ComboFix 18-08-08.01 - Radmila 18.01.2019 12:24:09.1.

2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.381.1033.18.3070.1820 [GMT 1:00]
Running from: c:\users\Radmila\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other
Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\DEBUG.log
.
.
((((((((((((((((((((((((( Files Created from 2018-12-18 to 2019-01-
18 )))))))))))))))))))))))))))))))
.
.
2019-01-18 11:28 . 2019-01-18 11:29 -------- d-----w- c:\users\Radmila\
AppData\Local\temp
2019-01-18 11:15 . 2019-01-18 11:15 -------- d-----w- c:\programdata\
360TSBackup
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M
Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading
Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COM+"="scrobj.dll" [2009-07-14 173568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad Muncher"="c:\program files\Ad Muncher\AdMunch.exe" [2015-09-07 560760]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\
Default Manager\DefMgr.exe" [2010-05-10 439568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-12-03 06:31 1021128 ----a-w- c:\program files\Common Files\Adobe\ARM\
1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2012-11-05 13:27 89184 ----a-w- c:\program files\Microsoft Office\Office14\
BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\
SunJavaUpdateSched]
2015-08-04 10:47 597552 ----a-w- c:\program files\Common Files\Java\Java
Update\jusched.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-07-09
327296]
R3 GoogleChromeElevationService;Google Chrome Elevation Service;c:\program files\
Google\Chrome\Application\71.0.3578.98\elevation_service.exe [2018-12-12 375776]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2010-03-05
17408]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\
TsUsbGD.sys [2010-11-20 27264]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-04-07 99896]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athuw.sys
[2013-06-28 1763584]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-
D564-463c-AFF1-A69D9E530F96}]
2019-01-18 11:15 2100192 ----a-w- c:\program files\Google\Chrome\
Application\71.0.3578.98\Installer\chrmstp.exe
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Radmila\AppData\Roaming\Mozilla\Firefox\Profiles\
sw12bbbm.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.me/?gws_rd=ssl
FF - user.js: general.useragent.extra.brc - BRI/1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\
FlashUtil32_30_0_0_113_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\
Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\
LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_30_0_0_113_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\
TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-
A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-
A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-
A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3784)
c:\program files\Ad Muncher\AM32-34121.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2019-01-18 12:32:04 - machine was rebooted
ComboFix-quarantined-files.txt 2019-01-18 11:32
.
Pre-Run: 117.988.679.680 bytes free
Post-Run: 119.412.428.800 bytes free
.
- - End Of File - - D8DCD7B5F6CF464D57AF0C0AC3A9DA07
A36C5E4F47E84449FF07ED3517B43A31