Jump to content

Unable to access internet after removing Youtube accelerator


Recommended Posts

I did a scan with MBAM paid version, and it found Youtube Accelerator so on removal I cannot access the internet, When I try to update MBAM I get "0,0,DNS Error"

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.51.2
Run by RO at 20:27:38 on 2014-01-23
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.353.1033.18.16273.13825 [GMT 0:00]
.
AV: Trend Micro Titanium Internet Security *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Firewall Booster *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
G:\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
G:\New Progs\Ashampoo WinOptimizer 2013\DfsdkS64.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\Marvell\storage\svc\mvraidsvc.exe
G:\NEW Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskeng.exe
G:\NEW Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
G:\NEW Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\PnkBstrA.exe
G:\Program Files (x86)\Mirasys\SMSServer\SMSServer.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Users\RO\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE
C:\Users\RO\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\RO\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Corsair\M90 Mouse\M90Hid.exe
C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe
C:\Program Files (x86)\PGWARE\PCBoost\PCBoostTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
G:\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
C:\Program Files (x86)\Corsair\M90 Mouse\CorsTra.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\Users\RO\AppData\Local\VNT\vntldr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Raptr\raptr_ep64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [EPSON Stylus DX4400 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATICAE.EXE /FU "C:\Windows\TEMP\E_S7FBC.tmp" /EF "HKCU"
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
uRun: [Akamai NetSession Interface] "C:\Users\RO\AppData\Local\Akamai\netsession_win.exe"
uRun: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
mRun: [Corsair Garros] C:\Program Files (x86)\Corsair\M90 Mouse\M90Hid.exe
mRun: [MSUTray] C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [PCBoost] "C:\Program Files (x86)\PGWARE\PCBoost\PCBoostTray.exe" /start
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [VNT] C:\Program Files (x86)\VNT\vntldr.exe
mRun: [AmazonGSDownloaderTray] G:\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
StartupFolder: C:\Users\RO\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\RO\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\RO\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMEST~1.LNK - 
StartupFolder: C:\Users\RO\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoCDBurning = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoFileAssociate = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
LSP: C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2768459E-B57B-435D-B8BD-D79EE893EEF3} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{A9986398-529B-4A50-B4E9-07D303632AC6} : DHCPNameServer = 7.254.254.254
TCP: Interfaces\{BF364D91-5D58-4C11-9A2D-00CDD7D1E1F3} : DHCPNameServer = 192.168.1.1
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Object Browser: {11111111-1111-1111-1111-110311281150} - LocalServer32 - <no file>
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg.dll
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL ""
x64-Run: [CAHS1Sound] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CAHS1.dll,CMICtrlWnd
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [shadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\RO\AppData\Roaming\Mozilla\Firefox\Profiles\hm4opiy8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass64.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Users\RO\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - plugin: G:\Programs Folder March\npdd.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-3-30 647736]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-3-30 28216]
R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\System32\drivers\mv91cons.sys [2012-10-9 28008]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2013-6-25 317808]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-6-29 283200]
R1 RapportCerberus_59849;RapportCerberus_59849;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [2013-12-11 606672]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-10-25 284176]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-10-25 399312]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\System32\drivers\tmlwf.sys [2013-6-10 194640]
R2 Amazon Download Agent;Amazon Download Agent;G:\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2013-12-30 401920]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2013-2-24 267480]
R2 DfSdkS;Defragmentation-Service;G:\New Progs\Ashampoo WinOptimizer 2013\DfSdkS64.exe [2013-4-3 544768]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2013-6-7 376144]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2013-4-30 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-8-23 72216]
R2 Marvell Storage Management;Marvell Storage Management Service;C:\Program Files (x86)\Marvell\storage\svc\mvraidsvc.exe [2012-9-21 314768]
R2 MBAMScheduler;MBAMScheduler;G:\NEW Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-28 418376]
R2 MBAMService;MBAMService;G:\NEW Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-28 701512]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-7-30 15125280]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-10-25 1444120]
R2 SMSServer;SMSServer;G:\Program Files (x86)\Mirasys\SMSServer\SMSServer.exe [2013-9-2 7168]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-11-11 414496]
R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2013-2-24 69392]
R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\System32\drivers\tmwfp.sys [2013-6-10 339536]
R3 CorsairCAHS1;CA-HS1 Interface;C:\Windows\System32\drivers\CAHS164.sys [2013-3-9 1308160]
R3 CORSGMS;Corsair M90 Gaming Mouse;C:\Windows\System32\drivers\CORSGMS.sys [2013-2-24 25600]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-2-8 39936]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-2-8 64512]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-3-30 169752]
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-1-18 46568]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-2-14 412712]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-28 25928]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-7-11 32344]
R3 Mv_Process;Marvell process notification.;C:\Windows\SysWOW64\Mv_Process.sys [2011-11-22 14376]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-10-28 39200]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2013-10-16 200552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-3-30 14904]
S2 MSUWebService;MSU Web Service;C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe [2011-11-22 24645]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2013-7-18 762192]
S2 SMServer;SMServer;"G:\Program Files (x86)\Mirasys\SystemManagement\SMServer.exe" --> G:\Program Files (x86)\Mirasys\SystemManagement\SMServer.exe [?]
S2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-10-7 5087584]
S2 YouTubeDownloaderConverter;YouTubeDownloaderConverter;"C:\Users\RO\AppData\Roaming\GVU Technologies\Free YouTube Downloader Converter\CertifiedBrowserService.exe" --> C:\Users\RO\AppData\Roaming\GVU Technologies\Free YouTube Downloader Converter\CertifiedBrowserService.exe [?]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-11-23 49152]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2013-4-16 131912]
S3 DIRECTIO;DIRECTIO;C:\Program Files\PerformanceTest\DirectIo64.sys [2013-5-5 25704]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2014-1-3 17480]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2014-1-3 9800]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-3 19456]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2013-2-24 31232]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-3 57856]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2013-2-24 745368]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-24 1255736]
