ComboFix 14-08-06.02 - Administrator 10/08/2014   0:16.1.2 - x64 NETWORK
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.4095.3246 [GMT 2:00]
Running from: d:\mijn documenten\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-09 to 2014-08-09  )))))))))))))))))))))))))))))))
.
.
2014-08-09 16:10 . 2014-08-09 15:58	24064	----a-w-	c:\windows\zoek-delete.exe
2014-08-09 15:58 . 2014-08-09 16:06	--------	d-----w-	C:\zoek_backup
2014-08-09 13:27 . 2014-08-09 13:27	--------	d-----w-	c:\program files\trend micro
2014-08-09 13:27 . 2014-08-09 13:27	--------	d-----w-	C:\rsit
2014-08-09 10:08 . 2010-08-30 06:34	536576	----a-w-	c:\windows\SysWow64\sqlite3.dll
2014-08-09 10:07 . 2014-08-09 10:10	--------	d-----w-	C:\AdwCleaner
2014-08-09 09:27 . 2014-08-09 19:59	122584	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-09 09:27 . 2014-08-09 09:29	--------	d-----w-	c:\program files (x86)\Malwarebytes Anti-Malware
2014-08-09 09:27 . 2014-05-12 05:26	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-08-09 09:27 . 2014-05-12 05:26	91352	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-08-09 09:27 . 2014-05-12 05:25	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-08-09 08:54 . 2014-08-09 08:54	388096	----a-r-	c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-08-09 08:54 . 2014-08-09 08:54	--------	d-----w-	c:\program files (x86)\Trend Micro
2014-08-09 07:31 . 2014-08-09 07:31	--------	d-sh--w-	c:\users\Administrator\AppData\Local\EmieUserList
2014-08-09 07:31 . 2014-08-09 07:31	--------	d-sh--w-	c:\users\Administrator\AppData\Local\EmieSiteList
2014-08-05 15:50 . 2014-07-02 03:09	10924376	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{622D2F95-A309-4204-84BE-D5E64859B718}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-23 08:52 . 2010-11-21 03:27	270496	------w-	c:\windows\system32\MpSigStub.exe
2014-07-09 21:42 . 2012-04-12 13:41	96441528	----a-w-	c:\windows\system32\MRT.exe
2014-07-09 16:17 . 2013-10-05 17:07	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 16:17 . 2013-10-05 17:07	699056	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-04 15:41 . 2013-09-26 22:52	427360	----a-w-	c:\windows\system32\drivers\aswsp.sys
2014-07-04 15:38 . 2014-04-18 14:06	29208	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2014-07-04 15:38 . 2013-12-17 20:09	92008	----a-w-	c:\windows\system32\drivers\aswstm.sys
2014-07-04 15:38 . 2013-09-26 22:52	1041168	----a-w-	c:\windows\system32\drivers\aswsnx.sys
2014-07-04 15:38 . 2013-09-26 22:52	224896	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-07-04 15:38 . 2013-09-26 22:52	65776	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-07-04 15:38 . 2013-09-26 22:52	79184	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-07-04 15:38 . 2014-07-04 15:38	43152	----a-w-	c:\windows\avastSS.scr
2014-07-04 15:38 . 2013-09-26 22:52	93568	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2014-07-04 15:38 . 2013-09-26 22:52	307344	----a-w-	c:\windows\system32\aswBoot.exe
2014-06-20 20:14 . 2014-07-09 16:05	266424	----a-w-	c:\windows\system32\iedkcs32.dll
2014-06-19 01:39 . 2014-07-09 16:05	23464448	----a-w-	c:\windows\system32\mshtml.dll
2014-06-19 01:06 . 2014-07-09 16:05	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-06-19 01:06 . 2014-07-09 16:05	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-06-19 00:48 . 2014-07-09 16:05	2768384	----a-w-	c:\windows\system32\iertutil.dll
2014-06-19 00:42 . 2014-07-09 16:05	548352	----a-w-	c:\windows\system32\vbscript.dll
2014-06-19 00:42 . 2014-07-09 16:05	66048	----a-w-	c:\windows\system32\iesetup.dll
2014-06-19 00:41 . 2014-07-09 16:05	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-06-19 00:41 . 2014-07-09 16:05	83968	----a-w-	c:\windows\system32\MshtmlDac.dll
2014-06-19 00:32 . 2014-07-09 16:05	51200	----a-w-	c:\windows\system32\jsproxy.dll
2014-06-19 00:31 . 2014-07-09 16:05	33792	----a-w-	c:\windows\system32\iernonce.dll
2014-06-19 00:26 . 2014-07-09 16:05	598016	----a-w-	c:\windows\system32\ieui.dll
2014-06-19 00:24 . 2014-07-09 16:05	139264	----a-w-	c:\windows\system32\ieUnatt.exe
2014-06-19 00:24 . 2014-07-09 16:05	111616	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-06-19 00:23 . 2014-07-09 16:05	752640	----a-w-	c:\windows\system32\jscript9diag.dll
2014-06-19 00:14 . 2014-07-09 16:05	940032	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-06-19 00:09 . 2014-07-09 16:05	452608	----a-w-	c:\windows\system32\dxtmsft.dll
2014-06-18 23:59 . 2014-07-09 16:05	38400	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 23:56 . 2014-07-09 16:05	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-06-18 23:53 . 2014-07-09 16:05	195584	----a-w-	c:\windows\system32\msrating.dll
2014-06-18 23:51 . 2014-07-09 16:05	5721088	----a-w-	c:\windows\system32\jscript9.dll
2014-06-18 23:50 . 2014-07-09 16:05	85504	----a-w-	c:\windows\system32\mshtmled.dll
2014-06-18 23:48 . 2014-07-09 16:05	292864	----a-w-	c:\windows\system32\dxtrans.dll
2014-06-18 23:39 . 2014-07-09 16:05	608768	----a-w-	c:\windows\system32\ie4uinit.exe
2014-06-18 23:38 . 2014-07-09 16:05	455168	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-06-18 23:37 . 2014-07-09 16:05	61952	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-06-18 23:36 . 2014-07-09 16:05	51200	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35 . 2014-07-09 16:05	62464	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2014-06-18 23:33 . 2014-07-09 16:05	631808	----a-w-	c:\windows\system32\msfeeds.dll
2014-06-18 23:27 . 2014-07-09 16:05	1249280	----a-w-	c:\windows\system32\mshtmlmedia.dll
2014-06-18 23:27 . 2014-07-09 16:05	2040832	----a-w-	c:\windows\system32\inetcpl.cpl
