Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible malware infection [Solved]


  • This topic is locked This topic is locked

#16
ahhhmeddd

ahhhmeddd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
ComboFix 16-03-07.01 - Ahmed 09/03/2016   8:17.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8140.5952 [GMT -8:00]
Running from: c:\users\Ahmed\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 0 bytes in 1 streams.
.
(((((((((((((((((((((((((   Files Created from 2016-02-09 to 2016-03-09  )))))))))))))))))))))))))))))))
.
.
2016-03-09 16:38 . 2016-03-09 16:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-03-09 01:40 . 2016-03-09 01:40 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2016-03-08 19:19 . 2016-02-09 06:10 815312 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe
2016-03-08 19:18 . 2016-03-08 19:26 -------- d-----w- c:\program files (x86)\AdwCleaner
2016-03-08 18:35 . 2016-02-05 18:54 41472 ----a-w- c:\windows\system32\lpk.dll
2016-03-03 18:46 . 2016-03-05 18:59 -------- d-----w- c:\users\Ahmed\AppData\Local\CrashDumps
2016-02-28 02:32 . 2016-02-28 02:32 -------- d-----w- c:\programdata\Denon DJ
2016-02-28 02:32 . 2016-02-28 02:32 -------- d-----w- c:\users\Ahmed\AppData\Local\Denon DJ
2016-02-28 01:58 . 2016-02-28 01:58 -------- d-----w- c:\program files\Denon DJ
2016-02-28 01:58 . 2016-02-28 01:58 -------- d-----w- c:\program files (x86)\Denon DJ
2016-02-28 01:56 . 2016-02-28 01:56 -------- d-----w- c:\programdata\inMusic
2016-02-18 00:44 . 2016-02-18 02:57 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-02-18 00:44 . 2016-02-18 01:55 -------- d-----w- c:\programdata\RogueKiller
2016-02-17 23:12 . 2016-03-09 01:47 -------- d-----w- C:\FRST
2016-02-17 19:12 . 2016-02-17 19:12 398152 ----a-w- c:\windows\system32\aswBoot.exe
2016-02-17 19:12 . 2016-02-17 19:12 52184 ----a-w- c:\windows\avastSS.scr
2016-02-17 02:56 . 2016-02-17 03:39 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2016-02-17 02:48 . 2016-02-17 02:48 -------- d-----w- c:\program files (x86)\Common Files\Native Instruments
2016-02-17 00:33 . 2016-02-17 02:07 -------- d-----w- C:\EEK
2016-02-16 11:20 . 2016-02-18 04:56 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-02-16 11:20 . 2016-02-17 02:55 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-02-16 11:20 . 2015-10-05 17:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-02-16 11:20 . 2015-10-05 17:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-02-16 11:20 . 2016-02-16 11:20 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-02-16 11:20 . 2016-02-16 11:20 -------- d-----w- c:\programdata\Malwarebytes
2016-02-16 01:41 . 2016-02-16 01:41 -------- d-----w- C:\Backup
2016-02-16 00:01 . 2016-02-16 00:01 -------- d-----w- c:\program files\Movie Maker
2016-02-16 00:01 . 2016-02-16 00:01 -------- d-----w- C:\drmsoft
2016-02-09 19:13 . 2016-01-07 17:42 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2016-02-09 19:13 . 2015-12-20 18:50 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2016-02-09 19:13 . 2015-12-20 18:50 3180544 ----a-w- c:\windows\system32\rdpcorets.dll
2016-02-09 19:13 . 2015-12-20 14:08 243200 ----a-w- c:\windows\system32\rdpudd.dll
2016-02-09 19:13 . 2016-01-16 19:01 2085888 ----a-w- c:\windows\system32\ole32.dll
2016-02-09 19:13 . 2016-01-16 18:36 1413632 ----a-w- c:\windows\SysWow64\ole32.dll
2016-02-09 19:12 . 2016-01-22 06:18 961024 ----a-w- c:\windows\system32\CPFilters.dll
2016-02-09 19:12 . 2016-01-22 06:18 723968 ----a-w- c:\windows\system32\EncDec.dll
2016-02-09 19:12 . 2016-01-22 06:04 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2016-02-09 19:12 . 2016-01-22 06:04 535040 ----a-w- c:\windows\SysWow64\EncDec.dll
2016-02-09 19:12 . 2016-01-22 06:17 159744 ----a-w- c:\windows\system32\mtxoci.dll
2016-02-09 19:12 . 2016-01-22 06:02 114176 ----a-w- c:\windows\SysWow64\mtxoci.dll
2016-02-09 19:12 . 2016-01-22 06:02 176128 ----a-w- c:\windows\SysWow64\msorcl32.dll
2016-02-09 19:12 . 2016-01-22 06:02 290816 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaora.dll
2016-02-09 19:11 . 2016-01-22 06:19 14179840 ----a-w- c:\windows\system32\shell32.dll
2016-02-09 19:11 . 2016-01-22 06:15 1866752 ----a-w- c:\windows\system32\ExplorerFrame.dll
2016-02-09 19:11 . 2016-01-22 06:12 1940992 ----a-w- c:\windows\system32\authui.dll
2016-02-09 19:11 . 2016-01-22 05:19 3231232 ----a-w- c:\windows\explorer.exe
2016-02-09 19:11 . 2016-01-22 05:12 2973184 ----a-w- c:\windows\SysWow64\explorer.exe
2016-02-09 19:11 . 2016-01-22 06:00 1498624 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2016-02-09 19:11 . 2016-01-22 05:59 1805824 ----a-w- c:\windows\SysWow64\authui.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-09 16:15 . 2011-09-05 14:32 1070904 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2016-03-09 16:15 . 2011-09-05 14:32 107792 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2016-03-08 20:55 . 2011-09-05 01:55 143659408 ----a-w- c:\windows\system32\MRT.exe
2016-02-23 19:15 . 2011-09-05 14:32 463744 ----a-w- c:\windows\system32\drivers\aswsp.sys
2016-02-17 19:16 . 2013-03-14 15:21 287016 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2016-02-17 19:12 . 2014-01-05 10:53 165344 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-02-17 19:12 . 2014-05-13 08:14 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-02-17 19:12 . 2013-03-14 15:21 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-02-17 19:12 . 2012-02-25 09:29 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-02-11 18:30 . 2016-03-08 18:36 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 199488 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 199488 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 199488 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 199488 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 199488 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 199488 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 199488 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 199488 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-01-13 03:02 1741104 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-01-13 03:02 1741104 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-01-13 03:02 1741104 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2016-01-16 23499656]
