Aaaaaa

ComboFix 14-12-02.01 - Ali Anwar 12/03/2014 23:05:28.1.
2 - x86
Microsoft Windows 8 Enterprise 6.2.9200.0.1252.1.1033.18.3002.2147 [GMT 5:00]
Running from: F:\ComboFix.exe
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
)))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft Services
c:\programdata\Microsoft Services\symgr.exe
c:\programdata\ntuser.pol
c:\programdata\vlcmedia player\skskjbpjx.exe
c:\programdata\windows
c:\programdata\windows\cxyqqosaq.exe
c:\programdata\windows\mtqadjqbe.exe
c:\users\Ali Anwar\AppData\Local\Default Folder
c:\users\Ali Anwar\AppData\Local\Default Folder\Com Surrogate.exe
c:\users\Ali Anwar\AppData\Local\Microsoft\Windows\Temporary Internet Files\WebS
pades_iels
c:\users\Ali Anwar\AppData\Local\Temp\_.exe
c:\users\Ali Anwar\AppData\Local\Temp\bzlbnrruvby.exe
c:\users\Ali Anwar\AppData\Local\Temp\cjspmrsnfwl.exe
c:\users\Ali Anwar\AppData\Local\Temp\duidzndpzzz.exe
c:\users\Ali Anwar\AppData\Local\Temp\DZtqU.exe
c:\users\Ali Anwar\AppData\Local\Temp\evb2116.tmp
c:\users\Ali Anwar\AppData\Local\Temp\evb2339.tmp
c:\users\Ali Anwar\AppData\Local\Temp\evb24FF.tmp
c:\users\Ali Anwar\AppData\Local\Temp\Foxit Reader Updater.exe
c:\users\Ali Anwar\AppData\Local\Temp\gjtcpbqjmpl.exe
c:\users\Ali Anwar\AppData\Local\Temp\hemxccapepo.exe
c:\users\Ali Anwar\AppData\Local\Temp\icfxxjctsmj.exe
c:\users\Ali Anwar\AppData\Local\Temp\ijchiphnppd.exe
c:\users\Ali Anwar\AppData\Local\Temp\jlfsozngkvp.exe
c:\users\Ali Anwar\AppData\Local\Temp\jtkyyvgidgg.exe
c:\users\Ali Anwar\AppData\Local\Temp\jvlqtzxxmmh.exe
c:\users\Ali Anwar\AppData\Local\Temp\kmitaumeaaq.exe
c:\users\Ali Anwar\AppData\Local\Temp\lcfQQ.exe
c:\users\Ali Anwar\AppData\Local\Temp\lfqcjnkuzcg.exe
c:\users\Ali Anwar\AppData\Local\Temp\lxp.dll
c:\users\Ali Anwar\AppData\Local\Temp\nedabaqcmmh.exe
c:\users\Ali Anwar\AppData\Local\Temp\nvr.dll
c:\users\Ali Anwar\AppData\Local\Temp\oiewkeskijl.exe
c:\users\Ali Anwar\AppData\Local\Temp\onpxndnfexx.exe
c:\users\Ali Anwar\AppData\Local\Temp\oydhmwwfnrq.exe
c:\users\Ali Anwar\AppData\Local\Temp\pbisslnzsoa.exe
c:\users\Ali Anwar\AppData\Local\Temp\pBorl.exe
c:\users\Ali Anwar\AppData\Local\Temp\pdvzvnbqjxq.exe
c:\users\Ali Anwar\AppData\Local\Temp\pqk.dll
c:\users\Ali Anwar\AppData\Local\Temp\pr0F562.tmp
c:\users\Ali Anwar\AppData\Local\Temp\prmijzeuthz.exe
c:\users\Ali Anwar\AppData\Local\Temp\qthhnkfrddv.exe
c:\users\Ali Anwar\AppData\Local\Temp\tmpEA59.exe
c:\users\Ali Anwar\AppData\Local\Temp\ttdnqhnjfdy.exe
c:\users\Ali Anwar\AppData\Local\Temp\tttlkgxjxnh.exe
c:\users\Ali Anwar\AppData\Local\Temp\ueigdtkjuyq.exe
c:\users\Ali Anwar\AppData\Local\Temp\UpdateFlashPlayer_17f96e8e.exe
c:\users\Ali Anwar\AppData\Local\Temp\UpdateFlashPlayer_311b88df.exe
c:\users\Ali Anwar\AppData\Local\Temp\UpdateFlashPlayer_7e434a91.exe
c:\users\Ali Anwar\AppData\Local\Temp\wppegempvvj.exe
c:\users\Ali Anwar\AppData\Local\Temp\xxidaydxefy.exe
