ComboFix 16-01-31.01 - ÇÍãÏ ãÍãæÏ ãÍãÏãÍãæÏ 02/03/2016  14:24:29.3.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1256.966.1025.18.3062.2246 [GMT 3:00]
Running from: c:\users\??Ú? Ú?Úµ? Ú?Ú?Ú?Úµ?\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ÇÍãÏ ãÍãæÏ ãÍãÏãÍãæÏ\AppData\Roaming\e329d265
c:\users\ÇÍãÏ ãÍãæÏ ãÍãÏãÍãæÏ\AppData\Roaming\e329d265\e329d265.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2016-01-03 to 2016-02-03  )))))))))))))))))))))))))))))))
.
.
2016-02-03 11:29 . 2016-02-03 11:29	--------	d-----w-	c:\users\Default\AppData\Local\temp
2016-02-03 03:30 . 2016-02-03 03:30	--------	d-----w-	c:\program files\Microsoft Synchronization Services
2016-02-03 03:29 . 2016-02-03 03:29	--------	d-----w-	c:\windows\PCHEALTH
2016-02-03 03:29 . 2016-02-03 03:29	--------	d-----w-	c:\program files\Microsoft Sync Framework
2016-02-03 03:29 . 2016-02-03 03:29	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition
2016-02-03 03:29 . 2016-02-03 03:29	--------	d-----w-	c:\program files\Microsoft Visual Studio 8
2016-02-03 03:28 . 2016-02-03 03:28	--------	d-----w-	c:\program files\Microsoft Analysis Services
2016-02-03 03:27 . 2016-02-03 03:33	--------	d-----w-	c:\programdata\Microsoft Help
2016-02-03 03:27 . 2016-02-03 03:27	--------	d-----r-	C:\MSOCache
2016-02-03 02:57 . 2015-12-16 07:15	9014120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{61EAD56D-DDDE-48DA-A80A-DBD43184D459}\mpengine.dll
2016-02-01 11:08 . 2016-02-01 11:08	--------	d-----w-	c:\programdata\hik
2016-02-01 11:08 . 2016-02-01 11:08	--------	d-----w-	c:\program files\hicloud
2016-01-28 15:19 . 2016-01-28 15:19	--------	d-----w-	c:\program files\Common Files\InstallShield
2016-01-28 14:38 . 2015-12-11 18:35	951808	----a-w-	c:\windows\system32\aeinv.dll
2016-01-27 19:29 . 2016-01-27 19:29	--------	d-s---w-	c:\windows\system32\CompatTel
2016-01-27 19:29 . 2016-01-27 19:29	--------	d-----w-	c:\windows\system32\appraiser
2016-01-26 15:53 . 2016-01-26 15:56	--------	d-s---w-	c:\windows\system32\GWX
2016-01-26 11:50 . 2016-01-26 11:50	--------	d-----w-	c:\windows\Migration
2016-01-26 08:55 . 2015-01-09 02:48	76800	----a-w-	c:\windows\system32\wdi.dll
2016-01-26 08:55 . 2015-01-09 02:48	635904	----a-w-	c:\windows\system32\perftrack.dll
2016-01-26 08:55 . 2015-01-09 02:48	27136	----a-w-	c:\windows\system32\powertracker.dll
2016-01-26 08:47 . 2012-07-26 03:39	47720	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2016-01-26 08:47 . 2012-07-26 02:46	9728	----a-w-	c:\windows\system32\Wdfres.dll
2016-01-26 08:47 . 2012-07-26 02:32	155136	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2016-01-26 08:47 . 2012-07-26 03:21	196608	----a-w-	c:\windows\system32\WUDFHost.exe
2016-01-26 08:47 . 2012-07-26 03:20	73216	----a-w-	c:\windows\system32\WUDFSvc.dll
2016-01-26 08:47 . 2012-07-26 03:20	613888	----a-w-	c:\windows\system32\WUDFx.dll
2016-01-26 08:47 . 2012-07-26 03:20	38912	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2016-01-26 08:47 . 2012-07-26 03:20	172032	----a-w-	c:\windows\system32\WUDFPlatform.dll
2016-01-26 08:47 . 2012-07-26 02:33	66560	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2016-01-26 08:45 . 2015-12-08 21:53	641536	----a-w-	c:\windows\system32\advapi32.dll
2016-01-26 08:44 . 2015-07-10 17:34	36864	----a-w-	c:\windows\system32\tsgqec.dll
2016-01-26 08:44 . 2015-07-10 17:34	3221504	----a-w-	c:\windows\system32\mstscax.dll
2016-01-26 08:44 . 2015-07-10 17:33	131584	----a-w-	c:\windows\system32\aaclient.dll
2016-01-26 08:44 . 2011-04-29 02:46	311808	----a-w-	c:\windows\system32\drivers\srv.sys
2016-01-26 08:44 . 2011-04-29 02:46	310272	----a-w-	c:\windows\system32\drivers\srv2.sys