"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" [2015-12-18 881336]
"Dropbox Update"="c:\users\Ahmed\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-20 134512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-02-17 7139768]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2015-07-21 5564784]
"DriveUtilitiesHelper"="c:\program files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe" [2014-05-23 1852264]
"WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe" [2014-10-23 1694048]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-11-20 767176]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe" [2015-12-18 1867448]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-03-07 335232]
.
c:\users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ahmed\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2016-2-17 25122080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi9"=KORGUM64.DRV
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 applebmt;Apple Wireless Mouse;c:\windows\system32\DRIVERS\applebmt.sys;c:\windows\SYSNATIVE\DRIVERS\applebmt.sys [x]
R3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\DRIVERS\aswTap.sys;c:\windows\SYSNATIVE\DRIVERS\aswTap.sys [x]
R3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys;c:\windows\SYSNATIVE\Drivers\HDJBulk.sys [x]
R3 DN-X1600;Service for Denon DJ DN-X1600;c:\windows\system32\DRIVERS\DenonDJDN-X1600.sys;c:\windows\SYSNATIVE\DRIVERS\DenonDJDN-X1600.sys [x]
R3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys;c:\windows\SYSNATIVE\Drivers\HDJAsioK.sys [x]
R3 HDJMidi;Hercules DJ Console Rmx MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys;c:\windows\SYSNATIVE\DRIVERS\HDJMidi.sys [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 jrdusbser;Mobile Connector Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys;c:\windows\SYSNATIVE\DRIVERS\jrdusbser.sys [x]
R3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\Drivers\KORGUM64.SYS;c:\windows\SYSNATIVE\Drivers\KORGUM64.SYS [x]
R3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\DRIVERS\ONDAusbmdm6k.sys;c:\windows\SYSNATIVE\DRIVERS\ONDAusbmdm6k.sys [x]
R3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\DRIVERS\ONDAusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ONDAusbnet.sys [x]
R3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\DRIVERS\ONDAusbnmea.sys;c:\windows\SYSNATIVE\DRIVERS\ONDAusbnmea.sys [x]
R3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\DRIVERS\ONDAusbser6k.sys;c:\windows\SYSNATIVE\DRIVERS\ONDAusbser6k.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ta6avs;Traktor Audio 6 WDM Audio;c:\windows\system32\Drivers\ta6avs.sys;c:\windows\SYSNATIVE\Drivers\ta6avs.sys [x]
R3 ta6usb_svc;Traktor Audio 6;c:\windows\system32\Drivers\ta6usb.sys;c:\windows\SYSNATIVE\Drivers\ta6usb.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 vodafone_K3805-z_cdc_acm;Vodafone K3805-z CDC-ACM driver (ZTE);c:\windows\system32\DRIVERS\vodafone_K3805-z_cdc_acm.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_K3805-z_cdc_acm.sys [x]
R3 vodafone_K3805-z_cdc_ecm;vodafone_K3805-z_cdc_ecm;c:\windows\system32\DRIVERS\vodafone_K3805-z_cdc_ecm.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_K3805-z_cdc_ecm.sys [x]
R3 vodafone_K3805-z_cpo;Vodafone K3805-z Install;c:\windows\system32\DRIVERS\vodafone_K3805-z_cpo.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_K3805-z_cpo.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R3 ZTEusbMB;ZTE NMEAExt2 Port;c:\windows\system32\DRIVERS\ZTEusbnmeaext2.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbnmeaext2.sys [x]
R3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\DRIVERS\ZTEusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbwwan.sys [x]
R4 Alcatel Limo Modem Device Helper;Alcatel Limo Modem Device Helper;c:\program files (x86)\INet\BackgroundService\ServiceManager.exe;c:\program files (x86)\INet\BackgroundService\ServiceManager.exe [x]
R4 CLKMSVC10_38F51D56;CyberLink Product - 2013/07/03 10:33;c:\program files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [x]
R4 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
R4 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
R4 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R4 WTabletServicePro;Wacom Professional Service;c:\program files\Tablet\Wacom\WTabletServicePro.exe;c:\program files\Tablet\Wacom\WTabletServicePro.exe [x]
R4 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AGSService;Adobe Genuine Software Integrity Service;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 chromoting;Chrome Remote Desktop Service;c:\program files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe;c:\program files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DN-X1600AudioDevMon;DN-X1600 Audio Device Monitor;c:\program files (x86)\Denon DJ\DN-X1600\AudioDevMon.exe;c:\program files (x86)\Denon DJ\DN-X1600\AudioDevMon.exe [x]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys;c:\windows\SYSNATIVE\DRIVERS\qicflt.sys [x]
S3 vodafone_K3805-z_dc_enum;Vodafone K3805-z DC Enumerator (ZTE);c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_K3805-z_dc_enum.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-03-08 19:51 1106072 ----a-w- c:\program files (x86)\Google\Chrome\Application\49.0.2623.75\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 16:42]
.
2015-09-12 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000Core.job
- c:\users\Ahmed\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20 07:28]
.
2015-09-12 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000UA.job
- c:\users\Ahmed\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20 07:28]
