ComboFix 16-04-22.01 - TOSHIBA 24/04/2016  20:08:51.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.8152.6022 [GMT 2:00]
Running from: c:\users\TOSHIBA\Desktop\ComboFix.exe
AV: ESET Smart Security 9.0.349.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 9.0.375.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2016-03-24 to 2016-04-24  )))))))))))))))))))))))))))))))
.
.
2016-04-24 18:15 . 2016-04-24 18:15	--------	d-----w-	c:\users\Public\AppData\Local\temp
2016-04-24 18:15 . 2016-04-24 18:15	--------	d-----w-	c:\users\HomeGroupUser$\AppData\Local\temp
2016-04-24 18:15 . 2016-04-24 18:15	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2016-04-24 18:15 . 2016-04-24 18:15	--------	d-----w-	c:\users\Default\AppData\Local\temp
2016-04-24 18:15 . 2016-04-24 18:15	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2016-04-23 23:06 . 2016-04-23 23:46	--------	d-----w-	C:\NPE
2016-04-23 23:00 . 2016-04-23 23:14	--------	d-----w-	C:\UsbFix
2016-04-23 21:43 . 2016-04-23 21:43	194048	----a-w-	c:\windows\SysWow64\elshyph.dll
2016-04-22 23:03 . 2016-04-24 09:36	--------	d-----w-	C:\FRST
2016-04-22 09:19 . 2016-03-17 01:45	11686560	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{38D82154-1426-4C9B-8949-BF895BDFF412}\mpengine.dll
2016-04-20 22:08 . 2016-04-20 23:38	--------	d-----w-	c:\users\TOSHIBA\Doctor Web
2016-04-20 21:40 . 2016-04-20 23:57	--------	d-----w-	c:\programdata\SecTaskMan
2016-04-19 22:45 . 2016-04-19 22:45	--------	d-----w-	c:\programdata\regid.1991-06.com.microsoft
2016-04-17 15:16 . 2016-04-17 15:16	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2016-04-13 10:49 . 2016-03-16 18:50	156672	----a-w-	c:\windows\system32\mtxoci.dll
2016-04-13 10:49 . 2016-03-16 18:28	111616	----a-w-	c:\windows\SysWow64\mtxoci.dll
2016-04-13 10:49 . 2016-03-16 18:28	176128	----a-w-	c:\windows\SysWow64\msorcl32.dll
2016-04-13 10:49 . 2016-03-16 18:27	286720	----a-w-	c:\program files (x86)\Common Files\System\Ole DB\msdaora.dll
2016-04-13 10:47 . 2016-03-16 00:16	760320	----a-w-	c:\windows\system32\samsrv.dll
2016-04-13 10:47 . 2016-03-16 00:16	106496	----a-w-	c:\windows\system32\samlib.dll
2016-04-13 10:47 . 2016-03-15 23:53	60416	----a-w-	c:\windows\SysWow64\samlib.dll
2016-04-08 11:17 . 2016-04-04 18:14	38120	----a-w-	c:\windows\system32\CompatTelRunner.exe
2016-04-08 11:17 . 2016-04-04 18:02	1169408	----a-w-	c:\windows\system32\aeinv.dll
2016-04-08 11:17 . 2016-04-02 13:08	1386496	----a-w-	c:\windows\system32\appraiser.dll
2016-04-06 11:37 . 2016-04-06 11:37	--------	d-----w-	c:\program files\Malwarebytes
2016-04-02 09:29 . 2016-04-24 16:36	192216	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-04-02 09:28 . 2016-04-02 09:28	--------	d-----w-	c:\program files (x86)\Malwarebytes Anti-Malware
2016-04-02 09:28 . 2016-03-10 12:09	64896	----a-w-	c:\windows\system32\drivers\mwac.sys
2016-04-02 09:28 . 2016-03-10 12:08	140672	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2016-04-02 09:28 . 2016-03-10 12:08	27008	----a-w-	c:\windows\system32\drivers\mbam.sys
2016-04-01 11:03 . 2016-03-17 18:04	698368	----a-w-	c:\windows\system32\generaltel.dll
2016-04-01 11:03 . 2016-03-23 14:02	215040	----a-w-	c:\windows\system32\aepic.dll
2016-04-01 11:03 . 2016-03-17 18:04	499200	----a-w-	c:\windows\system32\devinv.dll
2016-04-01 11:03 . 2016-03-17 18:04	279040	----a-w-	c:\windows\system32\invagent.dll