.
=============== Created Last 30 ================
.
2014-01-23 20:13:44 -------- d-----w- C:\AdwCleaner
2014-01-23 20:11:32 117464 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-01-23 20:11:16 89304 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-01-19 14:25:55 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-17 19:55:39 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-17 19:55:39 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-17 19:55:39 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-17 19:55:39 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-17 19:55:39 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-17 19:55:39 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-01-17 19:55:39 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-17 19:55:38 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-17 19:55:37 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-01-17 18:49:29 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-15 15:02:51 -------- d-----w- C:\Users\RO\AppData\Local\LogMeIn Client
2014-01-03 17:06:19 9800 ----a-w- C:\Windows\System32\EuGdiDrv.sys
2014-01-03 17:06:19 9160 ----a-w- C:\Windows\SysWow64\EuGdiDrv.sys
2014-01-03 17:06:19 87112 ----a-w- C:\Windows\SysWow64\setupempdrv03.exe
2014-01-03 17:06:19 3381832 ----a-w- C:\Windows\System32\BootMan.exe
2014-01-03 17:06:19 2499656 ----a-w- C:\Windows\SysWow64\BootMan.exe
2014-01-03 17:06:19 19840 ----a-w- C:\Windows\SysWow64\EuEpmGdi.dll
2014-01-03 17:06:19 17480 ----a-w- C:\Windows\System32\epmntdrv.sys
2014-01-03 17:06:19 16256 ----a-w- C:\Windows\System32\EuEpmGdi.dll
2014-01-03 17:06:19 14920 ----a-w- C:\Windows\SysWow64\epmntdrv.sys
2014-01-03 17:06:19 100936 ----a-w- C:\Windows\System32\setupempdrvx64.exe
2013-12-30 20:06:24 -------- d-----w- C:\ProgramData\Amazon
2013-12-28 16:54:34 -------- d-----w- C:\Users\RO\AppData\Local\Unity
2013-12-27 21:42:43 -------- d-----w- C:\ProgramData\Solidshield
2013-12-26 14:02:55 -------- d-----w- C:\Users\RO\AppData\Local\Harebrained Schemes
2013-12-25 20:23:34 -------- d-----w- C:\Users\RO\AppData\Roaming\Ghosts FoV Changer
.
==================== Find3M  ====================
.
2014-01-02 10:47:02 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2014-01-02 10:47:01 92488 ----a-w- C:\Windows\System32\LMIinit.dll
2014-01-02 10:47:01 35656 ----a-w- C:\Windows\System32\LMIport.dll
2013-12-19 01:06:01 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-12-19 00:26:45 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-12-14 23:26:34 76888 ----a-w- C:\Windows\System32\PnkBstrA.exe
2013-12-14 05:59:45 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-12-14 05:47:38 3123272 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2013-12-10 19:48:38 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 19:48:38 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-10 19:48:34 9272200 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-12 03:01:55 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-11-11 15:02:02 6674208 ----a-w- C:\Windows\System32\nvcpl.dll
2013-11-11 15:02:02 3490080 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-11-11 15:01:59 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-11-11 15:01:59 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-11-11 15:01:59 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-11-11 15:01:58 3467927 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-11-11 08:59:28 590112 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-26 03:22:06 172032 ----a-w- C:\Windows\SysWow64\AniGIF.ocx
.
============= FINISH: 20:28:14.39 ===============
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume2
Install Date: 24/02/2013 16:52:17
System Uptime: 23/01/2014 20:25:22 (0 hours ago)
.
Motherboard: ASRock |  | Z68 Extreme4 Gen3
Processor: Intel® Core i7-2600K CPU @ 3.40GHz | CPUSocket | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 34.328 GiB free.
D: is Removable
E: is FIXED (NTFS) - 2794 GiB total, 2794.215 GiB free.
F: is FIXED (NTFS) - 932 GiB total, 626.693 GiB free.
G: is FIXED (NTFS) - 1863 GiB total, 467.969 GiB free.
H: is CDROM ()
I: is CDROM ()
K: is FIXED (NTFS) - 466 GiB total, 21.364 GiB free.
Z: is FIXED (NTFS) - 0 GiB total, 0.07 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: TAP-Win32 Adapter V9 (Tunngle)
Device ID: ROOT\NET\0000
Manufacturer: TAP-Win32 Provider V9 (Tunngle)
Name: TAP-Win32 Adapter V9 (Tunngle)
PNP Device ID: ROOT\NET\0000
Service: tap0901t
.
==== System Restore Points ===================
.
RP137: 15/01/2014 21:45:38 - Windows Update
RP138: 17/01/2014 08:23:31 - Windows Update
RP139: 18/01/2014 03:00:12 - Windows Update
RP140: 19/01/2014 14:24:42 - Installed Java 7 Update 51
.
==== Installed Programs ======================
.
1-abc.net Drive Space Organizer (Remove only)
2.1.0 (Beta)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Age of Empires II: HD Edition
Age of Empires III
Age of Empires III - The Asian Dynasties
Age of Empires III - The WarChiefs
Age of Mythology
Age of Mythology - The Titans Expansion
Air Conflicts - Secret Wars
Akamai NetSession Interface
Aliens: Colonial Marines
Alpha Protocol
Amazon Games & Software Downloader
ANNO 2070
Arma 2
ARMA 2 Army of The Czech Republic - Data cache removal
ARMA 2 Operation Arrowhead Uninstall
ArmA 2 Uninstall
Arma 2: DayZ Mod
Arma 2: Operation Arrowhead
Arma 2: Operation Arrowhead Beta
Arma 2: Private Military Company
ARMA 2: Private Military Company - Data cache removal
Ashampoo WinOptimizer 2013 v.1.0.0
Ask Toolbar
Assassin's Creed® III v1.06
Assassins Creed IV Black Flag
Astroburn Lite
µTorrent
Auslogics Disk Defrag
Awesomenauts
Back to the Future: Ep 1 - It's About Time
Back to the Future: Ep 2 - Get Tannen!
Back to the Future: Ep 3 - Citizen Brown
Back to the Future: Ep 4 - Double Visions
Back to the Future: Ep 5 - OUTATIME
Bastion
Batman: Arkham City GOTY
Battle Isle Platinium
Battlefield 4™
Battlelog Web Plugins
BattlEye for OA Uninstall
BattlEye Uninstall
BioShock 2
BioShock Infinite
Bulletstorm
Call of Duty: Black Ops II - Multiplayer
Call of Duty: Ghosts
Call of Duty: Ghosts - Multiplayer
Call of Juarez Gunslinger
Capsized
CCleaner
Cities XL Platinum
Clutch
Command and Conquer 3: Kane's Wrath
Command and Conquer 3: Tiberium Wars
Command and Conquer 4: Tiberian Twilight
Common Weapons of WWII
Company of Heroes (New Steam Version)
Company of Heroes 2 – OPEN BETA
Corsair M90 Gaming Mouse Driver V1.0
Corsair USB Headset
Counter-Strike: Global Offensive
Crash Time II
Crysis 2 Maximum Edition
Crysis®3
CrystalDiskInfo 6.0.1
DAEMON Tools Lite
Darksiders II
DayZ Commander
DCS World
Dead Space™ 3
Deadpool
Dear Esther
Desura
Deus Ex - Invisible War
Dies Irae 1.0
Doc Clock: The Toasted Sandwich of Time
Downloader
Dropbox
Dungeon Defenders
DUNGEONS - The Dark Lord (Steam Special Edition)
DVMS
EA Installer
EA Shared Game Component: Activation
EaseUS Partition Master 9.3.0
Endless Space
EPSON Printer Software
ESN Sonar
Europa Universalis IV
EVE Online (remove only)
EVGA OC Scanner X 3.2.0 (64-bit)
EVGA Precision X 4.2.1
Expeditions - Conquistador
Fallen Enchantress: Legendary Heroes
Far Cry 3
Far Cry 3 Blood Dragon
FlatOut: Ultimate Carnage
Forge
Free YouTube Downloader Converter
Galaxy on Fire 2™ Full HD
Game of Thrones 
GameStop App
GeForce Experience NvStream Client Components
GOG.com Downloader version 3.6.0
Google Chrome
Google Update Helper
Gothic 2 Gold
Gratuitous Space Battles
Hearts of Iron: Japanese Units Pack version 1.0
HeavyLoad V3.2
Hector: Ep 1
Hector: Ep 2
Hector: Ep 3
Hegemony Gold - Wars of Ancient Greece
Hitman: Absolution
Hotline Miami
HP USB Disk Storage Format Tool
Imperialism II - Age of Exploration
Intel® Control Center
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® SDK for OpenCL - CPU Only Runtime Package
Interstellar Marines
ISO to USB
Java 7 Update 21 (64-bit)
Java 7 Update 51
Java Auto Updater
King's Bounty: Armored Princess
King's Bounty: The Legend
Kingsoft Office 2013 (9.1.0.4058)
LastPass (uninstall only)
Legendary
Leviathan: Warships
LogMeIn
LOST PLANET 2
Malwarebytes Anti-Malware version 1.75.0.1300
March of the Eagles
March of War
Mars: War Logs
marvell 91xx driver
Marvell Storage Utility V4
Mass Effect
Mass Effect™ 3
Max Payne 3
Max Payne 3 DLC
Medal of Honor Airborne
Men of War