.
2015-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-12 01:29]
.
2015-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0e77a487fc07f.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-12 01:29]
.
2016-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d13382d7c92e76.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-12 01:29]
.
2015-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-12 01:29]
.
2015-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d0e77a48d310a8.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-12 01:29]
.
2016-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d13382d806114a.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-12 01:29]
.
2015-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000Core.job
- c:\users\Ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 01:38]
.
2015-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000Core1d0e77b9028ab6d.job
- c:\users\Ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 01:38]
.
2016-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000Core1d13382d7c97c97.job
- c:\users\Ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 01:38]
.
2015-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000UA.job
- c:\users\Ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 01:38]
.
2015-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000UA1d0e77b90479d50.job
- c:\users\Ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 01:38]
.
2016-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000UA1d13382d8392ffa.job
- c:\users\Ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 01:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2016-01-16 04:45 775096 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2016-01-16 04:45 775096 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2016-01-16 04:45 775096 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2015-04-16 15:42 997536 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2015-04-16 15:42 997536 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2015-04-16 15:42 997536 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 236352 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 236352 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 236352 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 236352 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 236352 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 236352 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 236352 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 236352 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-02-17 19:12 905248 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-17 1128448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2015-10-30 508104]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-12-18 170256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Drivers32]
"midi9"=KORGUM64.DRV
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office15\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{EB1C81B6-A163-4BF3-94BF-2C61C37874BB}: NameServer = 83.224.66.134 83.224.70.93
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-AudioRealism Bass Line 2_is1 - c:\program files (x86)\Ableton\ABL2\unins000.exe
AddRemove-Native Instruments Controller Editor - c:\programdata\{9477ED15-E4A3-4984-9B76-31F573D8EAAF}\Controller Editor Setup PC.exe
AddRemove-Native Instruments Service Center - c:\programdata\{F2610326-6A40-4BBC-9FBC-7F05356A912A}\Service Center Setup PC.exe
AddRemove-Native Instruments Traktor 2 - c:\programdata\{E54DB1D4-CC7D-414E-8BED-584C447836EA}\Traktor 2 Setup PC.exe
AddRemove-{0886900B-B2F3-452C-B580-60F1253F7F80} - c:\programdata\{9477ED15-E4A3-4984-9B76-31F573D8EAAF}\Controller Editor Setup PC.exe
AddRemove-{0B8565BA-BAD5-4732-B122-5FD78EFC50A9} - c:\programdata\{F2610326-6A40-4BBC-9FBC-7F05356A912A}\Service Center Setup PC.exe
AddRemove-{2AAC4085-DCBF-417B-AEBD-182197839240} - c:\programdata\{2ED18044-7049-4E7A-A58D-4017348FCDB7}\Traktor Setup.exe
AddRemove-{A8EC0CC0-AD8D-4244-B080-424EDF7A7634} - c:\programdata\{E54DB1D4-CC7D-414E-8BED-584C447836EA}\Traktor 2 Setup PC.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3886721561-2564760882-2778430979-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*l%*ñ*]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3886721561-2564760882-2778430979-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*l%*ñ*\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3886721561-2564760882-2778430979-1000_Classes\Drive\ShellEx\FolderExtensions\{279A6B6B-CC7C-490B-8FA4-BFD80F1CF2AA}]
@Denied: (C D 2 3 6) (CreatorAuthority-4)
@Denied: (C D 2 3 6) (Everyone)
@Allowed: (Read) (S-1-5-21-3886721561-2564760882-2778430979-1000)
@SACL=(02 0001)
@Ace=(0x11) (1 3) (S-1-16-12288)
"DriveMask"=dword:ffffffff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_185_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_185_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:8e,e7,d2,7d,8f,68,37,43,29,06,df,25,31,61,07,42,7f,39,50,c4,b2,
   43,b9,b2,89,cc,1d,83,92,d9,d5,bc,6b,3d,2a,40,9b,8a,f6,ba,e2,79,c3,e1,c5,f7,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{279A6B6B-CC7C-490B-8FA4-BFD80F1CF2AA}]
@Denied: (C D 2 3 6) (CreatorAuthority-4)
@Denied: (C D 2 3 6) (Everyone)
@SACL=(02 0001)
@Ace=(0x11) (1 3) (S-1-16-12288)
"DriveMask"=dword:ffffffff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:8e,e7,d2,7d,8f,68,37,43,29,06,df,25,31,61,07,42,7f,39,50,c4,b2,
   43,b9,b2,89,cc,1d,83,92,d9,d5,bc,6b,3d,2a,40,9b,8a,f6,ba,e2,79,c3,e1,c5,f7,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.micro...cuments/2003\0]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.micro...8B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-03-09  08:42:28
ComboFix-quarantined-files.txt  2016-03-09 16:42
ComboFix2.txt  2016-02-17 00:11
.
Pre-Run: 222,121,054,208 bytes free
Post-Run: 221,792,157,696 bytes free
.
- - End Of File - - 04777B955D5ECFB761032883B69DB08F

