Scribd
Upload
45 views

Combo Fix

This document contains a log from the ComboFix tool that was run on a Windows 7 system. The log details files and programs that were deleted, drivers and services found, and files created between given dates. It also contains a Find3M report listing files on the system by size.

Uploaded by

Ingles Escobedo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
45 views

Combo Fix

This document contains a log from the ComboFix tool that was run on a Windows 7 system. The log details files and programs that were deleted, drivers and services found, and files created between given dates. It also contains a Find3M report listing files on the system by size.

Uploaded by

Ingles Escobedo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 16

ComboFix 17-07-31.01 - Casa 16/02/2018 20:04:19.4.

2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.34.3082.18.4001.644 [GMT 1:00]
Running from: f:\cleaners\ComboFix.exe
AV: Avast Antivirus *Enabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Enabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other
Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Casa\AppData\Local\assembly\tmp
c:\users\Casa\AppData\Local\assembly\tmp\ONARY9AY\__AssemblyInfo__.ini
c:\users\Casa\AppData\Local\assembly\tmp\ONARY9AY\AddinExpress.MSO.2005.DLL
c:\users\Casa\AppData\Local\Temp\dllnt_dump.dll
c:\users\Casa\AppData\Roaming\Propellerhead Software\ReCycle
c:\users\Casa\AppData\Roaming\Propellerhead Software\ReCycle\ReCycle Preferences
File.prf
c:\users\Casa\AppData\Roaming\Propellerhead Software\ReCycle\ReCycle220.dat
c:\windows\security\logs\scecomp.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))
)))))))))))))))))))))))))))
.
.
-------\Legacy_WINISOCDBUS
-------\Service_WinisoCDBus
.
.
((((((((((((((((((((((((( Files Created from 2018-01-16 to 2018-02-
16 )))))))))))))))))))))))))))))))
.
.
2018-02-16 21:15 . 2018-02-16 21:15 -------- d-----w-
c:\users\Public\AppData\Local\temp
2018-02-16 21:15 . 2018-02-16 21:15 -------- d-----w-
c:\users\Default\AppData\Local\temp
2018-02-16 21:15 . 2018-02-16 21:15 -------- d-----w-
c:\users\Cas\AppData\Local\temp
2018-02-16 18:57 . 2018-02-16 18:57 -------- d-----w- C:\avast! sandbox
2018-02-16 14:33 . 2018-02-16 21:58 253880 ----a-w-
c:\windows\system32\drivers\mbamswissarmy.sys
2018-01-26 21:05 . 2018-01-26 21:06 -------- d-----w- c:\program files\iTunes
2018-01-25 07:36 . 2018-01-25 07:36 -------- d-----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M
Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-02-16 18:46 . 2015-09-30 14:57 36608 ----a-w-
c:\windows\system32\drivers\TrueSight.sys
2018-01-10 18:20 . 2017-12-02 06:32 457896 ----a-w-
c:\windows\system32\drivers\aswSP.sys
2018-01-10 18:20 . 2017-12-02 06:32 146648 ----a-w-
c:\windows\system32\drivers\aswMonFlt.sys
2018-01-10 11:55 . 2017-10-11 01:15 129365736 -c--a-w- c:\windows\system32\MRT-
KB890830.exe
2018-01-10 11:55 . 2012-03-22 05:58 129365736 -c--a-w-
c:\windows\system32\MRT.exe
2018-01-01 16:12 . 2018-01-10 04:54 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2018-01-01 02:21 . 2018-01-10 04:54 5581544 ----a-w-
c:\windows\system32\ntoskrnl.exe
2018-01-01 02:21 . 2018-01-10 04:54 1680616 ----a-w-
c:\windows\system32\drivers\ntfs.sys
2018-01-01 02:21 . 2018-01-10 04:54 708328 ----a-w-
c:\windows\system32\winload.efi
2018-01-01 02:21 . 2018-01-10 04:54 948968 ----a-w-
c:\windows\system32\drivers\ndis.sys
2018-01-01 02:21 . 2018-01-10 04:54 288488 ----a-w-