c:\users\Ali Anwar\AppData\Local\Temp\ykfjdtxbiou.exe
c:\users\Ali Anwar\AppData\Local\Temp\zfqgmhvcjbu.exe
c:\users\Ali Anwar\AppData\Local\Temp\zoskjbxfrip.exe
c:\users\Ali Anwar\AppData\Roaming\81097.exe
c:\users\Ali Anwar\AppData\Roaming\Coorgi\uvuzoso.exe
c:\users\Ali Anwar\AppData\Roaming\dclogs
c:\users\Ali Anwar\AppData\Roaming\dclogs\2014-12-03-4.dc
c:\users\Ali Anwar\AppData\Roaming\Ehlaofiz\fyweyck.exe
c:\users\Ali Anwar\AppData\Roaming\Ekunmo
c:\users\Ali Anwar\AppData\Roaming\Ekunmo\bupixo.exe
c:\users\Ali Anwar\AppData\Roaming\MDMA.vbs
c:\users\Ali Anwar\AppData\Roaming\Microsoft\ChromeUPD.exe
c:\users\Ali Anwar\AppData\Roaming\Microsoft\Protect\126d6d82.lnk
c:\users\Ali Anwar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
\ssstr_up.exe
c:\users\Ali Anwar\AppData\Roaming\snchost
c:\users\Ali Anwar\AppData\Roaming\snchost\0c3df085.lnk
c:\users\Ali Anwar\AppData\Roaming\snchost\snchost.exe
c:\users\Ali Anwar\AppData\Roaming\svchost.exe
c:\users\Ali Anwar\AppData\Roaming\update1580.06880612695.vbs
c:\users\Ali Anwar\AppData\Roaming\Veseqio\amdelir.exe
c:\users\Ali Anwar\AppData\Roaming\xtiDt
c:\users\Ali Anwar\AppData\Roaming\xtiDt\ltc.exe
c:\users\Ali Anwar\AppData\Roaming\xtiDt\winlogon.exe
c:\users\Ali Anwar\AppData\Roaming\Ymfyoh
c:\users\Ali Anwar\AppData\Roaming\Ymfyoh\doolat.exe
c:\users\Ali Anwar\AppData\Roaming\zhyko
c:\users\Ali Anwar\AppData\Roaming\zhyko\0c3dec03.lnk
c:\users\Ali Anwar\AppData\Roaming\zhyko\ltc.exe
c:\users\Ali Anwar\AppData\Roaming\zhyko\service.exe
c:\users\Ali Anwar\Desktop\Search.lnk
c:\users\Ali Anwar\Documents\MSDCSC\msdcsc.exe
c:\users\ALIANW~1\AppData\Local\Temp\bzlbnrruvby.exe
c:\users\ALIANW~1\AppData\Local\Temp\cjspmrsnfwl.exe
c:\users\ALIANW~1\AppData\Local\Temp\duidzndpzzz.exe
c:\users\ALIANW~1\AppData\Local\Temp\DZtqU.exe
c:\users\ALIANW~1\AppData\Local\Temp\evb2116.tmp
c:\users\ALIANW~1\AppData\Local\Temp\evb2339.tmp
c:\users\ALIANW~1\AppData\Local\Temp\evb24FF.tmp
c:\users\ALIANW~1\AppData\Local\Temp\Foxit Reader Updater.exe
c:\users\ALIANW~1\AppData\Local\Temp\gjtcpbqjmpl.exe
c:\users\ALIANW~1\AppData\Local\Temp\hemxccapepo.exe
c:\users\ALIANW~1\AppData\Local\Temp\icfxxjctsmj.exe
c:\users\ALIANW~1\AppData\Local\Temp\ijchiphnppd.exe
c:\users\ALIANW~1\AppData\Local\Temp\jlfsozngkvp.exe
c:\users\ALIANW~1\AppData\Local\Temp\jtkyyvgidgg.exe
c:\users\ALIANW~1\AppData\Local\Temp\jvlqtzxxmmh.exe
c:\users\ALIANW~1\AppData\Local\Temp\kmitaumeaaq.exe
c:\users\ALIANW~1\AppData\Local\Temp\lcfQQ.exe
c:\users\ALIANW~1\AppData\Local\Temp\lfqcjnkuzcg.exe
c:\users\ALIANW~1\AppData\Local\Temp\lxp.dll
c:\users\ALIANW~1\AppData\Local\Temp\nedabaqcmmh.exe
c:\users\ALIANW~1\AppData\Local\Temp\nvr.dll
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\Tasks\Security Center Update - 1683116163.job

.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))
))))))))))))))))))))))))))))))
.
