I have a houdini trojan/worm on my computer, got it from my schools public computers (yes I know, im stupid for sticking a usb into a public school computer :v).I have succesively got it off my USB, stopped most of its functiones like blocking my access to regedit, msconfig and transfering the trojan to my USB, But only by disabling Windows Script Host (or something along the lines)
It uses wscript, that I know due to in the USB the cmd file executed a wscript, But I'm not sure if Its safe to just delete wscript all together, since it is a windows pre-installed file, and the virus is only just using it
I've deleted some files using a variety of programs like RogueKiller, SMADAV, Malwarebytes, Combofix(Ill post the combofix log in a sec)and abunch more, Avast did absolutely nothing, So I'm thinking about swapping avast with AVG (tho I dont know if I should, or just wait for avast to take things from AVG since avast bought AVG), but I'm sure that there are still files and traces left of Houdini, and I'm afraid that the worm will make it multiply. Thanks
Combo Fix Log:
ComboFix 16-11-06.01 - Usuario 11/11/2016 20:11:18.1.2 - x64
Microsoft Windows 7 Home Basic 6.1.7601.1.1252.1.3082.18.3580.1745 [GMT -6:00]
Running from: c:\users\Usuario\Downloads\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Usuario\AppData\Local\DeSmuME
c:\users\Usuario\AppData\Local\DeSmuME\Battery\4780 - Pokemon HeartGold (U)(Xenophobia).dsv
c:\users\Usuario\AppData\Local\DeSmuME\desmume.ini
c:\users\Usuario\AppData\Local\DeSmuME\States\4780 - Pokemon HeartGold (U)(Xenophobia).ds0
c:\users\Usuario\AppData\Roaming\Microsoft\Windows\Recent\Team Fortress 2.url
c:\windows\SysWow64\1
c:\windows\SysWow64\2
c:\windows\SysWow64\3
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AdobeUpdateService
.
.
((((((((((((((((((((((((( Files Created from 2016-10-12 to 2016-11-12 )))))))))))))))))))))))))))))))
.
.
2016-11-12 02:40 . 2016-11-12 02:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-11-11 21:24 . 2016-11-11 21:24 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-11-11 04:36 . 2016-11-12 02:50 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-11-11 04:31 . 2016-11-11 04:31 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-11-11 04:31 . 2016-11-11 04:31 -------- d-----w- c:\programdata\Malwarebytes
2016-11-11 04:31 . 2016-03-10 20:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-11-11 04:31 . 2016-03-10 20:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-11-11 04:31 . 2016-03-10 20:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-11-11 00:44 . 2016-11-11 15:24 -------- d-----w- c:\users\Usuario\AppData\Roaming\Enigma Software Group
2016-11-11 00:43 . 2016-11-11 00:43 -------- d-----w- C:\sh4ldr
2016-11-11 00:42 . 2016-11-11 15:24 -------- d-----w- c:\program files\Enigma Software Group
2016-11-10 22:01 . 2016-11-10 22:01 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software
2016-11-10 22:01 . 2016-11-10 22:01 -------- d-----w- c:\program files\BDServices
2016-11-10 21:57 . 2016-11-10 22:22 -------- d-----w- C:\[Smad-Cage]
2016-11-10 06:10 . 2016-11-10 06:10 -------- d-----w-Smad-Lock (Brankas Smadav) ? C:\SMAD-L~1
2016-11-10 05:44 . 2016-11-10 05:44 44952 ----a-w- c:\windows\system32\drivers\staport.sys
2016-11-10 05:43 . 2016-11-10 01:31 391496 ----a-w- c:\windows\system32\aswBoot.exe
2016-11-10 01:30 . 2016-11-10 01:30 53208 ----a-w- c:\windows\avastSS.scr
2016-11-09 06:15 . 2016-11-09 06:15 -------- d-----w- c:\users\Usuario\AppData\Roaming\Smadav
2016-11-09 06:15 . 2016-11-10 06:04 -------- d-----w- c:\program files (x86)\SMADAV
2016-11-09 06:03 . 2016-11-09 06:06 -------- d-----w- c:\program files\RogueKiller
2016-11-09 06:03 . 2016-11-12 01:57 -------- d-----w- c:\programdata\RogueKiller
2016-11-09 04:35 . 2016-11-09 04:35 -------- d-----w- c:\program files\7-Zip
2016-10-31 06:21 . 2016-11-10 01:24 -------- d--h--w- c:\users\Usuario\AppData\Roaming\jieio
2016-10-17 17:22 . 2016-10-17 17:22 -------- d-----w- c:\program files (x86)\Common Files\Skype
2016-10-16 05:49 . 2016-11-11 16:52 -------- d-----w- c:\users\Usuario\AppData\Local\Deployment