c:\windows\system32\drivers\fltMgr.sys
2018-01-01 02:21 . 2018-01-10 04:54 262376 ----a-w-
c:\windows\system32\hal.dll
2018-01-01 02:21 . 2018-01-10 04:54 213736 ----a-w-
c:\windows\system32\drivers\rdyboost.sys
2018-01-01 02:21 . 2018-01-10 04:54 95464 ----a-w-
c:\windows\system32\drivers\ksecdd.sys
2018-01-01 02:21 . 2018-01-10 04:54 154856 ----a-w-
c:\windows\system32\drivers\ksecpkg.sys
2018-01-01 02:21 . 2018-01-10 04:54 114408 ----a-w-
c:\windows\system32\consent.exe
2018-01-01 02:19 . 2018-01-10 04:54 1665384 ----a-w-
c:\windows\system32\ntdll.dll
2018-01-01 02:18 . 2018-01-10 04:54 361984 ----a-w-
c:\windows\system32\wow64win.dll
2018-01-01 02:18 . 2018-01-10 04:54 243712 ----a-w-
c:\windows\system32\wow64.dll
2018-01-01 02:18 . 2018-01-10 04:54 16896 ----a-w-
c:\windows\system32\wshqos.dll
2018-01-01 02:18 . 2018-01-10 04:54 13312 ----a-w-
c:\windows\system32\wshnetbs.dll
2018-01-01 02:18 . 2018-01-10 04:54 215552 ----a-w-
c:\windows\system32\winsrv.dll
2018-01-01 02:18 . 2018-01-10 04:54 13312 ----a-w-
c:\windows\system32\wow64cpu.dll
2018-01-01 02:18 . 2018-01-10 04:54 1741312 ----a-w-
c:\windows\system32\sysmain.dll
2018-01-01 02:18 . 2018-01-10 04:54 473600 ----a-w-
c:\windows\system32\taskcomp.dll
2018-01-01 02:18 . 2018-01-10 04:54 366592 ----a-w-
c:\windows\system32\wcncsvc.dll
2018-01-01 02:18 . 2018-01-10 04:54 444928 ----a-w-
c:\windows\system32\winhttp.dll
2018-01-01 02:18 . 2018-01-10 04:54 120320 ----a-w-
c:\windows\system32\WcnApi.dll
2018-01-01 02:18 . 2018-01-10 04:54 39424 ----a-w-
c:\windows\system32\traffic.dll
2018-01-01 02:18 . 2018-01-10 04:54 24576 ----a-w-
c:\windows\system32\WcnEapPeerProxy.dll
2018-01-01 02:18 . 2018-01-10 04:54 24064 ----a-w-
c:\windows\system32\WcnEapAuthProxy.dll
2018-01-01 02:18 . 2018-01-10 04:54 22528 ----a-w-
c:\windows\system32\wfapigp.dll
2018-01-01 02:18 . 2018-01-10 04:54 86528 ----a-w- c:\windows\system32\TSpkg.dll
2018-01-01 02:18 . 2018-01-10 04:54 210432 ----a-w-
c:\windows\system32\wdigest.dll
2018-01-01 02:18 . 2018-01-10 04:54 14183936 ----a-w-
c:\windows\system32\shell32.dll
2018-01-01 02:18 . 2018-01-10 04:54 503808 ----a-w-
c:\windows\system32\srcore.dll
2018-01-01 02:18 . 2018-01-10 04:54 50176 ----a-w-
c:\windows\system32\srclient.dll
2018-01-01 02:18 . 2018-01-10 04:54 28672 ----a-w-
c:\windows\system32\sspisrv.dll
2018-01-01 02:18 . 2018-01-10 04:54 135680 ----a-w-
c:\windows\system32\sspicli.dll
2018-01-01 02:18 . 2018-01-10 04:54 63488 ----a-w-
c:\windows\system32\setbcdlocale.dll
2018-01-01 02:18 . 2018-01-10 04:54 1212928 ----a-w-
c:\windows\system32\rpcrt4.dll
2018-01-01 02:18 . 2018-01-10 04:54 1110528 ----a-w-
c:\windows\system32\schedsvc.dll
2018-01-01 02:18 . 2018-01-10 04:54 512000 ----a-w-
c:\windows\system32\rpcss.dll
2018-01-01 02:18 . 2018-01-10 04:54 95744 ----a-w-
c:\windows\system32\rascfg.dll
2018-01-01 02:18 . 2018-01-10 04:54 76288 ----a-w-
c:\windows\system32\rasdiag.dll
2018-01-01 02:18 . 2018-01-10 04:54 41472 ----a-w-
c:\windows\system32\rasmxs.dll
2018-01-01 02:18 . 2018-01-10 04:54 29696 ----a-w-
c:\windows\system32\rasser.dll
2018-01-01 02:18 . 2018-01-10 04:54 345600 ----a-w-
c:\windows\system32\schannel.dll
2018-01-01 02:18 . 2018-01-10 04:54 190464 ----a-w-
c:\windows\system32\rpchttp.dll
2018-01-01 02:18 . 2018-01-10 04:54 28160 ----a-w-
c:\windows\system32\secur32.dll
2018-01-01 02:18 . 2018-01-10 04:54 2066432 ----a-w-
c:\windows\system32\ole32.dll
2018-01-01 02:18 . 2018-01-10 04:54 439296 ----a-w-
c:\windows\system32\p2psvc.dll
