Combo Fix

ComboFix 17-01-29.01 - anil 02/09/2017 13:56:24.1.
4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4004.2658 [GMT 5.5:30]
Running from: c:\users\anil\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other
Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
C:\prefs.js
c:\programdata\1459879372.bdinstall.bin
c:\programdata\1460723392.6344.bin
c:\programdata\service.exe
c:\programdata\windows security
c:\programdata\windows security\winsecurity.exe
c:\users\anil\AppData\Local\Microsoft\Windows\Temporary Internet Files\{337A75B6-
A963-4817-A962-A8C0B0BB0ADA}.xps
c:\users\anil\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B520AC3E-
C924-4DFB-B18C-EC3627120EEC}.xps
c:\users\anil\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C75A0AA4-
F823-4EF0-82C3-446742655E92}.xps
c:\users\anil\Documents\~WRL2620.tmp
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))
)))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
-------\Service_GoogleChromeUpService
-------\Service_WINDOWSSECURITY
-------\Service_WINDOWSSECURITY
.
.
((((((((((((((((((((((((( Files Created from 2017-01-09 to 2017-02-
09 )))))))))))))))))))))))))))))))
.
.
2017-02-09 07:53 . 2017-02-09 07:56 140672 ----a-w-
c:\windows\system32\drivers\mbamchameleon.sys
2017-02-09 06:27 . 2017-02-09 06:27 -------- d-----w-
c:\users\anil\AppData\Local\UCBrowser
2017-02-09 06:19 . 2017-02-09 06:19 250912 ----a-w-
c:\windows\SysWow64\kz.exe
2017-02-09 06:15 . 2017-02-09 06:15 -------- d-----w-
c:\users\anil\AppData\Roaming\gplyra
2017-02-09 06:14 . 2017-02-09 07:02 -------- d-----w-
c:\users\anil\AppData\Roaming\WMPNetworkAcSvc
2017-02-09 06:14 . 2017-02-09 06:14 -------- d-----w- c:\programdata\Avira
2017-02-09 06:14 . 2017-02-09 08:16 -------- d-----w-
c:\users\anil\AppData\Roaming\Ckonotainatuqey
2017-02-09 06:14 . 2017-02-09 06:14 -------- d-----w- c:\program files
(x86)\Lertoingstilse Configuration
2017-02-09 06:14 . 2017-02-09 06:14 -------- d-----w-
c:\users\anil\AppData\Roaming\Profiles
(x86)\Pluteward
2017-02-09 06:07 . 2017-02-09 06:08 -------- d-----w-
c:\users\anil\AppData\Local\app
(x86)\UCBrowser
2017-02-09 06:04 . 2017-02-09 06:04 29030 ----a-w-
c:\programdata\agent.1486620236.bdinstall.bin
2017-02-09 06:01 . 2017-02-09 06:11 -------- d-----w-
c:\users\anil\AppData\Roaming\KuaiZip
2017-02-09 06:01 . 2017-02-09 06:01 -------- d-----w-
c:\users\anil\AppData\Roaming\Softlink
2017-02-09 06:00 . 2017-02-09 06:00 -------- d-----w-
c:\users\anil\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
(x86)\PtVQAtGmEG
2017-02-09 05:57 . 2017-02-09 05:58 -------- d-----w-
c:\users\anil\AppData\Roaming\Note-UP
2017-02-09 05:54 . 2017-02-09 05:54 215264 ----a-w-
c:\programdata\cl.uninstall.1486619465.bdinstall.bin
2017-02-08 15:43 . 2017-02-08 15:43 -------- d-----w-
c:\users\anil\AppData\Roaming\Energia
2017-02-03 17:13 . 2017-02-03 17:17 -------- d-----w-
c:\users\anil\AppData\Local\{3C070A5B-18AF-66E3-7537-430B515FBF93}
(x86)\EaseUS
2017-02-02 05:51 . 2017-02-02 05:51 -------- d-----w- c:\windows\Downloaded
Installations
2017-01-25 14:48 . 2017-01-25 14:48 -------- d-----w- c:\program files\MATLAB
2017-01-19 19:58 . 2011-11-24 18:55 15360 ----a-w-
c:\windows\system32\drivers\pneteth.sys
(x86)\PdaNet for Android
2017-01-19 19:44 . 2017-01-19 19:55 -------- dc----w-
c:\windows\system32\DRVSTORE
2017-01-17 18:01 . 2017-01-17 18:01 -------- d-----w-
c:\users\anil\AppData\Roaming\MathWorks
2017-01-16 09:54 . 2017-01-26 12:14 -------- d-----w-
c:\users\anil\AppData\Roaming\CodeBlocks
2017-01-10 14:03 . 2017-01-10 14:03 369407 ----a-w-
c:\programdata\cl.1484056635.bdinstall.bin
2017-01-10 13:37 . 2016-12-30 22:43 12229912 ----a-w-