  • 0

Advertisements


#17
ahhhmeddd

ahhhmeddd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

computer feels a little more responsive, but the fans are still loud - cpu usage still fluctuating (up to 40%) with no major apps running.


  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Intriguing, combofix is not seeing it

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:
 

Folder::
C:\Users\Ahmed\AppData\Roaming\Microsoft\Protect


Save this as CFScript.txt, in the same location as ComboFix.exe


CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#19
ahhhmeddd

ahhhmeddd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
ComboFix 16-03-07.01 - Ahmed 09/03/2016  10:41:28.3.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8140.5054 [GMT -8:00]
Running from: c:\users\Ahmed\Desktop\ComboFix.exe
Command switches used :: c:\users\Ahmed\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\_ctypes.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\_elementtree.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\_hashlib.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\_multiprocessing.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\_psutil_windows.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\_socket.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\_ssl.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\_yappi.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\common.time34.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\hashobjs_ext.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\pyexpat.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\pysqlite2._sqlite.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\python27.dll
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\pythoncom27.dll
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\PyWinTypes27.dll
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\select.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\thumbnails_ext.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\unicodedata.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\usb_ext.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\win32api.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\win32com.shell.shell.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\win32crypt.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\win32event.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\win32file.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\win32gui.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\win32inet.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\win32pdh.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\win32pipe.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\win32process.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\win32profile.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\win32security.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\win32ts.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\windows._lib_cacheinvalidation.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\wx._animate.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\wx._controls_.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\wx._core_.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\wx._gdi_.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\wx._html2.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\wx._misc_.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\wx._windows_.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\wx._wizard.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\wxbase30u_net_vc90.dll
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\wxbase30u_vc90.dll
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\wxmsw30u_adv_vc90.dll
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\wxmsw30u_core_vc90.dll
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\wxmsw30u_html_vc90.dll
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\wxmsw30u_webview_vc90.dll
c:\users\Ahmed\AppData\Roaming\Microsoft\Protect
c:\users\Ahmed\AppData\Roaming\Microsoft\Protect\CREDHIST
c:\users\Ahmed\AppData\Roaming\Microsoft\Protect\S-1-5-21-3886721561-2564760882-2778430979-1000\4aba67a4-1f59-4e1d-83be-1fada8490f98
c:\users\Ahmed\AppData\Roaming\Microsoft\Protect\S-1-5-21-3886721561-2564760882-2778430979-1000\Preferred
.
.
(((((((((((((((((((((((((   Files Created from 2016-02-09 to 2016-03-09  )))))))))))))))))))))))))))))))
.
.
2016-03-09 18:55 . 2016-03-09 18:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-03-09 01:40 . 2016-03-09 01:40 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2016-03-08 19:19 . 2016-02-09 06:10 815312 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe
2016-03-08 19:18 . 2016-03-08 19:26 -------- d-----w- c:\program files (x86)\AdwCleaner
2016-03-08 18:35 . 2016-02-05 18:54 41472 ----a-w- c:\windows\system32\lpk.dll
2016-03-03 18:46 . 2016-03-05 18:59 -------- d-----w- c:\users\Ahmed\AppData\Local\CrashDumps
2016-02-28 02:32 . 2016-02-28 02:32 -------- d-----w- c:\programdata\Denon DJ
2016-02-28 02:32 . 2016-02-28 02:32 -------- d-----w- c:\users\Ahmed\AppData\Local\Denon DJ