2016-10-16 05:49 . 2016-10-16 05:49 -------- d-----w- c:\users\Usuario\AppData\Local\Apps
2016-10-16 05:28 . 2016-10-16 05:28 -------- d-----w- c:\users\Usuario\AppData\Roaming\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-11-10 01:32 . 2014-11-13 17:51 293352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2016-11-10 01:32 . 2014-11-13 17:51 513632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2016-11-10 01:32 . 2014-11-13 17:51 969184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2016-11-10 01:31 . 2014-11-13 17:51 163416 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-11-10 01:31 . 2014-11-13 17:51 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-11-10 01:31 . 2014-11-13 17:51 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-11-10 01:31 . 2014-11-13 17:51 108816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-11-10 01:31 . 2014-11-13 17:51 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-11-10 01:30 . 2016-06-14 15:27 37144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-11-07 00:27 . 2015-03-11 03:33 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-11-07 00:27 . 2015-03-11 03:33 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-10-14 10:56 . 2016-10-14 10:56 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B2B8607-677B-4FC2-AD46-47DA76BE4F15}\offreg.4736.dll
2016-10-13 07:14 . 2016-10-13 07:14 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B2B8607-677B-4FC2-AD46-47DA76BE4F15}\offreg.4028.dll
2016-10-01 08:19 . 2016-10-01 08:19 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B2B8607-677B-4FC2-AD46-47DA76BE4F15}\offreg.1268.dll
2016-09-25 09:12 . 2016-09-25 09:12 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B2B8607-677B-4FC2-AD46-47DA76BE4F15}\offreg.3064.dll
2016-09-07 07:10 . 2016-09-07 07:10 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B2B8607-677B-4FC2-AD46-47DA76BE4F15}\offreg.3124.dll
2016-09-06 10:31 . 2016-09-06 10:31 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B2B8607-677B-4FC2-AD46-47DA76BE4F15}\offreg.172.dll
2016-08-30 09:58 . 2016-08-30 09:58 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B2B8607-677B-4FC2-AD46-47DA76BE4F15}\offreg.4436.dll
2016-08-29 17:04 . 2016-08-29 17:04 485512 ----a-w- c:\windows\system32\drivers\Trufos.sys
2016-08-27 07:41 . 2016-08-27 07:41 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B2B8607-677B-4FC2-AD46-47DA76BE4F15}\offreg.3188.dll
2016-08-24 09:37 . 2016-08-24 09:37 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B2B8607-677B-4FC2-AD46-47DA76BE4F15}\offreg.5448.dll
2016-08-17 08:40 . 2016-08-17 08:40 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B2B8607-677B-4FC2-AD46-47DA76BE4F15}\offreg.5620.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-05-31 04:24 223432 ----a-w- c:\users\Usuario\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-05-31 04:24 223432 ----a-w- c:\users\Usuario\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-05-31 04:24 223432 ----a-w- c:\users\Usuario\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-01 14:15 463360 ----a-w- c:\users\Usuario\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-01 14:15 463360 ----a-w- c:\users\Usuario\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-01 14:15 463360 ----a-w- c:\users\Usuario\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2016-10-13 2860832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SM?RT-Protection"="c:\program files (x86)\Smadav\SM?RTP.exe" [?]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-11-10 9044392]
"RazerCortex"="c:\program files (x86)\Razer\Razer Cortex\RazerCortex.exe" [2015-06-05 98256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\TrueKey\McAfeeTrueKeyPasswordFilter
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"BlueStacks Agent"=c:\program files (x86)\BlueStacks\HD-Agent.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R0 ddkmdldr;ddkmdldr;c:\windows\system32\drivers\ddkmdldr.sys;c:\windows\SYSNATIVE\drivers\ddkmdldr.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ddmgr;ddmgr;c:\windows\system32\ddmgr.exe;c:\windows\SYSNATIVE\ddmgr.exe [x]
