Jump to content

fake svchost playing audio ads...need help


Recommended Posts

I see a "no name available" sound in my volume mixer, my svchost's memory usage goes through the roof after awhile and the audio ads play randomly. I've looked through some similar cases on here and I think that's what it is, although I can't be sure obviously. I would hope to get some help as soon as possible as it's been in my system for a couple of days now.

I've copy and pasted the dds and attach txt files below.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.45.2
Run by Darwin at 18:39:08 on 2014-01-03
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4095.861 [GMT -8:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files\SoftPerfect Bandwidth Manager\bwmsvc.exe
c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe
C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
C:\Program Files\Winstep\WsxService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Users\Darwin\AppData\Local\Akamai\netsession_win.exe
C:\Users\Darwin\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Users\Darwin\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Logitech\SetPoint II\SetPointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\taskhost.exe
C:\Users\Darwin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darwin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darwin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darwin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darwin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darwin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darwin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darwin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darwin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darwin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darwin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darwin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darwin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darwin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darwin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darwin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darwin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darwin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darwin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darwin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darwin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darwin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darwin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darwin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darwin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darwin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darwin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darwin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darwin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Darwin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darwin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\Darwin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darwin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
uRun: [Akamai NetSession Interface] "C:\Users\Darwin\AppData\Local\Akamai\netsession_win.exe"
uRun: [F.lux] "C:\Users\Darwin\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SETPOI~1.LNK - C:\Program Files\Logitech\SetPoint II\SetPointII.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001025-0002-0025-ABCDEFFEDCBC} - <orphaned>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{314C4549-FE9F-428F-93E2-9919CA7DED20} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{314C4549-FE9F-428F-93E2-9919CA7DED20}\4586560A45561686F6573756 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{314C4549-FE9F-428F-93E2-9919CA7DED20}\54D2A5D2132333 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{4F2ACE78-272E-46F8-A283-8FCD1E831AD5} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Run: [RivaTunerStartupDaemon] "C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /S
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-STS: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - <orphaned>
x64-STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\191fu886.default-1377033217496\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Darwin\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\Darwin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Darwin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Darwin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Darwin\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [2011-3-28 25832]
R2 Giraffic;Veoh Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [?]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-11-29 2210640]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-7-15 8704]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2013-10-11 377104]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-31 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-31 701512]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-8-6 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-7-20 2027840]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R2 Winstep Xtreme Service;Winstep Xtreme Service;C:\Program Files\Winstep\WsxService --> C:\Program Files\Winstep\WsxService [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-8-19 351136]
R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-8-19 4869024]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-1-19 25928]
R3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2011-6-5 31232]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-5-18 11856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-8-13 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-8-13 124088]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2013-5-27 131912]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-8-20 103576]
S3 Gun;Gun;C:\Windows\System32\Gun64.sys [2011-3-7 30840]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-2 227232]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 128456]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision\RTCore64.sys [2010-9-7 14440]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-8-20 204568]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-11-11 59392]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2011-6-5 736104]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-7 1255736]
.
=============== Created Last 30 ================
.
2014-01-04 01:16:11 117464 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-01-03 14:36:59 65600 ----a-w- C:\Windows\System32\drivers\lsi_sas2.sys.bak
2014-01-03 14:20:39 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{85E7A25A-62F8-49BA-8467-20C45A9AEC09}\mpengine.dll
2014-01-03 14:08:07 -------- d-----w- C:\$RECYCLE.BIN
2014-01-03 13:19:16 -------- d-----w- C:\Windows\ERUNT
2014-01-03 13:11:57 -------- d-----w- C:\AdwCleaner
2014-01-03 12:41:22 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-02 13:57:00 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-01 13:07:07 89304 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2013-12-31 18:45:03 -------- d-----w- C:\Users\Darwin\AppData\Roaming\MPC-HC
2013-12-16 02:17:39 -------- d-----w- C:\BOSS
2013-12-16 02:06:28 216064 ----a-w- C:\Windows\SysWow64\lagarith.dll
2013-12-16 02:06:28 148992 ----a-w- C:\Windows\System32\lagarith.dll
2013-12-16 02:06:27 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2013-12-16 02:06:27 3649536 ----a-w- C:\Windows\SysWow64\x264vfw.dll
2013-12-16 02:06:27 3554304 ----a-w- C:\Windows\System32\x264vfw64.dll
2013-12-16 02:06:27 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2013-12-16 02:06:26 180736 ----a-w- C:\Windows\System32\ac3acm.acm
2013-12-16 02:06:26 122880 ----a-w- C:\Windows\SysWow64\ac3acm.acm
2013-12-16 02:06:24 256088 ----a-w- C:\Windows\System32\unrar64.dll
2013-12-16 02:06:22 112640 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2013-12-16 02:02:28 -------- d-----w- C:\Users\Darwin\AppData\Local\Fallout3
2013-12-07 22:24:33 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{71D252F9-9356-4B1E-B013-CD14DF0F9986}\gapaengine.dll
2013-12-06 22:08:08 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
.
==================== Find3M  ====================
.
2013-12-11 09:37:42 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 09:37:42 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-14 18:00:00 127488 ----a-w- C:\Windows\System32\ff_vfw.dll
2013-10-08 14:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-01-07 19:54:52 44 ---h--w- C:\Program Files (x86)\29a79214.tmp
.
============= FINISH: 18:40:22.14 ===============
 