2016-02-28 01:58 . 2016-02-28 01:58 -------- d-----w- c:\program files\Denon DJ
2016-02-28 01:58 . 2016-02-28 01:58 -------- d-----w- c:\program files (x86)\Denon DJ
2016-02-28 01:56 . 2016-02-28 01:56 -------- d-----w- c:\programdata\inMusic
2016-02-18 00:44 . 2016-02-18 02:57 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-02-18 00:44 . 2016-02-18 01:55 -------- d-----w- c:\programdata\RogueKiller
2016-02-17 23:12 . 2016-03-09 01:47 -------- d-----w- C:\FRST
2016-02-17 19:12 . 2016-02-17 19:12 398152 ----a-w- c:\windows\system32\aswBoot.exe
2016-02-17 19:12 . 2016-02-17 19:12 52184 ----a-w- c:\windows\avastSS.scr
2016-02-17 02:56 . 2016-02-17 03:39 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2016-02-17 02:48 . 2016-02-17 02:48 -------- d-----w- c:\program files (x86)\Common Files\Native Instruments
2016-02-17 00:33 . 2016-02-17 02:07 -------- d-----w- C:\EEK
2016-02-16 11:20 . 2016-02-18 04:56 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-02-16 11:20 . 2016-02-17 02:55 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-02-16 11:20 . 2015-10-05 17:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-02-16 11:20 . 2015-10-05 17:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-02-16 11:20 . 2016-02-16 11:20 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-02-16 11:20 . 2016-02-16 11:20 -------- d-----w- c:\programdata\Malwarebytes
2016-02-16 01:41 . 2016-02-16 01:41 -------- d-----w- C:\Backup
2016-02-16 00:01 . 2016-02-16 00:01 -------- d-----w- c:\program files\Movie Maker
2016-02-16 00:01 . 2016-02-16 00:01 -------- d-----w- C:\drmsoft
2016-02-09 19:13 . 2016-01-07 17:42 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2016-02-09 19:13 . 2015-12-20 18:50 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2016-02-09 19:13 . 2015-12-20 18:50 3180544 ----a-w- c:\windows\system32\rdpcorets.dll
2016-02-09 19:13 . 2015-12-20 14:08 243200 ----a-w- c:\windows\system32\rdpudd.dll
2016-02-09 19:13 . 2016-01-16 19:01 2085888 ----a-w- c:\windows\system32\ole32.dll
2016-02-09 19:12 . 2016-01-22 06:18 961024 ----a-w- c:\windows\system32\CPFilters.dll
2016-02-09 19:12 . 2016-01-22 06:18 723968 ----a-w- c:\windows\system32\EncDec.dll
2016-02-09 19:12 . 2016-01-22 06:04 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2016-02-09 19:12 . 2016-01-22 06:04 535040 ----a-w- c:\windows\SysWow64\EncDec.dll
2016-02-09 19:12 . 2016-01-22 06:17 159744 ----a-w- c:\windows\system32\mtxoci.dll
2016-02-09 19:12 . 2016-01-22 06:02 290816 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaora.dll
2016-02-09 19:11 . 2016-01-22 06:19 14179840 ----a-w- c:\windows\system32\shell32.dll
2016-02-09 19:11 . 2016-01-22 06:15 1866752 ----a-w- c:\windows\system32\ExplorerFrame.dll
2016-02-09 19:11 . 2016-01-22 06:12 1940992 ----a-w- c:\windows\system32\authui.dll
2016-02-09 19:11 . 2016-01-22 05:19 3231232 ----a-w- c:\windows\explorer.exe
2016-02-09 19:11 . 2016-01-22 05:12 2973184 ----a-w- c:\windows\SysWow64\explorer.exe
2016-02-09 19:11 . 2016-01-22 06:00 1498624 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2016-02-09 19:11 . 2016-01-22 05:59 1805824 ----a-w- c:\windows\SysWow64\authui.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-09 16:15 . 2011-09-05 14:32 1070904 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2016-03-09 16:15 . 2011-09-05 14:32 107792 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2016-03-08 20:55 . 2011-09-05 01:55 143659408 ----a-w- c:\windows\system32\MRT.exe
2016-02-23 19:15 . 2011-09-05 14:32 463744 ----a-w- c:\windows\system32\drivers\aswsp.sys
2016-02-17 19:16 . 2013-03-14 15:21 287016 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2016-02-17 19:12 . 2014-01-05 10:53 165344 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-02-17 19:12 . 2014-05-13 08:14 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-02-17 19:12 . 2013-03-14 15:21 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-02-17 19:12 . 2012-02-25 09:29 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-02-12 18:39 . 2016-03-08 18:36 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll
2016-02-12 18:06 . 2016-03-08 18:36 573440 ----a-w- c:\windows\SysWow64\wuapi.dll
2016-02-12 18:05 . 2016-03-08 18:36 93696 ----a-w- c:\windows\SysWow64\wudriver.dll
2016-02-12 18:05 . 2016-03-08 18:36 30208 ----a-w- c:\windows\SysWow64\wups.dll
2016-02-12 18:05 . 2016-03-08 18:36 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2016-02-11 18:44 . 2016-03-08 18:36 3994560 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2016-02-11 18:44 . 2016-03-08 18:36 3938240 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2016-02-11 18:41 . 2016-03-08 18:36 1314328 ----a-w- c:\windows\SysWow64\ntdll.dll
2016-02-11 18:38 . 2016-03-08 18:36 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2016-02-11 18:38 . 2016-03-08 18:36 665088 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2016-02-11 18:38 . 2016-03-08 18:36 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2016-02-11 18:38 . 2016-03-08 18:36 171520 ----a-w- c:\windows\SysWow64\wdigest.dll