c:\programdata\Microsoft\Windows Defender\Definition Updates\{06034957-5CE3-
4BC3-8FFD-61E262D2FCCF}\mpengine.dll
2017-01-10 13:28 . 2017-01-10 13:28 28789 ----a-w-
2017-01-10 13:20 . 2017-01-10 13:20 28719 ----a-w-
2017-01-10 13:20 . 2017-01-10 13:20 28718 ----a-w-
2017-01-10 13:19 . 2017-01-10 13:19 46915 ----a-w-
2017-01-10 11:55 . 2017-01-10 11:55 29029 ----a-w-
2017-01-10 11:19 . 2017-01-10 11:19 35660 ----a-w-
c:\programdata\dm.1484047110.bdinstall.bin
2017-01-10 11:17 . 2017-01-10 11:17 20419 ----a-w-
2017-01-10 11:17 . 2017-01-10 11:17 20419 ----a-w-
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M
Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-01-12 18:19 . 2016-03-22 23:15 135657872 -c--a-w-
c:\windows\system32\MRT.exe
2017-01-12 15:53 . 2016-11-16 12:54 802904 ----a-w-
c:\windows\SysWow64\FlashPlayerApp.exe
2017-01-12 15:53 . 2016-11-16 12:54 144472 ----a-w-
c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-12-27 05:37 . 2016-12-27 05:37 2074624 ----a-w-
c:\programdata\Microsoft\Network\Dsq\network\sysnetwk.exe
2016-12-12 10:42 . 2016-12-12 10:42 39642 ----a-w-
2016-12-11 10:49 . 2016-12-11 10:49 56593 ----a-w-
2016-12-11 08:38 . 2016-12-11 08:38 47037 ----a-w-
2016-11-29 17:04 . 2016-11-29 17:04 28352 ----a-w-
c:\windows\SysWow64\aspnet_counters.dll
2016-11-29 17:04 . 2016-11-29 17:04 19112 ----a-w-
c:\windows\SysWow64\msvcr110_clr0400.dll
2016-11-29 17:04 . 2016-11-29 17:04 19112 ----a-w-
c:\windows\SysWow64\msvcr100_clr0400.dll
2016-11-29 17:04 . 2016-11-29 17:04 19112 ----a-w-
c:\windows\SysWow64\msvcp110_clr0400.dll
2016-11-29 16:57 . 2016-11-29 16:57 30400 ----a-w-
c:\windows\system32\aspnet_counters.dll
2016-11-29 16:57 . 2016-11-29 16:57 19112 ----a-w-
c:\windows\system32\msvcr110_clr0400.dll
2016-11-29 16:57 . 2016-11-29 16:57 19112 ----a-w-
c:\windows\system32\msvcr100_clr0400.dll
2016-11-29 16:57 . 2016-11-29 16:57 19112 ----a-w-
c:\windows\system32\msvcp110_clr0400.dll
2016-11-21 18:12 . 2016-12-14 06:55 109568 ----a-w-
c:\windows\system32\hlink.dll
2016-11-20 16:19 . 2016-12-14 06:55 84992 ----a-w- c:\windows\SysWow64\hlink.dll
2016-11-20 14:07 . 2016-12-14 06:55 467392 ----a-w-
c:\windows\system32\drivers\cng.sys
2016-11-17 16:41 . 2016-12-14 06:55 370920 ----a-w-
c:\windows\system32\clfs.sys
2016-11-14 23:27 . 2016-12-14 06:55 394448 ----a-w-
c:\windows\system32\iedkcs32.dll
2016-11-12 19:48 . 2016-12-14 06:55 2724864 ----a-w-
c:\windows\system32\mshtml.tlb
2016-11-12 19:48 . 2016-12-14 06:55 4096 ----a-w-
c:\windows\system32\ieetwcollectorres.dll
2016-11-12 19:28 . 2016-12-14 06:55 66560 ----a-w-
c:\windows\system32\iesetup.dll
2016-11-12 19:26 . 2016-12-14 06:55 48640 ----a-w-
c:\windows\system32\ieetwproxystub.dll
2016-11-12 19:26 . 2016-12-14 06:55 417792 ----a-w-
c:\windows\system32\html.iec
2016-11-12 19:25 . 2016-12-14 06:55 88064 ----a-w-
c:\windows\system32\MshtmlDac.dll
2016-11-12 19:25 . 2016-12-14 06:55 576000 ----a-w-
c:\windows\system32\vbscript.dll
2016-11-12 19:21 . 2016-12-14 06:55 2896384 ----a-w-
c:\windows\system32\iertutil.dll
2016-11-12 19:15 . 2016-12-14 06:55 54784 ----a-w-
c:\windows\system32\jsproxy.dll
2016-11-12 19:14 . 2016-12-14 06:55 34304 ----a-w-
c:\windows\system32\iernonce.dll
2016-11-12 19:09 . 2016-12-14 06:55 615936 ----a-w-
c:\windows\system32\ieui.dll
2016-11-12 19:08 . 2016-12-14 06:55 114688 ----a-w-
c:\windows\system32\ieetwcollector.exe
2016-11-12 19:08 . 2016-12-14 06:55 144384 ----a-w-
c:\windows\system32\ieUnatt.exe
2016-11-12 19:08 . 2016-12-14 06:55 25759744 ----a-w-
c:\windows\system32\mshtml.dll
2016-11-12 19:07 . 2016-12-14 06:55 814080 ----a-w-
c:\windows\system32\jscript9diag.dll
2016-11-12 19:07 . 2016-12-14 06:55 817664 ----a-w-