.
-------\Service_globalUpdate
.
.
((((((((((((((((((((((((( Files Created from 2014-11-03 to 2014-12-03 )))))))
))))))))))))))))))))))))
.
.
2014-12-03 18:00 . 2014-12-03 18:00
39464 ----a-wc:\programdata\M
icrosoft\Windows Defender\Definition Updates\{B37B79D7-01A0-4BF2-922E-32F290E9BB
AF}\MpKsl785aeb32.sys
2014-12-03 17:59 . 2014-11-30 21:00
13533923
----a-wc:\progr
amdata\Microsoft\Windows\Start Menu\Programs\StartUp\MDMA.vbs
2014-12-03 03:42 . 2014-12-03 18:32
AF}\offreg.dll
2014-12-03 00:15 . 2014-11-02 04:17
AF}\mpengine.dll
2014-12-02 23:11 . 2014-12-02 23:11
-------d-----wc:\users
\Ali Anwar\AppData\Roaming\started
2014-12-02 23:10 . 2014-12-02 23:10
-------d-----wc:\users
\Ali Anwar\AppData\Roaming\MicrosoftServices
2014-12-02 23:10 . 2014-12-02 23:10
264192 ----a-wc:\users\Ali Anw
ar\AppData\Roaming\Microsoft\Windows\Templates\Surviv0r Clan Server.exe
2014-12-02 20:48 . 2014-12-02 20:48
-------d-----wc:\windo
ws\werewr43
2014-12-02 19:55 . 2014-12-02 19:55
icrosoft\Secure\Icons\temp\tmp92A0.exe
2014-12-02 19:49 . 2014-12-02 19:49
ar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hemxccapepo.exe
2014-12-02 19:27 . 2014-12-03 18:19
-------d-----wc:\users
\Ali Anwar\AppData\Roaming\Coorgi
2014-12-02 19:09 . 2014-12-02 19:09
icrosoft\Secure\Icons\temp\tmpBCD7.exe
2014-11-30 20:47 . 2014-12-03 00:23
-------d-----wc:\users
\Ali Anwar\AppData\Roaming\Default Application
2014-11-30 20:24 . 2014-11-30 20:59
-------d-----wc:\users
\Ali Anwar\update
2014-11-30 19:39 . 2014-11-30 19:39
-------d-----wc:\users
\Ali Anwar\AppData\Roaming\Imminent
2014-11-30 19:39 . 2014-11-30 19:39
-------d-----wC:\Defau
lt Folder
2014-11-29 23:39 . 2014-11-29 07:30
43200 ----a-wc:\windows\syste
m32\drivers\{491d7eff-4c48-4a10-82e4-166521125466}w.sys
2014-11-29 21:04 . 2014-11-29 21:05
-------d-sh--wc:\progr
amdata\%temp%
2014-11-28 19:45 . 2014-11-28 05:29
m32\drivers\{35c6a1ec-ff7f-483b-aeee-4e0aab05068a}w.sys
2014-11-28 17:48 . 2014-12-03 18:19
-------d-----wc:\users
\Ali Anwar\AppData\Roaming\Ehlaofiz
2014-11-27 15:54 . 2014-11-26 20:24
m32\drivers\{2676f605-3a34-4c5b-a9f6-d2d948e57b51}w.sys
2014-11-26 23:08 . 2014-11-26 23:08
ar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update1580.0688
0612695.vbs
2014-11-26 21:39 . 2014-11-26 21:39
-------d-----wc:\users
\Ali Anwar\AppData\Local\WindowsFormsApplication1
2014-11-26 20:52 . 2014-11-29 15:41
-------d-----wc:\users
\Ali Anwar\AppData\Roaming\spwin
2014-11-26 20:43 . 2014-12-02 21:22
-------d-----wc:\users
\Ali Anwar\AppData\Roaming\9076E10E-F571-454D-98A5-00D9EF5677F2