R2 InstallerService;Service Installer TrueKey;c:\program files\TrueKey\Mcafee.TrueKey.InstallerService.exe;c:\program files\TrueKey\Mcafee.TrueKey.InstallerService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AFTrafMgr1.1;AFTrafMgr1.1;c:\program files (x86)\Hotspot Shield\bin\TrafMgr_1_1_64.sys;c:\program files (x86)\Hotspot Shield\bin\TrafMgr_1_1_64.sys [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R3 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R3 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
R3 cpuz134;cpuz134;c:\users\Usuario\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Usuario\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 DxkgFilter;Filtering Dxkg;c:\program files (x86)\iDisplay\idisplay.sys;c:\program files (x86)\iDisplay\idisplay.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys;c:\windows\SYSNATIVE\DRIVERS\evolve.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.11.266\McCHSvc.exe;c:\program files\McAfee Security Scan\3.11.266\McCHSvc.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VSStandardCollectorService140;Visual Studio Standard Collector Service;c:\program files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe;c:\program files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R3 X6va029;X6va029;c:\windows\SysWOW64\Drivers\X6va029;c:\windows\SysWOW64\Drivers\X6va029 [x]
R4 AGSService;Adobe Genuine Software Integrity Service;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [x]
R4 ddkmd;ddkmd;c:\windows\system32\drivers\ddkmd.sys;c:\windows\SYSNATIVE\drivers\ddkmd.sys [x]
R4 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe [x]
R4 MF NTFS Monitor;MediaFire NTFS Monitor;c:\users\Usuario\AppData\Local\MEDIAF~1\MFUSNM~1.EXE;c:\users\Usuario\AppData\Local\MEDIAF~1\MFUSNM~1.EXE [x]
R4 RadeonPro Support Service;RadeonPro Support Service;c:\program files (x86)\RadeonPro\RadeonProSupport.exe;c:\program files (x86)\RadeonPro\RadeonProSupport.exe [x]
R4 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [x]
R4 TrueKey;Intel Security True Key;c:\program files\TrueKey\McAfee.TrueKey.Service.exe;c:\program files\TrueKey\McAfee.TrueKey.Service.exe [x]
R4 TrueKeyScheduler;Intel Security True Key Scheduler;c:\program files\TrueKey\McTkSchedulerService.exe;c:\program files\TrueKey\McTkSchedulerService.exe [x]
R4 TrueKeyServiceHelper;TrueKeyServiceHelper;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [x]
R4 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys;c:\windows\SYSNATIVE\drivers\DDCDrv.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 APXACC;AppEx Networks Accelerator LWF;c:\windows\system32\DRIVERS\appexDrv.sys;c:\windows\SYSNATIVE\DRIVERS\appexDrv.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 BitDefenderCOM;BitDefenderCOM;c:\program files\BDServices\BitDefenderCom.exe;c:\program files\BDServices\BitDefenderCom.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 JME Keyboard;JME Keyboard Driver;c:\windows\jmesoft\Service.exe;c:\windows\jmesoft\Service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 mfmonitor;mfmonitor;c:\windows\system32\DRIVERS\mfmonitor_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mfmonitor_x64.sys [x]
S2 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
S2 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Cortex\RzKLService.exe;c:\program files (x86)\Razer\Razer Cortex\RzKLService.exe [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 VMC412;Vimicro Camera Service VMC412;c:\windows\system32\Drivers\VMC412.sys;c:\windows\SYSNATIVE\Drivers\VMC412.sys [x]
S3 vwhid;Virtual Wireless HID;c:\windows\system32\DRIVERS\vwhid.sys;c:\windows\SYSNATIVE\DRIVERS\vwhid.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-11-03 01:54 1363560 ----a-w- c:\program files (x86)\Google\Chrome\Application\54.0.2840.87\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-06-30 11:55 322232 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2016-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-11 00:27]
.
