Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browsers will not run in normal mode only in safe mode


  • Please log in to reply
18 replies to this topic

#1 dogjoy

dogjoy

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 07 October 2017 - 10:13 AM

Previously resolved a CrashPlan issue in June and now don't know if this is related , probably not. Some virus has taken control of admin rights and now Win 7 runs in SAFE mode.  Chrome, Explorer,Firefox will not open but show up in Processes thru task manager.  Some programs will not open either.  I cleaned with Malwarebyte, MSEssentials, Spybot.  So I ran COMBOFIX and received full control for a short while and now 12 hrs later back to non-funtion in Normal mode.  Log for first run and then a later runs are copied below.  My free HITMAN PRO license has expired is that my next step or run COMBOFIX in SAFE Mode?
 

 

 

 

 ComboFix 17-10-04.01 - David2 10/06/2017  21:59:08.6.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8183.5190 [GMT -5:00]
Running from: m:\transfer files misc\2017 virus_crash plan clean\ComboFix.exe
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Microsoft Security Essentials *Disabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Microsoft Security Essentials *Disabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\logs\scecomp.log
.
.
(((((((((((((((((((((((((   Files Created from 2017-09-07 to 2017-10-07  )))))))))))))))))))))))))))))))
.
.
2017-10-07 03:18 . 2017-10-07 03:18 -------- d-----w- c:\users\Public\AppData\Local\temp
2017-10-07 03:18 . 2017-10-07 03:18 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2017-10-07 03:18 . 2017-10-07 03:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-10-07 02:49 . 2017-10-07 02:49 192952 ----a-w- c:\windows\system32\drivers\MbamChameleon.sys
2017-10-07 02:49 . 2017-10-07 02:49 45504 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-10-06 21:12 . 2017-10-06 21:42 -------- d-----w- c:\users\David2\AppData\Local\Mozilla
2017-10-06 21:12 . 2017-10-06 21:12 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2017-10-06 21:12 . 2017-10-06 21:12 -------- d-----w- c:\program files\Mozilla Firefox
2017-10-06 20:28 . 2017-10-06 20:28 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{05335EF2-59F3-43B3-86EE-6AA48F871273}\offreg.972.dll
2017-10-06 20:15 . 2017-10-06 20:15 -------- d-----w- c:\programdata\SplitMediaLabs
2017-10-06 20:15 . 2017-10-06 20:15 -------- d-----w- c:\program files (x86)\SplitmediaLabs
2017-10-06 20:15 . 2017-07-18 22:38 135800 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2017-10-06 20:15 . 2017-03-10 21:17 525600 ----a-w- c:\windows\SysWow64\vulkan-1.dll
2017-10-06 20:15 . 2017-03-10 21:17 233760 ----a-w- c:\windows\SysWow64\vulkaninfo.exe
2017-10-06 20:15 . 2017-03-10 21:17 536864 ----a-w- c:\windows\system32\vulkan-1.dll
2017-10-06 20:15 . 2017-03-10 21:17 254240 ----a-w- c:\windows\system32\vulkaninfo.exe
2017-10-06 20:15 . 2017-10-06 20:15 -------- d-----w- c:\program files (x86)\VulkanRT
2017-10-06 20:14 . 2017-07-18 23:24 81856 ----a-w- c:\windows\system32\nv3dappshextr.dll
2017-10-06 20:14 . 2017-07-18 23:24 6463608 ----a-w- c:\windows\system32\nvcpl.dll
2017-10-06 20:14 . 2017-07-18 23:24 2479040 ----a-w- c:\windows\system32\nvsvc64.dll
2017-10-06 20:14 . 2017-07-18 23:24 69752 ----a-w- c:\windows\system32\nvshext.dll
2017-10-06 20:14 . 2017-07-18 23:24 549312 ----a-w- c:\windows\system32\nv3dappshext.dll
2017-10-06 20:14 . 2017-07-18 23:24 392312 ----a-w- c:\windows\system32\nvmctray.dll
2017-10-06 20:14 . 2017-07-18 23:24 1762936 ----a-w- c:\windows\system32\nvsvcr.dll
2017-10-06 20:14 . 2017-07-13 01:37 8095171 ----a-w- c:\windows\system32\nvcoproc.bin
2017-10-06 20:14 . 2017-09-18 20:11 13890840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{05335EF2-59F3-43B3-86EE-6AA48F871273}\mpengine.dll
2017-10-06 20:14 . 2017-10-06 20:14 -------- d-----w- c:\users\David2\AppData\Roaming\SplitmediaLabs
2017-10-06 20:13 . 2017-07-18 22:54 1951 ----a-w- c:\windows\NvContainerRecovery.bat
2017-10-06 20:13 . 2017-10-07 02:46 -------- d-----w- c:\programdata\NVIDIA
2017-10-06 20:13 . 2017-10-06 20:15 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2017-10-06 20:12 . 2017-10-06 20:13 -------- d-----w- c:\program files (x86)\ASUS
2017-10-06 20:12 . 2017-10-06 20:16 -------- d-----w- c:\programdata\NVIDIA Corporation
2017-10-05 03:00 . 2017-09-18 20:11 13890840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2017-10-04 01:09 . 2017-10-04 01:09 -------- d-----w- C:\MATS
2017-10-04 01:03 . 2017-10-04 01:05 -------- d-----w- c:\program files (x86)\Total Uninstaller
2017-10-03 10:21 . 2017-10-03 10:21 51016 ----a-w- c:\windows\system32\DbxSvc.exe
2017-10-03 10:21 . 2017-10-03 10:21 45672 ----a-w- c:\windows\system32\drivers\dbx-dev.sys
2017-10-03 10:21 . 2017-10-03 10:21 45640 ----a-w- c:\windows\system32\drivers\dbx-stable.sys
2017-10-03 10:21 . 2017-10-03 10:21 45640 ----a-w- c:\windows\system32\drivers\dbx-canary.sys
2017-10-03 02:04 . 2017-10-06 23:07 -------- d-----w- C:\AdwCleaner
2017-10-03 01:15 . 2017-10-05 03:54 -------- d-----w- c:\program files (x86)\Dropbox
2017-10-03 01:15 . 2017-10-03 01:20 -------- d-----w- c:\users\David2\AppData\Local\Dropbox
2017-09-30 22:18 . 2017-10-03 04:22 84256 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-09-30 22:18 . 2017-10-06 14:41 77440 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-09-30 22:18 . 2017-09-30 22:18 -------- d-----w- c:\program files\Malwarebytes