attach txt
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume1
Install Date: 8/6/2010 10:52:21 PM
System Uptime: 1/3/2014 5:47:33 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P5N-D
Processor: Intel® Core2 Quad CPU    Q9550  @ 2.83GHz | Socket 775 | 2833/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 17.52 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP934: 1/1/2014 5:04:44 AM - Windows Update
RP935: 1/1/2014 5:54:46 AM - Malwarebytes Anti-Rootkit Restore Point
RP936: 1/3/2014 5:38:29 AM - ComboFix created restore point
RP937: 1/3/2014 5:36:29 PM - Installed Microsoft Fix it 50267
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.25 (x64 edition)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.2
AIM 7
Akamai NetSession Interface
Akamai NetSession Interface Service
alien_crossfire
alpha_centauri
Amazon MP3 Downloader 1.0.15
Amazon Unbox Video
Any Video Converter 3.3.2
Apple Application Support
Apple Mobile Device Support
applicationupdater
ArmA II Launcher
Avernum: Escape From the Pit
Baldur's Gate 2 Complete
Baldur's Gate Enhanced Edition
Battle for Wesnoth 1.10.6
Belarc Advisor 8.1
Bonjour
BOSS
BulletStorm
CameraHelperMsi
CD Art Display 2.0.1
CDisplay 1.8
Comcast High-Speed Internet Install Wizard
Company of Heroes
Contagion
Cry of Fear
D3DX10
Dear Esther
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Delver
Deponia
Desktop Dungeons
Desura
DivX Setup
Don't Starve
Dota 2
Dreamfall: The Longest Journey
Driver Detective
Dropbox
Dungeon Dashers
Dungeon of the Endless
Dungeons of Dredmor
Endless Space
erLT
EVGA Precision 2.0.0
Expeditions - Conquistador
f.lux
Fallen Enchantress
Fallen Enchantress: Legendary Heroes
Fallout 3 - Game of the Year Edition
Fallout 3 Patch v1.5
Fallout Mod Manager 0.12.6
FO2 Restoration Project 2.2
focus booster
Fraps (remove only)
Free Mouse Auto Clicker 3.1
Free MP3 Cutter and Editor 2.6
Frozen Synapse
FTL: Faster Than Light
GameRanger
GameSpy Arcade
Geneforge 1
Geneforge 2
Geneforge 3
Geneforge 4
Geneforge 5
GOG.com Downloader version 3.2.14
Google Chrome
Google Earth
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
GoToMeeting 5.1.0.880
GPL MPEG-1/2 DirectShow Decoder Filter
Grey 1.1.0
Grim Dawn
Heroes of Might and Magic® III Complete
Hex Workshop v6.7
Hi-Rez Studios Authenticate and Update Service
ImgBurn
Infantry Online
Infested Planet
IrfanView (remove only)
Jagged Alliance 2 Gold
Java 7 Update 17
Java 7 Update 45
Java Auto Updater
Java 6 Update 12 (64-bit)
K-Lite Mega Codec Pack 10.1.5
Katawa Shoujo
Knights of Pen and Paper
League of Legends
Logitech SetPoint 5.20
Logitech Vid HD
Logitech Webcam Software
LogMeIn Hamachi
Long Live The Queen Full Retail 1.0.3
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Macro Express 3
Magic ISO Maker v5.5 (build 0281)
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus
MediaMonkey 3.2
Microsoft .NET Framework 4.5.1 RC
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Game Studios Common Redistributables Pack 1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Xbox 360 Accessories 1.2
Microsoft XML Parser
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0 Refresh
Might & Magic ® Heroes ® VI
MISERY for S.T.A.L.K.E.R - Call of Pripyat
Mount & Blade: Warband
Mount & Blade: With Fire and Sword
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MP3 Clipper and Joiner 1.0
MSVCRT
Mumble 1.2.3
My Game Long Name
NEO Scavenger
Nether
Neverwinter Nights 2: Platinum
Nexon Game Manager
Notepad++
Nuclear Throne
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 296.10
NVIDIA 3D Vision Driver 306.97
NVIDIA Control Panel 306.97
NVIDIA Graphics Driver 306.97
NVIDIA Install Application
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.10.8
NVIDIA Update Components
OpenAL
Outlast
oZone3D.Net FurMark v1.6.5
Pando Media Booster
Paranormal
PAYDAY 2
PAYDAY 2 Beta
Picasa 3
PingPlotter Standard 3.30.4s
Pixel Piracy
QuickTime
Rainmeter (remove only)
Rapture3D 2.3.22 Game
Realm of the Mad God
Risk of Rain
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
Running with rifles version 0.89.1
Samsung Kies
Samsung Mobile phone USB driver Drive Software
SAMSUNG USB Driver for Mobile Phones
Sang-Froid - Tales of Werewolves
Scrolls
Security Update for CAPICOM (KB931906)
Sid Meier's Alpha Centauri
Sid Meier's Civilization V SDK
Silent Hill
Six Updater
Skype™ 5.8
Sofonica MP3 Cutter 1.1
SoftPerfect Bandwidth Manager Lite 2.9.10
Songbird 1.10.1 (Build 2160)
Source SDK Base 2006
Source SDK Base 2007
Spacebase DF-9
SpeedFan (remove only)
SplitCam
Spotify
Spybot - Search & Destroy
Starbound
Steam
SUABnR
Sword of Damocles: Warlords 3.92
Sword of the Stars: The Pit
System Requirements Lab CYRI
Teleglitch: Die More Edition
TeraCopy 2.27
The Binding Of Isaac
The Incredible Adventures of Van Helsing
The Longest Journey
The Walking Dead: Season Two
The Wolf Among Us
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
Tunngle beta
Ubisoft Game Launcher
Unity Web Player
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Uplay
User's Guides
UxStyle Core Beta
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client for Windows x64
Veoh Giraffic Video Accelerator
Veoh Web Player
Verizon Wireless Software Upgrade Assistant - Samsung(ar)
Verizon Wireless Software Utility Application for Android - Samsung
VirtualCloneDrive
VLC media player 1.1.2
Warframe
Warhammer® 40,000®: Dawn of War® II – Retribution™
Wasteland 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinPcap 4.1.2
WinRAR archiver
Winstep Xtreme 10.9
XCOM: Enemy Unknown
Xenonauts
XSplit
Zafehouse: Diaries version 1.1.2
.
==== Event Viewer Messages From Past Week ========
.
1/3/2014 7:14:13 AM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
1/3/2014 7:14:13 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/3/2014 7:14:11 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/3/2014 7:14:07 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/3/2014 7:14:07 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/3/2014 7:14:05 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/3/2014 7:13:40 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/3/2014 7:13:33 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD CSC DfsC discache ElbyCDIO MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
1/3/2014 7:13:33 AM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
1/3/2014 7:13:33 AM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
1/3/2014 7:13:33 AM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
1/3/2014 7:13:33 AM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
1/3/2014 7:13:33 AM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
1/3/2014 7:13:33 AM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
1/3/2014 7:13:33 AM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
1/3/2014 7:13:33 AM, Error: Service Control Manager [7001]  - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
1/3/2014 7:13:33 AM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
1/3/2014 7:13:33 AM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
1/3/2014 7:13:33 AM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
1/3/2014 7:12:46 AM, Error: sptd [4]  - Driver detected an internal error in its data structures for .
1/3/2014 7:10:45 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error:  A system shutdown has already been scheduled.
1/3/2014 5:50:13 PM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/3/2014 5:50:13 PM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
1/3/2014 5:48:22 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/3/2014 5:48:08 PM, Error: Service Control Manager [7023]  - The Power service terminated with the following error:  The WMI request could not be completed and should be retried.
1/3/2014 5:47:44 PM, Error: Application Popup [1060]  - \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
1/3/2014 5:46:47 PM, Error: Service Control Manager [7023]  - The WMI Performance Adapter service terminated with the following error:  %%-2147024809
1/3/2014 5:45:42 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error:  A system shutdown has already been scheduled.
1/3/2014 5:45:42 PM, Error: Service Control Manager [7031]  - The Plug and Play service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/3/2014 5:45:42 PM, Error: Service Control Manager [7031]  - The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Okay I ran the scan and copy and pasted the log below, if it also helps, my computer randomly will log off and restart because a certain plug and play or process randomly stops, usually the dcom service. 
And in my volume mixer there's actually two "name unidentified" ad song things.