2016-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27 12:09]
.
2016-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27 12:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2015-11-14 10:23 553120 ------w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2015-11-14 10:23 553120 ------w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2015-11-14 10:23 553120 ------w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-05-31 04:24 262344 ----a-w- c:\users\Usuario\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-05-31 04:24 262344 ----a-w- c:\users\Usuario\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-05-31 04:24 262344 ----a-w- c:\users\Usuario\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-01 14:13 470016 ----a-w- c:\users\Usuario\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-01 14:13 470016 ----a-w- c:\users\Usuario\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-01 14:13 470016 ----a-w- c:\users\Usuario\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-11-10 01:31 1031520 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconError]
@="{5EE8C634-CDC0-453D-9731-DF0B19F4E807}"
[HKEY_CLASSES_ROOT\CLSID\{5EE8C634-CDC0-453D-9731-DF0B19F4E807}]
2015-04-23 13:10 89600 ----a-w- c:\program files (x86)\MediaFire Desktop\MediaFireIcon3_c1e50.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconReadOnly]
@="{7995D0FC-769B-4197-AEC0-991921CB99E1}"
[HKEY_CLASSES_ROOT\CLSID\{7995D0FC-769B-4197-AEC0-991921CB99E1}]
2015-04-23 13:10 89088 ----a-w- c:\program files (x86)\MediaFire Desktop\MediaFireIcon5_c1e50.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconSynched]
@="{9A3B79CB-D899-40B5-8DBC-20447F1ADC8F}"
[HKEY_CLASSES_ROOT\CLSID\{9A3B79CB-D899-40B5-8DBC-20447F1ADC8F}]
2015-04-23 13:10 84992 ----a-w- c:\program files (x86)\MediaFire Desktop\MediaFireIcon_c1e50.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconSyncing]
@="{C4D81971-6B13-4173-AB21-F83AD20CCC04}"
[HKEY_CLASSES_ROOT\CLSID\{C4D81971-6B13-4173-AB21-F83AD20CCC04}]
2015-04-23 13:10 86528 ----a-w- c:\program files (x86)\MediaFire Desktop\MediaFireIcon2_c1e50.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MediaFireIconLock]
@="{759F3E92-F4E8-4953-8315-238B8B17E0F3}"
[HKEY_CLASSES_ROOT\CLSID\{759F3E92-F4E8-4953-8315-238B8B17E0F3}]
2015-04-23 13:10 84992 ----a-w- c:\program files (x86)\MediaFire Desktop\MediaFireIcon4_c1e50.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = https://www.google.com/?trackid=sp-006
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
mSearch Bar = https://www.google.com/?trackid=sp-006
uInternet Settings,ProxyOverride = *.local
IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: eac-cdn.com\download
TCP: DhcpNameServer = 10.206.133.89 8.8.8.8
FF - ProfilePath - c:\users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\s4ofnc2w.default-1478814350888\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-AVG PC TuneUp - c:\program files (x86)\AVG\AVG PC TuneUp\..\Setup\avgsetupx.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va029]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va029"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Smadav\SMc:\windows\jmesoft\Service.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2016-11-11 21:03:58 - machine was rebooted
ComboFix-quarantined-files.txt 2016-11-12 03:03
.
Pre-Run: 184,567,595,008 bytes libres
Post-Run: 184,226,881,536 bytes libres
.