2017-09-30 22:17 . 2017-09-30 22:17 -------- d-----w- c:\programdata\MB2Migration
2017-09-30 21:57 . 2017-08-14 17:35 554496 ----a-w- c:\windows\SysWow64\kerberos.dll
2017-09-30 20:44 . 2017-09-30 20:44 1057976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66AA39CD-31E6-41EB-9DFA-1D8693D4603A}\gapaengine.dll
2017-09-25 07:28 . 2017-09-25 07:28 55168 ----a-w- c:\windows\system32\drivers\fpasxlhs.sys
2017-09-20 01:14 . 2017-09-20 01:14 -------- d-----w- c:\program files\iPod
2017-09-20 01:13 . 2017-09-20 01:14 -------- d-----w- c:\program files\iTunes
2017-09-20 01:10 . 2017-09-20 01:10 -------- d-----w- c:\program files (x86)\Apple Software Update
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-10-07 02:47 . 2010-11-26 05:20 25640 ----a-w- c:\windows\gdrv.sys
2017-09-13 08:15 . 2010-11-25 15:10 138202976 -c--a-w- c:\windows\system32\MRT.exe
2017-08-30 18:23 . 2017-08-30 18:23 993632 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2017-08-30 18:23 . 2017-08-30 18:23 987840 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2017-08-30 18:23 . 2017-08-30 18:23 690008 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2017-08-30 18:23 . 2017-08-30 18:23 485576 ----a-w- c:\windows\SysWow64\msvcp120_clr0400.dll
2017-08-11 06:19 . 2017-09-13 03:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2017-08-03 21:00 . 2017-08-03 21:00 35811960 ----a-w- c:\windows\system32\nvoglv64.dll
2017-08-03 21:00 . 2017-08-03 21:00 28936824 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2017-08-03 21:00 . 2017-08-03 21:00 15491192 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2017-08-03 21:00 . 2017-08-03 21:00 618616 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2017-08-03 21:00 . 2017-08-03 21:00 981624 ----a-w- c:\windows\system32\NvIFR64.dll
2017-08-03 21:00 . 2017-08-03 21:00 932984 ----a-w- c:\windows\SysWow64\NvIFR.dll
2017-08-03 21:00 . 2017-08-03 21:00 508024 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2017-08-03 21:00 . 2017-08-03 21:00 54680 ----a-w- c:\windows\system32\nvhdap64.dll
2017-08-03 21:00 . 2017-08-03 21:00 1624152 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2017-08-03 21:00 . 2017-08-03 21:00 227416 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2017-08-03 21:00 . 2017-08-03 21:00 1076344 ----a-w- c:\windows\system32\NvFBC64.dll
2017-08-03 21:00 . 2017-08-03 21:00 1013880 ----a-w- c:\windows\SysWow64\NvFBC.dll
2017-08-03 21:00 . 2017-08-03 21:00 1996920 ----a-w- c:\windows\system32\nvdispco6438494.dll
2017-08-03 21:00 . 2017-08-03 21:00 1606776 ----a-w- c:\windows\system32\nvdispgenco6438494.dll
2017-08-03 20:59 . 2017-08-03 20:59 3812464 ----a-w- c:\windows\system32\nvcuvid.dll
2017-08-03 20:59 . 2017-08-03 20:59 3367872 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2017-08-03 20:59 . 2017-08-03 20:59 40248440 ----a-w- c:\windows\system32\nvcompiler.dll
2017-08-03 20:59 . 2017-08-03 20:59 35323000 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2017-08-03 20:59 . 2017-08-03 20:59 21599984 ----a-w- c:\windows\system32\nvwgf2umx.dll
2017-08-03 20:59 . 2017-08-03 20:59 18876472 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2017-08-03 20:59 . 2017-08-03 20:59 504752 ----a-w- c:\windows\system32\nvumdshimx.dll
2017-08-03 20:58 . 2017-08-03 20:58 419520 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2017-08-03 20:58 . 2017-08-03 20:58 12248048 ----a-w- c:\windows\system32\nvptxJitCompiler.dll
2017-08-03 20:58 . 2017-08-03 20:58 10079120 ----a-w- c:\windows\SysWow64\nvptxJitCompiler.dll
2017-08-03 20:58 . 2017-08-03 20:58 12569384 ----a-w- c:\windows\system32\nvopencl.dll
2017-08-03 20:58 . 2017-08-03 20:58 10588432 ----a-w- c:\windows\SysWow64\nvopencl.dll
2017-08-03 20:58 . 2017-08-03 20:58 164472 ----a-w- c:\windows\system32\nvoglshim64.dll
2017-08-03 20:58 . 2017-08-03 20:58 142152 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2017-08-03 20:58 . 2017-08-03 20:58 181792 ----a-w- c:\windows\system32\nvinitx.dll
2017-08-03 20:58 . 2017-08-03 20:58 159416 ----a-w- c:\windows\SysWow64\nvinit.dll
2017-08-03 20:58 . 2017-08-03 20:58 704936 ----a-w- c:\windows\system32\nvfatbinaryLoader.dll
2017-08-03 20:58 . 2017-08-03 20:58 592032 ----a-w- c:\windows\SysWow64\nvfatbinaryLoader.dll
2017-08-03 20:58 . 2017-08-03 20:58 526288 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2017-08-03 20:58 . 2017-08-03 20:58 442600 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2017-08-03 20:58 . 2017-08-03 20:58 17972696 ----a-w- c:\windows\system32\nvd3dumx.dll
2017-08-03 20:58 . 2017-08-03 20:58 14826992 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2017-08-03 20:58 . 2017-08-03 20:58 13783968 ----a-w- c:\windows\system32\nvcuda.dll
2017-08-03 20:58 . 2017-08-03 20:58 11701688 ----a-w- c:\windows\SysWow64\nvcuda.dll
2017-08-03 20:57 . 2017-08-03 20:57 4232816 ----a-w- c:\windows\system32\nvapi64.dll
2017-08-03 20:57 . 2017-08-03 20:57 3733008 ----a-w- c:\windows\SysWow64\nvapi.dll
2017-07-29 14:56 . 2017-08-09 07:50 117248 ----a-w- c:\windows\system32\drivers\tdx.sys
2017-07-21 14:26 . 2017-08-09 07:50 282624 ----a-w- c:\windows\SysWow64\mstext40.dll
2017-07-21 14:26 . 2017-08-09 07:50 518144 ----a-w- c:\windows\SysWow64\msjetoledb40.dll
2017-07-21 14:26 . 2017-08-09 07:50 290816 ----a-w- c:\windows\SysWow64\msjtes40.dll
2017-07-21 14:26 . 2017-08-09 07:50 409600 ----a-w- c:\windows\SysWow64\msexch40.dll