2014-11-26 18:58 . 2014-12-03 18:19
-------d-sh--wc:\progr
amdata\vlcmedia player
2014-11-26 18:14 . 2014-11-29 15:41
-------d-----wc:\users
\Ali Anwar\AppData\Roaming\FrameworkUpdate
2014-11-26 17:28 . 2014-12-03 18:19
-------d-----wc:\users
\Ali Anwar\AppData\Roaming\Veseqio
2014-11-20 16:46 . 2014-12-01 17:19
-------d-----wc:\users
\Ali Anwar\AppData\Roaming\Yqboiq
2014-11-13 23:07 . 2014-12-01 17:19
-------d-----wc:\users
\Ali Anwar\AppData\Roaming\Yxacbyib
2014-11-11 22:59 . 2014-12-01 17:19
-------d-----wc:\users
\Ali Anwar\AppData\Roaming\Naseyd
2014-11-09 22:43 . 2014-12-01 17:19
-------d-----wc:\users
\Ali Anwar\AppData\Roaming\Amuwyk
2014-11-07 22:33 . 2014-12-01 17:19
-------d-----wc:\users
\Ali Anwar\AppData\Roaming\Adovlyew
2014-11-03 22:23 . 2014-11-11 07:01
-------d-----wc:\users
\Ali Anwar\AppData\Roaming\Ovicun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
)))))))))))))))))))))))))))))))
.
2014-10-30 11:24 . 2014-10-09 14:57
229000 ------wc:\windows\syste
m32\MpSigStub.exe
2014-10-09 13:22 . 2014-10-09 13:22
icrosoft\Secure\Icons\IconsCacheHelper.dll
2014-10-09 13:22 . 2014-10-09 13:22
icrosoft\Secure\Icons\SecureIconsProvider.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
)))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
overlayidentifiers\1SecureIconsProvider]
@="{FC9D8189-520A-4417-AED7-9EAC810C6FBA}"
[HKEY_CLASSES_ROOT\CLSID\{FC9D8189-520A-4417-AED7-9EAC810C6FBA}]
2014-10-09 13:22
2400768 ----a-wc:\programdata\Microsoft\Secure\
Icons\SecureIconsProvider.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ChromeUpdater"="c:\users\Ali" [X]
"Microsoft explorer"="c:\windows\system32\y3dbCytLJqgp\Microsoft Explorer" [X]
"update1580"="wscript.exe" [2012-07-26 131584]
"uTorrent"="c:\users\Ali Anwar\AppData\Roaming\uTorrent\uTorrent.exe" [2014-11-1

2 1385808]
"MDMA"="wscript.exe" [2012-07-26 131584]
"Ecqjtion"="c:\users\Ali Anwar\AppData\Local\Ecqjtion\tmpBCD7.exe" [2014-12-02 1
40288]
"Iblsoft"="c:\users\Ali Anwar\AppData\Local\Ecqjtion\QtTraceClock.dll" [2014-1202 30720]
"Unvmedia"="c:\users\Ali Anwar\AppData\Local\Unvmedia\msxNetG24.dll" [2014-12-02
41472]
"ChromeUpdate"="c:\users\Ali Anwar\AppData\Roaming\FrameworkUpdate\ChromeUpdate.
exe" [2014-12-02 258560]
"Windows Update Sys"="c:\windows\werewr43\dsafasdfasdsa.exe" [2014-12-03 564736]
"started"="c:\users\Ali Anwar\AppData\Roaming\started\startedservice.exe" [201412-02 5798912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2012-11-07 14
9280]
"update1580"="wscript.exe" [2012-07-26 131584]
"MDMA"="wscript.exe" [2012-07-26 131584]
.