- - End Of File - - 7CBA2A9E6D4060F20807B7F6BEDBB3CE
A36C5E4F47E84449FF07ED3517B43A31
It uses wscript, that I know due to in the USB the cmd file executed a wscript, But I'm not sure if Its safe to just delete wscript all together, since it is a windows pre-installed file, and the virus is only just using it
I've deleted some files using a variety of programs like RogueKiller, SMADAV, Malwarebytes, Combofix(Ill post the combofix log in a sec)and abunch more, Avast did absolutely nothing, So I'm thinking about swapping avast with AVG (tho I dont know if I should, or just wait for avast to take things from AVG since avast bought AVG), but I'm sure that there are still files and traces left of Houdini, and I'm afraid that the worm will make it multiply. Thanks
Combo Fix Log:
ComboFix 16-11-06.01 - Usuario 11/11/2016 20:11:18.1.2 - x64
Microsoft Windows 7 Home Basic 6.1.7601.1.1252.1.3082.18.3580.1745 [GMT -6:00]
Running from: c:\users\Usuario\Downloads\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Usuario\AppData\Local\DeSmuME
c:\users\Usuario\AppData\Local\DeSmuME\Battery\4780 - Pokemon HeartGold (U)(Xenophobia).dsv
c:\users\Usuario\AppData\Local\DeSmuME\desmume.ini
c:\users\Usuario\AppData\Local\DeSmuME\States\4780 - Pokemon HeartGold (U)(Xenophobia).ds0
c:\users\Usuario\AppData\Roaming\Microsoft\Windows\Recent\Team Fortress 2.url
c:\windows\SysWow64\1
c:\windows\SysWow64\2
c:\windows\SysWow64\3
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AdobeUpdateService
.
.
((((((((((((((((((((((((( Files Created from 2016-10-12 to 2016-11-12 )))))))))))))))))))))))))))))))
.
.
2016-11-12 02:40 . 2016-11-12 02:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-11-11 21:24 . 2016-11-11 21:24 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-11-11 04:36 . 2016-11-12 02:50 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-11-11 04:31 . 2016-11-11 04:31 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-11-11 04:31 . 2016-11-11 04:31 -------- d-----w- c:\programdata\Malwarebytes
2016-11-11 04:31 . 2016-03-10 20:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-11-11 04:31 . 2016-03-10 20:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-11-11 04:31 . 2016-03-10 20:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-11-11 00:44 . 2016-11-11 15:24 -------- d-----w- c:\users\Usuario\AppData\Roaming\Enigma Software Group
2016-11-11 00:43 . 2016-11-11 00:43 -------- d-----w- C:\sh4ldr
2016-11-11 00:42 . 2016-11-11 15:24 -------- d-----w- c:\program files\Enigma Software Group
2016-11-10 22:01 . 2016-11-10 22:01 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software
2016-11-10 22:01 . 2016-11-10 22:01 -------- d-----w- c:\program files\BDServices
2016-11-10 21:57 . 2016-11-10 22:22 -------- d-----w- C:\[Smad-Cage]
2016-11-10 06:10 . 2016-11-10 06:10 -------- d-----w-Smad-Lock (Brankas Smadav) ? C:\SMAD-L~1
2016-11-10 05:44 . 2016-11-10 05:44 44952 ----a-w- c:\windows\system32\drivers\staport.sys
2016-11-10 05:43 . 2016-11-10 01:31 391496 ----a-w- c:\windows\system32\aswBoot.exe
2016-11-10 01:30 . 2016-11-10 01:30 53208 ----a-w- c:\windows\avastSS.scr
2016-11-09 06:15 . 2016-11-09 06:15 -------- d-----w- c:\users\Usuario\AppData\Roaming\Smadav
2016-11-09 06:15 . 2016-11-10 06:04 -------- d-----w- c:\program files (x86)\SMADAV
2016-11-09 06:03 . 2016-11-09 06:06 -------- d-----w- c:\program files\RogueKiller
2016-11-09 06:03 . 2016-11-12 01:57 -------- d-----w- c:\programdata\RogueKiller
2016-11-09 04:35 . 2016-11-09 04:35 -------- d-----w- c:\program files\7-Zip
2016-10-31 06:21 . 2016-11-10 01:24 -------- d--h--w- c:\users\Usuario\AppData\Roaming\jieio
2016-10-17 17:22 . 2016-10-17 17:22 -------- d-----w- c:\program files (x86)\Common Files\Skype
2016-10-16 05:49 . 2016-11-11 16:52 -------- d-----w- c:\users\Usuario\AppData\Local\Deployment
2016-10-16 05:49 . 2016-10-16 05:49 -------- d-----w- c:\users\Usuario\AppData\Local\Apps