2016-04-01 11:03 . 2016-03-17 18:04	76800	----a-w-	c:\windows\system32\acmigration.dll
2016-03-31 12:39 . 2016-03-31 12:39	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2016-03-29 18:28 . 2016-04-20 01:13	--------	d-----w-	c:\program files (x86)\ZHPFix
2016-03-29 01:37 . 2016-03-29 01:37	--------	d-----w-	c:\users\TOSHIBA\AppData\Local\TempTaskUpdateDetection3E51398E-B540-4901-BBC7-5FEF2ED345AB
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-24 14:02 . 2016-01-27 15:44	59776	----a-w-	c:\windows\system32\drivers\farflt.sys
2016-04-23 02:08 . 2012-07-31 00:39	286966	----a-w-	C:\DUMP3a32.tmp
2016-04-19 23:17 . 2014-10-06 20:34	24688	----a-w-	c:\windows\system32\drivers\TrueSight.sys
2016-04-13 11:38 . 2013-08-28 20:27	135176864	----a-w-	c:\windows\system32\MRT.exe
2016-04-06 08:18 . 2010-11-21 03:27	453280	------w-	c:\windows\system32\MpSigStub.exe
2016-03-19 00:54 . 2015-11-16 10:21	84800	----a-w-	c:\windows\system32\drivers\epfwwfp.sys
2016-03-19 00:54 . 2015-11-16 10:21	53384	----a-w-	c:\windows\system32\drivers\EpfwLWF.sys
2016-03-19 00:54 . 2015-11-16 10:21	198096	----a-w-	c:\windows\system32\drivers\epfw.sys
2016-03-19 00:54 . 2015-11-16 10:21	264552	----a-w-	c:\windows\system32\drivers\eamonm.sys
2016-03-17 22:24 . 2016-04-13 10:46	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2016-03-14 18:15 . 2015-11-23 23:50	642328	----a-w-	c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2016-03-14 12:14 . 2015-07-10 15:37	797376	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2016-03-14 12:14 . 2015-07-10 15:37	142528	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-03-09 12:05 . 2016-03-09 12:05	14800	----a-w-	c:\windows\WiseHDInfo64.dll
2016-03-02 17:40 . 2015-10-28 16:18	2	--s-atr-	c:\windows\winstart.bat
2016-02-17 10:41 . 2016-02-17 10:41	22704	----a-w-	c:\windows\system32\drivers\EsgScanner.sys
2016-02-12 18:52 . 2016-03-04 12:08	98816	----a-w-	c:\windows\system32\wudriver.dll
2016-02-12 18:52 . 2016-03-04 12:08	3169792	----a-w-	c:\windows\system32\wucltux.dll
2016-02-12 18:52 . 2016-03-04 12:08	192512	----a-w-	c:\windows\system32\wuwebv.dll
2016-02-12 18:44 . 2016-03-04 12:08	91136	----a-w-	c:\windows\system32\WinSetupUI.dll
2016-02-12 18:39 . 2016-03-04 12:08	174080	----a-w-	c:\windows\SysWow64\wuwebv.dll
2016-02-12 18:22 . 2016-03-04 12:08	2610688	----a-w-	c:\windows\system32\wuaueng.dll
2016-02-12 18:19 . 2016-03-04 12:08	709120	----a-w-	c:\windows\system32\wuapi.dll
2016-02-12 18:18 . 2016-03-04 12:08	140288	----a-w-	c:\windows\system32\wuauclt.exe
2016-02-12 18:18 . 2016-03-04 12:08	37888	----a-w-	c:\windows\system32\wuapp.exe
2016-02-12 18:18 . 2016-03-04 12:08	36864	----a-w-	c:\windows\system32\wups.dll
2016-02-12 18:18 . 2016-03-04 12:08	37888	----a-w-	c:\windows\system32\wups2.dll
2016-02-12 18:18 . 2016-03-04 12:08	12288	----a-w-	c:\windows\system32\wu.upgrade.ps.dll
2016-02-12 18:06 . 2016-03-04 12:08	573440	----a-w-	c:\windows\SysWow64\wuapi.dll
2016-02-12 18:05 . 2016-03-04 12:08	93696	----a-w-	c:\windows\SysWow64\wudriver.dll
2016-02-12 18:05 . 2016-03-04 12:08	30208	----a-w-	c:\windows\SysWow64\wups.dll
2016-02-12 18:05 . 2016-03-04 12:08	35328	----a-w-	c:\windows\SysWow64\wuapp.exe
2016-02-09 09:57 . 2016-03-09 09:09	12625920	----a-w-	c:\windows\system32\wmploc.DLL