2016-02-11 18:38 . 2016-03-08 18:36 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2016-02-11 18:37 . 2016-03-08 18:36 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2016-02-11 18:37 . 2016-03-08 18:36 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2016-02-11 18:37 . 2016-03-08 18:36 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2016-02-11 18:35 . 2016-03-08 18:36 223232 ----a-w- c:\windows\SysWow64\ncrypt.dll
2016-02-11 18:35 . 2016-03-08 18:36 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2016-02-11 18:35 . 2016-03-08 18:36 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2016-02-11 18:30 . 2016-03-08 18:36 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-02-11 17:32 . 2016-03-08 18:36 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2016-02-11 17:32 . 2016-03-08 18:36 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2016-02-11 17:32 . 2016-03-08 18:36 2048 ----a-w- c:\windows\SysWow64\user.exe
2016-02-09 09:51 . 2016-03-08 18:35 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2016-02-09 09:13 . 2016-03-08 18:35 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx
2016-02-09 09:13 . 2016-03-08 18:35 8192 ----a-w- c:\windows\SysWow64\spwmp.dll
2016-02-08 20:51 . 2016-03-08 19:20 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2016-02-08 20:39 . 2016-03-08 19:20 496640 ----a-w- c:\windows\SysWow64\vbscript.dll
2016-02-08 20:37 . 2016-03-08 19:20 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2016-02-08 20:01 . 2016-03-08 19:20 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2016-02-08 19:43 . 2016-03-08 19:20 2121216 ----a-w- c:\windows\SysWow64\wininet.dll
2016-02-03 18:49 . 2016-03-08 18:36 572416 ----a-w- c:\windows\SysWow64\oleaut32.dll
2016-01-22 06:02 . 2016-02-09 19:12 114176 ----a-w- c:\windows\SysWow64\mtxoci.dll
2016-01-22 06:02 . 2016-02-09 19:12 176128 ----a-w- c:\windows\SysWow64\msorcl32.dll
2016-01-16 18:36 . 2016-02-09 19:13 1413632 ----a-w- c:\windows\SysWow64\ole32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 199488 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 199488 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 199488 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 199488 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 199488 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 199488 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 199488 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 199488 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-01-13 03:02 1741104 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-01-13 03:02 1741104 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-01-13 03:02 1741104 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2016-01-16 23499656]
"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" [2015-12-18 881336]
"Dropbox Update"="c:\users\Ahmed\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-20 134512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-03-09 7137664]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2015-07-21 5564784]
"DriveUtilitiesHelper"="c:\program files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe" [2014-05-23 1852264]
"WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe" [2014-10-23 1694048]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-11-20 767176]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe" [2015-12-18 1867448]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-03-07 335232]
.
c:\users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ahmed\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2016-2-17 25122080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi9"=KORGUM64.DRV
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
R2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 applebmt;Apple Wireless Mouse;c:\windows\system32\DRIVERS\applebmt.sys;c:\windows\SYSNATIVE\DRIVERS\applebmt.sys [x]
R3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\DRIVERS\aswTap.sys;c:\windows\SYSNATIVE\DRIVERS\aswTap.sys [x]
R3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys;c:\windows\SYSNATIVE\Drivers\HDJBulk.sys [x]
R3 DN-X1600;Service for Denon DJ DN-X1600;c:\windows\system32\DRIVERS\DenonDJDN-X1600.sys;c:\windows\SYSNATIVE\DRIVERS\DenonDJDN-X1600.sys [x]
R3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys;c:\windows\SYSNATIVE\Drivers\HDJAsioK.sys [x]
R3 HDJMidi;Hercules DJ Console Rmx MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys;c:\windows\SYSNATIVE\DRIVERS\HDJMidi.sys [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 jrdusbser;Mobile Connector Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys;c:\windows\SYSNATIVE\DRIVERS\jrdusbser.sys [x]
R3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\Drivers\KORGUM64.SYS;c:\windows\SYSNATIVE\Drivers\KORGUM64.SYS [x]
R3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\DRIVERS\ONDAusbmdm6k.sys;c:\windows\SYSNATIVE\DRIVERS\ONDAusbmdm6k.sys [x]
R3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\DRIVERS\ONDAusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ONDAusbnet.sys [x]
R3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\DRIVERS\ONDAusbnmea.sys;c:\windows\SYSNATIVE\DRIVERS\ONDAusbnmea.sys [x]