2018-01-01 02:18 . 2018-01-10 04:54 842752 ----a-w-
c:\windows\system32\nshwfp.dll
2018-01-01 02:18 . 2018-01-10 04:54 327168 ----a-w-
c:\windows\system32\pnrpsvc.dll
2018-01-01 02:18 . 2018-01-10 04:54 264704 ----a-w-
c:\windows\system32\P2P.dll
2018-01-01 02:18 . 2018-01-10 04:54 16384 ----a-w-
c:\windows\system32\ntvdm64.dll
2018-01-01 02:18 . 2018-01-10 04:54 26112 ----a-w-
c:\windows\system32\oleres.dll
2018-01-01 02:18 . 2018-01-10 04:54 2004480 ----a-w-
c:\windows\system32\msxml6.dll
2018-01-01 02:18 . 2018-01-10 04:54 303104 ----a-w-
c:\windows\system32\nlasvc.dll
2018-01-01 02:18 . 2018-01-10 04:54 223232 ----a-w-
c:\windows\system32\ncsi.dll
2018-01-01 02:18 . 2018-01-10 04:54 70656 ----a-w-
c:\windows\system32\nlaapi.dll
2018-01-01 02:18 . 2018-01-10 04:54 60928 ----a-w-
c:\windows\system32\ndptsp.tsp
2018-01-01 02:18 . 2018-01-10 04:54 316928 ----a-w-
c:\windows\system32\msv1_0.dll
2018-01-01 02:18 . 2018-01-10 04:54 312320 ----a-w-
c:\windows\system32\ncrypt.dll
2018-01-01 02:18 . 2018-01-10 04:54 60416 ----a-w-
c:\windows\system32\msobjs.dll
2018-01-01 02:18 . 2018-01-10 04:54 2048 ----a-w-
c:\windows\system32\msxml6r.dll
2018-01-01 02:18 . 2018-01-10 04:54 828928 ----a-w-
c:\windows\system32\MPSSVC.dll
2018-01-01 02:18 . 2018-01-10 04:54 146432 ----a-w-
c:\windows\system32\msaudite.dll
2018-01-01 02:18 . 2018-01-10 04:54 1460736 ----a-w-
c:\windows\system32\lsasrv.dll
2018-01-01 02:18 . 2018-01-10 04:54 1163264 ----a-w-
c:\windows\system32\kernel32.dll
2018-01-01 02:18 . 2018-01-10 04:54 419840 ----a-w-
c:\windows\system32\KernelBase.dll
2018-01-01 02:18 . 2018-01-10 04:54 47104 ----a-w-
c:\windows\system32\kmddsp.tsp
2018-01-01 02:18 . 2018-01-10 04:54 731648 ----a-w-
c:\windows\system32\kerberos.dll
2018-01-01 02:18 . 2018-01-10 04:54 977408 ----a-w-
c:\windows\system32\inetcomm.dll
2018-01-01 02:18 . 2018-01-10 04:54 863232 ----a-w-
c:\windows\system32\IKEEXT.DLL
2018-01-01 02:18 . 2018-01-10 04:54 108544 ----a-w-
c:\windows\system32\icfupgd.dll
2018-01-01 02:18 . 2018-01-10 04:54 84480 ----a-w-
c:\windows\system32\INETRES.dll
2018-01-01 02:18 . 2018-01-10 04:54 1867776 ----a-w-
c:\windows\system32\ExplorerFrame.dll
2018-01-01 02:18 . 2018-01-10 04:54 749568 ----a-w-
c:\windows\system32\FirewallAPI.dll
2018-01-01 02:18 . 2018-01-10 04:54 101376 ----a-w-
c:\windows\system32\fdWCN.dll
2018-01-01 02:18 . 2018-01-10 04:54 324096 ----a-w-
c:\windows\system32\FWPUCLNT.DLL
2018-01-01 02:18 . 2018-01-10 04:54 44032 ----a-w-
c:\windows\system32\csrsrv.dll
2018-01-01 02:18 . 2018-01-10 04:54 43520 ----a-w-
c:\windows\system32\cryptbase.dll
2018-01-01 02:18 . 2018-01-10 04:54 22016 ----a-w-
c:\windows\system32\credssp.dll
2018-01-01 02:18 . 2018-01-10 04:54 8704 ----a-w-
c:\windows\system32\comcat.dll
2018-01-01 02:18 . 2018-01-10 04:54 1942016 ----a-w-
c:\windows\system32\authui.dll
2018-01-01 02:18 . 2018-01-10 04:54 705024 ----a-w-
c:\windows\system32\BFE.DLL
2018-01-01 02:18 . 2018-01-10 04:54 463872 ----a-w-
c:\windows\system32\certcli.dll
2018-01-01 02:18 . 2018-01-10 04:54 123904 ----a-w-
c:\windows\system32\bcrypt.dll
2018-01-01 02:18 . 2018-01-10 04:54 961024 ----a-w-
c:\windows\system32\actxprxy.dll
2018-01-01 02:18 . 2018-01-10 04:54 880640 ----a-w-
c:\windows\system32\advapi32.dll
2018-01-01 02:18 . 2018-01-10 04:54 70144 ----a-w-
c:\windows\system32\appinfo.dll
2018-01-01 02:18 . 2018-01-10 04:54 59904 ----a-w-
c:\windows\system32\appidapi.dll
2018-01-01 02:18 . 2018-01-10 04:54 34816 ----a-w-
c:\windows\system32\appidsvc.dll