2016-02-09 09:57 . 2016-03-09 09:09	14634496	----a-w-	c:\windows\system32\wmp.dll
2016-02-09 09:56 . 2016-03-09 09:09	5120	----a-w-	c:\windows\system32\msdxm.ocx
2016-02-09 09:56 . 2016-03-09 09:09	5120	----a-w-	c:\windows\system32\dxmasf.dll
2016-02-09 09:55 . 2016-03-09 09:09	30720	----a-w-	c:\windows\system32\seclogon.dll
2016-02-09 09:54 . 2016-03-09 09:09	9728	----a-w-	c:\windows\system32\spwmp.dll
2016-02-09 09:51 . 2016-03-09 09:09	12625408	----a-w-	c:\windows\SysWow64\wmploc.DLL
2016-02-09 09:13 . 2016-03-09 09:09	4096	----a-w-	c:\windows\SysWow64\msdxm.ocx
2016-02-09 09:13 . 2016-03-09 09:09	4096	----a-w-	c:\windows\SysWow64\dxmasf.dll
2016-02-09 09:13 . 2016-03-09 09:09	8192	----a-w-	c:\windows\SysWow64\spwmp.dll
2016-02-05 18:56 . 2016-03-16 00:34	20480	----a-w-	c:\windows\system32\tbs.dll
2016-02-05 18:54 . 2016-03-09 09:09	41472	----a-w-	c:\windows\system32\lpk.dll
2016-02-05 18:54 . 2016-03-16 00:34	109568	----a-w-	c:\windows\system32\fveapibase.dll
2016-02-05 18:54 . 2016-03-09 09:09	100864	----a-w-	c:\windows\system32\fontsub.dll
2016-02-05 18:53 . 2016-03-09 09:09	14336	----a-w-	c:\windows\system32\dciman32.dll
2016-02-05 18:53 . 2016-03-09 09:09	46080	----a-w-	c:\windows\system32\atmlib.dll
2016-02-05 18:50 . 2016-03-09 09:09	25600	----a-w-	c:\windows\SysWow64\lpk.dll
2016-02-05 18:44 . 2016-03-09 09:09	70656	----a-w-	c:\windows\SysWow64\fontsub.dll
2016-02-05 18:42 . 2016-03-09 09:09	10240	----a-w-	c:\windows\SysWow64\dciman32.dll
2016-02-05 17:48 . 2016-03-09 09:09	372736	----a-w-	c:\windows\system32\atmfd.dll
2016-02-05 17:43 . 2016-03-09 09:09	299520	----a-w-	c:\windows\SysWow64\atmfd.dll
2016-02-05 17:43 . 2016-03-09 09:09	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2016-02-05 17:33 . 2016-03-16 00:34	15360	----a-w-	c:\windows\SysWow64\tbs.dll
2016-02-05 01:19 . 2016-03-09 09:09	381440	----a-w-	c:\windows\system32\mfds.dll
2016-02-04 18:41 . 2016-03-09 09:09	296448	----a-w-	c:\windows\SysWow64\mfds.dll
2016-02-03 18:58 . 2016-03-09 09:11	862208	----a-w-	c:\windows\system32\oleaut32.dll
2016-02-03 18:52 . 2016-03-09 09:11	84992	----a-w-	c:\windows\system32\asycfilt.dll
2016-02-03 18:49 . 2016-03-09 09:11	572416	----a-w-	c:\windows\SysWow64\oleaut32.dll
2016-02-03 18:43 . 2016-03-09 09:11	67584	----a-w-	c:\windows\SysWow64\asycfilt.dll
2016-02-03 18:07 . 2016-03-09 09:11	91648	----a-w-	c:\windows\system32\drivers\USBSTOR.SYS
2016-02-02 18:57 . 2016-03-16 00:34	511488	----a-w-	c:\windows\system32\rpcss.dll
2016-02-01 19:08 . 2016-03-16 00:34	114624	----a-w-	c:\windows\system32\consent.exe
2016-02-01 18:59 . 2016-03-16 00:34	3243008	----a-w-	c:\windows\system32\msi.dll
2016-02-01 18:59 . 2016-03-16 00:34	504320	----a-w-	c:\windows\system32\msihnd.dll
2016-02-01 18:59 . 2016-03-16 00:34	25088	----a-w-	c:\windows\system32\msimsg.dll
2016-02-01 18:56 . 2016-03-16 00:34	1940992	----a-w-	c:\windows\system32\authui.dll
2016-02-01 18:56 . 2016-03-16 00:34	70144	----a-w-	c:\windows\system32\appinfo.dll
2016-02-01 18:49 . 2016-03-16 00:34	2364928	----a-w-	c:\windows\SysWow64\msi.dll
2016-02-01 18:49 . 2016-03-16 00:34	337408	----a-w-	c:\windows\SysWow64\msihnd.dll
2016-02-01 18:49 . 2016-03-16 00:34	25088	----a-w-	c:\windows\SysWow64\msimsg.dll