2017-07-14 15:29 . 2017-08-09 07:50 486400 ----a-w- c:\windows\system32\wer.dll
2017-07-14 15:29 . 2017-08-09 07:50 34304 ----a-w- c:\windows\system32\werdiagcontroller.dll
2017-07-14 15:29 . 2017-08-09 07:50 2319872 ----a-w- c:\windows\system32\tquery.dll
2017-07-14 15:29 . 2017-08-09 07:50 2058240 ----a-w- c:\windows\system32\Query.dll
2017-07-14 15:29 . 2017-08-09 07:50 2222080 ----a-w- c:\windows\system32\mssrch.dll
2017-07-14 15:29 . 2017-08-09 07:50 778240 ----a-w- c:\windows\system32\mssvp.dll
2017-07-14 15:29 . 2017-08-09 07:50 491520 ----a-w- c:\windows\system32\mssph.dll
2017-07-14 15:29 . 2017-08-09 07:50 99840 ----a-w- c:\windows\system32\mssprxy.dll
2017-07-14 15:29 . 2017-08-09 07:50 288256 ----a-w- c:\windows\system32\mssphtb.dll
2017-07-14 15:29 . 2017-08-09 07:50 115200 ----a-w- c:\windows\system32\mssitlb.dll
2017-07-14 15:29 . 2017-08-09 07:50 75264 ----a-w- c:\windows\system32\msscntrs.dll
2017-07-14 15:29 . 2017-08-09 07:50 14336 ----a-w- c:\windows\system32\msshooks.dll
2017-07-14 15:12 . 2017-08-09 07:50 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
2017-07-14 15:12 . 2017-08-09 07:50 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2017-07-14 15:11 . 2017-08-09 07:50 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2017-07-14 15:10 . 2017-08-09 07:50 382976 ----a-w- c:\windows\SysWow64\wer.dll
2017-07-14 15:10 . 2017-08-09 07:50 1549824 ----a-w- c:\windows\SysWow64\tquery.dll
2017-07-14 15:10 . 2017-08-09 07:50 1363968 ----a-w- c:\windows\SysWow64\Query.dll
2017-07-14 15:10 . 2017-08-09 07:50 1400320 ----a-w- c:\windows\SysWow64\mssrch.dll
2017-07-14 15:10 . 2017-08-09 07:50 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2017-07-14 15:10 . 2017-08-09 07:50 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2017-07-14 15:10 . 2017-08-09 07:50 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2017-07-14 15:10 . 2017-08-09 07:50 104448 ----a-w- c:\windows\SysWow64\mssitlb.dll
2017-07-14 15:10 . 2017-08-09 07:50 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2017-07-14 15:10 . 2017-08-09 07:50 34816 ----a-w- c:\windows\SysWow64\mssprxy.dll
2017-07-14 15:00 . 2017-08-09 07:50 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2017-07-14 15:00 . 2017-08-09 07:50 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2017-07-14 14:59 . 2017-08-09 07:50 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2017-07-14 14:59 . 2017-08-09 07:50 9728 ----a-w- c:\windows\SysWow64\msshooks.dll
2017-07-14 14:57 . 2017-08-09 07:50 50688 ----a-w- c:\windows\system32\wermgr.exe
2017-07-14 14:50 . 2017-08-09 07:50 54272 ----a-w- c:\windows\SysWow64\wermgr.exe
2017-07-14 14:50 . 2017-08-09 07:50 28672 ----a-w- c:\windows\SysWow64\werdiagcontroller.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt01]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 285000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt02]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 285000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt03]
@="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 285000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt04]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 285000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt05]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 285000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt06]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 285000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt07]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 285000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt08]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 285000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt09]
@="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 285000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt10]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 285000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt01]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 285000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt05]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 285000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt07]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 285000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt10]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 285000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt04]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 285000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt02]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 285000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt06]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 285000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt08]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 285000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.18.0.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EZBack-it-up Tray Scheduler"="c:\program files (x86)\EZBackitup\EZBkuptray.exe" [2004-06-03 631808]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\
NAS Scheduler.lnk - c:\program files (x86)\BUFFALO\NASNAVI\nassche.exe [2017-6-27 206128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