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\R
un]
"MDMA"="wscript.exe" [2012-07-26 131584]
.
\
hemxccapepo.exe [2014-12-3 5034496]
MDMA.vbs [2014-12-1 13533923]
update1580.06880612695.vbs [2014-11-27 68796]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableCursorSuppression"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Run"= "c:\users\Ali Anwar\AppData\Roaming\Microsoft\Windows\IEUpdate\bootim.exe
"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,wscript.exe //B \"c:\users\Ali Anwa
r\AppData\Roaming\MDMA.vbs\""
"Shell"="explorer.exe, wscript.exe //B \"c:\users\Ali Anwar\AppData\Roaming\MDMA
.vbs\""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R1 ckmvjlsn;ckmvjlsn;c:\windows\system32\drivers\ckmvjlsn.sys [x]
R1 dgsuiavm;dgsuiavm;c:\windows\system32\drivers\dgsuiavm.sys [x]
R1 efzxmvfz;efzxmvfz;c:\windows\system32\drivers\efzxmvfz.sys [x]
R1 etuvqqlp;etuvqqlp;c:\windows\system32\drivers\etuvqqlp.sys [x]
R1 fgupmksa;fgupmksa;c:\windows\system32\drivers\fgupmksa.sys [x]
R1 ggozppyo;ggozppyo;c:\windows\system32\drivers\ggozppyo.sys [x]
R1 hxkvlcxp;hxkvlcxp;c:\windows\system32\drivers\hxkvlcxp.sys [x]
R1 ibszjkph;ibszjkph;c:\windows\system32\drivers\ibszjkph.sys [x]
R1 idejpmzi;idejpmzi;c:\windows\system32\drivers\idejpmzi.sys [x]
R1 jsnoxttn;jsnoxttn;c:\windows\system32\drivers\jsnoxttn.sys [x]
R1 oeaonucu;oeaonucu;c:\windows\system32\drivers\oeaonucu.sys [x]
R1 ofnvwcyr;ofnvwcyr;c:\windows\system32\drivers\ofnvwcyr.sys [x]
R1 pzsetaiw;pzsetaiw;c:\windows\system32\drivers\pzsetaiw.sys [x]
R1 rzdgmads;rzdgmads;c:\windows\system32\drivers\rzdgmads.sys [x]
R1 xtetsbnz;xtetsbnz;c:\windows\system32\drivers\xtetsbnz.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\System32\drivers\dc
3d.sys [2011-05-18 40320]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windo
ws\system32\DRIVERS\ssudbus.sys [2014-01-22 88576]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files\gl
obalUpdate\Update\GoogleUpdate.exe [2012-11-08 68608]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\
DRIVERS\ssudmdm.sys [2014-01-22 184192]
S1 {2676f605-3a34-4c5b-a9f6-d2d948e57b51}w;{2676f605-3a34-4c5b-a9f6-d2d948e57b51
}w;c:\windows\system32\drivers\{2676f605-3a34-4c5b-a9f6-d2d948e57b51}w.sys [2014
-11-26 43200]
S1 {35c6a1ec-ff7f-483b-aeee-4e0aab05068a}w;{35c6a1ec-ff7f-483b-aeee-4e0aab05068a
}w;c:\windows\system32\drivers\{35c6a1ec-ff7f-483b-aeee-4e0aab05068a}w.sys [2014
-11-28 43200]
S1 {491d7eff-4c48-4a10-82e4-166521125466}w;{491d7eff-4c48-4a10-82e4-166521125466
}w;c:\windows\system32\drivers\{491d7eff-4c48-4a10-82e4-166521125466}w.sys [2014
-11-29 43200]
S1 {ed7eb956-75ed-460d-8f69-29a93b07afd1}w;{ed7eb956-75ed-460d-8f69-29a93b07afd1
}w;c:\windows\system32\drivers\{ed7eb956-75ed-460d-8f69-29a93b07afd1}w.sys [2014
-07-22 52928]
S1 MpKsl785aeb32;MpKsl785aeb32;c:\programdata\Microsoft\Windows Defender\Definit
ion Updates\{B37B79D7-01A0-4BF2-922E-32F290E9BBAF}\MpKsl785aeb32.sys [2014-12-03
39464]
S1 MpKslbe0587fd;MpKslbe0587fd;c:\programdata\Microsoft\Windows Defender\Definit
ion Updates\{B37B79D7-01A0-4BF2-922E-32F290E9BBAF}\MpKslbe0587fd.sys [2014-12-03
39464]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\Foxi
t Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [2014-06-17 242216]
S2 MaintainerSvc3.62.8360938;MaintainerSvc3.62.8360938;c:\programdata\421e43cc-e
d79-4e60-91b6-5efd8c307dd0\maintainer.exe [2014-12-03 123680]
S2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\Mobile
BrServ\mbbservice.exe [2012-09-04 233864]
S2 Software Updater Service;Software Updater Service;c:\users\Ali Anwar\AppData\
Roaming\Software Updater\SoftwareUpdate.exe [2014-04-23 917504]
S2 Update WebSpades;Update WebSpades;c:\program files\WebSpades\updateWebSpades.