Men of War: Assault Squad
Men of War: Red Tide
Metal Drift
Metro 2033
Metro: Last Light
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Help Viewer 1.0
Microsoft Silverlight
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server System CLR Types
Microsoft Visual Basic 2010 Express - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
Microsoft Xbox 360 Accessories 1.2
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Miner Wars 2081 Demo
Mozilla Firefox 26.0 (x86 en-GB)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
Natural Selection 2
Nero Audio Pack 1
Nero Blu-ray Player
Nero Blu-ray Player Help (CHM)
Nero Core Components
Nero Kwik Themes Basic
Nero MediaHome
Nero MediaHome Free
Nero MediaHome Help (CHM)
Nero SharedVideoCodecs
Nero Update
Nexus Mod Manager
NirSoft Wireless Network Watcher
No More Room in Hell
Nuclear Dawn
NVIDIA 3D Vision Controller Driver 331.82
NVIDIA 3D Vision Driver 331.82
NVIDIA Control Panel 331.82
NVIDIA GeForce Experience 1.7
NVIDIA Graphics Driver 331.82
NVIDIA HD Audio Driver 1.3.26.4
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA PhysX
NVIDIA PhysX (Legacy)
NVIDIA PhysX System Software 9.13.0725
NVIDIA ShadowPlay 9.3.21
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 9.3.16
NVIDIA Update Components
NVIDIA Virtual Audio 1.2.9
Of Orcs And Men
Omerta Pack
OpenAL
Orcs Must Die! 2
Origin
Pacific Storm Allies
PAYDAY 2
PCBoost
PerformanceTest v8.0
Plex Media Server
Post Apocalyptic Mayhem
Prerequisite installer
Project Freedom
PunkBuster
PunkBuster Services
Puzzle Agent
Puzzle Agent 2
QuickSFV (Remove only)
Rapport
Raptr
Realtek High Definition Audio Driver
Risen 2 - Dark Waters
Rising Storm/Red Orchestra 2 Multiplayer
RivaTuner Statistics Server 5.2.0
Rockstar Games Social Club
Rust
Saints Row: The Third
Sam & Max 301: The Penal Zone
Sam & Max 302: The Tomb of Sammun-Mak
Sam & Max 303: They Stole Max's Brain!
Sam & Max 304: Beyond the Alley of the Dolls
Sam & Max 305: The City that Dares not Sleep
Samsung Magician
Sandboxie 4.06 (64-bit)
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2833957)
Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)
Security Update for Microsoft .NET Framework 4.5 (KB2861208)
Security Update for Microsoft Visual Basic 2010 Express - ENU (KB2251489)
SelectionLinks
Serious Sam 3: BFE
Shadowgrounds Survivor
SHIELD Streaming
Sid Meier's Civil War Collection
Sid Meier's Civilization IV Colonization
Sid Meier's Civilization V
Sid Meier's Gettysburg! 2000/XP Compatibility Update
Sins of a Solar Empire: Rebellion
Sleeping Dogs™
Sniper Elite V2
Sniper Elite: Nazi Zombie Army
Space Pirates and Zombies
Space Rangers 2 Complete
SpaceChem
Star Conflict
StarDrive
State of Decay
Steam
SumatraPDF
System Requirements Lab CYRI
System Requirements Lab for Intel
System Shock 2
TeamViewer 8
Terraria
The Incredible Adventures of Van Helsing
The Lord of the Rings: War in the North
The Tone Rebellion
Thomas Was Alone
Thunder Wolves
Tom Clancy's Ghost Recon Future Soldier
Tom Clancy's Splinter Cell® Blacklist™
Tomb Raider
Torchlight II
Towns Demo
Trend Micro Titanium Internet Security
Trend Micro™ Titanium™ Internet Security
Trusteer Endpoint Protection
Tunngle beta
Unity Web Player
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft .NET Framework 4.5 (KB2805221)
Update for Microsoft .NET Framework 4.5 (KB2805226)
Uplay
V2 Interwar Artillery
V2 Interwar Planes
Vampire: The Masquerade - Bloodlines
Victoria 2
Victoria II - Interwar Spritepack version 1.0
Victoria II A House Divide American Civil War version 1.0
Victoria II A House Divided version 2.31
Victoria II: A House Divided version 2.0
Victoria II: Heart of Darkness version 3.01
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 2.1.2
Wallace & Gromit Ep 1: Fright of the Bumblebees
Wallace & Gromit Ep 2: The Last Resort
Wallace & Gromit Ep 3: Muzzled!
Wallace & Gromit Ep 4: The Bogey Man
War Thunder
Warframe
Wargame: AirLand Battle
Windows 7 USB/DVD Download Tool
Windows Live ID Sign-in Assistant
WinRAR 4.20 (64-bit)
WinZip 17.5
Xfire
YouTube Accelerator
YTD Video Downloader 4.7.2
Zeno Clash
.
==== Event Viewer Messages From Past Week ========
.
23/01/2014 20:25:48, Error: Service Control Manager [7000]  - The YouTubeDownloaderConverter service failed to start due to the following error:  The system cannot find the file specified.
23/01/2014 20:25:40, Error: Service Control Manager [7024]  - The MSU Web Service service terminated with service-specific error Incorrect function..
23/01/2014 20:13:44, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
23/01/2014 20:10:51, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
23/01/2014 20:10:40, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
23/01/2014 20:10:40, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
23/01/2014 20:10:29, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
23/01/2014 20:10:29, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
23/01/2014 20:10:29, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
23/01/2014 20:10:29, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
23/01/2014 20:10:28, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
23/01/2014 20:10:23, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
23/01/2014 20:10:20, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched RapportKE64 rdbss spldr tdx tmlwf tmtdi Wanarpv6 WfpLwf ws2ifsl
23/01/2014 20:10:20, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
23/01/2014 20:10:20, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
23/01/2014 20:10:20, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
23/01/2014 20:10:20, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
23/01/2014 20:10:20, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
23/01/2014 20:10:20, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
23/01/2014 20:10:20, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
23/01/2014 20:10:20, Error: Service Control Manager [7001]  - The MSU Web Service service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
23/01/2014 20:10:20, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
23/01/2014 20:10:20, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
23/01/2014 20:10:20, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
23/01/2014 20:10:20, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
23/01/2014 20:10:11, Error: sptd [4]  - Driver detected an internal error in its data structures for .
23/01/2014 19:19:42, Error: Service Control Manager [7034]  - The YouTubeAcceleratorService service terminated unexpectedly.  It has done this 1 time(s).
23/01/2014 10:10:52, Error: Service Control Manager [7034]  - The NVIDIA Update Service Daemon service terminated unexpectedly.  It has done this 1 time(s).
17/01/2014 19:51:43, Error: Service Control Manager [7024]  - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
17/01/2014 19:51:35, Error: Service Control Manager [7024]  - The Windows Firewall service terminated with service-specific error Access is denied..
17/01/2014 19:49:05, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
17/01/2014 19:37:08, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
17/01/2014 19:37:06, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache RapportKE64 spldr tmtdi Wanarpv6
17/01/2014 19:34:35, Error: Service Control Manager [7034]  - The YouTubeDownloaderConverter service terminated unexpectedly.  It has done this 1 time(s).
17/01/2014 14:13:21, Error: Service Control Manager [7034]  - The TeamViewer 8 service terminated unexpectedly.  It has done this 3 time(s).
17/01/2014 14:13:10, Error: Service Control Manager [7031]  - The TeamViewer 8 service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 2000 milliseconds: Restart the service.
17/01/2014 14:13:03, Error: Service Control Manager [7034]  - The Amazon Download Agent service terminated unexpectedly.  It has done this 1 time(s).
17/01/2014 14:13:01, Error: Service Control Manager [7031]  - The TeamViewer 8 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 2000 milliseconds: Restart the service.
17/01/2014 14:12:45, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the MSU Web Service service to connect.
17/01/2014 14:12:45, Error: Service Control Manager [7000]  - The MSU Web Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