2016-10-16 05:28 . 2016-10-16 05:28 -------- d-----w- c:\users\Usuario\AppData\Roaming\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-11-10 01:32 . 2014-11-13 17:51 293352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2016-11-10 01:32 . 2014-11-13 17:51 513632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2016-11-10 01:32 . 2014-11-13 17:51 969184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2016-11-10 01:31 . 2014-11-13 17:51 163416 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-11-10 01:31 . 2014-11-13 17:51 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-11-10 01:31 . 2014-11-13 17:51 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-11-10 01:31 . 2014-11-13 17:51 108816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-11-10 01:31 . 2014-11-13 17:51 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-11-10 01:30 . 2016-06-14 15:27 37144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-11-07 00:27 . 2015-03-11 03:33 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-11-07 00:27 . 2015-03-11 03:33 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-10-14 10:56 . 2016-10-14 10:56 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B2B8607-677B-4FC2-AD46-47DA76BE4F15}\offreg.4736.dll
2016-10-13 07:14 . 2016-10-13 07:14 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B2B8607-677B-4FC2-AD46-47DA76BE4F15}\offreg.4028.dll
2016-10-01 08:19 . 2016-10-01 08:19 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B2B8607-677B-4FC2-AD46-47DA76BE4F15}\offreg.1268.dll
2016-09-25 09:12 . 2016-09-25 09:12 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B2B8607-677B-4FC2-AD46-47DA76BE4F15}\offreg.3064.dll
2016-09-07 07:10 . 2016-09-07 07:10 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B2B8607-677B-4FC2-AD46-47DA76BE4F15}\offreg.3124.dll
2016-09-06 10:31 . 2016-09-06 10:31 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B2B8607-677B-4FC2-AD46-47DA76BE4F15}\offreg.172.dll
2016-08-30 09:58 . 2016-08-30 09:58 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B2B8607-677B-4FC2-AD46-47DA76BE4F15}\offreg.4436.dll
2016-08-29 17:04 . 2016-08-29 17:04 485512 ----a-w- c:\windows\system32\drivers\Trufos.sys
2016-08-27 07:41 . 2016-08-27 07:41 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B2B8607-677B-4FC2-AD46-47DA76BE4F15}\offreg.3188.dll
2016-08-24 09:37 . 2016-08-24 09:37 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B2B8607-677B-4FC2-AD46-47DA76BE4F15}\offreg.5448.dll
2016-08-17 08:40 . 2016-08-17 08:40 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B2B8607-677B-4FC2-AD46-47DA76BE4F15}\offreg.5620.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-05-31 04:24 223432 ----a-w- c:\users\Usuario\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-05-31 04:24 223432 ----a-w- c:\users\Usuario\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-05-31 04:24 223432 ----a-w- c:\users\Usuario\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-01 14:15 463360 ----a-w- c:\users\Usuario\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-01 14:15 463360 ----a-w- c:\users\Usuario\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-01 14:15 463360 ----a-w- c:\users\Usuario\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2016-10-13 2860832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SM?RT-Protection"="c:\program files (x86)\Smadav\SM?RTP.exe" [?]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-11-10 9044392]
"RazerCortex"="c:\program files (x86)\Razer\Razer Cortex\RazerCortex.exe" [2015-06-05 98256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\TrueKey\McAfeeTrueKeyPasswordFilter
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"BlueStacks Agent"=c:\program files (x86)\BlueStacks\HD-Agent.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R0 ddkmdldr;ddkmdldr;c:\windows\system32\drivers\ddkmdldr.sys;c:\windows\SYSNATIVE\drivers\ddkmdldr.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ddmgr;ddmgr;c:\windows\system32\ddmgr.exe;c:\windows\SYSNATIVE\ddmgr.exe [x]