Also I'm running windows 7 64 bit.
 

RogueKiller V8.8.0 _x64_ [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Darwin [Admin rights]
Mode : Scan -- Date : 01/04/2014 05:56:07
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 1 ¤¤¤
[HJNAME] notepad.exe -- C:\Windows\Temp\notepad.exe [-] -> KILLED [Tree]
 
¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : DinsCurse (rundll32 "C:\Users\Darwin\AppData\Local\VirtualStore\DinsCurse\hdmdclfoig.dll",DllRegisterServer [x][-][x]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) WDC WD50 00AAKS-00V1A SCSI Disk Device +++++
--- User ---
[MBR] 11bd505583332d1c7206fc4be1dc9cfb
[bSP] 54937b3ba4c4c4259cebb4e8c729a664 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )
 
Finished : << RKreport[0]_S_01042014_055607.txt >>
RKreport[0]_S_01042014_055419.txt
Link to post
Share on other sites

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Okay I had to run the combofix twice because the first time, it was preparing the log but it cut off half way through because my computer "randomly" had a plug and play critical thing crash and it was forced to restart. The second time around it finished in time. Also I'm also having malware problems of when I click on links in google it will redirect me to random sites.
 

ComboFix 14-01-04.03 - Darwin 01/04/2014   7:45.3.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4095.2508 [GMT -8:00]
Running from: c:\users\Darwin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\Darwin\AppData\Local\VirtualStore\DinsCurse\hdmdclfoig.dll
c:\users\Darwin\g2mdlhlpx.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-04 to 2014-01-04  )))))))))))))))))))))))))))))))
.
.
2014-01-04 15:57 . 2014-01-04 15:57 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-01-04 15:57 . 2014-01-04 15:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-04 01:16 . 2014-01-04 01:16 117464 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-01-03 14:36 . 2014-01-04 13:55 65600 ----a-w- c:\windows\system32\drivers\lsi_sas2.sys.bak
2014-01-03 14:20 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85E7A25A-62F8-49BA-8467-20C45A9AEC09}\mpengine.dll
2014-01-03 13:33 . 2014-01-03 13:33 -------- d-----w- c:\windows\Sun
2014-01-03 13:19 . 2014-01-03 13:19 -------- d-----w- c:\windows\ERUNT
2014-01-03 13:11 . 2014-01-03 14:41 -------- d-----w- C:\AdwCleaner
2014-01-03 12:41 . 2014-01-04 01:30 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-02 13:57 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-01 13:07 . 2014-01-04 01:16 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-31 18:45 . 2013-12-31 18:45 -------- d-----w- c:\users\Darwin\AppData\Roaming\MPC-HC
2013-12-16 02:17 . 2013-12-16 02:54 -------- d-----w- C:\BOSS
2013-12-16 02:06 . 2011-12-07 18:37 148992 ----a-w- c:\windows\system32\lagarith.dll
2013-12-16 02:06 . 2011-12-07 18:32 216064 ----a-w- c:\windows\SysWow64\lagarith.dll
2013-12-16 02:06 . 2013-03-17 18:22 3554304 ----a-w- c:\windows\system32\x264vfw64.dll
2013-12-16 02:06 . 2013-03-17 17:21 3649536 ----a-w- c:\windows\SysWow64\x264vfw.dll
2013-12-16 02:06 . 2011-06-24 15:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2013-12-16 02:06 . 2011-06-24 15:28 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
2013-12-16 02:06 . 2012-07-21 11:55 180736 ----a-w- c:\windows\system32\ac3acm.acm
2013-12-16 02:06 . 2012-07-21 11:54 122880 ----a-w- c:\windows\SysWow64\ac3acm.acm
2013-12-16 02:06 . 2013-08-22 18:09 256088 ----a-w- c:\windows\system32\unrar64.dll
2013-12-16 02:06 . 2013-11-14 18:00 112640 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2013-12-16 02:02 . 2013-12-16 14:01 -------- d-----w- c:\users\Darwin\AppData\Local\Fallout3
2013-12-07 22:24 . 2013-10-18 07:46 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{71D252F9-9356-4B1E-B013-CD14DF0F9986}\gapaengine.dll
2013-12-06 22:08 . 2013-12-06 22:08 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 09:37 . 2012-04-18 23:59 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 09:37 . 2011-05-25 21:19 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-23 00:59 . 2013-11-23 00:59 57344 ----a-r- c:\users\Darwin\AppData\Roaming\Microsoft\Installer\{2E6FA5CA-1597-4219-AF62-D9B061E7C448}\NewShortcut11_98798AFA4B0B41FAA9B8FF8835A64952.exe
2013-11-23 00:59 . 2013-11-23 00:59 57344 ----a-r- c:\users\Darwin\AppData\Roaming\Microsoft\Installer\{2E6FA5CA-1597-4219-AF62-D9B061E7C448}\NewShortcut1_3F3768693B314C7692F69858832BE52C.exe
2013-11-23 00:59 . 2013-11-23 00:59 53248 ----a-r- c:\users\Darwin\AppData\Roaming\Microsoft\Installer\{2E6FA5CA-1597-4219-AF62-D9B061E7C448}\ARPPRODUCTICON.exe
2013-11-19 10:21 . 2010-08-07 06:00 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-14 18:00 . 2011-06-22 23:10 127488 ----a-w- c:\windows\system32\ff_vfw.dll
2013-10-18 07:46 . 2011-03-26 18:09 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-08 14:50 . 2013-10-22 11:11 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-01-07 19:54 . 2012-01-09 07:54 44 ---h--w- c:\program files (x86)\29a79214.tmp
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[7] 2009-07-14 . 7266972E86890E2B30C0C322E906B027 . 509440 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[-] 2010-11-20 . 35F9B98F6C0FF4AB7EF3665536BE025F . 509952 . . [6.1.7600.16385] .. c:\windows\system32\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Darwin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Darwin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Darwin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Akamai NetSession Interface"="c:\users\Darwin\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"F.lux"="c:\users\Darwin\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
"DinsCurse"="c:\users\Darwin\AppData\Local\VirtualStore\DinsCurse\hdmdclfoig.dll" [bU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-30 3806544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DinsCurse"="c:\users\Darwin\AppData\Local\VirtualStore\DinsCurse\hdmdclfoig.dll" [bU]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-2 255536]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-10-10 117248]
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 Gun;Gun;c:\windows\system32\Gun64.sys;c:\windows\SYSNATIVE\Gun64.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
R3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision\RTCore64.sys;c:\program files (x86)\EVGA Precision\RTCore64.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\Darwin\AppData\Local\Temp\00513F0.tmp;c:\users\Darwin\AppData\Local\Temp\00513F0.tmp [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [x]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files\Winstep\WsxService;c:\program files\Winstep\WsxService [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ   Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 09:37]
.
2014-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-05 19:35]
.
2014-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-05 19:35]
.
2014-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3911683554-3553286672-2363877611-1000Core.job
- c:\users\Darwin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-07 23:11]
.
2014-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3911683554-3553286672-2363877611-1000UA.job
- c:\users\Darwin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-07 23:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Darwin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Darwin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Darwin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Darwin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"RivaTunerStartupDaemon"="c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>erride;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\191fu886.default-1377033217496\
.
- - - - ORPHANS REMOVED - - - -
.
SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Winstep Xtreme Service]
"ImagePath"="c:\program files\Winstep\WsxService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Darwin\AppData\Local\Temp\00513F0.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3911683554-3553286672-2363877611-1000\Software\SecuROM\License information*]
"datasecu"=hex:da,84,9d,ca,ad,a6,c5,1e,fe,99,96,92,85,1c,69,e3,ea,8f,17,76,cd,
   f9,ef,95,a1,d4,cb,29,fe,01,56,fa,99,e5,62,92,c3,5d,83,09,e2,20,1c,99,4a,6b,\
"rkeysecu"=hex:47,00,cd,af,9b,cb,4f,ba,05,2d,8f,07,32,a7,59,46
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-04  08:01:11
ComboFix-quarantined-files.txt  2014-01-04 16:01
.
Pre-Run: 22,686,228,480 bytes free
Post-Run: 22,330,552,320 bytes free
.
- - End Of File - - F4ED5D363388DFFDA479636A3640ED7E
A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

Using ComboFix......

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt, place it next to ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

-------------------------------

Next..reset Google Chrome:

https://support.google.com/chrome/answer/3296214?hl=en

If you still have a problem, please re-install Google Chrome.

Last.......

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a FULL Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

well i ran the combofix script on the combofix but when i checked the volume mixer it still came up with a "name unidentified" audio program. Here's the report though, i'll get to work on scanning and reporting the other programs.

 

ComboFix 14-01-04.03 - Darwin 01/04/2014   8:28.4.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4095.2293 [GMT -8:00]
Running from: c:\users\Darwin\Desktop\ComboFix.exe
Command switches used :: c:\users\Darwin\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll --> c:\windows\system32\rpcss.dll
.
(((((((((((((((((((((((((   Files Created from 2013-12-04 to 2014-01-04  )))))))))))))))))))))))))))))))
.
.
2014-01-04 16:44 . 2014-01-04 16:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-01-04 16:44 . 2014-01-04 16:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-04 01:16 . 2014-01-04 01:16 117464 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-01-03 14:36 . 2014-01-04 13:55 65600 ----a-w- c:\windows\system32\drivers\lsi_sas2.sys.bak
2014-01-03 14:20 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85E7A25A-62F8-49BA-8467-20C45A9AEC09}\mpengine.dll
2014-01-03 13:33 . 2014-01-03 13:33 -------- d-----w- c:\windows\Sun
2014-01-03 13:19 . 2014-01-03 13:19 -------- d-----w- c:\windows\ERUNT
2014-01-03 13:11 . 2014-01-03 14:41 -------- d-----w- C:\AdwCleaner
2014-01-03 12:41 . 2014-01-04 01:30 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-02 13:57 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-01 13:07 . 2014-01-04 01:16 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-31 18:45 . 2013-12-31 18:45 -------- d-----w- c:\users\Darwin\AppData\Roaming\MPC-HC
2013-12-16 02:17 . 2013-12-16 02:54 -------- d-----w- C:\BOSS
2013-12-16 02:06 . 2011-12-07 18:37 148992 ----a-w- c:\windows\system32\lagarith.dll
2013-12-16 02:06 . 2011-12-07 18:32 216064 ----a-w- c:\windows\SysWow64\lagarith.dll
2013-12-16 02:06 . 2013-03-17 18:22 3554304 ----a-w- c:\windows\system32\x264vfw64.dll
2013-12-16 02:06 . 2013-03-17 17:21 3649536 ----a-w- c:\windows\SysWow64\x264vfw.dll
2013-12-16 02:06 . 2011-06-24 15:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2013-12-16 02:06 . 2011-06-24 15:28 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
2013-12-16 02:06 . 2012-07-21 11:55 180736 ----a-w- c:\windows\system32\ac3acm.acm
2013-12-16 02:06 . 2012-07-21 11:54 122880 ----a-w- c:\windows\SysWow64\ac3acm.acm
2013-12-16 02:06 . 2013-08-22 18:09 256088 ----a-w- c:\windows\system32\unrar64.dll
2013-12-16 02:06 . 2013-11-14 18:00 112640 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2013-12-16 02:02 . 2013-12-16 14:01 -------- d-----w- c:\users\Darwin\AppData\Local\Fallout3
2013-12-07 22:24 . 2013-10-18 07:46 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{71D252F9-9356-4B1E-B013-CD14DF0F9986}\gapaengine.dll
2013-12-06 22:08 . 2013-12-06 22:08 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 09:37 . 2012-04-18 23:59 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 09:37 . 2011-05-25 21:19 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-23 00:59 . 2013-11-23 00:59 57344 ----a-r- c:\users\Darwin\AppData\Roaming\Microsoft\Installer\{2E6FA5CA-1597-4219-AF62-D9B061E7C448}\NewShortcut11_98798AFA4B0B41FAA9B8FF8835A64952.exe
2013-11-23 00:59 . 2013-11-23 00:59 57344 ----a-r- c:\users\Darwin\AppData\Roaming\Microsoft\Installer\{2E6FA5CA-1597-4219-AF62-D9B061E7C448}\NewShortcut1_3F3768693B314C7692F69858832BE52C.exe
2013-11-23 00:59 . 2013-11-23 00:59 53248 ----a-r- c:\users\Darwin\AppData\Roaming\Microsoft\Installer\{2E6FA5CA-1597-4219-AF62-D9B061E7C448}\ARPPRODUCTICON.exe
2013-11-19 10:21 . 2010-08-07 06:00 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-14 18:00 . 2011-06-22 23:10 127488 ----a-w- c:\windows\system32\ff_vfw.dll
2013-10-18 07:46 . 2011-03-26 18:09 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-08 14:50 . 2013-10-22 11:11 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-01-07 19:54 . 2012-01-09 07:54 44 ---h--w- c:\program files (x86)\29a79214.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Darwin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Darwin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Darwin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Akamai NetSession Interface"="c:\users\Darwin\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"F.lux"="c:\users\Darwin\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
"DinsCurse"="c:\users\Darwin\AppData\Local\VirtualStore\DinsCurse\hdmdclfoig.dll" [bU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-30 3806544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DinsCurse"="c:\users\Darwin\AppData\Local\VirtualStore\DinsCurse\hdmdclfoig.dll" [bU]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-2 255536]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-10-10 117248]
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 Gun;Gun;c:\windows\system32\Gun64.sys;c:\windows\SYSNATIVE\Gun64.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
R3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision\RTCore64.sys;c:\program files (x86)\EVGA Precision\RTCore64.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\Darwin\AppData\Local\Temp\00513F0.tmp;c:\users\Darwin\AppData\Local\Temp\00513F0.tmp [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [x]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files\Winstep\WsxService;c:\program files\Winstep\WsxService [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ   Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 09:37]
.
2014-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-05 19:35]
.
2014-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-05 19:35]
.
2014-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3911683554-3553286672-2363877611-1000Core.job
- c:\users\Darwin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-07 23:11]
.
2014-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3911683554-3553286672-2363877611-1000UA.job
- c:\users\Darwin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-07 23:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Darwin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Darwin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Darwin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Darwin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"RivaTunerStartupDaemon"="c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>erride;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\191fu886.default-1377033217496\
.
- - - - ORPHANS REMOVED - - - -
.
SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Winstep Xtreme Service]
"ImagePath"="c:\program files\Winstep\WsxService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Darwin\AppData\Local\Temp\00513F0.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3911683554-3553286672-2363877611-1000\Software\SecuROM\License information*]
"datasecu"=hex:da,84,9d,ca,ad,a6,c5,1e,fe,99,96,92,85,1c,69,e3,ea,8f,17,76,cd,
   f9,ef,95,a1,d4,cb,29,fe,01,56,fa,99,e5,62,92,c3,5d,83,09,e2,20,1c,99,4a,6b,\
"rkeysecu"=hex:47,00,cd,af,9b,cb,4f,ba,05,2d,8f,07,32,a7,59,46
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-04  08:54:55
ComboFix-quarantined-files.txt  2014-01-04 16:54
ComboFix2.txt  2014-01-04 16:01
.
Pre-Run: 22,360,072,192 bytes free
Post-Run: 21,644,197,888 bytes free
.
- - End Of File - - EC146F214913795AC208D21046D795EB
A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

here is the adwcleaner report
 

# AdwCleaner v3.016 - Report created 04/01/2014 at 09:01:32
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Darwin - COLDDUSTGIRL
# Running from : C:\Users\Darwin\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7601.17514
 
 
-\\ Mozilla Firefox v26.0 (en-US)
 
[ File : C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\191fu886.default-1377033217496\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Darwin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [10542 octets] - [03/01/2014 05:14:11]
AdwCleaner[R1].txt - [1027 octets] - [03/01/2014 06:39:44]
AdwCleaner[R2].txt - [1152 octets] - [04/01/2014 09:00:43]
AdwCleaner[s0].txt - [9625 octets] - [03/01/2014 05:15:40]
AdwCleaner[s1].txt - [1089 octets] - [03/01/2014 06:40:42]
AdwCleaner[s2].txt - [1074 octets] - [04/01/2014 09:01:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1134 octets] ##########
Link to post
Share on other sites

okay I my full scan finished for malwarebytes and it says that there were no infected items, here's the report, and it seems like the audio ads have stopped, as there is nothing in the mixer. Hopefully everything is fixed, is there anything else left to do?

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.04.04
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Darwin :: COLDDUSTGIRL [administrator]
 
1/4/2014 9:06:22 AM
mbam-log-2014-01-04 (09-06-22).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 877457
Time elapsed: 2 hour(s), 21 minute(s), 41 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

Okay so I think I know what is going on, when I started the scan for malwarebytes, the malware fake svchost as well as the audio ads "name unidentified" in the volume mixer both "hid" themselves.

So essentially I don't know how but it's evading the malwarebytes scan by hiding themselves everytime I start a scan.

Link to post
Share on other sites

okay so i restarted my computer and like usual the fake thing was back and running again. I ran combo fix and at the end, there was no un-indentified volume device however i'm not sure if it's actually gone or if it's merely hiding like when i ran the malware scan. Eitherway here's the combofix log.
 

ComboFix 14-01-04.03 - Darwin 01/05/2014  17:48:31.5.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4095.2792 [GMT -8:00]
Running from: c:\users\Darwin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-06 to 2014-01-06  )))))))))))))))))))))))))))))))
.
.
2014-01-06 02:03 . 2014-01-06 02:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-01-06 02:03 . 2014-01-06 02:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-05 10:22 . 2014-01-05 10:22 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{09BB0864-90F7-4F5F-985D-07E76657DEFD}\offreg.dll
2014-01-05 10:22 . 2014-01-05 10:22 46768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{09BB0864-90F7-4F5F-985D-07E76657DEFD}\MpKsl70cdd847.sys
2014-01-05 10:20 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{09BB0864-90F7-4F5F-985D-07E76657DEFD}\mpengine.dll
2014-01-04 17:18 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-03 14:36 . 2014-01-04 13:55 65600 ----a-w- c:\windows\system32\drivers\lsi_sas2.sys.bak
2014-01-03 13:33 . 2014-01-03 13:33 -------- d-----w- c:\windows\Sun
2014-01-03 13:19 . 2014-01-03 13:19 -------- d-----w- c:\windows\ERUNT
2014-01-03 13:11 . 2014-01-04 17:01 -------- d-----w- C:\AdwCleaner
2014-01-03 12:41 . 2014-01-04 01:30 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-01 13:07 . 2014-01-04 01:16 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-31 18:45 . 2013-12-31 18:45 -------- d-----w- c:\users\Darwin\AppData\Roaming\MPC-HC
2013-12-16 02:17 . 2013-12-16 02:54 -------- d-----w- C:\BOSS
2013-12-16 02:06 . 2011-12-07 18:37 148992 ----a-w- c:\windows\system32\lagarith.dll
2013-12-16 02:06 . 2011-12-07 18:32 216064 ----a-w- c:\windows\SysWow64\lagarith.dll
2013-12-16 02:06 . 2013-03-17 18:22 3554304 ----a-w- c:\windows\system32\x264vfw64.dll
2013-12-16 02:06 . 2013-03-17 17:21 3649536 ----a-w- c:\windows\SysWow64\x264vfw.dll
2013-12-16 02:06 . 2011-06-24 15:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2013-12-16 02:06 . 2011-06-24 15:28 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
2013-12-16 02:06 . 2012-07-21 11:55 180736 ----a-w- c:\windows\system32\ac3acm.acm
2013-12-16 02:06 . 2012-07-21 11:54 122880 ----a-w- c:\windows\SysWow64\ac3acm.acm
2013-12-16 02:06 . 2013-08-22 18:09 256088 ----a-w- c:\windows\system32\unrar64.dll
2013-12-16 02:06 . 2013-11-14 18:00 112640 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2013-12-16 02:02 . 2013-12-16 14:01 -------- d-----w- c:\users\Darwin\AppData\Local\Fallout3
2013-12-07 22:24 . 2013-10-18 07:46 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{71D252F9-9356-4B1E-B013-CD14DF0F9986}\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 09:37 . 2012-04-18 23:59 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 09:37 . 2011-05-25 21:19 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-23 00:59 . 2013-11-23 00:59 57344 ----a-r- c:\users\Darwin\AppData\Roaming\Microsoft\Installer\{2E6FA5CA-1597-4219-AF62-D9B061E7C448}\NewShortcut11_98798AFA4B0B41FAA9B8FF8835A64952.exe
2013-11-23 00:59 . 2013-11-23 00:59 57344 ----a-r- c:\users\Darwin\AppData\Roaming\Microsoft\Installer\{2E6FA5CA-1597-4219-AF62-D9B061E7C448}\NewShortcut1_3F3768693B314C7692F69858832BE52C.exe
2013-11-23 00:59 . 2013-11-23 00:59 53248 ----a-r- c:\users\Darwin\AppData\Roaming\Microsoft\Installer\{2E6FA5CA-1597-4219-AF62-D9B061E7C448}\ARPPRODUCTICON.exe
2013-11-19 10:21 . 2010-08-07 06:00 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-14 18:00 . 2011-06-22 23:10 127488 ----a-w- c:\windows\system32\ff_vfw.dll
2013-10-18 07:46 . 2011-03-26 18:09 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-08 14:50 . 2013-10-22 11:11 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-01-07 19:54 . 2012-01-09 07:54 44 ---h--w- c:\program files (x86)\29a79214.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Darwin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Darwin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Darwin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Akamai NetSession Interface"="c:\users\Darwin\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"F.lux"="c:\users\Darwin\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
"DinsCurse"="c:\users\Darwin\AppData\Local\VirtualStore\DinsCurse\hdmdclfoig.dll" [bU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-30 3806544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DinsCurse"="c:\users\Darwin\AppData\Local\VirtualStore\DinsCurse\hdmdclfoig.dll" [bU]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-2 255536]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-10-10 117248]
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 Gun;Gun;c:\windows\system32\Gun64.sys;c:\windows\SYSNATIVE\Gun64.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
R3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision\RTCore64.sys;c:\program files (x86)\EVGA Precision\RTCore64.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\Darwin\AppData\Local\Temp\00513F0.tmp;c:\users\Darwin\AppData\Local\Temp\00513F0.tmp [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 MpKsl70cdd847;MpKsl70cdd847;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{09BB0864-90F7-4F5F-985D-07E76657DEFD}\MpKsl70cdd847.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{09BB0864-90F7-4F5F-985D-07E76657DEFD}\MpKsl70cdd847.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [x]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files\Winstep\WsxService;c:\program files\Winstep\WsxService [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ   Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 09:37]
.
2014-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-05 19:35]
.
2014-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-05 19:35]
.
2014-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3911683554-3553286672-2363877611-1000Core.job
- c:\users\Darwin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-07 23:11]
.
2014-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3911683554-3553286672-2363877611-1000UA.job
- c:\users\Darwin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-07 23:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Darwin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Darwin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Darwin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Darwin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"RivaTunerStartupDaemon"="c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>erride;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Winstep Xtreme Service]
"ImagePath"="c:\program files\Winstep\WsxService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Darwin\AppData\Local\Temp\00513F0.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3911683554-3553286672-2363877611-1000\Software\SecuROM\License information*]
"datasecu"=hex:da,84,9d,ca,ad,a6,c5,1e,fe,99,96,92,85,1c,69,e3,ea,8f,17,76,cd,
   f9,ef,95,a1,d4,cb,29,fe,01,56,fa,99,e5,62,92,c3,5d,83,09,e2,20,1c,99,4a,6b,\
"rkeysecu"=hex:47,00,cd,af,9b,cb,4f,ba,05,2d,8f,07,32,a7,59,46
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-05  18:12:37
ComboFix-quarantined-files.txt  2014-01-06 02:12
ComboFix2.txt  2014-01-04 16:55
ComboFix3.txt  2014-01-04 16:01
.
Pre-Run: 20,490,358,784 bytes free
Post-Run: 19,927,232,512 bytes free
.
- - End Of File - - 510BF2A3E892AB96D426FA2C2EF500F6
A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

i downloaded a new copy of combofix and ran it.
 

ComboFix 14-01-08.03 - Darwin 01/08/2014  19:10:02.6.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4095.2464 [GMT -8:00]
Running from: c:\users\Darwin\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-09 to 2014-01-09  )))))))))))))))))))))))))))))))
.
.
2014-01-09 03:23 . 2014-01-09 03:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-07 14:36 . 2013-11-14 11:55 955168 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-01-07 14:36 . 2013-11-14 11:55 1064224 ----a-w- c:\windows\system32\nvspcap64.dll
2014-01-07 10:36 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E17ADA24-B406-4AC8-B155-4C7DB1C9E9CB}\mpengine.dll
2014-01-06 04:10 . 2014-01-06 04:11 -------- d-----w- c:\program files (x86)\GUM9732.tmp
2014-01-06 04:01 . 2014-01-06 04:01 -------- d-----w- c:\users\Darwin\AppData\Roaming\VSRevoGroup
2014-01-06 04:00 . 2014-01-06 04:00 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-01-05 10:20 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-03 14:36 . 2014-01-04 13:55 65600 ----a-w- c:\windows\system32\drivers\lsi_sas2.sys.bak
2014-01-03 13:33 . 2014-01-03 13:33 -------- d-----w- c:\windows\Sun
2014-01-03 13:19 . 2014-01-03 13:19 -------- d-----w- c:\windows\ERUNT
2014-01-03 13:11 . 2014-01-07 15:50 -------- d-----w- C:\AdwCleaner
2014-01-03 12:41 . 2014-01-04 01:30 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-01 13:07 . 2014-01-04 01:16 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-31 18:45 . 2013-12-31 18:45 -------- d-----w- c:\users\Darwin\AppData\Roaming\MPC-HC
2013-12-16 02:17 . 2013-12-16 02:54 -------- d-----w- C:\BOSS
2013-12-16 02:06 . 2011-12-07 18:37 148992 ----a-w- c:\windows\system32\lagarith.dll
2013-12-16 02:06 . 2011-12-07 18:32 216064 ----a-w- c:\windows\SysWow64\lagarith.dll
2013-12-16 02:06 . 2013-03-17 18:22 3554304 ----a-w- c:\windows\system32\x264vfw64.dll
2013-12-16 02:06 . 2013-03-17 17:21 3649536 ----a-w- c:\windows\SysWow64\x264vfw.dll
2013-12-16 02:06 . 2011-06-24 15:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2013-12-16 02:06 . 2011-06-24 15:28 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
2013-12-16 02:06 . 2012-07-21 11:55 180736 ----a-w- c:\windows\system32\ac3acm.acm
2013-12-16 02:06 . 2012-07-21 11:54 122880 ----a-w- c:\windows\SysWow64\ac3acm.acm
2013-12-16 02:06 . 2013-08-22 18:09 256088 ----a-w- c:\windows\system32\unrar64.dll
2013-12-16 02:06 . 2013-11-14 18:00 112640 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2013-12-16 02:02 . 2013-12-16 14:01 -------- d-----w- c:\users\Darwin\AppData\Local\Fallout3
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 09:37 . 2012-04-18 23:59 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 09:37 . 2011-05-25 21:19 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-23 00:59 . 2013-11-23 00:59 57344 ----a-r- c:\users\Darwin\AppData\Roaming\Microsoft\Installer\{2E6FA5CA-1597-4219-AF62-D9B061E7C448}\NewShortcut11_98798AFA4B0B41FAA9B8FF8835A64952.exe
2013-11-23 00:59 . 2013-11-23 00:59 57344 ----a-r- c:\users\Darwin\AppData\Roaming\Microsoft\Installer\{2E6FA5CA-1597-4219-AF62-D9B061E7C448}\NewShortcut1_3F3768693B314C7692F69858832BE52C.exe
2013-11-23 00:59 . 2013-11-23 00:59 53248 ----a-r- c:\users\Darwin\AppData\Roaming\Microsoft\Installer\{2E6FA5CA-1597-4219-AF62-D9B061E7C448}\ARPPRODUCTICON.exe
2013-11-19 10:21 . 2010-08-07 06:00 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-14 18:00 . 2011-06-22 23:10 127488 ----a-w- c:\windows\system32\ff_vfw.dll
2013-11-14 11:55 . 2011-09-11 06:43 18293608 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-11-14 11:55 . 2011-09-11 06:43 15218504 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-11-14 11:55 . 2012-10-11 05:22 2697248 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-11-14 11:55 . 2011-09-11 06:43 3069608 ----a-w- c:\windows\system32\nvapi64.dll
2013-11-11 16:59 . 2013-11-11 16:59 590112 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-11-11 15:02 . 2011-09-11 06:50 3490080 ----a-w- c:\windows\system32\nvsvc64.dll
2013-11-11 15:02 . 2011-09-11 06:50 6674208 ----a-w- c:\windows\system32\nvcpl.dll
2013-11-11 15:01 . 2011-09-11 06:50 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-11-11 15:01 . 2011-09-11 06:50 922912 ----a-w- c:\windows\system32\nvvsvc.exe
2013-11-11 15:01 . 2011-09-11 06:50 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-10-18 07:46 . 2013-12-07 22:24 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{71D252F9-9356-4B1E-B013-CD14DF0F9986}\gapaengine.dll
2013-10-18 07:46 . 2011-03-26 18:09 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-01-07 19:54 . 2012-01-09 07:54 44 ---h--w- c:\program files (x86)\29a79214.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Darwin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Darwin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Darwin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Akamai NetSession Interface"="c:\users\Darwin\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"F.lux"="c:\users\Darwin\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
"Spotify Web Helper"="c:\users\Darwin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-12-07 1168896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-30 3806544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DinsCurse"="c:\users\Darwin\AppData\Local\VirtualStore\DinsCurse\hdmdclfoig.dll" [bU]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-10-10 117248]
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
R1 MpKsl70cdd847;MpKsl70cdd847;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{09BB0864-90F7-4F5F-985D-07E76657DEFD}\MpKsl70cdd847.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{09BB0864-90F7-4F5F-985D-07E76657DEFD}\MpKsl70cdd847.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 Gun;Gun;c:\windows\system32\Gun64.sys;c:\windows\SYSNATIVE\Gun64.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
R3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision\RTCore64.sys;c:\program files (x86)\EVGA Precision\RTCore64.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\Darwin\AppData\Local\Temp\00513F0.tmp;c:\users\Darwin\AppData\Local\Temp\00513F0.tmp [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [x]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files\Winstep\WsxService;c:\program files\Winstep\WsxService [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ   Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-07 23:15 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 09:37]
.
2014-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-05 19:35]
.
2014-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-05 19:35]
.
2014-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3911683554-3553286672-2363877611-1000Core.job
- c:\users\Darwin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-07 23:11]
.
2014-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3911683554-3553286672-2363877611-1000UA.job
- c:\users\Darwin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-07 23:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Darwin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Darwin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Darwin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Darwin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"RivaTunerStartupDaemon"="c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-11-14 1064224]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>erride;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Winstep Xtreme Service]
"ImagePath"="c:\program files\Winstep\WsxService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Darwin\AppData\Local\Temp\00513F0.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3911683554-3553286672-2363877611-1000\Software\SecuROM\License information*]
"datasecu"=hex:da,84,9d,ca,ad,a6,c5,1e,fe,99,96,92,85,1c,69,e3,ea,8f,17,76,cd,
   f9,ef,95,a1,d4,cb,29,fe,01,56,fa,99,e5,62,92,c3,5d,83,09,e2,20,1c,99,4a,6b,\
"rkeysecu"=hex:47,00,cd,af,9b,cb,4f,ba,05,2d,8f,07,32,a7,59,46
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-08  19:33:33
ComboFix-quarantined-files.txt  2014-01-09 03:33
ComboFix2.txt  2014-01-06 02:12
ComboFix3.txt  2014-01-04 16:55
ComboFix4.txt  2014-01-04 16:01
.
Pre-Run: 19,959,595,008 bytes free
Post-Run: 19,887,185,920 bytes free
.
- - End Of File - - 05EA1705530A75FF5766C73DEA50C0C9
A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

just ran the program, 

looks like it didn't work, since the volume thing is still there for the unidentified name in my volume mixer...im posting the results regardless though.
 

Rkill 2.6.4 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 01/09/2014 05:19:33 AM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * C:\Windows\System32\UxTheme.dll : 332,288 : 12/13/2010 05:40 AM : 8bf20c54ffb37cfb960f708ffa813fa7 [NoSig]
 +-> C:\Windows\SysWOW64\uxtheme.dll : 245,760 : 07/13/2009 05:11 PM : 43964fa89ccf97ba6be34d69455ac65f [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_01d98c7b2040a1b9\uxtheme.dll : 332,288 : 07/13/2009 05:41 PM : d29e998e8277666982b4f0303bf4e7af [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_0c2e36cd54a163b4\uxtheme.dll : 245,760 : 07/13/2009 05:11 PM : 43964fa89ccf97ba6be34d69455ac65f [Pos Repl]
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 01/09/2014 05:21:41 AM
Execution time: 0 hours(s), 2 minute(s), and 8 seconds(s)
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.