R1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 dbupdate;Dropbox Update Service (dbupdate);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 AtiDCM;AtiDCM;c:\users\David2\AppData\Local\Temp\atdcm64a.sys;c:\users\David2\AppData\Local\Temp\atdcm64a.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 Backup Client Agent Service;Backup Client Agent Service;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe [x]
R3 dbupdatem;Dropbox Update Service (dbupdatem);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 EyeOneDisplay;EyeOneDisplay;c:\windows\system32\Drivers\i1display_x64.sys;c:\windows\SYSNATIVE\Drivers\i1display_x64.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech QuickCam E3500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 MBAMProtection;MBAMProtection;c:\windows\system32\DRIVERS\mbam.sys;c:\windows\SYSNATIVE\DRIVERS\mbam.sys [x]
R3 MBAMWebProtection;MBAMWebProtection;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 PDIHWCTL;PDIHWCTL; [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 DbxSvc;DbxSvc;c:\windows\system32\DbxSvc.exe;c:\windows\SYSNATIVE\DbxSvc.exe [x]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Disaster Recovery Imaging;Disaster Recovery Imaging;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\DR\x64\drdiag.exe;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\DR\x64\drdiag.exe [x]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe;c:\windows\SysWOW64\XSrvSetup.exe [x]
S2 MBAMChameleon;MBAMChameleon;c:\windows\System32\Drivers\MbamChameleon.sys;c:\windows\SYSNATIVE\Drivers\MbamChameleon.sys [x]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
S2 NasPmService;NAS PM Service;c:\program files (x86)\BUFFALO\NASNAVI\nassvc.exe;c:\program files (x86)\BUFFALO\NASNAVI\nassvc.exe [x]
S2 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe [x]
S2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [x]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S4 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys;c:\windows\SYSNATIVE\drivers\IOMap64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMCHAMELEON
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ    SSDPSRV upnphost SCardSvr QWAVE wcncsvc
iissvcs REG_MULTI_SZ    w3svc was
apphost REG_MULTI_SZ    apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2017-10-03 c:\windows\Tasks\DropboxUpdateTaskMachineCore.job
- c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-10-03 01:15]
.
2015-12-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2914733880-454615668-1885746583-1000Core.job
- c:\users\David2\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-26 06:04]
.
2016-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2914733880-454615668-1885746583-1000Core1d12cd4604d964f.job
- c:\users\David2\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-26 06:04]
.
2015-12-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2914733880-454615668-1885746583-1000UA.job
- c:\users\David2\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-26 06:04]
.
2016-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2914733880-454615668-1885746583-1000UA1d12cd46094ff97.job
- c:\users\David2\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-26 06:04]
.
2017-10-03 c:\windows\Tasks\User_Feed_Synchronization-{46472F87-73C3-434B-81C2-B5A02A841F7A}.job
- c:\windows\system32\msfeedssync.exe [2013-11-26 09:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt01]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 333128 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt02]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 333128 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt03]
@="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 333128 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt04]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 333128 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt05]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 333128 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt06]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 333128 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt07]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 333128 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt08]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 333128 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt09]
@="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 333128 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt10]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 333128 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.18.0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: cleverreach.com\novastor
Trusted Zone: google-analytics.com
Trusted Zone: novastor.com
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\David2\AppData\Roaming\mozilla\Firefox\Profiles\osj95jb4.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-CoreAAC Audio Decoder - c:\windows\system32\CoreAAC-uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_286_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_286_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_286_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_286_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-10-06  22:21:56
ComboFix-quarantined-files.txt  2017-10-07 03:21
ComboFix2.txt  2017-10-07 01:32
ComboFix3.txt  2017-06-28 03:00
.
Pre-Run: 110,861,099,008 bytes free
Post-Run: 110,500,278,272 bytes free
.
- - End Of File - - E5F16DA25A3C9CF15835D5D5FDA16E73
5FB38429D5D77768867C76DCBDB35194
 