2018-01-01 02:18 . 2018-01-10 04:54 6656 ----a-w-
c:\windows\system32\apisetschema.dll
2018-01-01 02:18 . 2018-01-10 04:54 6144 ---ha-w- c:\windows\system32\api-ms-
win-security-base-l1-1-0.dll
2018-01-01 02:18 . 2018-01-10 04:54 5120 ---ha-w- c:\windows\system32\api-ms-
win-core-file-l1-1-0.dll
2018-01-01 02:18 . 2018-01-10 04:54 4608 ---ha-w- c:\windows\system32\api-ms-
win-core-threadpool-l1-1-0.dll
2018-01-01 02:18 . 2018-01-10 04:54 4608 ---ha-w- c:\windows\system32\api-ms-
win-core-processthreads-l1-1-0.dll
2018-01-01 02:18 . 2018-01-10 04:54 4096 ---ha-w- c:\windows\system32\api-ms-
win-core-sysinfo-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading
Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudDrive"="c:\program files (x86)\Common Files\Apple\Internet
Services\iCloudDrive.exe" [2018-01-10 110392]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-12-11 1564528]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2017-10-06 27832264]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet
Services\iCloudServices.exe" [2018-01-10 67384]
"Chromium"="c:\users\casa\appdata\local\chromium\application\chrome.exe" [2017-01-
20 828416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe"
[2008-12-08 54576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application
Support\APSDaemon.exe" [2018-01-04 67896]
"SwitchBoard"="c:\program files (x86)\Common
Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat
10.0\Acrobat\Acrobat_sl.exe" [2015-09-24 41360]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13
135536]
"HPUsageTrackingLEDM"="c:\program files (x86)\HP\HP UT LEDM\bin\hppusg.exe" [2009-
08-04 30264]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2013-08-15
31048]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center
2\NkMC2.exe" [2011-10-30 571392]
"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-
20 1493288]
"Magic Desktop for HP notification"="c:\programdata\Easybits Magic Desktop for
HP\mdhpSUN.exe" [2015-11-21 1444880]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-12-11
311152]
"Hercules DJ Series"="c:\program files\Hercules\Audio\DJ Console
Series\HDJSeriesCPL.exe" [2009-10-23 639784]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat
10.0\Acrobat\Acrotray.exe" [2015-09-24 840592]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2016-02-03
139776]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2014-05-22
4513792]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2017-11-08
1194048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows
nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.s
ys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Cr
usader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Cr
usaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R0
aswbidsh;aswbidsh;c:\windows\system32\drivers\aswbidsha.sys;c:\windows\SYSNATIVE\dr
ivers\aswbidsha.sys [x]
R0
aswblog;aswblog;c:\windows\system32\drivers\aswbloga.sys;c:\windows\SYSNATIVE\drive
rs\aswbloga.sys [x]
R0
aswbuniv;aswbuniv;c:\windows\system32\drivers\aswbuniva.sys;c:\windows\SYSNATIVE\dr
ivers\aswbuniva.sys [x]
R0
aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys;c:\windows\SYSNATIVE\driver
s\aswRvrt.sys [x]
R0
aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys;c:\windows\SYSNATIVE\drivers\a
swVmm.sys [x]
R1
aswArPot;aswArPot;c:\windows\system32\drivers\aswArPot.sys;c:\windows\SYSNATIVE\dri
vers\aswArPot.sys [x]
R1
aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdrivera.sys;c:\windo