R2 InstallerService;Service Installer TrueKey;c:\program files\TrueKey\Mcafee.TrueKey.InstallerService.exe;c:\program files\TrueKey\Mcafee.TrueKey.InstallerService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AFTrafMgr1.1;AFTrafMgr1.1;c:\program files (x86)\Hotspot Shield\bin\TrafMgr_1_1_64.sys;c:\program files (x86)\Hotspot Shield\bin\TrafMgr_1_1_64.sys [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R3 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R3 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
R3 cpuz134;cpuz134;c:\users\Usuario\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Usuario\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 DxkgFilter;Filtering Dxkg;c:\program files (x86)\iDisplay\idisplay.sys;c:\program files (x86)\iDisplay\idisplay.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys;c:\windows\SYSNATIVE\DRIVERS\evolve.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.11.266\McCHSvc.exe;c:\program files\McAfee Security Scan\3.11.266\McCHSvc.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VSStandardCollectorService140;Visual Studio Standard Collector Service;c:\program files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe;c:\program files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R3 X6va029;X6va029;c:\windows\SysWOW64\Drivers\X6va029;c:\windows\SysWOW64\Drivers\X6va029 [x]
R4 AGSService;Adobe Genuine Software Integrity Service;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [x]
R4 ddkmd;ddkmd;c:\windows\system32\drivers\ddkmd.sys;c:\windows\SYSNATIVE\drivers\ddkmd.sys [x]
R4 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe [x]
R4 MF NTFS Monitor;MediaFire NTFS Monitor;c:\users\Usuario\AppData\Local\MEDIAF~1\MFUSNM~1.EXE;c:\users\Usuario\AppData\Local\MEDIAF~1\MFUSNM~1.EXE [x]
R4 RadeonPro Support Service;RadeonPro Support Service;c:\program files (x86)\RadeonPro\RadeonProSupport.exe;c:\program files (x86)\RadeonPro\RadeonProSupport.exe [x]
R4 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [x]
R4 TrueKey;Intel Security True Key;c:\program files\TrueKey\McAfee.TrueKey.Service.exe;c:\program files\TrueKey\McAfee.TrueKey.Service.exe [x]
R4 TrueKeyScheduler;Intel Security True Key Scheduler;c:\program files\TrueKey\McTkSchedulerService.exe;c:\program files\TrueKey\McTkSchedulerService.exe [x]
R4 TrueKeyServiceHelper;TrueKeyServiceHelper;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [x]
R4 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys;c:\windows\SYSNATIVE\drivers\DDCDrv.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 APXACC;AppEx Networks Accelerator LWF;c:\windows\system32\DRIVERS\appexDrv.sys;c:\windows\SYSNATIVE\DRIVERS\appexDrv.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 BitDefenderCOM;BitDefenderCOM;c:\program files\BDServices\BitDefenderCom.exe;c:\program files\BDServices\BitDefenderCom.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 JME Keyboard;JME Keyboard Driver;c:\windows\jmesoft\Service.exe;c:\windows\jmesoft\Service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 mfmonitor;mfmonitor;c:\windows\system32\DRIVERS\mfmonitor_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mfmonitor_x64.sys [x]
S2 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
S2 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Cortex\RzKLService.exe;c:\program files (x86)\Razer\Razer Cortex\RzKLService.exe [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 VMC412;Vimicro Camera Service VMC412;c:\windows\system32\Drivers\VMC412.sys;c:\windows\SYSNATIVE\Drivers\VMC412.sys [x]
S3 vwhid;Virtual Wireless HID;c:\windows\system32\DRIVERS\vwhid.sys;c:\windows\SYSNATIVE\DRIVERS\vwhid.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-11-03 01:54 1363560 ----a-w- c:\program files (x86)\Google\Chrome\Application\54.0.2840.87\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-06-30 11:55 322232 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2016-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-11 00:27]
.