exe [2014-12-03 523552]
S2 Util WebSpades;Util WebSpades;c:\program files\WebSpades\bin\utilWebSpades.ex
e [2014-12-03 523552]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR813x/AR815x PCI-E Ethernet Co
ntroller;c:\windows\system32\DRIVERS\L1C63x86.sys [2012-06-02 85504]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 1551
36]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D3
45-D564-463c-AFF1-A69D9E530F96}]
2014-11-26 17:55
1087304 ----a-wc:\program files\Google\Chrome\A
pplication\39.0.2171.71\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-03 c:\windows\Tasks\495b2d2d-2422-4be8-a3ca-d773cae66138-1.job
- c:\program files\TheTorntv V10\TheTorntv V10-codedownloader.exe [2012-11-08 19
:45]
.
- c:\program files\TheTorntv V10\495b2d2d-2422-4be8-a3ca-d773cae66138-11.exe [20
12-11-08 19:45]
.
2-11-08 19:45]
.
2-11-08 19:45]
.
2-11-08 19:45]
.
2-11-08 19:45]
.
2014-12-03 c:\windows\Tasks\495b2d2d-2422-4be8-a3ca-d773cae66138-5_user.job
2-11-08 19:45]
.
- c:\program files\TheTorntv V10\TheTorntv V10-nova.exe [2014-10-06 09:03]
.
- c:\program files\TheTorntv V10\TheTorntv V10-nova.exe [2014-10-06 09:03]
.
2014-12-03 c:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
- c:\program files\globalUpdate\Update\GoogleUpdate.exe [2012-11-08 19:45]
.
2014-12-03 c:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
- c:\program files\globalUpdate\Update\GoogleUpdate.exe [2012-11-08 19:45]
.
2014-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-02 09:38]
.
2014-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-02 09:38]
.
.
------- Supplementary Scan ------.
uStart Page = hxxp://smart-homepage.blogspot.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{069ADA1E-5EFC-43EF-8970-D1E18A5AE12B}: NameServer = 8.8.8.8,8.8
.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8
.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8
.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8
.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{22CE1964-FD8E-440D-8494-57690A30D2A8}: NameServer = 8.8.8.8,8.8
.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8
.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8
.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8
.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{AEC5A531-DD10-4485-B2F1-0A4A3D8BD741}: NameServer = 8.8.8.8,8.8
.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8
.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8
.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8
.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{C57B278E-BBA5-42DC-8950-9B561FE796CA}: NameServer = 8.8.8.8,8.8
.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8
.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8
.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8
.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{D7C8ED9F-DD59-49BE-9F2D-B42BC3DFBDB9}: NameServer = 8.8.8.8,8.8
.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8
.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8
.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{D7C8ED9F-DD59-49BE-9F2D-B42BC3DFBDB9}\054534C4D203036473: NameS
erver = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,
8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,
8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,
8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{D7C8ED9F-DD59-49BE-9F2D-B42BC3DFBDB9}\054534C4D22424: NameServe
r = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.
8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.
8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.
8.8
FF - ProfilePath - c:\users\Ali Anwar\AppData\Roaming\Mozilla\Firefox\Profiles\5
ra2u2ow.default\
FF - prefs.js: browser.startup.homepage - hxxp://smart-homepage.blogspot.com
user_pref(extensions.autoDisableScopes,14);
.