Hi, 

 

Thanks for replying.

I should say I work in  I.T. (hardware mainly, so I shouldn't need much hand-holding but O/S and Malware is certainly not my strong point.

 

I tried this initially and some basic network fault finding, however I ended up restoring to a previous backup of windows to get my internet restored. I then tried again to remove YouTube accelerator using the MBAM flash scan option and the same thing happened so it is definitely something to do with removing that program. I have got internet restored by using the fixdamage program with MBAR but I doubt it has rid the system completely of that problem and possibly other malware.

Link to post
Share on other sites

  • Staff

Hello Guzzy121

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo

Link to post
Share on other sites

Sorry for the delay. Here are the log files.

 

# AdwCleaner v3.018 - Report created 30/01/2014 at 09:15:35
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : RO - RO-PC
# Running from : G:\Downloads SSD OS\Chrome DLDS\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\boost_interprocess
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v26.0 (en-GB)
 
[ File : C:\Users\RO\AppData\ROaming\Mozilla\Firefox\PROfiles\hm4opiy8.default\prefs.js ]
 
 
-\\ Google Chrome v32.0.1700.102
 
[ File : C:\Users\RO\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\2nd User\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [4958 octets] - [23/01/2014 20:13:46]
AdwCleaner[R1].txt - [1092 octets] - [23/01/2014 20:23:34]
AdwCleaner[R2].txt - [1212 octets] - [23/01/2014 22:11:02]
AdwCleaner[R3].txt - [1273 octets] - [23/01/2014 22:19:51]
AdwCleaner[R4].txt - [1393 octets] - [23/01/2014 22:26:02]
AdwCleaner[R5].txt - [1515 octets] - [30/01/2014 09:12:27]
AdwCleaner[s0].txt - [4988 octets] - [23/01/2014 20:17:38]
AdwCleaner[s1].txt - [1154 octets] - [23/01/2014 20:24:35]
AdwCleaner[s2].txt - [1334 octets] - [23/01/2014 22:20:22]
AdwCleaner[s3].txt - [1440 octets] - [30/01/2014 09:15:35]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [1500 octets] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Ultimate x64
Ran by RO on 30/01/2014 at  9:25:44.72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{032BFAD1-0318-4F73-B16D-E10E8A6954BA}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A529737-242F-4DAC-9599-F76321D8E83A}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\RO\appdata\local\cre"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] C:\Users\RO\AppData\Roaming\mozilla\firefox\profiles\hm4opiy8.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com
Successfully deleted: [Folder] C:\Users\RO\AppData\Roaming\mozilla\firefox\profiles\hm4opiy8.default\extensions\staged
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [blacklisted Policy]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30/01/2014 at  9:32:42.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Link to post
Share on other sites

  • Staff

Hello Guzzy121

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
Link to post
Share on other sites

Here is the Combofix log. My Pc seems to run fine, however after it has been in use a while, there is a lag when I hover over items in my start menu, also when I right click on a folder or my desktop sometimes windows explorer crashes. If I use CTRL-V/C etc however Windows explorer (and the paste/copy etc operation works fine).

 

 

 

 

ComboFix 14-02-05.02 - RO 08/02/2014   2:26.1.8 - x64

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.353.1033.18.16273.14219 [GMT 0:00]

Running from: g:\downloads ssd os\Chrome DLDS\ComboFix.exe

AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

FW: Trend Micro Firewall Booster *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}

SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

/wow section - STAGE 32A

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\SysWow64\YingInstall

c:\windows\SysWow64\YingInstall\409.ini

F:\install.exe

.

.

(((((((((((((((((((((((((   Files Created from 2014-01-08 to 2014-02-08  )))))))))))))))))))))))))))))))

.

.

2014-02-08 02:21 . 2014-02-08 02:21 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS

2014-02-08 02:21 . 2014-02-08 02:21 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS

2014-02-01 13:10 . 2013-12-27 18:42 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys

2014-02-01 13:10 . 2013-12-27 18:42 33056 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll

2014-02-01 12:46 . 2014-02-01 13:11 -------- d-----w- c:\users\RO\AppData\Local\NVIDIA Corporation

2014-02-01 12:45 . 2014-02-08 02:22 -------- d-----w- c:\programdata\boost_interprocess

2014-02-01 05:01 . 2014-01-21 02:53 1048152 ----a-w- c:\windows\SysWow64\nvspcap.dll

2014-02-01 05:01 . 2014-01-21 02:53 1179576 ----a-w- c:\windows\system32\nvspcap64.dll

2014-02-01 05:00 . 2013-12-19 18:53 6671648 ----a-w- c:\windows\system32\nvcpl.dll

2014-02-01 05:00 . 2013-12-19 18:53 3490080 ----a-w- c:\windows\system32\nvsvc64.dll

2014-02-01 05:00 . 2013-12-19 18:53 922912 ----a-w- c:\windows\system32\nvvsvc.exe

2014-02-01 05:00 . 2013-12-19 18:53 63776 ----a-w- c:\windows\system32\nvshext.dll

2014-02-01 05:00 . 2013-12-19 18:53 386336 ----a-w- c:\windows\system32\nvmctray.dll

2014-02-01 05:00 . 2013-12-19 05:01 3539040 ----a-w- c:\windows\system32\nvcoproc.bin

2014-02-01 04:10 . 2014-02-01 04:10 -------- d-----w- c:\programdata\Elder Scrolls Online

2014-01-30 09:25 . 2014-01-30 09:25 -------- d-----w- c:\windows\ERUNT

2014-01-29 16:27 . 2014-02-04 13:09 -------- d-----w- c:\users\RO\AppData\Local\CrashDumps

2014-01-29 10:41 . 2014-01-29 10:41 -------- d-----w- C:\Nether

2014-01-29 10:27 . 2014-01-29 10:48 -------- d-----w- c:\program files\NetherLauncher

2014-01-25 19:31 . 2014-01-25 19:37 -------- d-----w- c:\program files\My Vapor Record

2014-01-23 20:13 . 2014-01-30 09:15 -------- d-----w- C:\AdwCleaner

2014-01-23 20:11 . 2014-01-25 04:48 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-01-19 14:25 . 2013-12-18 21:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2014-01-17 19:55 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2014-01-17 19:55 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2014-01-17 19:55 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys

2014-01-17 19:55 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2014-01-17 19:55 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2014-01-17 19:55 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2014-01-17 19:55 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys

2014-01-17 19:55 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys

2014-01-17 19:55 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys

2014-01-17 18:49 . 2014-01-25 12:56 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2014-01-15 15:02 . 2014-01-22 13:54 -------- d-----w- c:\users\RO\AppData\Local\LogMeIn Client

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-02-04 22:48 . 2013-02-24 21:02 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-02-04 22:48 . 2013-02-24 21:02 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-02-03 12:18 . 2013-08-23 17:11 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2014-02-03 12:18 . 2013-08-23 17:11 35656 ----a-w- c:\windows\system32\LMIport.dll

2014-02-03 12:18 . 2013-08-23 17:11 92488 ----a-w- c:\windows\system32\LMIinit.dll

2014-01-15 21:46 . 2013-02-24 17:38 86054176 ----a-w- c:\windows\system32\MRT.exe

2014-01-02 10:47 . 2013-08-23 17:11 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak

2013-12-19 12:20 . 2013-12-19 12:20 590112 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2013-12-19 01:06 . 2013-02-28 02:36 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2013-12-19 00:26 . 2013-02-28 02:36 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2013-12-14 23:26 . 2013-12-14 23:26 76888 ----a-w- c:\windows\system32\PnkBstrA.exe

2013-12-14 05:59 . 2013-02-28 02:36 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2013-12-14 05:47 . 2013-03-18 13:52 3123272 ----a-w- c:\windows\SysWow64\pbsvc.exe

2013-11-26 11:54 . 2013-12-12 03:00 23183360 ----a-w- c:\windows\system32\mshtml.dll

2013-11-26 10:19 . 2013-12-12 03:00 2724864 ----a-w- c:\windows\system32\mshtml.tlb

2013-11-26 10:18 . 2013-12-12 03:00 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll

2013-11-26 09:48 . 2013-12-12 03:00 66048 ----a-w- c:\windows\system32\iesetup.dll

2013-11-26 09:46 . 2013-12-12 03:00 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll

2013-11-26 09:41 . 2013-12-12 03:00 2764288 ----a-w- c:\windows\system32\iertutil.dll

2013-11-26 09:29 . 2013-12-12 03:00 53760 ----a-w- c:\windows\system32\jsproxy.dll

2013-11-26 09:27 . 2013-12-12 03:00 33792 ----a-w- c:\windows\system32\iernonce.dll

2013-11-26 09:23 . 2013-12-12 03:00 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb

2013-11-26 09:21 . 2013-12-12 03:00 574976 ----a-w- c:\windows\system32\ieui.dll

2013-11-26 09:18 . 2013-12-12 03:00 139264 ----a-w- c:\windows\system32\ieUnatt.exe

2013-11-26 09:18 . 2013-12-12 03:00 111616 ----a-w- c:\windows\system32\ieetwcollector.exe

2013-11-26 09:16 . 2013-12-12 03:00 708608 ----a-w- c:\windows\system32\jscript9diag.dll

2013-11-26 08:57 . 2013-12-12 03:00 218624 ----a-w- c:\windows\system32\ie4uinit.exe

2013-11-26 08:35 . 2013-12-12 03:00 5769216 ----a-w- c:\windows\system32\jscript9.dll

2013-11-26 08:28 . 2013-12-12 03:00 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll

2013-11-26 08:16 . 2013-12-12 03:00 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll

2013-11-26 08:02 . 2013-12-12 03:00 1995264 ----a-w- c:\windows\system32\inetcpl.cpl

2013-11-26 07:48 . 2013-12-12 03:00 12996608 ----a-w- c:\windows\system32\ieframe.dll

2013-11-26 07:32 . 2013-12-12 03:00 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-11-26 07:07 . 2013-12-12 03:00 2334208 ----a-w- c:\windows\system32\wininet.dll

2013-11-26 06:40 . 2013-12-12 03:00 1395200 ----a-w- c:\windows\system32\urlmon.dll

2013-11-26 06:34 . 2013-12-12 03:00 817664 ----a-w- c:\windows\system32\ieapfltr.dll

2013-11-26 06:33 . 2013-12-12 03:00 1820160 ----a-w- c:\windows\SysWow64\wininet.dll

2013-11-23 18:26 . 2013-12-11 20:12 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-11-23 17:47 . 2013-12-11 20:12 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2013-11-12 03:01 . 2013-11-12 03:01 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-11-12 03:01 . 2013-11-12 03:01 194048 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-11-12 03:01 . 2013-11-12 03:01 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2013-11-12 03:01 . 2013-11-12 03:01 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll

2013-11-12 03:01 . 2013-11-12 03:01 235008 ----a-w- c:\windows\system32\elshyph.dll

2013-11-12 03:01 . 2013-11-12 03:01 182272 ----a-w- c:\windows\SysWow64\msls31.dll

2013-11-12 03:01 . 2013-11-12 03:01 62464 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-11-12 03:01 . 2013-11-12 03:01 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll

2013-11-12 03:01 . 2013-11-12 03:01 337408 ----a-w- c:\windows\SysWow64\html.iec

2013-11-12 03:01 . 2013-11-12 03:01 61952 ----a-w- c:\windows\SysWow64\iesetup.dll

2013-11-12 03:01 . 2013-11-12 03:01 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-11-12 03:01 . 2013-11-12 03:01 139264 ----a-w- c:\windows\SysWow64\wextract.exe

2013-11-12 03:01 . 2013-11-12 03:01 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-11-12 03:01 . 2013-11-12 03:01 454656 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-11-12 03:01 . 2013-11-12 03:01 151552 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-11-12 03:01 . 2013-11-12 03:01 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-11-12 03:01 . 2013-11-12 03:01 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll

2013-11-12 03:01 . 2013-11-12 03:01 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll

2013-11-12 03:01 . 2013-11-12 03:01 36352 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-11-12 03:01 . 2013-11-12 03:01 13312 ----a-w- c:\windows\SysWow64\mshta.exe

2013-11-12 03:01 . 2013-11-12 03:01 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-11-12 03:01 . 2013-11-12 03:01 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll

2013-11-12 03:01 . 2013-11-12 03:01 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-11-12 03:01 . 2013-11-12 03:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-11-12 03:01 . 2013-11-12 03:01 942592 ----a-w- c:\windows\system32\jsIntl.dll

2013-11-12 03:01 . 2013-11-12 03:01 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-11-12 03:01 . 2013-11-12 03:01 247808 ----a-w- c:\windows\system32\msls31.dll

2013-11-12 03:01 . 2013-11-12 03:01 195584 ----a-w- c:\windows\system32\msrating.dll

2013-11-12 03:01 . 2013-11-12 03:01 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-11-12 03:01 . 2013-11-12 03:01 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-11-12 03:01 . 2013-11-12 03:01 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-11-12 03:01 . 2013-11-12 03:01 13312 ----a-w- c:\windows\system32\msfeedssync.exe

2013-11-12 03:01 . 2013-11-12 03:01 131072 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-11-12 03:01 . 2013-11-12 03:01 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-11-12 03:01 . 2013-11-12 03:01 413696 ----a-w- c:\windows\system32\html.iec