c:\windows\system32\jscript.dll
2016-11-12 18:56 . 2016-12-14 06:55 968704 ----a-w-
c:\windows\system32\MsSpellCheckingFacility.exe
2016-11-12 18:53 . 2016-12-14 06:55 6049280 ----a-w-
c:\windows\system32\jscript9.dll
2016-11-12 18:52 . 2016-12-14 06:55 489984 ----a-w-
c:\windows\system32\dxtmsft.dll
2016-11-12 18:47 . 2016-12-14 06:55 2724864 ----a-w-
c:\windows\SysWow64\mshtml.tlb
2016-11-12 18:41 . 2016-12-14 06:55 77824 ----a-w-
c:\windows\system32\JavaScriptCollectionAgent.dll
2016-11-12 18:40 . 2016-12-14 06:55 107520 ----a-w-
c:\windows\system32\inseng.dll
2016-11-12 18:35 . 2016-12-14 06:55 199680 ----a-w-
c:\windows\system32\msrating.dll
2016-11-12 18:34 . 2016-12-14 06:55 92160 ----a-w-
c:\windows\system32\mshtmled.dll
2016-11-12 18:31 . 2016-12-14 06:55 315392 ----a-w-
c:\windows\system32\dxtrans.dll
2016-11-12 18:30 . 2016-12-14 06:55 62464 ----a-w-
c:\windows\SysWow64\iesetup.dll
2016-11-12 18:29 . 2016-12-14 06:55 47616 ----a-w-
c:\windows\SysWow64\ieetwproxystub.dll
2016-11-12 18:29 . 2016-12-14 06:55 498688 ----a-w-
c:\windows\SysWow64\vbscript.dll
2016-11-12 18:29 . 2016-12-14 06:55 341504 ----a-w-
c:\windows\SysWow64\html.iec
2016-11-12 18:28 . 2016-12-14 06:55 152064 ----a-w-
c:\windows\system32\occache.dll
2016-11-12 18:27 . 2016-12-14 06:55 64000 ----a-w-
c:\windows\SysWow64\MshtmlDac.dll
2016-11-12 18:14 . 2016-12-14 06:55 115712 ----a-w-
c:\windows\SysWow64\ieUnatt.exe
2016-11-12 18:14 . 2016-12-14 06:55 262144 ----a-w-
c:\windows\system32\webcheck.dll
2016-11-12 18:14 . 2016-12-14 06:55 620032 ----a-w-
c:\windows\SysWow64\jscript9diag.dll
2016-11-12 18:11 . 2016-12-14 06:55 725504 ----a-w-
c:\windows\system32\ie4uinit.exe
2016-11-12 18:10 . 2016-12-14 06:55 806912 ----a-w-
c:\windows\system32\msfeeds.dll
2016-11-12 18:08 . 2016-12-14 06:55 1359360 ----a-w-
c:\windows\system32\mshtmlmedia.dll
2016-11-12 18:08 . 2016-12-14 06:55 2131456 ----a-w-
c:\windows\system32\inetcpl.cpl
2016-11-12 17:57 . 2016-12-14 06:55 60416 ----a-w-
c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2016-11-12 17:41 . 2016-12-14 06:55 15257088 ----a-w-
c:\windows\system32\ieframe.dll
2016-11-12 17:37 . 2016-12-14 06:55 4608000 ----a-w-
c:\windows\SysWow64\jscript9.dll
2016-11-12 17:36 . 2016-12-14 06:55 2055680 ----a-w-
c:\windows\SysWow64\inetcpl.cpl
2016-11-12 17:36 . 2016-12-14 06:55 1155072 ----a-w-
c:\windows\SysWow64\mshtmlmedia.dll
2016-11-12 17:35 . 2016-12-14 06:55 2920960 ----a-w-
c:\windows\system32\wininet.dll
2016-11-12 17:20 . 2016-12-14 06:55 1543680 ----a-w-
c:\windows\system32\urlmon.dll
2016-11-12 17:11 . 2016-12-14 06:55 800768 ----a-w-
c:\windows\system32\ieapfltr.dll
2016-11-12 17:05 . 2016-12-14 06:55 2444800 ----a-w-
c:\windows\SysWow64\wininet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading
Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\anil\AppData\Roaming\uTorrent\uTorrent.exe" [2017-02-03
2143936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-
21 91520]
.
c:\users\anil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2017-
1-20 1029944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows
nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN
v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\wind
ows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 serverss;SSServiceComponent;c:\windows\Temp\BF55.tmp;c:\windows\Temp\BF55.tmp
[x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU
Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.
sys [x]
R3 easytether;EasyTether Network
Adapter;c:\windows\system32\DRIVERS\easytthr.sys;c:\windows\SYSNATIVE\DRIVERS\easyt
thr.sys [x]
R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program
files\Common Files\Macrovision Shared\FlexNet
Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision
Shared\FlexNet Publisher\FNPLicensingService64.exe [x]
R3 ggflt;SOMC USB Flash Driver
Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys
[x]
R3 ggsomc;SOMC USB Flash
Driver;c:\windows\system32\DRIVERS\ggsomc.sys;c:\windows\SYSNATIVE\DRIVERS\ggsomc.s
ys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector
Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.
exe [x]
R3 pneteth;PdaNet
Broadband;c:\windows\system32\DRIVERS\pneteth.sys;c:\windows\SYSNATIVE\DRIVERS\pnet
eth.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC
Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC
Companion\PCCService.exe [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU
Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.
sys [x]
R3
TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\dri
vers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies
Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSv
c.exe [x]
S2
aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksd
f.sys [x]
S2 DiagTrack;Diagnostics Tracking
Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Ghutuge;Ghutuge;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe
[x]
S2 hasplms;Sentinel LDK License Manager;c:\windows\system32\hasplms.exe
-run;c:\windows\SYSNATIVE\hasplms.exe -run [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring
Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.
exe [x]
S2 mpich2_smpd;MPICH2 Process Manager, Argonne National Lab;c:\program
files\Lumerical\MPICH2\smpd.exe;c:\program files\Lumerical\MPICH2\smpd.exe [x]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files
(x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe;c:\program files
(x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification
Service;c:\program files (x86)\Intel\Intel(R) Management Engine
Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine
Components\UNS\UNS.exe [x]
S2 WMPNetworkAcSvc;Windows Media Player Network Access
Service;c:\users\anil\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe;c:\users\
anil\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe [x]
S2 XBOX;Xbox Live Network Service;c:\program files\XBox\XBLive.exe;c:\program
files\XBox\XBLive.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows
nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr
QWAVE wcncsvc
kuaizipupdatesvc REG_MULTI_SZ KuaizipUpdateChecker
Ghutuge REG_MULTI_SZ Ghutuge
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost
- NetSvcs
HpSvc
WpSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed
components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-12-23 18:10 323152 ----a-w- c:\program files (x86)\Adobe\Acrobat
Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2017-02-04 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe [2017-01-12
15:53]
.
2017-02-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-16
15:53]
.
2016-04-09 c:\windows\Tasks\AVG_SYS_TASK_0216piz.job
- c:\programdata\Avg_Update_0216piz\AVG-Secure-Search-Update_0216piz.exe [2016-04-
05 09:06]
.
2016-04-09 c:\windows\Tasks\AVG_SYS_TASK_0216piz_DELETE.job
- c:\programdata\Avg_Update_0216piz\AVG-Secure-Search-Update_0216piz.exe [2016-04-
05 09:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-18 11775592]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2015-06-01 183216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2015-06-01 411056]
"Persistence"="c:\windows\system32\igfxpers.exe" [2015-06-01 453552]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:8080;https=127.0.0.1:8080
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
.
.