 
 
 
>>>>>>>>>>>>>>>>>::::::::::::::::::::::::::::::::::::::::>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>::::::::::::::::::::::::::::::::::::::::?????????????????????????????:::::::::::::::::::::::::::::::::::::
 
 
 
ComboFix 17-10-04.01 - David2 10/06/2017  20:00:49.4.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8183.5669 [GMT -5:00]
Running from: c:\users\David2\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Microsoft Security Essentials *Disabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\David2\AppData\Local\assembly\tmp
c:\users\David2\AppData\Roaming\WbspInstallerTempFileToBeDeleted.txt
c:\windows\security\logs\scecomp.log
.
.
(((((((((((((((((((((((((   Files Created from 2017-09-07 to 2017-10-07  )))))))))))))))))))))))))))))))
.
.
2017-10-07 01:17 . 2017-10-07 01:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2017-10-07 01:17 . 2017-10-07 01:17 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2017-10-07 01:17 . 2017-10-07 01:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-10-06 23:50 . 2017-10-06 23:50 58120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{05335EF2-59F3-43B3-86EE-6AA48F871273}\MpKsl7842d5dc.sys
2017-10-06 23:16 . 2017-10-06 23:16 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{05335EF2-59F3-43B3-86EE-6AA48F871273}\offreg.1004.dll
2017-10-06 21:12 . 2017-10-06 21:42 -------- d-----w- c:\users\David2\AppData\Local\Mozilla
2017-10-06 21:12 . 2017-10-06 21:12 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2017-10-06 21:12 . 2017-10-06 21:12 -------- d-----w- c:\program files\Mozilla Firefox
2017-10-06 21:01 . 2017-10-06 23:14 110016 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-10-06 20:28 . 2017-10-06 20:28 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{05335EF2-59F3-43B3-86EE-6AA48F871273}\offreg.972.dll
2017-10-06 20:15 . 2017-10-06 20:15 -------- d-----w- c:\programdata\SplitMediaLabs
2017-10-06 20:15 . 2017-10-06 20:15 -------- d-----w- c:\program files (x86)\SplitmediaLabs
2017-10-06 20:15 . 2017-07-18 22:38 135800 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2017-10-06 20:15 . 2017-03-10 21:17 525600 ----a-w- c:\windows\SysWow64\vulkan-1.dll
2017-10-06 20:15 . 2017-03-10 21:17 233760 ----a-w- c:\windows\SysWow64\vulkaninfo.exe
2017-10-06 20:15 . 2017-03-10 21:17 536864 ----a-w- c:\windows\system32\vulkan-1.dll
2017-10-06 20:15 . 2017-03-10 21:17 254240 ----a-w- c:\windows\system32\vulkaninfo.exe
2017-10-06 20:15 . 2017-10-06 20:15 -------- d-----w- c:\program files (x86)\VulkanRT
2017-10-06 20:14 . 2017-07-18 23:24 81856 ----a-w- c:\windows\system32\nv3dappshextr.dll
2017-10-06 20:14 . 2017-07-18 23:24 6463608 ----a-w- c:\windows\system32\nvcpl.dll
2017-10-06 20:14 . 2017-07-18 23:24 2479040 ----a-w- c:\windows\system32\nvsvc64.dll
2017-10-06 20:14 . 2017-07-18 23:24 69752 ----a-w- c:\windows\system32\nvshext.dll
2017-10-06 20:14 . 2017-07-18 23:24 549312 ----a-w- c:\windows\system32\nv3dappshext.dll
2017-10-06 20:14 . 2017-07-18 23:24 392312 ----a-w- c:\windows\system32\nvmctray.dll
2017-10-06 20:14 . 2017-07-18 23:24 1762936 ----a-w- c:\windows\system32\nvsvcr.dll
2017-10-06 20:14 . 2017-07-13 01:37 8095171 ----a-w- c:\windows\system32\nvcoproc.bin
2017-10-06 20:14 . 2017-09-18 20:11 13890840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{05335EF2-59F3-43B3-86EE-6AA48F871273}\mpengine.dll
2017-10-06 20:14 . 2017-10-06 20:14 -------- d-----w- c:\users\David2\AppData\Roaming\SplitmediaLabs
2017-10-06 20:13 . 2017-07-18 22:54 1951 ----a-w- c:\windows\NvContainerRecovery.bat
2017-10-06 20:13 . 2017-10-06 23:11 -------- d-----w- c:\programdata\NVIDIA
2017-10-06 20:13 . 2017-10-06 20:15 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2017-10-06 20:12 . 2017-10-06 20:13 -------- d-----w- c:\program files (x86)\ASUS
2017-10-06 20:12 . 2017-10-06 20:16 -------- d-----w- c:\programdata\NVIDIA Corporation
2017-10-06 14:41 . 2017-10-06 14:41 192952 ----a-w- c:\windows\system32\drivers\MbamChameleon.sys
2017-10-06 14:41 . 2017-10-06 23:14 252232 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2017-09-30 22:18 . 2017-09-30 22:18 -------- d-----w- c:\program files\Malwarebytes
2017-09-30 22:17 . 2017-09-30 22:17 -------- d-----w- c:\programdata\MB2Migration
2017-09-30 21:57 . 2017-08-14 17:35 554496 ----a-w- c:\windows\SysWow64\kerberos.dll
2017-09-30 20:44 . 2017-09-30 20:44 1057976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66AA39CD-31E6-41EB-9DFA-1D8693D4603A}\gapaengine.dll
2017-09-25 07:28 . 2017-09-25 07:28 55168 ----a-w- c:\windows\system32\drivers\fpasxlhs.sys
2017-09-20 01:14 . 2017-09-20 01:14 -------- d-----w- c:\program files\iPod
2017-09-20 01:13 . 2017-09-20 01:14 -------- d-----w- c:\program files\iTunes
2017-09-20 01:10 . 2017-09-20 01:10 -------- d-----w- c:\program files (x86)\Apple Software Update
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-10-06 23:12 . 2010-11-26 05:20 25640 ----a-w- c:\windows\gdrv.sys
2017-09-13 08:15 . 2010-11-25 15:10 138202976 -c--a-w- c:\windows\system32\MRT.exe
2017-08-30 18:23 . 2017-08-30 18:23 993632 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2017-08-30 18:23 . 2017-08-30 18:23 987840 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2017-08-30 18:23 . 2017-08-30 18:23 690008 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2017-08-30 18:23 . 2017-08-30 18:23 485576 ----a-w- c:\windows\SysWow64\msvcp120_clr0400.dll
2017-08-11 06:19 . 2017-09-13 03:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2017-08-03 21:00 . 2017-08-03 21:00 35811960 ----a-w- c:\windows\system32\nvoglv64.dll
2017-08-03 21:00 . 2017-08-03 21:00 28936824 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2017-08-03 21:00 . 2017-08-03 21:00 15491192 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2017-08-03 21:00 . 2017-08-03 21:00 618616 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2017-08-03 21:00 . 2017-08-03 21:00 981624 ----a-w- c:\windows\system32\NvIFR64.dll
2017-08-03 21:00 . 2017-08-03 21:00 932984 ----a-w- c:\windows\SysWow64\NvIFR.dll
2017-08-03 21:00 . 2017-08-03 21:00 508024 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2017-08-03 21:00 . 2017-08-03 21:00 54680 ----a-w- c:\windows\system32\nvhdap64.dll
2017-08-03 21:00 . 2017-08-03 21:00 1624152 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2017-08-03 21:00 . 2017-08-03 21:00 227416 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2017-08-03 21:00 . 2017-08-03 21:00 1076344 ----a-w- c:\windows\system32\NvFBC64.dll
2017-08-03 21:00 . 2017-08-03 21:00 1013880 ----a-w- c:\windows\SysWow64\NvFBC.dll
2017-08-03 21:00 . 2017-08-03 21:00 1996920 ----a-w- c:\windows\system32\nvdispco6438494.dll
2017-08-03 21:00 . 2017-08-03 21:00 1606776 ----a-w- c:\windows\system32\nvdispgenco6438494.dll
2017-08-03 20:59 . 2017-08-03 20:59 3812464 ----a-w- c:\windows\system32\nvcuvid.dll
2017-08-03 20:59 . 2017-08-03 20:59 3367872 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2017-08-03 20:59 . 2017-08-03 20:59 40248440 ----a-w- c:\windows\system32\nvcompiler.dll