2013-11-12 03:01 . 2013-11-12 03:01 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll

2013-11-12 03:01 . 2013-11-12 03:01 105984 ----a-w- c:\windows\system32\iesysprep.dll

2013-11-12 03:01 . 2013-11-12 03:01 296960 ----a-w- c:\windows\system32\dxtrans.dll

2013-11-12 03:01 . 2013-11-12 03:01 81408 ----a-w- c:\windows\system32\icardie.dll

2013-11-12 03:01 . 2013-11-12 03:01 616104 ----a-w- c:\windows\system32\ieapfltr.dat

2013-11-12 03:01 . 2013-11-12 03:01 453120 ----a-w- c:\windows\system32\dxtmsft.dll

2013-11-12 03:01 . 2013-11-12 03:01 235520 ----a-w- c:\windows\system32\url.dll

2013-11-12 03:01 . 2013-11-12 03:01 84992 ----a-w- c:\windows\system32\mshtmled.dll

2013-11-12 03:01 . 2013-11-12 03:01 626176 ----a-w- c:\windows\system32\msfeeds.dll

2013-11-12 03:01 . 2013-11-12 03:01 30208 ----a-w- c:\windows\system32\licmgr10.dll

2013-11-12 03:01 . 2013-11-12 03:01 263376 ----a-w- c:\windows\system32\iedkcs32.dll

2013-11-12 03:01 . 2013-11-12 03:01 243200 ----a-w- c:\windows\system32\webcheck.dll

2013-11-12 03:01 . 2013-11-12 03:01 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-11-12 03:01 . 2013-11-12 03:01 143872 ----a-w- c:\windows\system32\wextract.exe

2013-11-12 03:01 . 2013-11-12 03:01 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-11-12 03:01 . 2013-11-12 03:01 101376 ----a-w- c:\windows\system32\inseng.dll

2013-11-12 03:01 . 2013-11-12 03:01 62464 ----a-w- c:\windows\system32\pngfilt.dll

2013-11-12 03:01 . 2013-11-12 03:01 548352 ----a-w- c:\windows\system32\vbscript.dll

2013-11-12 03:01 . 2013-11-12 03:01 147968 ----a-w- c:\windows\system32\occache.dll

2013-11-12 03:01 . 2013-11-12 03:01 83968 ----a-w- c:\windows\system32\MshtmlDac.dll

2013-11-12 03:01 . 2013-11-12 03:01 774144 ----a-w- c:\windows\system32\jscript.dll

2013-11-12 03:01 . 2013-11-12 03:01 48128 ----a-w- c:\windows\system32\imgutil.dll

2013-11-12 03:01 . 2013-11-12 03:01 13824 ----a-w- c:\windows\system32\mshta.exe

2013-11-12 03:01 . 2013-11-12 03:01 135680 ----a-w- c:\windows\system32\iepeers.dll

2013-11-12 02:23 . 2013-12-11 20:12 2048 ----a-w- c:\windows\system32\tzres.dll

2013-11-12 02:07 . 2013-12-11 20:12 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 131248 ----a-w- c:\users\RO\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 131248 ----a-w- c:\users\RO\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 131248 ----a-w- c:\users\RO\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 131248 ----a-w- c:\users\RO\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2014-01-08 55360]

"Akamai NetSession Interface"="c:\users\RO\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]

"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2013-10-16 759496]

"Plex Media Server"="c:\program files (x86)\Plex\Plex Media Server\Plex Media Server.exe" [2013-12-09 4272776]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Corsair Garros"="c:\program files (x86)\Corsair\M90 Mouse\M90Hid.exe" [2012-05-22 1768960]

"MSUTray"="c:\program files (x86)\Marvell\storage\tray\MarvellTray.exe" [2012-09-21 1219984]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-12 56128]

"PCBoost"="c:\program files (x86)\PGWARE\PCBoost\PCBoostTray.exe" [2013-12-22 1784984]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"VNT"="c:\program files (x86)\VNT\vntldr.exe" [2014-01-06 195536]

"AmazonGSDownloaderTray"="g:\amazon games & software downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]

.

c:\users\RO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\RO\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]

Samsung Magician.lnk - c:\program files (x86)\Samsung\Samsung Magician\Samsung Magician.exe  /AUTOHIDE [2013-12-17 4580256]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 0 (0x0)

"NoFileAssociate"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

R2 Amazon Download Agent;Amazon Download Agent;g:\amazon games & software downloader\AmazonGSDownloaderService.exe;g:\amazon games & software downloader\AmazonGSDownloaderService.exe [x]

R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 MBAMScheduler;MBAMScheduler;g:\new program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;g:\new program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;g:\new program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;g:\new program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R2 SMServer;SMServer;g:\program files (x86)\Mirasys\SystemManagement\SMServer.exe;g:\program files (x86)\Mirasys\SystemManagement\SMServer.exe [x]

R2 YouTubeDownloaderConverter;YouTubeDownloaderConverter;c:\users\RO\AppData\Roaming\GVU Technologies\Free YouTube Downloader Converter\CertifiedBrowserService.exe;c:\users\RO\AppData\Roaming\GVU Technologies\Free YouTube Downloader Converter\CertifiedBrowserService.exe [x]

R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]

R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]

R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]

R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]

S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]

S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys;c:\windows\SYSNATIVE\DRIVERS\mv91cons.sys [x]

S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S1 RapportCerberus_59849;RapportCerberus_59849;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [x]

S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]

S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]

S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys;c:\windows\SYSNATIVE\DRIVERS\tmlwf.sys [x]

S2 DfSdkS;Defragmentation-Service;g:\new progs\Ashampoo WinOptimizer 2013\DfsdkS64.exe;g:\new progs\Ashampoo WinOptimizer 2013\DfsdkS64.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]

S2 Marvell Storage Management;Marvell Storage Management Service;c:\program files (x86)\Marvell\storage\svc\mvraidsvc.exe;c:\program files (x86)\Marvell\storage\svc\mvraidsvc.exe [x]

S2 MSUWebService;MSU Web Service;c:\program files (x86)\Marvell\storage\Apache2\bin\httpd.exe;c:\program files (x86)\Marvell\storage\Apache2\bin\httpd.exe [x]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]

S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]

S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]

S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]

S2 SMSServer;SMSServer;g:\program files (x86)\Mirasys\SMSServer\SMSServer.exe;g:\program files (x86)\Mirasys\SMSServer\SMSServer.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]

S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]

S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\tmwfp.sys [x]

S3 CorsairCAHS1;CA-HS1 Interface;c:\windows\system32\drivers\CAHS164.sys;c:\windows\SYSNATIVE\drivers\CAHS164.sys [x]

S3 CORSGMS;Corsair M90 Gaming Mouse;c:\windows\system32\drivers\CORSGMS.sys;c:\windows\SYSNATIVE\drivers\CORSGMS.sys [x]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]

S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]

S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]

S3 Mv_Process;Marvell process notification.;c:\windows\syswow64\mv_process.sys;c:\windows\syswow64\mv_process.sys [x]

S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-02-04 01:08 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-24 22:48]

.

2014-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-24 17:18]

.

2014-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-24 17:18]

.

