-w-	c:\windows\system32\drivers\Rt86win7.sys
2016-01-27 20:58 . 2016-01-27 20:58	--------	d-----w-	c:\windows\system32\DAX2
2016-01-27 20:58 . 2016-01-27 20:58	--------	d-----w-	c:\program files\Realtek
2016-01-27 20:58 . 2016-01-27 20:58	--------	d-----w-	c:\windows\system32\RTCOM
2016-01-27 19:57 . 2016-01-27 19:57	--------	d-----w-	c:\program files\VideoLAN
2016-01-27 18:42 . 2016-02-02 11:08	--------	d-----w-	c:\programdata\ProductData
2016-01-27 18:41 . 2016-01-27 18:42	--------	d-----w-	c:\programdata\IObit
2016-01-27 18:41 . 2016-01-27 18:41	23840	----a-w-	c:\windows\system32\drivers\HWiNFO32.SYS
2016-01-26 22:06 . 2016-01-26 13:16	--------	d-----w-	c:\windows\Panther
2016-01-26 22:06 . 2016-01-26 22:06	--------	d-----w-	C:\Boot
2016-01-26 21:54 . 2016-02-02 11:33	409088	----a-w-	c:\windows\systemcplx86.dll
2016-01-26 19:51 . 2016-01-26 19:51	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5979165-6329-4A82-9123-CE226BC566E8}\offreg.2700.dll
2016-01-26 16:26 . 2016-01-26 16:26	--------	d-----w-	c:\programdata\IDM
2016-01-26 15:29 . 2016-02-02 22:04	--------	d-sh--w-	c:\windows\Installer
2016-01-26 15:28 . 2016-01-26 15:28	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5979165-6329-4A82-9123-CE226BC566E8}\offreg.548.dll
2016-01-26 15:23 . 2016-01-26 15:23	--------	d-----w-	c:\program files\GUMA840.tmp
2016-01-26 15:23 . 2016-01-26 15:23	6420480	----a-w-	c:\program files\GUTA841.tmp
2016-01-26 15:09 . 2016-01-26 16:11	--------	d-----w-	c:\program files\Google
2016-01-26 15:09 . 2016-01-26 15:09	--------	d-----w-	c:\program files\GUM7945.tmp
2016-01-26 15:09 . 2016-01-26 15:09	50063360	----a-w-	c:\program files\GUT7946.tmp
2016-01-26 14:48 . 2016-01-26 14:48	48648	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2016-01-26 14:36 . 2016-01-26 14:36	--------	d-----w-	c:\program files\Common Files\AV
2016-01-26 14:35 . 2015-12-16 09:15	9014120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5979165-6329-4A82-9123-CE226BC566E8}\mpengine.dll
2016-01-26 14:35 . 2015-12-02 12:25	247976	------w-	c:\windows\system32\MpSigStub.exe
2016-01-26 14:08 . 2016-01-26 14:08	--------	d-----w-	c:\windows\system32\Macromed
2016-01-26 13:23 . 2014-05-14 16:23	45536	----a-w-	c:\windows\system32\wups2.dll
2016-01-26 13:23 . 2014-05-14 16:23	54240	----a-w-	c:\windows\system32\wuauclt.exe
2016-01-26 13:23 . 2014-05-14 16:23	1973728	----a-w-	c:\windows\system32\wuaueng.dll
2016-01-26 13:23 . 2014-05-14 16:17	2425856	----a-w-	c:\windows\system32\wucltux.dll
2016-01-26 13:23 . 2014-05-14 16:23	36320	----a-w-	c:\windows\system32\wups.dll
2016-01-26 13:23 . 2014-05-14 16:23	581600	----a-w-	c:\windows\system32\wuapi.dll
2016-01-26 13:23 . 2014-05-14 16:17	92672	----a-w-	c:\windows\system32\wudriver.dll
2016-01-26 13:22 . 2014-05-14 08:23	179656	----a-w-	c:\windows\system32\wuwebv.dll
2016-01-26 13:22 . 2014-05-14 08:17	33792	----a-w-	c:\windows\system32\wuapp.exe
2016-01-26 13:16 . 2016-01-30 19:40	--------	d-----w-	c:\users\la ilaha ila allh
2016-01-26 13:15 . 2016-01-26 13:15	--------	d-----w-	C:\Recovery
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-02-02 20:38 . 2010-11-20 21:29	6656	----a-w-	c:\windows\system32\lpcio.dll
2015-12-08 14:25 . 2015-12-08 14:25	205800	----a-w-	c:\windows\system32\drivers\eamonm.sys
2015-11-27 12:03 . 2015-11-27 12:03	56944	----a-w-	c:\windows\system32\drivers\epfwwfp.sys
2015-11-27 12:03 . 2015-11-27 12:03	44608	----a-w-	c:\windows\system32\drivers\EpfwLWF.sys
2015-11-27 12:03 . 2015-11-27 12:03	161992	----a-w-	c:\windows\system32\drivers\epfw.sys
2015-11-27 12:03 . 2015-11-27 12:03	146024	----a-w-	c:\windows\system32\drivers\ehdrv.sys
2015-11-27 12:03 . 2015-11-27 12:03	111040	----a-w-	c:\windows\system32\drivers\ekbdflt.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GUDelayStartup"="c:\program files\Glary Utilities 5\StartupManager.exe" [2016-02-01 37056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2016-01-27 150552]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2016-01-27 173592]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2016-01-27 141848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk * 
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Server4PC.lnk]
backup=c:\windows\pss\Server4PC.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snagit 9.lnk]
backup=c:\windows\pss\Snagit 9.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
2016-01-27 20:57	14688512	----a-w-	c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-02-02 102912]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-10-05 51928]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2015-11-27 56944]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2015-12-08 205800]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2015-11-27 146024]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys [2015-11-27 44608]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys [2016-02-02 17472]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2016-01-27 23840]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys [2015-11-27 111040]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2015-11-19 1983424]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-10-05 1513784]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-05 1135416]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-10-05 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2016-02-03 170200]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2016-01-27 769280]
S3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\DRIVERS\SkyNET.SYS [2010-05-10 627288]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-01-28 23:41	1090376	----a-w-	c:\program files\Google\Chrome\Application\48.0.2564.97\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-01-26 15:23]
.
2016-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-01-26 15:23]
.
.
------- Supplementary Scan -------
.
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 0.0.0.0
FF - ProfilePath - c:\users\la ilaha ila allh\AppData\Roaming\Mozilla\Firefox\Profiles\jtafc60t.default\
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3437434051-828108660-2755165165-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):62,4a,2f,4b,5c,e7,e4,35,c4,77,cb,c7,6c,a1,98,3d,f4,ba,04,5d,f2,
   26,d6,bf,1d,00,ec,cc,bb,db,9d,93,a0,f1,27,68,72,72,f5,77,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3437434051-828108660-2755165165-1000_Classes\CLSID\{ee234b8e-72e4-4e2d-a195-9ebabe370c80}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000020
"Therad"=dword:00000008
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-02-03  20:15:09
ComboFix-quarantined-files.txt  2016-02-03 19:15
.
Pre-Run: 34,698,035,200 bytes free
Post-Run: 34,568,724,480 bytes free
.
- - End Of File - - 97438CE66617AAF8BA995CD5278FAC36
A36C5E4F47E84449FF07ED3517B43A31