ComboFix 16-03-07.01 - Ahmed 09/03/2016 10:41:28.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.5054 [GMT -8:00]
Running from: c:\users\Ahmed\Desktop\ComboFix.exe
Command switches used :: c:\users\Ahmed\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\_ctypes.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\_elementtree.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\_hashlib.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\_multiprocessing.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\_psutil_windows.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\_socket.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\_ssl.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\_yappi.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\common.time34.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\hashobjs_ext.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\pyexpat.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\pysqlite2._sqlite.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\python27.dll
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\pythoncom27.dll
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\PyWinTypes27.dll
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\select.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\thumbnails_ext.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\unicodedata.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\usb_ext.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\win32api.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\win32com.shell.shell.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\win32crypt.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\win32event.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\win32file.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\win32gui.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\win32inet.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\win32pdh.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\win32pipe.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\win32process.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\win32profile.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\win32security.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\win32ts.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\windows._lib_cacheinvalidation.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\wx._animate.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\wx._controls_.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\wx._core_.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\wx._gdi_.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\wx._html2.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\wx._misc_.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\wx._windows_.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\wx._wizard.pyd
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\wxbase30u_net_vc90.dll
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\wxbase30u_vc90.dll
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\wxmsw30u_adv_vc90.dll
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\wxmsw30u_core_vc90.dll
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\wxmsw30u_html_vc90.dll
c:\users\Ahmed\AppData\Local\Temp\_MEI140042\wxmsw30u_webview_vc90.dll
c:\users\Ahmed\AppData\Roaming\Microsoft\Protect
c:\users\Ahmed\AppData\Roaming\Microsoft\Protect\CREDHIST
c:\users\Ahmed\AppData\Roaming\Microsoft\Protect\S-1-5-21-3886721561-2564760882-2778430979-1000\4aba67a4-1f59-4e1d-83be-1fada8490f98
c:\users\Ahmed\AppData\Roaming\Microsoft\Protect\S-1-5-21-3886721561-2564760882-2778430979-1000\Preferred
.
.
((((((((((((((((((((((((( Files Created from 2016-02-09 to 2016-03-09 )))))))))))))))))))))))))))))))
.
.
2016-03-09 18:55 . 2016-03-09 18:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-03-09 01:40 . 2016-03-09 01:40 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2016-03-08 19:19 . 2016-02-09 06:10 815312 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe
2016-03-08 19:18 . 2016-03-08 19:26 -------- d-----w- c:\program files (x86)\AdwCleaner
2016-03-08 18:35 . 2016-02-05 18:54 41472 ----a-w- c:\windows\system32\lpk.dll
2016-03-03 18:46 . 2016-03-05 18:59 -------- d-----w- c:\users\Ahmed\AppData\Local\CrashDumps