------- File Associations -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Icecream_Screen_Recorder_Prefetcher - c:\program files
(x86)\Icecream Screen Recorder\recorder.exe
Wow6432Node-HKCU-Run-GenieFloater - c:\program files (x86)\Genie Soft\Genie
Cleaner\GenieFloater.exe
Wow6432Node-HKLM-Run-EaseUS EPM tray - c:\program files (x86)\EaseUS\EaseUS
Partition Master 11.9\bin\EpmNews.exe
Wow6432Node-HKLM-Run-EaseUS Cleanup - c:\program files (x86)\EaseUS\EaseUS
Partition Master 11.9\bin\CleanUpUI.exe
SafeBoot-BsScanner
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellExecuteHooks-{5A8290FA-EABE-11E6-8B43-64006A5CFC23} -
c:\users\anil\AppData\Roaming\Ckonotainatuqey\Shatertherterwery.dll
AddRemove-Mobogenie3 - c:\program files (x86)\Mobogenie3\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\serverss]
"ImagePath"="c:\windows\Temp\BF55.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\EA8Z1B3479]
@Denied: (Read) (Everyone)
.
[HKEY_USERS\.Default\Software\Locky]
.
[HKEY_USERS\LocalService\Software\EA8Z1B3479]
.
[HKEY_USERS\LocalService\Software\Locky]
.
[HKEY_USERS\S-1-5-20\Software\EA8Z1B3479]
.
[HKEY_USERS\S-1-5-20\Software\Locky]
.
[HKEY_USERS\S-1-5-21-1041014595-1845525511-1101466430-1000\Software\EA8Z1B3479]
.
[HKEY_USERS\S-1-5-21-1041014595-1845525511-1101466430-1000\Software\Locky]
.
[HKEY_USERS\S-1-5-21-1041014595-1845525511-1101466430-
1000_Classes\Software\EA8Z1B3479]
.
[HKEY_USERS\S-1-5-21-1041014595-1845525511-1101466430-1000_Classes\Software\Locky]
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_24_0_0_194_
ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-
D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_24_0_0_194_ActiveX.exe"
.
D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-
A108237013BD}]
@="IFlashBroker6"
.
A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-
D2C18CA0866F}]
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_24_0_0_194_
ActiveX.exe,-101"
.
D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_24_0_0_194_ActiveX.exe"
.
D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
444553540000}]
@="Shockwave Flash Object"
.
444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_194.ocx"
"ThreadingModel"="Apartment"
.
444553540000}\MiscStatus]
@="0"
.
444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.24"
.
444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_194.ocx, 1"
.
444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
444553540000}\Version]
@="1.0"
.
444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-
444553540000}]
@="Macromedia Flash Factory Object"
.
444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_194.ocx"
"ThreadingModel"="Apartment"
.
444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_194.ocx, 1"
.
444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
444553540000}\Version]
@="1.0"
.
444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-
8F48-A108237013BD}]
@="IFlashBroker6"
.
8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\
{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft
Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\hasplms.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2017-02-09 14:05:48 - machine was rebooted
ComboFix-quarantined-files.txt 2017-02-09 08:35
.
Pre-Run: 7,219,970,048 bytes free
Post-Run: 6,602,391,552 bytes free
.
- - End Of File - - FC5AD6BFE0C5FBC175C7BA14879E0080
A36C5E4F47E84449FF07ED3517B43A31

Combo Fix

Uploaded by

Document Informationclick to expand document information

Copyright:

Available Formats

Combo Fix

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Combo Fix

Uploaded by

Copyright:

Available Formats

ComboFix 17-01-29.01 - anil 02/09/2017 13:56:24.1.

You might also like