2017-08-03 20:59 . 2017-08-03 20:59 35323000 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2017-08-03 20:59 . 2017-08-03 20:59 21599984 ----a-w- c:\windows\system32\nvwgf2umx.dll
2017-08-03 20:59 . 2017-08-03 20:59 18876472 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2017-08-03 20:59 . 2017-08-03 20:59 504752 ----a-w- c:\windows\system32\nvumdshimx.dll
2017-08-03 20:58 . 2017-08-03 20:58 419520 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2017-08-03 20:58 . 2017-08-03 20:58 12248048 ----a-w- c:\windows\system32\nvptxJitCompiler.dll
2017-08-03 20:58 . 2017-08-03 20:58 10079120 ----a-w- c:\windows\SysWow64\nvptxJitCompiler.dll
2017-08-03 20:58 . 2017-08-03 20:58 12569384 ----a-w- c:\windows\system32\nvopencl.dll
2017-08-03 20:58 . 2017-08-03 20:58 10588432 ----a-w- c:\windows\SysWow64\nvopencl.dll
2017-08-03 20:58 . 2017-08-03 20:58 164472 ----a-w- c:\windows\system32\nvoglshim64.dll
2017-08-03 20:58 . 2017-08-03 20:58 142152 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2017-08-03 20:58 . 2017-08-03 20:58 181792 ----a-w- c:\windows\system32\nvinitx.dll
2017-08-03 20:58 . 2017-08-03 20:58 159416 ----a-w- c:\windows\SysWow64\nvinit.dll
2017-08-03 20:58 . 2017-08-03 20:58 704936 ----a-w- c:\windows\system32\nvfatbinaryLoader.dll
2017-08-03 20:58 . 2017-08-03 20:58 592032 ----a-w- c:\windows\SysWow64\nvfatbinaryLoader.dll
2017-08-03 20:58 . 2017-08-03 20:58 526288 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2017-08-03 20:58 . 2017-08-03 20:58 442600 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2017-08-03 20:58 . 2017-08-03 20:58 17972696 ----a-w- c:\windows\system32\nvd3dumx.dll
2017-08-03 20:58 . 2017-08-03 20:58 14826992 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2017-08-03 20:58 . 2017-08-03 20:58 13783968 ----a-w- c:\windows\system32\nvcuda.dll
2017-08-03 20:58 . 2017-08-03 20:58 11701688 ----a-w- c:\windows\SysWow64\nvcuda.dll
2017-08-03 20:57 . 2017-08-03 20:57 4232816 ----a-w- c:\windows\system32\nvapi64.dll
2017-08-03 20:57 . 2017-08-03 20:57 3733008 ----a-w- c:\windows\SysWow64\nvapi.dll
2017-07-29 14:56 . 2017-08-09 07:50 117248 ----a-w- c:\windows\system32\drivers\tdx.sys
2017-07-21 14:26 . 2017-08-09 07:50 282624 ----a-w- c:\windows\SysWow64\mstext40.dll
2017-07-21 14:26 . 2017-08-09 07:50 518144 ----a-w- c:\windows\SysWow64\msjetoledb40.dll
2017-07-21 14:26 . 2017-08-09 07:50 290816 ----a-w- c:\windows\SysWow64\msjtes40.dll
2017-07-21 14:26 . 2017-08-09 07:50 409600 ----a-w- c:\windows\SysWow64\msexch40.dll
2017-07-14 15:29 . 2017-08-09 07:50 486400 ----a-w- c:\windows\system32\wer.dll
2017-07-14 15:29 . 2017-08-09 07:50 34304 ----a-w- c:\windows\system32\werdiagcontroller.dll
2017-07-14 15:29 . 2017-08-09 07:50 2319872 ----a-w- c:\windows\system32\tquery.dll
2017-07-14 15:29 . 2017-08-09 07:50 2058240 ----a-w- c:\windows\system32\Query.dll
2017-07-14 15:29 . 2017-08-09 07:50 2222080 ----a-w- c:\windows\system32\mssrch.dll
2017-07-14 15:29 . 2017-08-09 07:50 778240 ----a-w- c:\windows\system32\mssvp.dll
2017-07-14 15:29 . 2017-08-09 07:50 491520 ----a-w- c:\windows\system32\mssph.dll
2017-07-14 15:29 . 2017-08-09 07:50 99840 ----a-w- c:\windows\system32\mssprxy.dll
2017-07-14 15:29 . 2017-08-09 07:50 288256 ----a-w- c:\windows\system32\mssphtb.dll
2017-07-14 15:29 . 2017-08-09 07:50 115200 ----a-w- c:\windows\system32\mssitlb.dll
2017-07-14 15:29 . 2017-08-09 07:50 75264 ----a-w- c:\windows\system32\msscntrs.dll
2017-07-14 15:29 . 2017-08-09 07:50 14336 ----a-w- c:\windows\system32\msshooks.dll
2017-07-14 15:12 . 2017-08-09 07:50 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
2017-07-14 15:12 . 2017-08-09 07:50 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2017-07-14 15:11 . 2017-08-09 07:50 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2017-07-14 15:10 . 2017-08-09 07:50 382976 ----a-w- c:\windows\SysWow64\wer.dll
2017-07-14 15:10 . 2017-08-09 07:50 1549824 ----a-w- c:\windows\SysWow64\tquery.dll
2017-07-14 15:10 . 2017-08-09 07:50 1363968 ----a-w- c:\windows\SysWow64\Query.dll
2017-07-14 15:10 . 2017-08-09 07:50 1400320 ----a-w- c:\windows\SysWow64\mssrch.dll
2017-07-14 15:10 . 2017-08-09 07:50 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2017-07-14 15:10 . 2017-08-09 07:50 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2017-07-14 15:10 . 2017-08-09 07:50 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2017-07-14 15:10 . 2017-08-09 07:50 104448 ----a-w- c:\windows\SysWow64\mssitlb.dll
2017-07-14 15:10 . 2017-08-09 07:50 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2017-07-14 15:10 . 2017-08-09 07:50 34816 ----a-w- c:\windows\SysWow64\mssprxy.dll
2017-07-14 15:00 . 2017-08-09 07:50 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2017-07-14 15:00 . 2017-08-09 07:50 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2017-07-14 14:59 . 2017-08-09 07:50 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2017-07-14 14:59 . 2017-08-09 07:50 9728 ----a-w- c:\windows\SysWow64\msshooks.dll
2017-07-14 14:57 . 2017-08-09 07:50 50688 ----a-w- c:\windows\system32\wermgr.exe
2017-07-14 14:50 . 2017-08-09 07:50 54272 ----a-w- c:\windows\SysWow64\wermgr.exe
2017-07-14 14:50 . 2017-08-09 07:50 28672 ----a-w- c:\windows\SysWow64\werdiagcontroller.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt01]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 285000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt02]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 285000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt03]
@="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 285000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt04]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 285000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt05]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 285000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt06]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 285000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt07]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 285000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt08]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 285000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt09]
@="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 285000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt10]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 285000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt01]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 285000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt05]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 285000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt07]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 285000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt10]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 285000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt04]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 285000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt02]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 285000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt06]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 285000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt08]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 285000 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.18.0.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EZBack-it-up Tray Scheduler"="c:\program files (x86)\EZBackitup\EZBkuptray.exe" [2004-06-03 631808]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2017-09-20 9856176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\