2016-01-26 08:44 . 2011-04-29 02:46	114688	----a-w-	c:\windows\system32\drivers\srvnet.sys
2016-01-26 08:44 . 2013-02-12 03:32	15872	----a-w-	c:\windows\system32\drivers\usb8023.sys
2016-01-26 08:43 . 2015-11-11 18:39	1242624	----a-w-	c:\windows\system32\comsvcs.dll
2016-01-26 08:43 . 2015-11-11 18:39	487936	----a-w-	c:\windows\system32\catsrvut.dll
2016-01-26 08:42 . 2015-07-01 20:30	206848	----a-w-	c:\windows\system32\WebClnt.dll
2016-01-26 08:42 . 2015-07-01 20:30	82432	----a-w-	c:\windows\system32\davclnt.dll
2016-01-26 08:42 . 2012-11-02 05:11	376832	----a-w-	c:\windows\system32\dpnet.dll
2016-01-26 08:42 . 2011-02-18 05:39	31232	----a-w-	c:\windows\system32\prevhost.exe
2016-01-26 08:42 . 2013-10-30 02:19	301568	----a-w-	c:\windows\system32\msieftp.dll
2016-01-26 08:42 . 2015-11-17 00:42	591872	----a-w-	c:\windows\system32\invagent.dll
2016-01-26 08:42 . 2015-11-17 00:42	633856	----a-w-	c:\windows\system32\generaltel.dll
2016-01-26 08:42 . 2015-11-17 00:42	425984	----a-w-	c:\windows\system32\devinv.dll
2016-01-26 08:42 . 2015-11-17 00:42	65536	----a-w-	c:\windows\system32\acmigration.dll
2016-01-26 08:42 . 2015-11-16 20:12	176128	----a-w-	c:\windows\system32\aepic.dll
2016-01-26 08:42 . 2015-06-03 20:17	1167520	----a-w-	c:\windows\system32\aitstatic.exe
2016-01-26 08:40 . 2015-08-27 17:58	1391104	----a-w-	c:\windows\system32\msxml6.dll
2016-01-26 08:40 . 2015-08-27 17:58	1241088	----a-w-	c:\windows\system32\msxml3.dll
2016-01-26 08:40 . 2015-08-27 17:51	2048	----a-w-	c:\windows\system32\msxml6r.dll
2016-01-26 08:40 . 2015-08-27 17:51	2048	----a-w-	c:\windows\system32\msxml3r.dll
2016-01-26 08:40 . 2013-01-24 04:47	196328	----a-w-	c:\windows\system32\drivers\fvevol.sys
2016-01-26 08:40 . 2015-08-05 17:41	751104	----a-w-	c:\windows\system32\schedsvc.dll
2016-01-26 08:39 . 2014-11-11 02:44	186880	----a-w-	c:\windows\system32\pku2u.dll
2016-01-26 08:39 . 2015-06-15 21:43	2364416	----a-w-	c:\windows\system32\msi.dll
2016-01-26 08:39 . 2015-06-15 21:43	337408	----a-w-	c:\windows\system32\msihnd.dll
2016-01-26 08:39 . 2015-06-15 21:42	73216	----a-w-	c:\windows\system32\msiexec.exe
2016-01-26 08:39 . 2015-06-15 21:37	25088	----a-w-	c:\windows\system32\msimsg.dll
2016-01-26 08:39 . 2011-03-03 05:38	132608	----a-w-	c:\windows\system32\dnsrslvr.dll
2016-01-26 08:39 . 2011-03-03 05:36	28672	----a-w-	c:\windows\system32\dnscacheugc.exe
2016-01-26 08:39 . 2011-10-01 04:37	708608	----a-w-	c:\program files\Common Files\System\wab32.dll
2016-01-26 08:37 . 2015-07-15 17:59	78784	----a-w-	c:\windows\system32\drivers\mountmgr.sys
2016-01-26 08:37 . 2015-07-15 17:55	1159168	----a-w-	c:\windows\system32\sysmain.dll
2016-01-26 08:37 . 2015-07-15 17:54	10752	----a-w-	c:\windows\system32\msmmsp.dll
2016-01-26 08:37 . 2011-08-17 04:24	465408	----a-w-	c:\windows\system32\psisdecd.dll
2016-01-26 08:37 . 2011-08-17 04:19	75776	----a-w-	c:\windows\system32\psisrndr.ax
2016-01-26 08:37 . 2011-12-30 05:27	478720	----a-w-	c:\windows\system32\timedate.cpl
2016-01-26 08:36 . 2015-11-05 19:00	2048	----a-w-	c:\windows\system32\tzres.dll
2016-01-26 08:34 . 2015-11-20 18:34	93696	----a-w-	c:\windows\system32\wudriver.dll
2016-01-26 08:33 . 2015-01-17 02:30	828928	----a-w-	c:\windows\system32\msctf.dll
2016-01-26 08:33 . 2014-02-04 02:07	149440	----a-w-	c:\windows\system32\drivers\storport.sys
2016-01-26 08:33 . 2014-02-04 02:07	234432	----a-w-	c:\windows\system32\drivers\msiscsi.sys
2016-01-26 08:33 . 2014-02-04 02:07	27072	----a-w-	c:\windows\system32\drivers\Diskdump.sys
2016-01-26 08:33 . 2014-02-04 02:00	2048	----a-w-	c:\windows\system32\iologmsg.dll