2016-02-01 18:45 . 2016-03-16 00:34	1805824	----a-w-	c:\windows\SysWow64\authui.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-04-19 22:42	1741104	----a-w-	c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-04-19 22:42	1741104	----a-w-	c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-04-19 22:42	1741104	----a-w-	c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Exploit"="c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe" [2016-01-29 2622432]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Malwarebytes Anti-Ransomware.lnk - c:\program files\Malwarebytes\Anti-Ransomware\mbarw.exe [2016-4-6 653280]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-2 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoThemesTab"= 0 (0x0)
"NoDispAppearence"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleNetIDList"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"RequireSignedAppInit_DLLs"=0 (0x0)
"AppInit_DLLs"=c:\progra~2\KeyCryptSDK\KeyCrypt32(1).dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\kissvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\kyrdl.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ESETCleanersDriver;ESET Cleaner Service;c:\windows\system32\Drivers\ESETCleanersDriver.sys;c:\windows\SYSNATIVE\Drivers\ESETCleanersDriver.sys [x]
R3 farflt;farflt;c:\windows\system32\drivers\farflt.sys;c:\windows\SYSNATIVE\drivers\farflt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
R3 pwftap;PRIVATE WiFi Adapter;c:\windows\system32\DRIVERS\pwftap.sys;c:\windows\SYSNATIVE\DRIVERS\pwftap.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R4 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe;c:\windows\SYSNATIVE\GFNEXSrv.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R4 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
R4 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [x]
R4 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\ekbdflt.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 MB3Service;MB3Service;c:\program files\Malwarebytes\Anti-Ransomware\MBAMService.exe;c:\program files\Malwarebytes\Anti-Ransomware\MBAMService.exe [x]
S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NovaPdfServer;novaPDF Server;c:\program files\Softland\novaPDF 8\Server\novapdfs.exe;c:\program files\Softland\novaPDF 8\Server\novapdfs.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-22 21:03	1186968	----a-w-	c:\program files (x86)\Google\Chrome\Application\50.0.2661.87\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-03-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-10 12:14]
.
2015-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-04-21 11:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-04-19 22:42	2348848	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-04-19 22:42	2348848	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-04-19 22:42	2348848	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\KeyCryptSDK\KeyCrypt64(1).dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-88354160.sys
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1870027983-4264097883-3264919129-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6D985EE8-D9A6-CB7F-1C2E-989A34D0789B}*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-04-24  20:17:40
ComboFix-quarantined-files.txt  2016-04-24 18:17
.
Pre-Run: 252,927,299,584 bytes free
Post-Run: 252,775,890,944 bytes free
.
- - End Of File - - 60D3F2F2F0B24B3F956E3885066A1660
5B5E648D12FCADC244C1EC30318E1EB9