ComboFix 18-08-08.01 - Marian 06/19/2019 20:29:59.16.

4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1910.363 [GMT -4:00]
Running from: d:\new folder (6)\ComboFix.exe
AV: Avast Antivirus *Enabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Enabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other
Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2019-05-20 to 2019-06-
20 )))))))))))))))))))))))))))))))
.
.
2019-06-20 00:36 . 2019-06-20 00:37 -------- d-----w-
c:\users\Marian\AppData\Local\temp
2019-06-20 00:36 . 2019-06-20 00:36 -------- d-----w-
c:\users\Public\AppData\Local\temp
2019-06-20 00:36 . 2019-06-20 00:36 -------- d-----w-
c:\users\Default\AppData\Local\temp
2019-06-19 15:42 . 2019-06-19 15:42 241760 ----a-w-
c:\windows\system32\drivers\mbamswissarmy.sys
2019-06-17 01:55 . 2019-06-17 01:55 -------- d-----w- C:\New folder
2019-06-17 01:13 . 2019-06-17 01:13 -------- d-----w-
c:\users\Marian\AppData\Local\Edraw
2019-06-17 01:10 . 2019-06-17 01:14 -------- d-----w- c:\program files\Edraw
Max 9.0
2019-06-17 00:29 . 2019-06-17 00:29 -------- d-----w- c:\program
files\Microsoft Analysis Services
2019-06-16 23:23 . 2019-06-17 00:12 -------- d-----w- c:\program
files\SmartDraw 2013
2019-06-16 22:27 . 2019-06-16 22:27 -------- d-----w-
c:\users\Marian\AppData\Local\SmartDraw
2019-06-16 22:27 . 2019-06-16 23:04 -------- d-----w-
c:\users\Marian\AppData\Roaming\SmartDraw
2019-06-16 22:26 . 2019-06-17 00:24 -------- d-----w- C:\SmartDraw 2019
2019-06-07 21:40 . 2019-06-07 21:40 311176 ----a-w-
c:\windows\system32\aswBoot.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M
Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2019-06-18 14:43 . 2018-06-17 23:53 167360 ----a-w-
c:\windows\system32\drivers\aswStm.sys
2019-06-07 21:41 . 2018-06-17 23:53 139352 ----a-w-
c:\windows\system32\drivers\aswMonFlt.sys
2019-06-07 21:41 . 2018-06-17 23:53 312248 ----a-w-
c:\windows\system32\drivers\aswVmm.sys
2019-06-07 21:40 . 2019-02-20 14:24 214736 ----a-w-
c:\windows\system32\drivers\aswHdsKe.sys
2019-06-07 21:40 . 2018-10-22 21:09 40688 ----a-w-
 c:\windows\system32\drivers\aswKbd.sys
2019-06-07 21:40 . 2018-06-17 23:53 72800 ----a-w-
c:\windows\system32\drivers\aswRvrt.sys
2019-06-07 21:40 . 2018-06-17 23:53 403680 ----a-w-
c:\windows\system32\drivers\aswSP.sys
2019-06-07 21:40 . 2018-06-17 23:53 100984 ----a-w-
c:\windows\system32\drivers\aswRdr2.sys
2019-06-07 21:40 . 2019-01-16 13:42 34488 ----a-w-
c:\windows\system32\drivers\aswArDisk.sys
2019-06-07 21:40 . 2018-06-17 23:53 173232 ----a-w-
c:\windows\system32\drivers\aswArPot.sys
2019-06-07 21:40 . 2018-06-17 23:53 783024 ----a-w-
c:\windows\system32\drivers\aswSnx.sys
2019-06-07 21:40 . 2019-01-16 13:42 225608 ----a-w-
c:\windows\system32\drivers\aswbidsdriver.sys
2019-06-07 21:40 . 2019-01-16 13:42 56296 ----a-w-
c:\windows\system32\drivers\aswbuniv.sys
2019-06-07 21:40 . 2019-01-16 13:42 171520 ----a-w-
c:\windows\system32\drivers\aswbidsh.sys
2019-05-02 01:19 . 2019-02-28 17:27 128552 ----a-w-
c:\windows\system32\drivers\mbae.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2018-08-21 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . .
c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . .
c:\windows\winsxs\x86_microsoft-windows-
user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading
Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconove
rlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2019-06-07 21:40 1321864 ----a-w- c:\program files\AVAST
Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Chromium"="c:\users\marian\appdata\local\chromium\application\chrome.exe" [2017-
01-20 828416]
"Skype for Desktop"="c:\program files\Microsoft\Skype for Desktop\Skype.exe" [2018-
08-09 49762136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-23 1725736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-05 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-05 167960]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2019-06-07
226184]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
[2006-10-27 31016]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2013-
05-30 96056]
"StatusAlerts"="c:\program files\HP\StatusAlerts\bin\HPStatusAlerts.exe" [2014-02-
12 330040]
"Wondershare Helper Compact.exe"="c:\program files\Common
Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [BU]
.
c:\users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft
Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R3 athur;Atheros AR9271 Wireless Network Adapter
Service;c:\windows\system32\DRIVERS\athur.sys [2013-06-28 1570304]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 ESLoadService;ESLoadService;c:\program files\EaseUS\EaseUS
MobiMover\bin\ESLoadService.exe [x]
R3 GoogleChromeElevationService;Google Chrome Elevation Service;c:\program
files\Google\Chrome\Application\75.0.3770.100\elevation_service.exe [2019-06-18
954352]
R3 netr28;Ralink 802.11n Wireless Driver for Windows
Vista;c:\windows\system32\DRIVERS\netr28.sys [2009-07-13 530944]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB
Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows Activation Technologies
Service;c:\windows\system32\Wat\WatAdminSvc.exe [2018-08-21 1343400]
R3 WsDrvInst;Wondershare Driver Install Service;c:\program
files\Wondershare\MobileTrans\DriverInstall.exe [x]
S0 aswArDisk;aswArDisk;c:\windows\system32\drivers\aswArDisk.sys [2019-06-07 34488]
S0 aswbidsh;aswbidsh;c:\windows\system32\drivers\aswbidsh.sys [2019-06-07 171520]
S0 aswbuniv;aswbuniv;c:\windows\system32\drivers\aswbuniv.sys [2019-06-07 56296]
S0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2019-06-07 72800]
S0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2019-06-07 312248]
S0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys [2019-
06-19 241760]
S1 aswArPot;aswArPot;c:\windows\system32\drivers\aswArPot.sys [2019-06-07 173232]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdriver.sys [2019-
06-07 225608]
S1 aswHdsKe;aswHdsKe;c:\windows\system32\drivers\aswHdsKe.sys [2019-06-07 214736]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2019-06-07 40688]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2019-06-07 783024]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2019-06-07 403680]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2019-06-07
139352]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2019-06-18 167360]
S2 HP LaserJet Service;HP LaserJet Service;c:\program
files\HP\HPLaserJetService\HPLaserJetService.exe [2014-06-25 176128]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-
Malware\mbamservice.exe [2019-02-01 5247944]
S2 WsAppService;Wondershare Application Framework Service;c:\program
files\Wondershare\WAF\2.3.1.204\WsAppService.exe [2016-11-16 437392]
S3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\aswidsagent.exe
[2019-06-07 5584416]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-
03-05 232960]
S3 netr28u;RT2870 USB Extensible Wireless LAN Card
Driver;c:\windows\system32\DRIVERS\netr28u.sys [2015-09-09 1703568]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-
07-13 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-
D564-463c-AFF1-A69D9E530F96}]
2019-06-19 21:40 1947632 ----a-w- c:\program
files\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2018-12-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-21
17:10]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
mStart Page = www.google.com
IE: E&xport to Microsoft Excel - c:\program files\Microsoft
Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft
Office\Root\Office16\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.107.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2019-06-19 20:38:54
ComboFix-quarantined-files.txt 2019-06-20 00:38
ComboFix2.txt 2019-06-20 00:27
ComboFix3.txt 2019-06-17 03:13
ComboFix4.txt 2019-01-27 04:41
ComboFix5.txt 2019-06-20 00:29
.
Pre-Run: 22,829,948,928 bytes free
Post-Run: 22,618,255,360 bytes free
.
- - End Of File - - 36D317CD5F376399B19D7FB6D82CD32F
A36C5E4F47E84449FF07ED3517B43A31