2016-02-28 02:32 . 2016-02-28 02:32 -------- d-----w- c:\programdata\Denon DJ
2016-02-28 02:32 . 2016-02-28 02:32 -------- d-----w- c:\users\Ahmed\AppData\Local\Denon DJ
2016-02-28 01:58 . 2016-02-28 01:58 -------- d-----w- c:\program files\Denon DJ
2016-02-28 01:58 . 2016-02-28 01:58 -------- d-----w- c:\program files (x86)\Denon DJ
2016-02-28 01:56 . 2016-02-28 01:56 -------- d-----w- c:\programdata\inMusic
2016-02-18 00:44 . 2016-02-18 02:57 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-02-18 00:44 . 2016-02-18 01:55 -------- d-----w- c:\programdata\RogueKiller
2016-02-17 23:12 . 2016-03-09 01:47 -------- d-----w- C:\FRST
2016-02-17 19:12 . 2016-02-17 19:12 398152 ----a-w- c:\windows\system32\aswBoot.exe
2016-02-17 19:12 . 2016-02-17 19:12 52184 ----a-w- c:\windows\avastSS.scr
2016-02-17 02:56 . 2016-02-17 03:39 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2016-02-17 02:48 . 2016-02-17 02:48 -------- d-----w- c:\program files (x86)\Common Files\Native Instruments
2016-02-17 00:33 . 2016-02-17 02:07 -------- d-----w- C:\EEK
2016-02-16 11:20 . 2016-02-18 04:56 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-02-16 11:20 . 2016-02-17 02:55 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-02-16 11:20 . 2015-10-05 17:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-02-16 11:20 . 2015-10-05 17:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-02-16 11:20 . 2016-02-16 11:20 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-02-16 11:20 . 2016-02-16 11:20 -------- d-----w- c:\programdata\Malwarebytes
2016-02-16 01:41 . 2016-02-16 01:41 -------- d-----w- C:\Backup
2016-02-16 00:01 . 2016-02-16 00:01 -------- d-----w- c:\program files\Movie Maker
2016-02-16 00:01 . 2016-02-16 00:01 -------- d-----w- C:\drmsoft
2016-02-09 19:13 . 2016-01-07 17:42 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2016-02-09 19:13 . 2015-12-20 18:50 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2016-02-09 19:13 . 2015-12-20 18:50 3180544 ----a-w- c:\windows\system32\rdpcorets.dll
2016-02-09 19:13 . 2015-12-20 14:08 243200 ----a-w- c:\windows\system32\rdpudd.dll
2016-02-09 19:13 . 2016-01-16 19:01 2085888 ----a-w- c:\windows\system32\ole32.dll
2016-02-09 19:12 . 2016-01-22 06:18 961024 ----a-w- c:\windows\system32\CPFilters.dll
2016-02-09 19:12 . 2016-01-22 06:18 723968 ----a-w- c:\windows\system32\EncDec.dll
2016-02-09 19:12 . 2016-01-22 06:04 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2016-02-09 19:12 . 2016-01-22 06:04 535040 ----a-w- c:\windows\SysWow64\EncDec.dll
2016-02-09 19:12 . 2016-01-22 06:17 159744 ----a-w- c:\windows\system32\mtxoci.dll
2016-02-09 19:12 . 2016-01-22 06:02 290816 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaora.dll
2016-02-09 19:11 . 2016-01-22 06:19 14179840 ----a-w- c:\windows\system32\shell32.dll
2016-02-09 19:11 . 2016-01-22 06:15 1866752 ----a-w- c:\windows\system32\ExplorerFrame.dll
2016-02-09 19:11 . 2016-01-22 06:12 1940992 ----a-w- c:\windows\system32\authui.dll
2016-02-09 19:11 . 2016-01-22 05:19 3231232 ----a-w- c:\windows\explorer.exe
2016-02-09 19:11 . 2016-01-22 05:12 2973184 ----a-w- c:\windows\SysWow64\explorer.exe
2016-02-09 19:11 . 2016-01-22 06:00 1498624 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2016-02-09 19:11 . 2016-01-22 05:59 1805824 ----a-w- c:\windows\SysWow64\authui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-09 16:15 . 2011-09-05 14:32 1070904 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2016-03-09 16:15 . 2011-09-05 14:32 107792 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2016-03-08 20:55 . 2011-09-05 01:55 143659408 ----a-w- c:\windows\system32\MRT.exe
2016-02-23 19:15 . 2011-09-05 14:32 463744 ----a-w- c:\windows\system32\drivers\aswsp.sys
2016-02-17 19:16 . 2013-03-14 15:21 287016 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2016-02-17 19:12 . 2014-01-05 10:53 165344 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-02-17 19:12 . 2014-05-13 08:14 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-02-17 19:12 . 2013-03-14 15:21 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-02-17 19:12 . 2012-02-25 09:29 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-02-12 18:39 . 2016-03-08 18:36 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll
2016-02-12 18:06 . 2016-03-08 18:36 573440 ----a-w- c:\windows\SysWow64\wuapi.dll