2016-01-26 08:33 . 2012-10-03 16:42	175104	----a-w-	c:\windows\system32\netcorehc.dll
2016-01-26 08:33 . 2012-10-03 16:40	499712	----a-w-	c:\windows\system32\iphlpsvc.dll
2016-01-26 08:33 . 2012-10-03 16:42	18944	----a-w-	c:\windows\system32\netevent.dll
2016-01-26 08:33 . 2012-10-03 15:21	35328	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2016-01-26 08:32 . 2015-07-22 17:53	937984	----a-w-	c:\windows\system32\diagtrack.dll
2016-01-26 08:32 . 2015-07-22 16:38	41984	----a-w-	c:\windows\system32\UtcResources.dll
2016-01-26 08:32 . 2015-07-22 17:53	635392	----a-w-	c:\windows\system32\tdh.dll
2016-01-26 08:30 . 2014-06-18 01:52	399360	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
2016-01-26 08:30 . 2014-06-18 01:51	646144	----a-w-	c:\windows\system32\osk.exe
2016-01-26 08:30 . 2015-08-06 17:44	1498624	----a-w-	c:\windows\system32\ExplorerFrame.dll
2016-01-26 08:30 . 2011-02-12 05:35	191488	----a-w-	c:\windows\system32\FXSCOVER.exe
2016-01-26 08:30 . 2015-07-30 17:57	1987584	----a-w-	c:\windows\system32\d3d10warp.dll
2016-01-26 08:30 . 2011-10-15 05:38	534528	----a-w-	c:\windows\system32\EncDec.dll
2016-01-26 08:30 . 2012-07-04 21:14	41984	----a-w-	c:\windows\system32\browcli.dll
2016-01-26 08:30 . 2012-07-04 21:14	102912	----a-w-	c:\windows\system32\browser.dll
2016-01-26 08:29 . 2014-01-24 02:18	1212352	----a-w-	c:\windows\system32\drivers\ntfs.sys
2016-01-26 08:29 . 2015-05-25 18:01	92160	----a-w-	c:\windows\system32\sechost.dll
2016-01-26 08:29 . 2015-05-25 18:00	40448	----a-w-	c:\windows\system32\typeperf.exe
2016-01-26 08:29 . 2015-05-25 18:00	364544	----a-w-	c:\windows\system32\tracerpt.exe
2016-01-26 08:29 . 2015-05-25 18:00	37888	----a-w-	c:\windows\system32\relog.exe
2016-01-26 08:29 . 2015-05-25 18:00	82944	----a-w-	c:\windows\system32\logman.exe
2016-01-26 08:29 . 2015-05-25 18:00	17408	----a-w-	c:\windows\system32\diskperf.exe
2016-01-26 08:29 . 2015-04-18 02:56	342016	----a-w-	c:\windows\system32\certcli.dll
2016-01-26 08:29 . 2010-12-23 05:54	642048	----a-w-	c:\windows\system32\CPFilters.dll
2016-01-26 08:29 . 2010-12-23 05:54	850944	----a-w-	c:\windows\system32\sbe.dll
2016-01-26 08:29 . 2010-12-23 05:50	199680	----a-w-	c:\windows\system32\mpg2splt.ax
2016-01-26 08:28 . 2015-04-27 19:05	179200	----a-w-	c:\windows\system32\wintrust.dll
2016-01-26 08:28 . 2015-04-27 19:04	143872	----a-w-	c:\windows\system32\cryptsvc.dll
2016-01-26 08:28 . 2015-04-27 19:04	1174528	----a-w-	c:\windows\system32\crypt32.dll
2016-01-26 08:28 . 2015-04-27 19:04	103936	----a-w-	c:\windows\system32\cryptnet.dll
2016-01-26 08:28 . 2015-11-03 18:56	627712	----a-w-	c:\windows\system32\usp10.dll
2016-01-26 08:28 . 2015-04-13 03:19	259072	----a-w-	c:\windows\system32\services.exe
2016-01-26 08:28 . 2015-12-08 21:53	305664	----a-w-	c:\windows\system32\gdi32.dll
2016-01-26 08:28 . 2014-08-01 11:35	793600	----a-w-	c:\windows\system32\TSWorkspace.dll
2016-01-26 08:27 . 2014-04-05 02:25	1294272	----a-w-	c:\windows\system32\drivers\tcpip.sys
2016-01-26 08:27 . 2013-11-26 11:11	240576	----a-w-	c:\windows\system32\drivers\netio.sys
2016-01-26 08:27 . 2014-04-05 02:24	187840	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2016-01-26 08:27 . 2015-10-01 17:50	96768	----a-w-	c:\windows\system32\appidpolicyconverter.exe
2016-01-26 08:27 . 2015-10-01 17:50	50176	----a-w-	c:\windows\system32\setbcdlocale.dll
2016-01-26 08:27 . 2015-10-01 17:50	50688	----a-w-	c:\windows\system32\appidapi.dll
2016-01-26 08:27 . 2015-10-01 17:50	28160	----a-w-	c:\windows\system32\appidsvc.dll
2016-01-26 08:27 . 2015-10-01 17:50	16896	----a-w-	c:\windows\system32\appidcertstorecheck.exe
2016-01-26 08:27 . 2015-10-01 16:53	50176	----a-w-	c:\windows\system32\drivers\appid.sys
2016-01-26 08:27 . 2015-12-08 21:53	509952	----a-w-	c:\windows\system32\qedit.dll
2016-01-26 08:25 . 2014-10-25 01:32	67584	----a-w-	c:\windows\system32\packager.dll
2016-01-26 08:25 . 2014-12-11 17:47	46592	----a-w-	c:\windows\system32\TSWbPrxy.exe
2016-01-26 08:25 . 2014-12-19 02:43	164864	----a-w-	c:\windows\system32\profsvc.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-05 17:36 . 2015-11-05 17:36	28352	----a-w-	c:\windows\system32\aspnet_counters.dll
2015-11-05 17:36 . 2015-11-05 17:36	18600	----a-w-	c:\windows\system32\msvcr110_clr0400.dll
2015-11-05 17:36 . 2015-11-05 17:36	18600	----a-w-	c:\windows\system32\msvcr100_clr0400.dll
2015-11-05 17:36 . 2015-11-05 17:36	18600	----a-w-	c:\windows\system32\msvcp110_clr0400.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02	23008	----a-w-	c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2015-04-20 3898960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SPUpDateServerrun"="c:\program files\hicloud\update_server\startUp.exe" [2015-06-15 15232]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R1 bxxydofj;bxxydofj;c:\windows\system32\drivers\bxxydofj.sys [x]
R1 wdagnved;wdagnved;c:\windows\system32\drivers\wdagnved.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-12-12 102912]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2015-06-11 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2015-04-18 122432]
S3 yukonw7;ÈÑäÇãÌ ÊÔÛíá ÇáãäÝÐ ÇáãÕÛÑ NDIS6.2 áÜ Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc	REG_MULTI_SZ   	DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-01-29 10:32	1090376	----a-w-	c:\program files\Google\Chrome\Application\48.0.2564.97\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-02-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-21 17:21]
.
2016-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-01-21 17:16]
.
2016-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-01-21 17:16]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com.eg/
IE: ÅÑ&ÓÇá Åáì OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Ê&ÕÏíÑ Åáì Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: ÊÍãíá Çáßá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: ÊÍãíá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\ÇÍãÏ ãÍãæÏ ãÍãÏãÍãæÏ\AppData\Roaming\Mozilla\Firefox\Profiles\kjqq8s3q.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-Run-e329d265 - c:\users\ÇÍãÏ ãÍãæÏ ãÍãÏãÍãæÏ\AppData\Roaming\e329d265\e329d265.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1247624099-1115864786-4014763201-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ac,fc,6d,c2,fb,39,ac,a2,ec,d4,0c,af,04,46,84,e2,b0,b6,bd,9e,e1,
   d1,62,ad,57,95,f9,02,e9,ce,52,85,e2,13,b0,1b,62,a5,03,b9,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1247624099-1115864786-4014763201-1001_Classes\CLSID\{eb5ac76a-f38e-48e5-bd47-1800e0e0b962}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000011a
"Therad"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_20_0_0_286_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_20_0_0_286_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\GWX\GWX.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\conhost.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2016-02-03  14:34:51 - machine was rebooted
ComboFix-quarantined-files.txt  2016-02-03 11:34
ComboFix2.txt  2016-01-23 04:59
ComboFix3.txt  2016-01-21 20:38
.
Pre-Run: 17,198,903,296 bytes free
Post-Run: 16,841,482,240 bytes free
.
- - End Of File - - F1DACC7B55C29A4C705734DF04D85155
A36C5E4F47E84449FF07ED3517B43A31