R3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\DRIVERS\ONDAusbser6k.sys;c:\windows\SYSNATIVE\DRIVERS\ONDAusbser6k.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ta6avs;Traktor Audio 6 WDM Audio;c:\windows\system32\Drivers\ta6avs.sys;c:\windows\SYSNATIVE\Drivers\ta6avs.sys [x]
R3 ta6usb_svc;Traktor Audio 6;c:\windows\system32\Drivers\ta6usb.sys;c:\windows\SYSNATIVE\Drivers\ta6usb.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 vodafone_K3805-z_cdc_acm;Vodafone K3805-z CDC-ACM driver (ZTE);c:\windows\system32\DRIVERS\vodafone_K3805-z_cdc_acm.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_K3805-z_cdc_acm.sys [x]
R3 vodafone_K3805-z_cdc_ecm;vodafone_K3805-z_cdc_ecm;c:\windows\system32\DRIVERS\vodafone_K3805-z_cdc_ecm.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_K3805-z_cdc_ecm.sys [x]
R3 vodafone_K3805-z_cpo;Vodafone K3805-z Install;c:\windows\system32\DRIVERS\vodafone_K3805-z_cpo.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_K3805-z_cpo.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R3 ZTEusbMB;ZTE NMEAExt2 Port;c:\windows\system32\DRIVERS\ZTEusbnmeaext2.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbnmeaext2.sys [x]
R3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\DRIVERS\ZTEusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbwwan.sys [x]
R4 Alcatel Limo Modem Device Helper;Alcatel Limo Modem Device Helper;c:\program files (x86)\INet\BackgroundService\ServiceManager.exe;c:\program files (x86)\INet\BackgroundService\ServiceManager.exe [x]
R4 CLKMSVC10_38F51D56;CyberLink Product - 2013/07/03 10:33;c:\program files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [x]
R4 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
R4 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
R4 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R4 WTabletServicePro;Wacom Professional Service;c:\program files\Tablet\Wacom\WTabletServicePro.exe;c:\program files\Tablet\Wacom\WTabletServicePro.exe [x]
R4 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AGSService;Adobe Genuine Software Integrity Service;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 chromoting;Chrome Remote Desktop Service;c:\program files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe;c:\program files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DN-X1600AudioDevMon;DN-X1600 Audio Device Monitor;c:\program files (x86)\Denon DJ\DN-X1600\AudioDevMon.exe;c:\program files (x86)\Denon DJ\DN-X1600\AudioDevMon.exe [x]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys;c:\windows\SYSNATIVE\DRIVERS\qicflt.sys [x]
S3 vodafone_K3805-z_dc_enum;Vodafone K3805-z DC Enumerator (ZTE);c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_K3805-z_dc_enum.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-03-08 19:51 1106072 ----a-w- c:\program files (x86)\Google\Chrome\Application\49.0.2623.75\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 16:42]
.
2015-09-12 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000Core.job
- c:\users\Ahmed\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20 07:28]
.
2015-09-12 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000UA.job
- c:\users\Ahmed\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20 07:28]
.
2015-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-12 01:29]
.
2015-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0e77a487fc07f.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-12 01:29]
.
2016-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d13382d7c92e76.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-12 01:29]
.
2015-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-12 01:29]
.
2015-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d0e77a48d310a8.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-12 01:29]
.
2016-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d13382d806114a.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-12 01:29]
.
2015-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000Core.job
- c:\users\Ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 01:38]
.
2015-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000Core1d0e77b9028ab6d.job
- c:\users\Ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 01:38]
.
2016-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000Core1d13382d7c97c97.job
- c:\users\Ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 01:38]
.
2015-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000UA.job
- c:\users\Ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 01:38]
.
2015-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000UA1d0e77b90479d50.job
- c:\users\Ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 01:38]
.
2016-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000UA1d13382d8392ffa.job