2016-02-12 18:05 . 2016-03-08 18:36 93696 ----a-w- c:\windows\SysWow64\wudriver.dll
2016-02-12 18:05 . 2016-03-08 18:36 30208 ----a-w- c:\windows\SysWow64\wups.dll
2016-02-12 18:05 . 2016-03-08 18:36 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2016-02-11 18:44 . 2016-03-08 18:36 3994560 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2016-02-11 18:44 . 2016-03-08 18:36 3938240 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2016-02-11 18:41 . 2016-03-08 18:36 1314328 ----a-w- c:\windows\SysWow64\ntdll.dll
2016-02-11 18:38 . 2016-03-08 18:36 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2016-02-11 18:38 . 2016-03-08 18:36 665088 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2016-02-11 18:38 . 2016-03-08 18:36 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2016-02-11 18:38 . 2016-03-08 18:36 171520 ----a-w- c:\windows\SysWow64\wdigest.dll
2016-02-11 18:38 . 2016-03-08 18:36 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2016-02-11 18:37 . 2016-03-08 18:36 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2016-02-11 18:37 . 2016-03-08 18:36 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2016-02-11 18:37 . 2016-03-08 18:36 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2016-02-11 18:35 . 2016-03-08 18:36 223232 ----a-w- c:\windows\SysWow64\ncrypt.dll
2016-02-11 18:35 . 2016-03-08 18:36 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2016-02-11 18:35 . 2016-03-08 18:36 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2016-02-11 18:30 . 2016-03-08 18:36 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-02-11 17:32 . 2016-03-08 18:36 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2016-02-11 17:32 . 2016-03-08 18:36 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2016-02-11 17:32 . 2016-03-08 18:36 2048 ----a-w- c:\windows\SysWow64\user.exe
2016-02-09 09:51 . 2016-03-08 18:35 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2016-02-09 09:13 . 2016-03-08 18:35 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx
2016-02-09 09:13 . 2016-03-08 18:35 8192 ----a-w- c:\windows\SysWow64\spwmp.dll
2016-02-08 20:51 . 2016-03-08 19:20 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2016-02-08 20:39 . 2016-03-08 19:20 496640 ----a-w- c:\windows\SysWow64\vbscript.dll
2016-02-08 20:37 . 2016-03-08 19:20 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2016-02-08 20:01 . 2016-03-08 19:20 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2016-02-08 19:43 . 2016-03-08 19:20 2121216 ----a-w- c:\windows\SysWow64\wininet.dll
2016-02-03 18:49 . 2016-03-08 18:36 572416 ----a-w- c:\windows\SysWow64\oleaut32.dll
2016-01-22 06:02 . 2016-02-09 19:12 114176 ----a-w- c:\windows\SysWow64\mtxoci.dll
2016-01-22 06:02 . 2016-02-09 19:12 176128 ----a-w- c:\windows\SysWow64\msorcl32.dll
2016-01-16 18:36 . 2016-02-09 19:13 1413632 ----a-w- c:\windows\SysWow64\ole32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 199488 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 199488 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 199488 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 199488 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 199488 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 199488 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 199488 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 199488 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-01-13 03:02 1741104 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-01-13 03:02 1741104 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-01-13 03:02 1741104 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2016-01-16 23499656]
"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" [2015-12-18 881336]
"Dropbox Update"="c:\users\Ahmed\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-20 134512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-03-09 7137664]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2015-07-21 5564784]
"DriveUtilitiesHelper"="c:\program files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe" [2014-05-23 1852264]
"WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe" [2014-10-23 1694048]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-11-20 767176]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe" [2015-12-18 1867448]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-03-07 335232]
.
c:\users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ahmed\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2016-2-17 25122080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi9"=KORGUM64.DRV
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
R2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 applebmt;Apple Wireless Mouse;c:\windows\system32\DRIVERS\applebmt.sys;c:\windows\SYSNATIVE\DRIVERS\applebmt.sys [x]
R3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\DRIVERS\aswTap.sys;c:\windows\SYSNATIVE\DRIVERS\aswTap.sys [x]
R3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys;c:\windows\SYSNATIVE\Drivers\HDJBulk.sys [x]
R3 DN-X1600;Service for Denon DJ DN-X1600;c:\windows\system32\DRIVERS\DenonDJDN-X1600.sys;c:\windows\SYSNATIVE\DRIVERS\DenonDJDN-X1600.sys [x]
R3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys;c:\windows\SYSNATIVE\Drivers\HDJAsioK.sys [x]
R3 HDJMidi;Hercules DJ Console Rmx MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys;c:\windows\SYSNATIVE\DRIVERS\HDJMidi.sys [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 jrdusbser;Mobile Connector Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys;c:\windows\SYSNATIVE\DRIVERS\jrdusbser.sys [x]
R3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\Drivers\KORGUM64.SYS;c:\windows\SYSNATIVE\Drivers\KORGUM64.SYS [x]
R3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\DRIVERS\ONDAusbmdm6k.sys;c:\windows\SYSNATIVE\DRIVERS\ONDAusbmdm6k.sys [x]
R3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\DRIVERS\ONDAusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ONDAusbnet.sys [x]
R3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\DRIVERS\ONDAusbnmea.sys;c:\windows\SYSNATIVE\DRIVERS\ONDAusbnmea.sys [x]
R3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\DRIVERS\ONDAusbser6k.sys;c:\windows\SYSNATIVE\DRIVERS\ONDAusbser6k.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ta6avs;Traktor Audio 6 WDM Audio;c:\windows\system32\Drivers\ta6avs.sys;c:\windows\SYSNATIVE\Drivers\ta6avs.sys [x]
R3 ta6usb_svc;Traktor Audio 6;c:\windows\system32\Drivers\ta6usb.sys;c:\windows\SYSNATIVE\Drivers\ta6usb.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 vodafone_K3805-z_cdc_acm;Vodafone K3805-z CDC-ACM driver (ZTE);c:\windows\system32\DRIVERS\vodafone_K3805-z_cdc_acm.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_K3805-z_cdc_acm.sys [x]
R3 vodafone_K3805-z_cdc_ecm;vodafone_K3805-z_cdc_ecm;c:\windows\system32\DRIVERS\vodafone_K3805-z_cdc_ecm.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_K3805-z_cdc_ecm.sys [x]
R3 vodafone_K3805-z_cpo;Vodafone K3805-z Install;c:\windows\system32\DRIVERS\vodafone_K3805-z_cpo.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_K3805-z_cpo.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R3 ZTEusbMB;ZTE NMEAExt2 Port;c:\windows\system32\DRIVERS\ZTEusbnmeaext2.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbnmeaext2.sys [x]
R3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\DRIVERS\ZTEusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbwwan.sys [x]
R4 Alcatel Limo Modem Device Helper;Alcatel Limo Modem Device Helper;c:\program files (x86)\INet\BackgroundService\ServiceManager.exe;c:\program files (x86)\INet\BackgroundService\ServiceManager.exe [x]
R4 CLKMSVC10_38F51D56;CyberLink Product - 2013/07/03 10:33;c:\program files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [x]
R4 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
R4 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
R4 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R4 WTabletServicePro;Wacom Professional Service;c:\program files\Tablet\Wacom\WTabletServicePro.exe;c:\program files\Tablet\Wacom\WTabletServicePro.exe [x]
R4 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AGSService;Adobe Genuine Software Integrity Service;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 chromoting;Chrome Remote Desktop Service;c:\program files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe;c:\program files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DN-X1600AudioDevMon;DN-X1600 Audio Device Monitor;c:\program files (x86)\Denon DJ\DN-X1600\AudioDevMon.exe;c:\program files (x86)\Denon DJ\DN-X1600\AudioDevMon.exe [x]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys;c:\windows\SYSNATIVE\DRIVERS\qicflt.sys [x]
S3 vodafone_K3805-z_dc_enum;Vodafone K3805-z DC Enumerator (ZTE);c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_K3805-z_dc_enum.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-03-08 19:51 1106072 ----a-w- c:\program files (x86)\Google\Chrome\Application\49.0.2623.75\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 16:42]
.
2015-09-12 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000Core.job
- c:\users\Ahmed\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20 07:28]
.
2015-09-12 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000UA.job
- c:\users\Ahmed\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20 07:28]
.
2015-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-12 01:29]
.
2015-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0e77a487fc07f.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-12 01:29]
.
2016-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d13382d7c92e76.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-12 01:29]
.
2015-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-12 01:29]
.
2015-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d0e77a48d310a8.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-12 01:29]
.
2016-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d13382d806114a.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-12 01:29]
.
2015-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000Core.job
- c:\users\Ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 01:38]
.
2015-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000Core1d0e77b9028ab6d.job
- c:\users\Ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 01:38]
.
2016-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000Core1d13382d7c97c97.job
- c:\users\Ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 01:38]
.
2015-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000UA.job
- c:\users\Ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 01:38]
.
2015-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000UA1d0e77b90479d50.job
- c:\users\Ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 01:38]
.
2016-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000UA1d13382d8392ffa.job
- c:\users\Ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 01:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2016-01-16 04:45 775096 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2016-01-16 04:45 775096 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2016-01-16 04:45 775096 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2015-04-16 15:42 997536 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2015-04-16 15:42 997536 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2015-04-16 15:42 997536 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 236352 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 236352 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 236352 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 236352 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 236352 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 236352 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 236352 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 236352 ----a-w- c:\users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-02-17 19:12 905248 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-17 1128448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2015-10-30 508104]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-12-18 170256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Drivers32]
"midi9"=KORGUM64.DRV
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office15\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{EB1C81B6-A163-4BF3-94BF-2C61C37874BB}: NameServer = 83.224.66.134 83.224.70.93
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-AudioRealism Bass Line 2_is1 - c:\program files (x86)\Ableton\ABL2\unins000.exe
AddRemove-Native Instruments Controller Editor - c:\programdata\{9477ED15-E4A3-4984-9B76-31F573D8EAAF}\Controller Editor Setup PC.exe
AddRemove-Native Instruments Service Center - c:\programdata\{F2610326-6A40-4BBC-9FBC-7F05356A912A}\Service Center Setup PC.exe
AddRemove-Native Instruments Traktor 2 - c:\programdata\{E54DB1D4-CC7D-414E-8BED-584C447836EA}\Traktor 2 Setup PC.exe
AddRemove-{2AAC4085-DCBF-417B-AEBD-182197839240} - c:\programdata\{2ED18044-7049-4E7A-A58D-4017348FCDB7}\Traktor Setup.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3886721561-2564760882-2778430979-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*l%*ñ*]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3886721561-2564760882-2778430979-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*l%*ñ*\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3886721561-2564760882-2778430979-1000_Classes\Drive\ShellEx\FolderExtensions\{279A6B6B-CC7C-490B-8FA4-BFD80F1CF2AA}]
@Denied: (C D 2 3 6) (CreatorAuthority-4)
@Denied: (C D 2 3 6) (Everyone)
@Allowed: (Read) (S-1-5-21-3886721561-2564760882-2778430979-1000)
@SACL=(02 0001)
@Ace=(0x11) (1 3) (S-1-16-12288)
"DriveMask"=dword:ffffffff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_185_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_185_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:8e,e7,d2,7d,8f,68,37,43,29,06,df,25,31,61,07,42,7f,39,50,c4,b2,
43,b9,b2,89,cc,1d,83,92,d9,d5,bc,6b,3d,2a,40,9b,8a,f6,ba,e2,79,c3,e1,c5,f7,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{279A6B6B-CC7C-490B-8FA4-BFD80F1CF2AA}]
@Denied: (C D 2 3 6) (CreatorAuthority-4)
@Denied: (C D 2 3 6) (Everyone)
@SACL=(02 0001)
@Ace=(0x11) (1 3) (S-1-16-12288)
"DriveMask"=dword:ffffffff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:8e,e7,d2,7d,8f,68,37,43,29,06,df,25,31,61,07,42,7f,39,50,c4,b2,
43,b9,b2,89,cc,1d,83,92,d9,d5,bc,6b,3d,2a,40,9b,8a,f6,ba,e2,79,c3,e1,c5,f7,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
.
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\users\Ahmed\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\Adobe\Acrobat DC\Acrobat\AcroDist.exe
.
**************************************************************************
.
Completion time: 2016-03-09 11:17:03 - machine was rebooted
ComboFix-quarantined-files.txt 2016-03-09 19:17
ComboFix2.txt 2016-03-09 16:42
ComboFix3.txt 2016-02-17 00:11
.
Pre-Run: 220,698,275,840 bytes free
Post-Run: 220,460,875,776 bytes free
.
- - End Of File - - B36AA2ADA3CA4D075D4A6DBD53565381