2014-06-18 23:23 . 2014-07-09 16:05	112128	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-06-18 23:22 . 2014-07-09 16:05	592896	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2014-06-18 23:06 . 2014-07-09 16:05	32256	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58 . 2014-07-09 16:05	2266112	----a-w-	c:\windows\system32\wininet.dll
2014-06-18 22:52 . 2014-07-09 16:05	4254720	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-06-18 22:51 . 2014-07-09 16:05	13527040	----a-w-	c:\windows\system32\ieframe.dll
2014-06-18 22:46 . 2014-07-09 16:05	1068032	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45 . 2014-07-09 16:05	1964544	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-06-18 22:34 . 2014-07-09 16:05	1393664	----a-w-	c:\windows\system32\urlmon.dll
2014-06-18 22:15 . 2014-07-09 16:05	846336	----a-w-	c:\windows\system32\ieapfltr.dll
2014-06-18 22:13 . 2014-07-09 16:05	1791488	----a-w-	c:\windows\SysWow64\wininet.dll
2014-06-18 02:18 . 2014-07-09 16:05	692736	----a-w-	c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 16:05	646144	----a-w-	c:\windows\SysWow64\osk.exe
2014-06-18 01:10 . 2014-07-09 16:05	3157504	----a-w-	c:\windows\system32\win32k.sys
2014-06-06 10:10 . 2014-07-09 16:05	624128	----a-w-	c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-09 16:05	509440	----a-w-	c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-09 16:05	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-09 16:05	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-09 16:05	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2014-05-30 08:08 . 2014-07-09 16:05	210944	----a-w-	c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-09 16:05	86528	----a-w-	c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-09 16:05	340992	----a-w-	c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-09 16:05	314880	----a-w-	c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-09 16:05	307200	----a-w-	c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-09 16:05	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-09 16:05	22016	----a-w-	c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-09 16:05	172032	----a-w-	c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-09 16:05	65536	----a-w-	c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-09 16:05	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-09 16:05	220160	----a-w-	c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-09 16:05	259584	----a-w-	c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-09 16:05	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-09 16:05	17408	----a-w-	c:\windows\SysWow64\credssp.dll
2014-05-30 06:45 . 2014-07-09 16:05	497152	----a-w-	c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\users\Administrator\AppData\Roaming\BitTorrent\BitTorrent.exe" [2014-07-02 1267032]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21444224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-29 4085896]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpeedFan.lnk - c:\program files (x86)\SpeedFan\speedfan.exe [2013-3-15 4683768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"DisallowCpl"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R0 aswRvrt;avast! Revert; [x]
R0 aswVmm;avast! VM Monitor; [x]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-19 05:07	1104200	----a-w-	c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-05 16:17]
.
2014-08-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-314402250-4030852005-2585651184-500Core.job
- c:\users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-01-04 19:08]
.
2014-08-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-314402250-4030852005-2585651184-500UA.job
- c:\users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-01-04 19:08]
.
2014-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-23 16:34]
.
2014-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-23 16:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-04 15:38	634872	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-02 16330272]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\Microsoft Office\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\Microsoft Office\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 195.130.130.1 195.130.131.1
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\9eqhxou0.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2c,96,
   6f,f6,63,4f,02,ae,f2,54,e5,1d,78,e6,6a
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b5,e0,
   a9,12,5d,34,06,a3,29,1d,ea,00,ce,47,eb
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,07,47,
   37,c5,08,08,09,b1,a8,90,f0,67,6e,07,85
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,3b,1b,44,3b,4d,
   93,1e,fe,d2,07,b5,26,8e,26,00,c9,c8,12
"{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}"=hex:51,66,7a,6c,4c,1d,3b,1b,6b,3f,99,
   2c,ac,0d,d0,0a,90,92,20,d6,10,8a,09,e1
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8a,07,
   6b,c3,85,41,09,af,e0,8b,83,f1,99,68,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,db,
   c6,76,f7,36,0c,a5,7f,c3,7c,c1,85,cd,bd
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:40,ae,de,eb,a8,d7,ce,01
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,8a,90,ea,da,4c,6a,42,82,06,3b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,8a,90,ea,da,4c,6a,42,82,06,3b,\
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mkv"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vob\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.vob"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-314402250-4030852005-2585651184-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-08-10  00:23:38
ComboFix-quarantined-files.txt  2014-08-09 22:23
.
Pre-Run: 8.498.528.256 bytes free
Post-Run: 8.314.753.024 bytes free
.
- - End Of File - - EF4F8491994644D40F289E6FD69CDC9A
A36C5E4F47E84449FF07ED3517B43A31