ws\SYSNATIVE\drivers\aswbidsdrivera.sys [x]
R1
aswHdsKe;aswHdsKe;c:\windows\system32\drivers\aswHdsKe.sys;c:\windows\SYSNATIVE\dri
vers\aswHdsKe.sys [x]
R1
aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\a
swSnx.sys [x]
R1
aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswS
P.sys [x]
R2 AGSService;Adobe Genuine Software Integrity Service;c:\program files
(x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe;c:\program files (x86)\Common
Files\Adobe\AdobeGCClient\AGSService.exe [x]
R2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common
Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program
files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
R2
aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\
drivers\aswMonFlt.sys [x]
R2
aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\a
swStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN
v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\wind
ows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common
Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files
(x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 ezSharedSvc;Easybits Services for
Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHos
t.exe [x]
R2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ
Console Series\HerculesDJControlMP3.EXE;c:\program files\Hercules\Audio\DJ Console
Series\HerculesDJControlMP3.EXE [x]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program
files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files
(x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files
(x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client
Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client
Services\HPClientServices.exe [x]
R2 HPSIService;HP SI
Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
R2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe;c:\program files
(x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe;c:\program files
(x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [x]
R2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF
Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files
(x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files
(x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
R2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\SITECOM\300N X2 USB Wireless
LAN Utility\RtlService.exe;c:\program files (x86)\SITECOM\300N X2 USB Wireless LAN
Utility\RtlService.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft
Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft
Application Virtualization Client\sftlist.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files
(x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe
[x]
R2 UNS;Intel(R) Management and Security Application User Notification
Service;c:\program files (x86)\Intel\Intel(R) Management Engine
Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine
Components\UNS\UNS.exe [x]
R2 WsAppService;Wondershare Application Framework Service;c:\program files
(x86)\Wondershare\WAF\2.4.3.229\WsAppService.exe;c:\program files
(x86)\Wondershare\WAF\2.4.3.229\WsAppService.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface
Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb
.sys [x]
R3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST
Software\Avast\x64\aswidsagenta.exe;c:\program files\AVAST
Software\Avast\x64\aswidsagenta.exe [x]
R3
aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\driver