2013-06-10 c:\windows\Tasks\WpsUpdateTask_RO.job

- c:\program files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe [2013-06-03 16:00]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 164016 ----a-w- c:\users\RO\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 164016 ----a-w- c:\users\RO\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 164016 ----a-w- c:\users\RO\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 164016 ----a-w- c:\users\RO\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2013-02-24 192520]

"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2013-02-24 1119392]

"CAHS1Sound"="c:\windows\Syswow64\CAHS1.dll" [2011-07-08 8724480]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-22 172016]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-22 399856]

"Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-22 442352]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-03-29 13513288]

"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2013-04-30 57928]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]

"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-01-21 2234144]

"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-01-21 1179576]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm


mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\RO\AppData\Roaming\Mozilla\Firefox\Profiles\hm4opiy8.default\

FF - prefs.js: browser.search.selectedEngine - Google

.

- - - - ORPHANS REMOVED - - - -

.

c:\users\RO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

BHO-{11111111-1111-1111-1111-110311281150} - (no file)

AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe

AddRemove-BattlEye for A2 - g:\steamlibrary\steamapps\common\Arma 2BattlEye\UnInstallBE.exe

AddRemove-My Vapor Record 1.4 - c:\windows\system32\Ying-UnInstall.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

AddRemove-sl-dlc - c:\program files (x86)\OApps\sl-dlc_uninstall.exe

AddRemove-YouTube Accelerator - c:\program files (x86)\YouTube Accelerator\VARemove.exe

AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files (x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-777521174-3464708935-2093631653-1000\Software\SecuROM\License information*]

"datasecu"=hex:55,f6,ff,40,7c,36,9d,62,1e,57,82,87,0f,4e,5f,64,c5,82,97,08,2f,

   b1,2a,a2,78,a1,d9,33,13,b2,d6,c4,cb,f9,4e,69,fd,96,c4,35,c7,0f,e7,44,be,e6,\

"rkeysecu"=hex:53,c2,53,31,59,4f,0f,16,a3,c5,f2,e1,22,e0,14,5c

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2014-02-08  02:47:28

ComboFix-quarantined-files.txt  2014-02-08 02:47

.

Pre-Run: 30,457,556,992 bytes free

Post-Run: 32,556,236,800 bytes free

.

- - End Of File - - 61912463A6FA9A7F1B5D3374E920E54F

5FB38429D5D77768867C76DCBDB35194
Link to post
Share on other sites

  • Staff

Hello Guzzy121

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache:: 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
Link to post
Share on other sites

  That delay when I hover over the start menu seems to have gone as well as the copy/paste problem.

 

 