2016-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27 12:09]
.
2016-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27 12:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2015-11-14 10:23 553120 ------w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2015-11-14 10:23 553120 ------w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2015-11-14 10:23 553120 ------w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-05-31 04:24 262344 ----a-w- c:\users\Usuario\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-05-31 04:24 262344 ----a-w- c:\users\Usuario\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-05-31 04:24 262344 ----a-w- c:\users\Usuario\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-01 14:13 470016 ----a-w- c:\users\Usuario\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-01 14:13 470016 ----a-w- c:\users\Usuario\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-01 14:13 470016 ----a-w- c:\users\Usuario\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-11-10 01:31 1031520 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconError]
@="{5EE8C634-CDC0-453D-9731-DF0B19F4E807}"
[HKEY_CLASSES_ROOT\CLSID\{5EE8C634-CDC0-453D-9731-DF0B19F4E807}]
2015-04-23 13:10 89600 ----a-w- c:\program files (x86)\MediaFire Desktop\MediaFireIcon3_c1e50.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconReadOnly]
@="{7995D0FC-769B-4197-AEC0-991921CB99E1}"
[HKEY_CLASSES_ROOT\CLSID\{7995D0FC-769B-4197-AEC0-991921CB99E1}]
2015-04-23 13:10 89088 ----a-w- c:\program files (x86)\MediaFire Desktop\MediaFireIcon5_c1e50.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconSynched]
@="{9A3B79CB-D899-40B5-8DBC-20447F1ADC8F}"
[HKEY_CLASSES_ROOT\CLSID\{9A3B79CB-D899-40B5-8DBC-20447F1ADC8F}]
2015-04-23 13:10 84992 ----a-w- c:\program files (x86)\MediaFire Desktop\MediaFireIcon_c1e50.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconSyncing]
@="{C4D81971-6B13-4173-AB21-F83AD20CCC04}"
[HKEY_CLASSES_ROOT\CLSID\{C4D81971-6B13-4173-AB21-F83AD20CCC04}]
2015-04-23 13:10 86528 ----a-w- c:\program files (x86)\MediaFire Desktop\MediaFireIcon2_c1e50.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MediaFireIconLock]
@="{759F3E92-F4E8-4953-8315-238B8B17E0F3}"
[HKEY_CLASSES_ROOT\CLSID\{759F3E92-F4E8-4953-8315-238B8B17E0F3}]
2015-04-23 13:10 84992 ----a-w- c:\program files (x86)\MediaFire Desktop\MediaFireIcon4_c1e50.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = https://www.google.com/?trackid=sp-006
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
mSearch Bar = https://www.google.com/?trackid=sp-006
uInternet Settings,ProxyOverride = *.local
IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: eac-cdn.com\download
TCP: DhcpNameServer = 10.206.133.89 8.8.8.8
FF - ProfilePath - c:\users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\s4ofnc2w.default-1478814350888\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-AVG PC TuneUp - c:\program files (x86)\AVG\AVG PC TuneUp\..\Setup\avgsetupx.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va029]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va029"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Smadav\SMc:\windows\jmesoft\Service.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2016-11-11 21:03:58 - machine was rebooted
ComboFix-quarantined-files.txt 2016-11-12 03:03
.
Pre-Run: 184,567,595,008 bytes libres
Post-Run: 184,226,881,536 bytes libres
.
- - End Of File - - 7CBA2A9E6D4060F20807B7F6BEDBB3CE
A36C5E4F47E84449FF07ED3517B43A31