- c:\users\Ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 01:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2016-01-16 04:45 775096 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2016-01-16 04:45 775096 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2016-01-16 04:45 775096 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2015-04-16 15:42 997536 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2015-04-16 15:42 997536 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2015-04-16 15:42 997536 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 236352 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 236352 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 236352 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 236352 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 236352 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 236352 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 236352 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 236352 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-02-17 19:12 905248 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-17 1128448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2015-10-30 508104]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-12-18 170256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Drivers32]
"midi9"=KORGUM64.DRV
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office15\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{EB1C81B6-A163-4BF3-94BF-2C61C37874BB}: NameServer = 83.224.66.134 83.224.70.93
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-AudioRealism Bass Line 2_is1 - c:\program files (x86)\Ableton\ABL2\unins000.exe
AddRemove-Native Instruments Controller Editor - c:\programdata\{9477ED15-E4A3-4984-9B76-31F573D8EAAF}\Controller Editor Setup PC.exe
AddRemove-Native Instruments Service Center - c:\programdata\{F2610326-6A40-4BBC-9FBC-7F05356A912A}\Service Center Setup PC.exe
AddRemove-Native Instruments Traktor 2 - c:\programdata\{E54DB1D4-CC7D-414E-8BED-584C447836EA}\Traktor 2 Setup PC.exe
AddRemove-{2AAC4085-DCBF-417B-AEBD-182197839240} - c:\programdata\{2ED18044-7049-4E7A-A58D-4017348FCDB7}\Traktor Setup.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3886721561-2564760882-2778430979-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*l%*ñ*]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3886721561-2564760882-2778430979-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*l%*ñ*\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3886721561-2564760882-2778430979-1000_Classes\Drive\ShellEx\FolderExtensions\{279A6B6B-CC7C-490B-8FA4-BFD80F1CF2AA}]
@Denied: (C D 2 3 6) (CreatorAuthority-4)
@Denied: (C D 2 3 6) (Everyone)
@Allowed: (Read) (S-1-5-21-3886721561-2564760882-2778430979-1000)
@SACL=(02 0001)
@Ace=(0x11) (1 3) (S-1-16-12288)
"DriveMask"=dword:ffffffff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_185_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_185_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:8e,e7,d2,7d,8f,68,37,43,29,06,df,25,31,61,07,42,7f,39,50,c4,b2,
   43,b9,b2,89,cc,1d,83,92,d9,d5,bc,6b,3d,2a,40,9b,8a,f6,ba,e2,79,c3,e1,c5,f7,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{279A6B6B-CC7C-490B-8FA4-BFD80F1CF2AA}]
@Denied: (C D 2 3 6) (CreatorAuthority-4)
@Denied: (C D 2 3 6) (Everyone)
@SACL=(02 0001)
@Ace=(0x11) (1 3) (S-1-16-12288)
"DriveMask"=dword:ffffffff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:8e,e7,d2,7d,8f,68,37,43,29,06,df,25,31,61,07,42,7f,39,50,c4,b2,
   43,b9,b2,89,cc,1d,83,92,d9,d5,bc,6b,3d,2a,40,9b,8a,f6,ba,e2,79,c3,e1,c5,f7,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.micro...cuments/2003\0]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.micro...8B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\users\Ahmed\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\Adobe\Acrobat DC\Acrobat\AcroDist.exe
.
**************************************************************************
.
Completion time: 2016-03-09  11:17:03 - machine was rebooted
ComboFix-quarantined-files.txt  2016-03-09 19:17
ComboFix2.txt  2016-03-09 16:42
ComboFix3.txt  2016-02-17 00:11
.
Pre-Run: 220,698,275,840 bytes free
Post-Run: 220,460,875,776 bytes free
.
- - End Of File - - B36AA2ADA3CA4D075D4A6DBD53565381

  • 0

#20
ahhhmeddd

ahhhmeddd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

so far computer looks good, avast stopped bothering with the threat alerts. what do you think from the logs?


  • 0

#21
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks nice now... Any further problems ?
  • 0

#22
ahhhmeddd

ahhhmeddd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

thanks again for your help! if anything comes up I'll let you know, but for now i think it's back to normal :)


  • 0

#23
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My pleasure and thank you for the donation :thumbsup:

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove Combofix

Click Start then Run.
On Windows7 or Vista you may use Start Search field if Run is not available.
In the box copy/paste the following command:

ComboFix /Uninstall

Note that there is a space between " ComboFix " and " /Uninstall " .

Then click OK (or press Enter ).
Wait for the uninstall process to complete.

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#24
ahhhmeddd

ahhhmeddd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

all cleeeen thank you!


  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP