ComboFix 17-03-21.01 - ibrahim 03/22/2017 16:01:59.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1256.213.1025.18.1984.1496 [GMT 1:00] Running from: c:\users\ibrahim\Desktop\ComboFix.exe AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\windows7.arc . . ((((((((((((((((((((((((( Files Created from 2017-02-22 to 2017-03-22 ))))))))))))))))))))))))))))))) . . 2017-03-22 15:09 . 2017-03-22 15:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2017-03-22 11:45 . 2017-03-22 11:45 -------- d-----w- c:\program files\CPUID 2017-03-21 17:22 . 2017-01-30 11:09 144416 ----a-w- c:\windows\system32\drivers\KeyCrypt32.sys 2017-03-21 17:22 . 2017-03-22 08:01 -------- d-----w- c:\program files\KeyCryptSDK 2017-03-21 17:22 . 2017-03-22 11:43 -------- d-----w- c:\program files\Zemana AntiLogger 2017-03-21 17:11 . 2017-03-21 17:11 -------- d-----w- c:\program files\FastStone Capture 2017-03-21 16:59 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll 2017-03-21 16:59 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll 2017-03-21 16:59 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll 2017-03-21 16:58 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll 2017-03-21 16:55 . 2012-07-17 13:54 1178920 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDRES.DLL 2017-03-21 16:55 . 2012-07-17 13:51 441592 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 2017-03-21 16:55 . 2012-07-17 13:50 857352 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\wlidcli.dll 2017-03-21 16:55 . 2012-07-17 13:50 58136 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll 2017-03-21 16:55 . 2012-07-17 13:49 333056 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL 2017-03-21 16:55 . 2012-07-17 13:49 238848 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL 2017-03-21 16:55 . 2012-07-17 13:49 145648 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL 2017-03-21 16:55 . 2017-03-21 16:56 -------- d-----w- c:\program files\Windows Live 2017-03-21 16:55 . 2017-03-21 16:55 -------- d-----w- c:\program files\Windows Movie Maker 2017-03-21 13:01 . 2017-03-21 13:01 -------- d-----w- c:\program files\MyPlayCity.com 2017-03-21 12:05 . 2017-03-21 12:05 -------- d-----w- c:\program files\Common Files\AV 2017-03-21 12:04 . 2017-03-21 17:09 465024 ----a-w- c:\windows\system32\drivers\aswsp.sys 2017-03-21 12:04 . 2017-03-21 12:05 278776 ----a-w- c:\windows\system32\drivers\aswvmm.sys 2017-03-21 12:04 . 2017-03-21 12:03 118288 ----a-w- c:\windows\system32\drivers\aswStm.sys 2017-03-21 12:04 . 2017-03-21 12:03 62152 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2017-03-21 12:04 . 2017-03-21 12:03 34136 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2017-03-21 12:04 . 2017-03-21 12:03 106392 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2017-03-21 12:04 . 2017-03-21 12:03 90336 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2017-03-21 12:04 . 2017-03-21 12:03 756200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2017-03-21 12:03 . 2017-03-21 12:03 921280 ----a-w- c:\windows\ucrtbase.dll 2017-03-21 12:03 . 2017-03-21 12:03 328208 ----a-w- c:\windows\system32\aswBoot.exe 2017-03-21 11:26 . 2017-03-21 11:26 -------- d-----w- c:\program files\AVAST Software 2017-03-21 11:18 . 2017-03-21 11:18 -------- d-----w- c:\programdata\AVAST Software 2017-03-20 09:20 . 2017-03-20 09:20 -------- d-----w- c:\programdata\AVS4YOU 2017-03-20 09:16 . 2017-03-20 09:19 -------- d-----w- c:\program files\AVS4YOU 2017-03-20 09:16 . 2011-06-23 11:26 1700352 ----a-w- c:\windows\system32\GdiPlus.dll 2017-03-20 09:16 . 2011-06-23 11:25 24576 ----a-w- c:\windows\system32\msxml3a.dll 2017-03-19 16:27 . 2017-03-19 16:27 -------- d-----w- c:\programdata\TuneUp Software 2017-03-19 16:26 . 2017-03-19 16:26 -------- d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357} 2017-03-19 15:05 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll 2017-03-19 15:05 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe 2017-03-19 15:05 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll 2017-03-19 15:05 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll 2017-03-19 15:05 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll 2017-03-19 15:05 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll 2017-03-19 15:05 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll 2017-03-19 15:05 . 2014-05-14 08:23 179656 ----a-w- c:\windows\system32\wuwebv.dll 2017-03-19 15:05 . 2014-05-14 08:17 33792 ----a-w- c:\windows\system32\wuapp.exe 2017-03-19 10:44 . 2017-02-22 11:48 9992952 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0ACD6C10-ED81-476C-8A84-449488E539A1}\mpengine.dll 2017-03-19 10:44 . 2016-10-26 16:29 407720 ------w- c:\windows\system32\MpSigStub.exe 2017-03-19 09:56 . 2017-03-19 09:58 -------- d-----w- c:\program files\The KMPlayer 2017-03-18 18:41 . 2017-03-21 17:06 -------- d-----w- c:\program files\Bonjour 2017-03-18 18:41 . 2017-03-18 18:41 -------- d-----w- c:\programdata\Apple 2017-03-18 18:40 . 2017-03-18 18:40 -------- d-----w- c:\program files\DearMob 2017-03-18 18:40 . 2017-03-18 18:40 -------- d-----w- c:\program files\Foxit Software 2017-03-18 18:38 . 2017-03-19 06:32 -------- d-----w- c:\program files\CCleaner 2017-03-18 11:52 . 2017-03-18 11:52 -------- d-----w- c:\programdata\Package Cache 2017-03-18 11:50 . 2017-03-18 11:56 -------- d-----w- c:\program files\Kodi 2017-03-18 09:38 . 2017-03-18 11:54 -------- d-----w- c:\program files\MKV Player 2017-03-18 08:05 . 2017-03-18 08:04 6656 ----a-w- c:\windows\system32\SiSApi.dll 2017-03-18 08:05 . 2017-03-18 08:05 -------- d-----w- c:\program files\SiS VGA Utilities 2017-03-18 08:04 . 2017-03-18 08:04 6656 ----a-w- c:\windows\system32\SiSCo.dll 2017-03-18 08:04 . 2017-03-18 08:04 655360 ----a-w- c:\windows\system32\SiSClone.dll 2017-03-18 08:04 . 2017-03-18 08:04 5632 ----a-w- c:\windows\system32\SiSKrl.dll 2017-03-18 08:04 . 2017-03-18 08:04 466432 ----a-w- c:\windows\system32\drivers\SISGRKMD.sys 2017-03-18 08:04 . 2017-03-18 08:04 4080128 ----a-w- c:\windows\system32\SiSGlv.dll 2017-03-18 08:04 . 2017-03-18 08:04 3653632 ----a-w- c:\windows\system32\SISGRUMD.dll 2017-03-18 08:04 . 2017-03-18 08:04 212992 ----a-w- c:\windows\system32\SiSFunc.dll 2017-03-18 07:46 . 2017-03-18 07:46 -------- d-----w- c:\program files\Combined Community Codec Pack 2017-03-18 07:01 . 2017-03-18 18:35 -------- d-----w- C:\KMPlayer 2017-03-18 06:55 . 2017-03-18 06:55 58400 ----a-w- c:\windows\system32\drivers\sisagpx.sys 2017-03-18 06:34 . 2017-03-18 06:34 -------- d-----w- c:\programdata\IDM 2017-03-18 06:34 . 2017-03-18 06:34 -------- d-----w- c:\program files\Internet Download Manager 2017-03-18 06:32 . 2017-03-18 06:32 -------- d-----w- c:\program files\Your Uninstaller 2010 2017-03-17 20:04 . 2017-03-18 18:39 -------- d-----w- c:\windows\Panther 2017-03-17 19:56 . 2017-03-17 19:56 -------- d-----w- C:\Windows.old 2017-03-17 19:35 . 2017-03-18 06:35 -------- d-----w- c:\program files\PdaNet for Android 2017-03-17 13:06 . 2017-03-17 13:06 -------- d-----w- c:\programdata\Ralink 2017-03-17 13:06 . 2011-09-08 04:51 237568 ----a-w- c:\windows\system32\ssleay32.dll 2017-03-17 13:06 . 2011-09-08 04:50 1100288 ----a-w- c:\windows\system32\libeay32.dll 2017-03-17 12:44 . 2017-03-17 12:44 -------- d-----w- c:\programdata\ProductData 2017-03-17 12:44 . 2017-03-17 12:44 -------- d-----w- c:\windows\IObit 2017-03-17 12:43 . 2017-03-17 12:43 -------- d-----w- c:\programdata\IObit 2017-03-17 12:43 . 2017-03-17 12:43 23840 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS 2017-03-17 12:43 . 2017-03-17 12:43 -------- d-----w- c:\program files\IObit 2017-03-17 12:32 . 2012-06-09 17:21 178688 ----a-w- c:\windows\system32\unrar.dll 2017-03-17 12:32 . 2017-03-17 12:32 -------- d-----w- c:\program files\K-Lite Codec Pack 2017-03-17 12:22 . 2017-03-21 12:22 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2017-03-17 12:22 . 2017-03-21 12:22 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2017-03-17 12:22 . 2017-03-21 12:21 -------- d-----w- c:\windows\system32\Macromed 2017-03-17 11:59 . 2017-03-17 12:11 -------- d-----w- c:\program files\Google 2017-03-17 11:25 . 2017-03-21 17:06 -------- d-sh--w- c:\windows\Installer 2017-03-17 11:23 . 2011-11-24 23:26 13440 ----a-w- c:\windows\system32\drivers\pneteth.sys 2017-03-17 11:16 . 2017-03-22 07:38 -------- d-----w- c:\users\ibrahim 2017-03-17 11:15 . 2017-03-17 11:15 -------- d-----w- C:\Recovery 2017-03-17 11:15 . 2017-03-17 11:15 -------- d-sh--we c:\users\Default\ÞÇÆãÉ ÇÈÏà 2017-03-17 11:15 . 2017-03-17 11:15 -------- d-sh--we c:\programdata\ÞÇÆãÉ ÇÈÏà 2017-03-17 11:15 . 2017-03-17 11:15 -------- d-sh--we c:\programdata\ÓØÍ ÇáãßÊÈ 2017-03-02 06:46 . 2017-03-05 08:55 32256 ---ha-w- C:\~WRL0092.tmp 2017-03-02 06:46 . 2017-03-04 14:42 31744 ---ha-w- C:\~WRL0003.tmp . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2015-08-14 14:52 23520 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2017-03-21 12:03 1165096 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2017-02-14 4005944] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2017-03-18 557056] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-03-21 205512] . c:\users\ibrahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2017-3-18 1029944] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe -s [2017-3-17 15661872] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . R1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam32.sys [x] R1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard32.sys [x] R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2017-03-21 118288] R2 RaMediaServer;Ralink UPnP Media Server;c:\program files\Ralink\Common\RaMediaServer.exe [2012-07-06 1863680] R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys [2017-03-21 34136] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464] R3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt32.sys [2017-01-30 144416] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] S0 aswRvrt;aswRvrt;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys [x] S0 aswVmm;aswVmm;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys [x] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2017-03-21 756200] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2017-03-21 465024] S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2017-03-17 23840] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2017-03-21 106392] S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2016-10-17 147120] S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [2013-09-06 1635632] S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-11-24 13440] S3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2017-03-18 466432] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2009-07-13 48128] . . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2017-03-17 12:11 1319256 ----a-w- c:\program files\Google\Chrome\Application\57.0.2987.110\Installer\chrmstp.exe . . ------- Supplementary Scan ------- . IE: ÊÍãíá Çáßá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm IE: ÊÍãíá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm TCP: DhcpNameServer = 192.168.8.1 192.168.8.1 . - - - - ORPHANS REMOVED - - - - . AddRemove-QQPlayer - c:\program files\Tencent\QQPlayer\uninst.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_24_0_0_186_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_24_0_0_186_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2017-03-22 16:11:12 ComboFix-quarantined-files.txt 2017-03-22 15:11 . Pre-Run: 57,410,002,944 bytes free Post-Run: 57,250,471,936 bytes free . - - End Of File - - ED0480E67B544CC7B4FE58622230687A A36C5E4F47E84449FF07ED3517B43A31