- - - - ORPHANS REMOVED - - - .
HKCU-Run-mysql0 - c:\programdata\c:\users\ALIANW~1\AppData\Local\Temp\rjrwzmzis.
exe
HKCU-Run-Temeirxie - c:\users\Ali Anwar\AppData\Roaming\Ehlaofiz\fyweyck.exe
HKCU-Run-VLC Media Updater - c:\programdata\vlcmedia player\skskjbpjx.exe
HKCU-Run-Ytquozkym - c:\users\Ali Anwar\AppData\Roaming\Veseqio\amdelir.exe
HKCU-Run-Default Key - c:\users\Ali Anwar\AppData\Local\Default Folder\Com Surro
gate.exe
HKCU-Run-Amuxpyrisyru - c:\users\Ali Anwar\AppData\Roaming\Coorgi\uvuzoso.exe
HKCU-Run-Windows Svchost - c:\users\Ali Anwar\AppData\Roaming\svchost.exe
HKCU-Run-Ezyrqi - c:\users\Ali Anwar\AppData\Roaming\Ymfyoh\doolat.exe
HKLM-Run-Activator Windows 8 - (no file)
HKLM-Run-Amuxpyrisyru - c:\users\Ali Anwar\AppData\Roaming\Coorgi\uvuzoso.exe
HKLM-Run-Ezyrqi - c:\users\Ali Anwar\AppData\Roaming\Ymfyoh\doolat.exe
\Narrator.lnk - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS --------------------.
[HKEY_USERS\S-1-5-21-1734617616-157129754-1695586289-1001CsiTool-CreateHive-{000
00000-0000-0000-0000-000000000000}\Software\Classes\CLSID\{13A67C09-E412-3E42-93
74-88100CD31E99}]
@Denied: (A 4) (Everyone)
.
[HKEY_USERS\S-1-5-21-1734617616-157129754-1695586289-1001CsiTool-CreateHive-{000
00000-0000-0000-0000-000000000000}\Software\Win7zip]
@Denied: (A B 2 3) (Everyone)
"Uuid"=hex:13,a6,7c,09,e4,12,3e,42,93,74,88,10,0c,d3,1e,99
.
[HKEY_USERS\S-1-5-21-1734617616-157129754-1695586289-1001_Classes\CLSID\{13A67C0
9-E412-3E42-9374-88100CD31E99}]
@Denied: (A 4) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc108002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
.
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Other Running Processes -----------------------.
c:\windows\system32\dashost.exe
c:\program files\Windows Defender\MsMpEng.exe
c:\windows\System32\WUDFHost.exe
c:\program files\WebSpades\bin\WebSpades.PurBrowse.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhostex.exe
c:\program files\Windows Defender\MpCmdRun.exe
c:\windows\System32\ThumbnailExtractionHost.exe
c:\program files\WebSpades\bin\WebSpades.expext.exe
c:\program files\WebSpades\bin\WebSpades.BrowserAdapter.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\windows\system32\msiexec.exe
c:\windows\System32\WScript.exe
c:\windows\System32\wscript.exe
c:\windows\System32\schtasks.exe
\hemxccapepo.exe
c:\windows\system32\RunDll32.exe
c:\windows\system32\wscript.exe
c:\windows\System32\schtasks.exe
c:\windows\system32\taskhost.exe
c:\program files\Windows Defender\MpUxSrv.exe
.
**************************************************************************
.
Completion time: 2014-12-03 23:37:57 - machine was rebooted
ComboFix-quarantined-files.txt 2014-12-03 18:37
.
Pre-Run: 2,219,593,728 bytes free
Post-Run: 2,185,678,848 bytes free
.
- - End Of File - - 98709ABE7B997F3410AAB1A0F07A521C
A36C5E4F47E84449FF07ED3517B43A31

Aaaaaa

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Aaaaaa

Uploaded by

Copyright:

Available Formats

ComboFix 14-12-02.01 - Ali Anwar 12/03/2014 23:05:28.1.

c:\windows\Tasks\Security Center Update - 1739298014.job

"uTorrent"="c:\users\Ali Anwar\AppData\Roaming\uTorrent\uTorrent.exe" [2014-11-1

You might also like