NAS Scheduler.lnk - c:\program files (x86)\BUFFALO\NASNAVI\nassche.exe [2017-6-27 206128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
R1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 dbupdate;Dropbox Update Service (dbupdate);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 AtiDCM;AtiDCM;c:\users\David2\AppData\Local\Temp\atdcm64a.sys;c:\users\David2\AppData\Local\Temp\atdcm64a.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 Backup Client Agent Service;Backup Client Agent Service;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe [x]
R3 dbupdatem;Dropbox Update Service (dbupdatem);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 EyeOneDisplay;EyeOneDisplay;c:\windows\system32\Drivers\i1display_x64.sys;c:\windows\SYSNATIVE\Drivers\i1display_x64.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech QuickCam E3500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 MBAMWebProtection;MBAMWebProtection;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 PDIHWCTL;PDIHWCTL; [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\windows\system32\drivers\mbae64.sys;c:\windows\SYSNATIVE\drivers\mbae64.sys [x]
S1 MpKsl7842d5dc;MpKsl7842d5dc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{05335EF2-59F3-43B3-86EE-6AA48F871273}\MpKsl7842d5dc.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{05335EF2-59F3-43B3-86EE-6AA48F871273}\MpKsl7842d5dc.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 DbxSvc;DbxSvc;c:\windows\system32\DbxSvc.exe;c:\windows\SYSNATIVE\DbxSvc.exe [x]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Disaster Recovery Imaging;Disaster Recovery Imaging;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\DR\x64\drdiag.exe;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\DR\x64\drdiag.exe [x]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe;c:\windows\SysWOW64\XSrvSetup.exe [x]
S2 MBAMChameleon;MBAMChameleon;c:\windows\System32\Drivers\MbamChameleon.sys;c:\windows\SYSNATIVE\Drivers\MbamChameleon.sys [x]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
S2 NasPmService;NAS PM Service;c:\program files (x86)\BUFFALO\NASNAVI\nassvc.exe;c:\program files (x86)\BUFFALO\NASNAVI\nassvc.exe [x]
S2 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe [x]
S2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [x]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S3 MBAMFarflt;MBAMFarflt;c:\windows\system32\DRIVERS\farflt.sys;c:\windows\SYSNATIVE\DRIVERS\farflt.sys [x]
S3 MBAMProtection;MBAMProtection;c:\windows\system32\DRIVERS\mbam.sys;c:\windows\SYSNATIVE\DRIVERS\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys;c:\windows\SYSNATIVE\Drivers\mbamswissarmy.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S4 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys;c:\windows\SYSNATIVE\drivers\IOMap64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMFARFLT
*NewlyCreated* - MPKSL7842D5DC
*Deregistered* - hitmanpro37
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ    SSDPSRV upnphost SCardSvr QWAVE wcncsvc
iissvcs REG_MULTI_SZ    w3svc was
apphost REG_MULTI_SZ    apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2017-10-03 c:\windows\Tasks\DropboxUpdateTaskMachineCore.job
- c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-10-03 01:15]
.
2015-12-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2914733880-454615668-1885746583-1000Core.job
- c:\users\David2\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-26 06:04]
.
2016-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2914733880-454615668-1885746583-1000Core1d12cd4604d964f.job
- c:\users\David2\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-26 06:04]
.
2015-12-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2914733880-454615668-1885746583-1000UA.job
- c:\users\David2\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-26 06:04]
.
2016-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2914733880-454615668-1885746583-1000UA1d12cd46094ff97.job
- c:\users\David2\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-26 06:04]
.
2017-10-03 c:\windows\Tasks\User_Feed_Synchronization-{46472F87-73C3-434B-81C2-B5A02A841F7A}.job
- c:\windows\system32\msfeedssync.exe [2013-11-26 09:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt01]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 333128 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt02]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 333128 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt03]
@="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 333128 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt04]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 333128 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt05]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 333128 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt06]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 333128 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt07]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 333128 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt08]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 333128 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt09]
@="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 333128 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.18.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt10]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-10-03 10:12 333128 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.18.0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: cleverreach.com\novastor
Trusted Zone: google-analytics.com
Trusted Zone: novastor.com
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\David2\AppData\Roaming\mozilla\Firefox\Profiles\osj95jb4.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\Update Notifier.lnk - c:\program files\WinZip\WZUpdateNotifier.exe
SafeBoot-mbamchameleon
Toolbar-Locked - (no file)
AddRemove-CoreAAC Audio Decoder - c:\windows\system32\CoreAAC-uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_286_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_286_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_286_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_286_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-10-06  20:32:30
ComboFix-quarantined-files.txt  2017-10-07 01:32
ComboFix2.txt  2017-06-28 03:00
.
Pre-Run: 111,358,410,752 bytes free
Post-Run: 110,797,455,360 bytes free
.
- - End Of File - - 97634E31FF89F9050D4ABA1CAC77F197
5FB38429D5D77768867C76DCBDB35194
 