s\aswHwid.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files
(x86)\Browny02\BrYNSvc.exe [x]
R3
Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys;c:\windows\SYSNATIVE\Drivers\H
DJBulk.sys [x]
R3 DCamUSBET;ET USB 2710
Camera;c:\windows\system32\DRIVERS\etDevice64.sys;c:\windows\SYSNATIVE\DRIVERS\etDe
vice64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU
Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.
sys [x]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI
Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtli
tescsibus.sys [x]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB
Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlit
eusbbus.sys [x]
R3 FiltUSBET;ET USB Device Lower
Filter;c:\windows\system32\DRIVERS\etFilter64.sys;c:\windows\SYSNATIVE\DRIVERS\etFi
lter64.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent
Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent
Games\App\GamesAppService.exe [x]
R3 HDJMidi;DJ Control MP3 e2
MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys;c:\windows\SYSNATIVE\DRIVERS\HDJMidi.s
ys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector
Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.
exe [x]
R3
Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impc
d.sys [x]
R3
KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe
[x]
R3
ksapi64;ksapi64;c:\windows\system32\drivers\ksapi64.sys;c:\windows\SYSNATIVE\driver
s\ksapi64.sys [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter
Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.s
ys [x]
R3 mvusbews;USB EWS
Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbe
ws.sys [x]
R3 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program
files (x86)\Nero\Update\NASvc.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet
Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\neta
apl64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport
Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\driver
s\rdpvideominiport.sys [x]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter
Service;c:\windows\system32\DRIVERS\sbfwim.sys;c:\windows\SYSNATIVE\DRIVERS\sbfwim.
sys [x]
R3
sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys;c:\windows\SYSNATIVE\drivers\s
bhips.sys [x]
R3
sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys;c:\windows\SYSNATIVE\DRIVERS\s
bwtis.sys [x]
R3 ScanUSBET;ET USB Still Image Capture
Device;c:\windows\system32\DRIVERS\etScan64.sys;c:\windows\SYSNATIVE\DRIVERS\etScan
64.sys [x]
R3
Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sf
tfslh.sys [x]
R3
Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIV
ERS\Sftplaylh.sys [x]
R3
Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\D
RIVERS\Sftredirlh.sys [x]
R3
Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS
\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft
Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft
Application Virtualization Client\sftvsa.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver
(WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.
sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem
(Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssad
mdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem
Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmd
m.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port
(WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadser
d.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU
Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.
sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU
Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudser
d.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common
Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common
Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3
TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\dri
vers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB
Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD
.sys [x]
R3 USBAAPL64;Apple Mobile USB
Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaa
pl64.sys [x]
R3 vcd10bus;Virtual CD v10 Bus
Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys;c:\windows\SYSNATIVE\DRIVERS\vc
d10bus.sys [x]
R3 WatAdminSvc;Servicio de tecnolog�as de activaci�n de
Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSv
c.exe [x]
R3
wdm_usb;wdm_usb;c:\windows\system32\DRIVERS\usb2ser.sys;c:\windows\SYSNATIVE\DRIVER
S\usb2ser.sys [x]
R3 WsDrvInst;Wondershare Driver Install Service;c:\program files
(x86)\Wondershare\Wondershare Video Converter
Ultimate\Transfer\DriverInstall.exe;c:\program files (x86)\Wondershare\Wondershare
Video Converter Ultimate\Transfer\DriverInstall.exe [x]
R4 DiagTrack;Diagnostics Tracking
Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows
Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 NBVol;Nero Backup Volume Filter
Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys
[x]
S0 NBVolUp;Nero Backup Volume Upper Filter
Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp
.sys [x]
S0
PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Dri
vers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus
Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dts
oftbus01.sys [x]
S1
SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys;c:\windows\SYSNATIVE\drivers\SbFw.sy
s [x]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-
Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe
[x]
S3
MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys;c:\window
s\SYSNATIVE\Drivers\mbamswissarmy.sys [x]
S3 RTL8167;Realtek 8167 NT
Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64wi
n7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network
Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8
192su.sys [x]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter
Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys;c:\windows\SYSNATIVE\DRIVERS\SBFWIM
.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows
nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr
QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed
components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2017-07-31 22:31 324080 ----a-w- c:\program files (x86)\Adobe\Acrobat
Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2016-03-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-02
10:13]
.
2016-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-14 02:32]
.
2016-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-14 02:32]
.
2016-03-31 c:\windows\Tasks\HPCeeScheduleForCasa.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconove
rlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconove
rlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-12-22 06:18 1757400 ----a-w- c:\program files\AVAST
Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconove
rlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconove
rlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-12-22 06:18 1757400 ----a-w- c:\program files\AVAST
Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-
11-20 62768]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common
Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2015-08-05 508240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-12-22
246120]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2017-12-11 297272]
"AdobeGCInvoker-1.0"="c:\program files (x86)\Common
Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" [2018-01-05 315880]
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Enviar a OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube Download -
c:\users\Casa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
TCP: DhcpNameServer = 80.58.61.250 80.58.61.254
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-WinISO - k:\winiso\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-
40E2BE4D-pdfcService"
"ImagePath"="\??\c:\users\Casa\Downloads\Ultra iso\UltraISO.Portable.8.6.1.
[Multi][www.DivxTotal.com].LeoParis\UltraISO\drivers\ISODrv64.sys"
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ISODrive]
"ImagePath"="\??\c:\users\Casa\Downloads\Ultra iso\UltraISO.Portable.8.6.1.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1687523810-157049876-3592135763-1000-{ED1FC765-E35E-4C3D-BF15-
2C2B11260CE4}-02162018225948299\@*�r#*]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_USERS\S-1-5-21-1687523810-157049876-3592135763-1000\@*�r#*]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_28_0_0_126_
ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-
D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-
D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_28_0_0_126_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-
D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-
A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-
A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-
A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-
D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_28_0_0_126_
ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-
D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-
D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_28_0_0_126_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-
D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_28_0_0_126.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.28"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_28_0_0_126.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-
444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-
444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_28_0_0_126.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-
444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-
444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_28_0_0_126.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-
444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-
444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-
444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-
8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-
8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-
8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\
{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft
Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Malwarebytes\Anti-Malware\mbamtray.exe
.
**************************************************************************
.
Completion time: 2018-02-16 23:07:19 - machine was rebooted
ComboFix-quarantined-files.txt 2018-02-16 22:07
ComboFix2.txt 2017-08-04 18:33
ComboFix3.txt 2016-01-16 12:39
.
Pre-Run: 475.990.056.960 bytes libres
Post-Run: 475.521.941.504 bytes libres
.
- - End Of File - - 6EE24B034A6892A3C52457894E00E7D1

You might also like