ComboFix 17-03-28.01 - Ã£Ã¤Ã­Ã 03/28/2017  18:59:50.1.1 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1256.218.1025.18.1014.399 [GMT 2:00]
Running from: d:\?Ã?Ã?Ã¦Ã??\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2017-02-28 to 2017-03-28  )))))))))))))))))))))))))))))))
.
.
2017-03-28 17:08 . 2017-03-28 17:08	--------	d-----w-	c:\users\Default\AppData\Local\temp
2017-03-28 09:30 . 2017-03-22 11:05	10167496	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9152865A-0FB4-4B83-BA44-E39B74CB11EA}\mpengine.dll
2017-03-27 19:57 . 2017-03-27 19:57	--------	d-----w-	c:\program files\EaseUS
2017-03-27 16:12 . 2017-03-27 16:23	--------	d-----w-	c:\program files\Cela.C.M_HW
2017-03-26 11:07 . 2017-02-18 14:05	1331200	----a-w-	c:\windows\system32\appraiser.dll
2017-03-26 11:07 . 2017-02-22 23:24	971776	----a-w-	c:\windows\system32\aeinv.dll
2017-03-26 11:07 . 2017-02-18 14:05	505344	----a-w-	c:\windows\system32\generaltel.dll
2017-03-26 11:07 . 2016-12-31 15:36	442368	----a-w-	c:\windows\system32\devinv.dll
2017-03-26 11:07 . 2016-12-31 15:36	183808	----a-w-	c:\windows\system32\aepic.dll
2017-03-26 11:07 . 2017-02-22 23:29	71400	----a-w-	c:\windows\system32\CompatTelRunner.exe
2017-03-26 11:07 . 2016-12-31 15:36	270848	----a-w-	c:\windows\system32\invagent.dll
2017-03-26 11:07 . 2016-12-31 15:36	212480	----a-w-	c:\windows\system32\centel.dll
2017-03-26 11:07 . 2016-12-31 15:36	104960	----a-w-	c:\windows\system32\acmigration.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-03-28 10:20 . 2017-01-09 18:06	170200	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-01-13 21:45 . 2017-01-13 21:45	194048	----a-w-	c:\windows\system32\elshyph.dll
2017-01-13 21:45 . 2017-01-13 21:45	71680	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2017-01-13 21:45 . 2017-01-13 21:45	645120	----a-w-	c:\windows\system32\jsIntl.dll
2017-01-13 21:45 . 2017-01-13 21:45	182272	----a-w-	c:\windows\system32\msls31.dll
2017-01-13 21:45 . 2017-01-13 21:45	62464	----a-w-	c:\windows\system32\tdc.ocx
2017-01-13 21:45 . 2017-01-13 21:45	24576	----a-w-	c:\windows\system32\licmgr10.dll
2017-01-13 21:45 . 2017-01-13 21:45	151552	----a-w-	c:\windows\system32\iexpress.exe
2017-01-13 21:45 . 2017-01-13 21:45	139264	----a-w-	c:\windows\system32\wextract.exe
2017-01-13 21:45 . 2017-01-13 21:45	36352	----a-w-	c:\windows\system32\imgutil.dll
2017-01-13 21:45 . 2017-01-13 21:45	13312	----a-w-	c:\windows\system32\mshta.exe
2017-01-13 21:45 . 2017-01-13 21:45	86016	----a-w-	c:\windows\system32\iesysprep.dll
2017-01-13 21:45 . 2017-01-13 21:45	74240	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2017-01-13 21:45 . 2017-01-13 21:45	48640	----a-w-	c:\windows\system32\mshtmler.dll
2017-01-13 21:45 . 2017-01-13 21:45	111616	----a-w-	c:\windows\system32\IEAdvpack.dll
2017-01-13 21:44 . 2017-01-13 21:44	49152	----a-w-	c:\windows\system32\taskhost.exe
2017-01-13 21:43 . 2017-01-13 21:43	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2017-01-13 21:43 . 2017-01-13 21:43	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2017-01-13 21:43 . 2017-01-13 21:43	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2017-01-13 21:43 . 2017-01-13 21:43	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2017-01-13 21:43 . 2017-01-13 21:43	364544	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2017-01-13 21:43 . 2017-01-13 21:43	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2017-01-13 21:43 . 2017-01-13 21:43	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2017-01-13 21:43 . 2017-01-13 21:43	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2017-01-13 21:43 . 2017-01-13 21:43	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2017-01-13 21:43 . 2017-01-13 21:43	249856	----a-w-	c:\windows\system32\d3d10_1core.dll
2017-01-13 21:43 . 2017-01-13 21:43	220160	----a-w-	c:\windows\system32\d3d10core.dll
2017-01-13 21:43 . 2017-01-13 21:43	207872	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2017-01-13 21:43 . 2017-01-13 21:43	161792	----a-w-	c:\windows\system32\d3d10_1.dll
2017-01-13 21:43 . 2017-01-13 21:43	1158144	----a-w-	c:\windows\system32\XpsPrint.dll
2017-01-13 21:43 . 2017-01-13 21:43	1080832	----a-w-	c:\windows\system32\d3d10.dll
2017-01-13 21:43 . 2017-01-13 21:43	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2017-01-13 21:43 . 2017-01-13 21:43	293376	----a-w-	c:\windows\system32\dxgi.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-09-16 6495144]
"CCleaner"="c:\program files\CCleaner\CCleaner.exe" [2015-09-16 6495144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-11-27 702768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2016-03-10 1136608]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 hid8103;hid8103;c:\windows\system32\drivers\hid8103.sys [2006-10-25 31128]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2017-03-04 103936]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2017-03-28 170200]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2016-03-10 53120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2014-11-27 113024]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2014-11-27 37352]
S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [2014-11-27 1044784]
S2 AntiVirMailService;Avira ÃÃ£ÃÃ­Ã ÃÃ¡ÃÃÃ­Ã;c:\program files\Avira\AntiVir Desktop\avmailc7.exe [2014-11-27 807672]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-11-27 431920]
S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2014-11-27 993584]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2014-11-27 37384]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 MaxthonUpdateSvc;Maxthon Core Update Service;c:\program files\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [2015-05-11 1872152]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2014-11-27 92448]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314.sys [2010-06-18 324096]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr.sys [2010-06-18 51072]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2016-03-10 24448]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
utcsvc	REG_MULTI_SZ   	DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-03-13 10:08	1368920	----a-w-	c:\program files\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 62.240.32.5 62.68.42.2
TCP: Interfaces\{B37A73C7-CDBB-4D48-A4B5-BBF82E321FF4}: NameServer = 8.8.8.8,8.8.4.4
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-03-28  19:10:37
ComboFix-quarantined-files.txt  2017-03-28 17:10
.
Pre-Run: 107,177,664,512 bytes free
Post-Run: 106,958,532,608 bytes free
.
- - End Of File - - 6ED97EBB80372CE819A703262B45471D
A36C5E4F47E84449FF07ED3517B43A31