Edited by britechguy, 07 October 2017 - 09:25 PM.
Moved to MRL forum due to ComboFix Log. Please wait for response from Malware Response Team before doing anything else.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:30 PM

Posted 09 October 2017 - 07:40 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

===

#3 dogjoy

dogjoy
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 09 October 2017 - 07:47 PM

link provided returns error 404 file not found



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:30 PM

Posted 10 October 2017 - 08:32 AM



Hi,

The zoek link is dead.

I'm investigatng this. Even the Original Owner's site is not available.

====

Use Safe Mode with Networking to complete this scan.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===


Please post the logs.

#5 dogjoy

dogjoy
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 10 October 2017 - 08:13 PM

Attached are the logs.  I will run in normal and see if any operations change and advise later today

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:30 PM

Posted 11 October 2017 - 08:25 AM

Hi,

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:


HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\S-1-5-21-2914733880-454615668-1885746583-1000 -> {76DEFAE6-09B2-40B2-8F8A-5A6A5D5CE4EB} URL = hxxps://search.yahoo.com/search/?toggle=1&cop=mss&ei=UTF-8&fr=vmn&type=auslog_yaapp1_ch&p={searchTerms}
Toolbar: HKU\S-1-5-21-2914733880-454615668-1885746583-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2914733880-454615668-1885746583-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2011-12-27]
S4 PDIHWCTL; no ImagePath
S3 AtiDCM; \??\C:\Users\David2\AppData\Local\Temp\atdcm64a.sys [X] <==== ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S1 MpKsl821dbea5; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{661B6E44-99C1-4CCB-8117-38237FF1B170}\MpKsl821dbea5.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
Task: {17E41163-7FD7-4BC2-B14E-A17B2683A070} - System32\Tasks\Event Viewer Tasks\ccfaded2-148e-4f6d-b2b2-5566776ae6e4 => C:\Windows\system32\wscript.exe "C:\Users\David2\AppData\Local\Temp\tmp9FE8.vbs" <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {EEED8FEC-D2A2-4BED-810D-4AF00CC082DC} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {F6FC120E-8381-45DC-9CD2-AB5653345F2E} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
AlternateDataStreams: C:\Windows\system32\Drivers\fpasxlhs.sys:changelist [1862]
C:\Windows\System32\Tasks\Event Viewer Tasks\ccfaded2-148e-4f6d-b2b2-5566776ae6e4

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===


Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended. (You need to check with Internet Explorer) <- Important.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after these updates remove these old version(s) via the Control Panel > Programs > Programs and Features.
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.90 - Oracle)
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)

p.s. Update Java when you can boot in Normal mode with Internet Explorer
===

Please let me know what problem persists with this computer.

#7 dogjoy

dogjoy
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 11 October 2017 - 09:20 PM

No fix yet,  still have to run everything as Administrator.  I attached a pdf with screenshots of MS and Adobe products not working.  Runs extremely slow.

 

MS sent a group of updates also included in the copy

 

Do I flush the drive and install Win10?  Toss out Win 7?

Attached Files



#8 dogjoy

dogjoy
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 11 October 2017 - 09:42 PM

I have c: and other drive networked,  could other drives with c: data infected?



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:30 PM

Posted 12 October 2017 - 07:16 AM



Hi,

Repair these services for now.

Boot with Safe Mode with Networking. Execute the following.

Please Download Tweaking.com - Windows Repair from Here
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click Repairs - Open Repairs in the bottom right corner
  • Uncheck the All repair button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    10 - Remove Policies Set By Infections
    16 - Repair Windows Updates
    20 - Repair MSI (Windows Installer)
    25 - Restore Important Windows Services
    26 - Set Windows Service to Default Startup
    31 - Restore UAC (User Account Control) Settings
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.
===

Restart the computer normally.

How is the computer running now?

#10 dogjoy

dogjoy
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 12 October 2017 - 11:19 PM

still have to run as administrator.  while trying to launch short cuts, still get.  Google Chrome is unresponsive,  will not relaunch. see attached logs

Attached Files



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:30 PM

Posted 13 October 2017 - 06:59 AM

Hi,

We have to fix the Reparse points. You all ready have the program. Just follow the instructions for the reparse fix.


Tweaking.com - Windows Repair All-In-One (Portable)

- Download Windows Repair All-In-One (Portable Version) from here

- Extract tweaking.com_windows_repair_aio.zip to your Desktop.

- Disable all your antivirus and antimalware software - see how to do that from here

- Right click on QfBzvq1.png and select Run as Administrator (XP users just double click) to start Windows Repair All-In-One.
(Windows Vista/7/8 users: Accept UAC warning if it is enabled.)

- A window will appear. Click Step 2.
2f8o60N.png

- Click the Open Pre-Scan button, then click Start Scan. Wait for Windows Repair to finish scanning.

- Depending on which error Windows Repair found, click Repair, Repair Reparse Point or Repair Environment Variable accordingly. When the button changes to "Done!", click the close button to return to Windows Repair.

- Go to Step 3, then click Check in the See If Check Disk Is Needed.
Ymy7crZ.png

- If Windows Repair stated that errors are found, click Open Check Disk At Next Boot. Choose (/R) Fixes errors on the disk also locate bad sectors and recovers readable information, then click Add To Next Boot. Reboot the computer to let Windows check the disk. https://i.imgur.com/Ymy7crZ.png

- Go to Step 4, then click Do It.
zDtdN75.png

- Go to Step 5. Under System Restore click Create.
f7lEe1N.png

- Go to Repairs and click Open Repairs. Leave all checkmarks as they are, then click Start Repairs.
PGv2vtD.png

- By default Windows Repair All-In-One will create a "Logs" folder in its folder on the Desktop. Please post the contents of the log in your next reply.

#12 dogjoy

dogjoy
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 13 October 2017 - 05:07 PM

results attached,  after restart must run as administrator for chrome, firefox and IE

 

I did run in normal windows, did not see that in the instructions

 

will run again in safe mode later this late evening. 

Attached Files



#13 dogjoy

dogjoy
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 13 October 2017 - 11:06 PM

rand tweak again in safe mode.  No reparse point issue but did run the repair environment variables.  Tweak seems to run thru all steps.  restarted but still have to run as administrator and desktop short cuts not working- Google Chrome is unresponsive message. 

 

attached logs again.  

 

Will other network drives used to backup data harbor the virus beast?  Next step??

Attached Files



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:30 PM

Posted 14 October 2017 - 08:06 AM

Hi,

How to perform a clean boot in Windows Vista, W7, W8.
http://support.microsoft.com/kb/929135

or refer to this link.
https://helpdeskgeek.com/windows-7/perform-a-clean-boot-in-windows-7/

Read the instructions on the pages before proceeding.

Did you find any conflicting issues?

p.s.

Different from Safe Mode, a Clean Boot lets you disable all non-Microsoft background applications and services to troubleshoot a PC running Windows 7. Once disabled, you can begin turning third-party services back ON to diagnose your computer. Do a few services at a time. You may be able to find the culprit.

Just be sure to hide all Microsoft services before you use the Disable All button. Otherwise, you may encounter boot up errors when you reboot your PC.
===

#15 dogjoy

dogjoy
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 16 October 2017 - 11:08 PM

Well, reporting in with no progress.  Clean boot solved nothing as far as I expected with all disabled I would see a functional system.  Still need to run as administrator.  So , I see no reason to selectively turn-on services.  

 

I did run process explorer and attach an image , chrome and mozilla both show 1/xx in the Virus total.  I cannot get "search online" to run since chrome will not run directly.

 

As I stated before, my drives are backed up.  Can a virus be lingering in a drive other than C:?

 

Clean install with win7 again or win 10 home?

 

please advise

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users