ComboFix 14-02-05.02 - RO 09/02/2014   0:55.2.8 - x64

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.353.1033.18.16273.12628 [GMT 0:00]
Running from: c:\users\RO\Desktop\ComboFix.exe
Command switches used :: c:\users\RO\Desktop\CFScript.txt
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
FW: Trend Micro Firewall Booster *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-09 to 2014-02-09  )))))))))))))))))))))))))))))))
.
.
2014-02-09 01:44 . 2014-02-09 01:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-09 01:44 . 2014-02-09 01:44 -------- d-----w- c:\users\2nd User\AppData\Local\temp
2014-02-08 10:29 . 2014-02-08 22:08 -------- d-----w- c:\users\RO\AppData\Roaming\Awesomium
2014-02-08 02:47 . 2014-02-09 01:44 -------- d-----w- c:\users\RO\AppData\Local\temp
2014-02-08 02:21 . 2014-02-08 02:21 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2014-02-08 02:21 . 2014-02-08 02:21 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2014-02-01 13:10 . 2013-12-27 18:42 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2014-02-01 13:10 . 2013-12-27 18:42 33056 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2014-02-01 12:46 . 2014-02-01 13:11 -------- d-----w- c:\users\RO\AppData\Local\NVIDIA Corporation
2014-02-01 12:45 . 2014-02-08 02:22 -------- d-----w- c:\programdata\boost_interprocess
2014-02-01 05:01 . 2014-01-21 02:53 1048152 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-02-01 05:01 . 2014-01-21 02:53 1179576 ----a-w- c:\windows\system32\nvspcap64.dll
2014-02-01 05:00 . 2013-12-19 18:53 6671648 ----a-w- c:\windows\system32\nvcpl.dll
2014-02-01 05:00 . 2013-12-19 18:53 3490080 ----a-w- c:\windows\system32\nvsvc64.dll
2014-02-01 05:00 . 2013-12-19 18:53 922912 ----a-w- c:\windows\system32\nvvsvc.exe
2014-02-01 05:00 . 2013-12-19 18:53 63776 ----a-w- c:\windows\system32\nvshext.dll
2014-02-01 05:00 . 2013-12-19 18:53 386336 ----a-w- c:\windows\system32\nvmctray.dll
2014-02-01 05:00 . 2013-12-19 05:01 3539040 ----a-w- c:\windows\system32\nvcoproc.bin
2014-02-01 04:10 . 2014-02-01 04:10 -------- d-----w- c:\programdata\Elder Scrolls Online
2014-01-30 09:25 . 2014-01-30 09:25 -------- d-----w- c:\windows\ERUNT
2014-01-29 16:27 . 2014-02-04 13:09 -------- d-----w- c:\users\RO\AppData\Local\CrashDumps
2014-01-29 10:41 . 2014-01-29 10:41 -------- d-----w- C:\Nether
2014-01-29 10:27 . 2014-01-29 10:48 -------- d-----w- c:\program files\NetherLauncher
2014-01-25 19:31 . 2014-01-25 19:37 -------- d-----w- c:\program files\My Vapor Record
2014-01-23 20:13 . 2014-01-30 09:15 -------- d-----w- C:\AdwCleaner
2014-01-23 20:11 . 2014-01-25 04:48 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-19 14:25 . 2013-12-18 21:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-17 19:55 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-17 19:55 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-17 19:55 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-17 19:55 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-17 19:55 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-17 19:55 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-17 19:55 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-17 19:55 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-17 19:55 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-17 18:49 . 2014-01-25 12:56 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-15 15:02 . 2014-01-22 13:54 -------- d-----w- c:\users\RO\AppData\Local\LogMeIn Client
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-04 22:48 . 2013-02-24 21:02 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-04 22:48 . 2013-02-24 21:02 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-03 12:18 . 2013-08-23 17:11 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2014-02-03 12:18 . 2013-08-23 17:11 35656 ----a-w- c:\windows\system32\LMIport.dll
2014-02-03 12:18 . 2013-08-23 17:11 92488 ----a-w- c:\windows\system32\LMIinit.dll
2014-01-15 21:46 . 2013-02-24 17:38 86054176 ----a-w- c:\windows\system32\MRT.exe
2014-01-02 10:47 . 2013-08-23 17:11 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2013-12-19 12:20 . 2013-12-19 12:20 590112 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-12-19 01:06 . 2013-02-28 02:36 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-12-19 00:26 . 2013-02-28 02:36 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-12-14 23:26 . 2013-12-14 23:26 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2013-12-14 05:59 . 2013-02-28 02:36 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-12-14 05:47 . 2013-03-18 13:52 3123272 ----a-w- c:\windows\SysWow64\pbsvc.exe
2013-11-26 11:54 . 2013-12-12 03:00 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-12 03:00 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-12 03:00 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-12 03:00 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-12 03:00 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-12 03:00 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-12 03:00 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-12 03:00 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-12 03:00 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-12 03:00 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-12 03:00 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-12 03:00 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-12 03:00 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-12 03:00 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-12 03:00 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-12 03:00 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-12 03:00 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-12 03:00 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-12 03:00 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-12 03:00 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-12 03:00 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-12 03:00 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-12 03:00 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-12 03:00 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-11 20:12 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 20:12 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-12 03:01 . 2013-11-12 03:01 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-12 03:01 . 2013-11-12 03:01 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-12 03:01 . 2013-11-12 03:01 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-12 03:01 . 2013-11-12 03:01 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-12 03:01 . 2013-11-12 03:01 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-12 03:01 . 2013-11-12 03:01 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-12 03:01 . 2013-11-12 03:01 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-12 03:01 . 2013-11-12 03:01 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-12 03:01 . 2013-11-12 03:01 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-12 03:01 . 2013-11-12 03:01 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-12 03:01 . 2013-11-12 03:01 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-12 03:01 . 2013-11-12 03:01 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-12 03:01 . 2013-11-12 03:01 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-12 03:01 . 2013-11-12 03:01 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-12 03:01 . 2013-11-12 03:01 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-12 03:01 . 2013-11-12 03:01 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-12 03:01 . 2013-11-12 03:01 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-12 03:01 . 2013-11-12 03:01 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-12 03:01 . 2013-11-12 03:01 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-12 03:01 . 2013-11-12 03:01 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-12 03:01 . 2013-11-12 03:01 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-12 03:01 . 2013-11-12 03:01 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-12 03:01 . 2013-11-12 03:01 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-12 03:01 . 2013-11-12 03:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-12 03:01 . 2013-11-12 03:01 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-12 03:01 . 2013-11-12 03:01 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-12 03:01 . 2013-11-12 03:01 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-12 03:01 . 2013-11-12 03:01 195584 ----a-w- c:\windows\system32\msrating.dll
2013-11-12 03:01 . 2013-11-12 03:01 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-12 03:01 . 2013-11-12 03:01 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-12 03:01 . 2013-11-12 03:01 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-12 03:01 . 2013-11-12 03:01 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-12 03:01 . 2013-11-12 03:01 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-12 03:01 . 2013-11-12 03:01 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-12 03:01 . 2013-11-12 03:01 413696 ----a-w- c:\windows\system32\html.iec
2013-11-12 03:01 . 2013-11-12 03:01 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-12 03:01 . 2013-11-12 03:01 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-12 03:01 . 2013-11-12 03:01 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-12 03:01 . 2013-11-12 03:01 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-12 03:01 . 2013-11-12 03:01 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-12 03:01 . 2013-11-12 03:01 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-12 03:01 . 2013-11-12 03:01 235520 ----a-w- c:\windows\system32\url.dll
2013-11-12 03:01 . 2013-11-12 03:01 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-12 03:01 . 2013-11-12 03:01 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-12 03:01 . 2013-11-12 03:01 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-12 03:01 . 2013-11-12 03:01 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-12 03:01 . 2013-11-12 03:01 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-12 03:01 . 2013-11-12 03:01 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-12 03:01 . 2013-11-12 03:01 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-12 03:01 . 2013-11-12 03:01 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-12 03:01 . 2013-11-12 03:01 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-12 03:01 . 2013-11-12 03:01 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-12 03:01 . 2013-11-12 03:01 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-11-12 03:01 . 2013-11-12 03:01 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-12 03:01 . 2013-11-12 03:01 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-12 03:01 . 2013-11-12 03:01 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-12 03:01 . 2013-11-12 03:01 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-12 03:01 . 2013-11-12 03:01 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-12 03:01 . 2013-11-12 03:01 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-12 02:23 . 2013-12-11 20:12 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 20:12 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\RO\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\RO\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\RO\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\RO\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2014-01-08 55360]
"Akamai NetSession Interface"="c:\users\RO\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2013-10-16 759496]
"Plex Media Server"="c:\program files (x86)\Plex\Plex Media Server\Plex Media Server.exe" [2013-12-09 4272776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Corsair Garros"="c:\program files (x86)\Corsair\M90 Mouse\M90Hid.exe" [2012-05-22 1768960]
"MSUTray"="c:\program files (x86)\Marvell\storage\tray\MarvellTray.exe" [2012-09-21 1219984]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-12 56128]
"PCBoost"="c:\program files (x86)\PGWARE\PCBoost\PCBoostTray.exe" [2013-12-22 1784984]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"VNT"="c:\program files (x86)\VNT\vntldr.exe" [2014-01-06 195536]
"AmazonGSDownloaderTray"="g:\amazon games & software downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
.
c:\users\RO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\RO\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
Samsung Magician.lnk - c:\program files (x86)\Samsung\Samsung Magician\Samsung Magician.exe  /AUTOHIDE [2013-12-17 4580256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 Amazon Download Agent;Amazon Download Agent;g:\amazon games & software downloader\AmazonGSDownloaderService.exe;g:\amazon games & software downloader\AmazonGSDownloaderService.exe [x]
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;g:\new program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;g:\new program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;g:\new program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;g:\new program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SMServer;SMServer;g:\program files (x86)\Mirasys\SystemManagement\SMServer.exe;g:\program files (x86)\Mirasys\SystemManagement\SMServer.exe [x]
R2 YouTubeDownloaderConverter;YouTubeDownloaderConverter;c:\users\RO\AppData\Roaming\GVU Technologies\Free YouTube Downloader Converter\CertifiedBrowserService.exe;c:\users\RO\AppData\Roaming\GVU Technologies\Free YouTube Downloader Converter\CertifiedBrowserService.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys;c:\windows\SYSNATIVE\DRIVERS\mv91cons.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 RapportCerberus_59849;RapportCerberus_59849;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys;c:\windows\SYSNATIVE\DRIVERS\tmlwf.sys [x]
S2 DfSdkS;Defragmentation-Service;g:\new progs\Ashampoo WinOptimizer 2013\DfsdkS64.exe;g:\new progs\Ashampoo WinOptimizer 2013\DfsdkS64.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
S2 Marvell Storage Management;Marvell Storage Management Service;c:\program files (x86)\Marvell\storage\svc\mvraidsvc.exe;c:\program files (x86)\Marvell\storage\svc\mvraidsvc.exe [x]
S2 MSUWebService;MSU Web Service;c:\program files (x86)\Marvell\storage\Apache2\bin\httpd.exe;c:\program files (x86)\Marvell\storage\Apache2\bin\httpd.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 SMSServer;SMSServer;g:\program files (x86)\Mirasys\SMSServer\SMSServer.exe;g:\program files (x86)\Mirasys\SMSServer\SMSServer.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\tmwfp.sys [x]
S3 CorsairCAHS1;CA-HS1 Interface;c:\windows\system32\drivers\CAHS164.sys;c:\windows\SYSNATIVE\drivers\CAHS164.sys [x]
S3 CORSGMS;Corsair M90 Gaming Mouse;c:\windows\system32\drivers\CORSGMS.sys;c:\windows\SYSNATIVE\drivers\CORSGMS.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 Mv_Process;Marvell process notification.;c:\windows\syswow64\mv_process.sys;c:\windows\syswow64\mv_process.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 01:08 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-24 22:48]
.
2014-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-24 17:18]
.
2014-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-24 17:18]
.
2013-06-10 c:\windows\Tasks\WpsUpdateTask_RO.job
- c:\program files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe [2013-06-03 16:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\RO\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\RO\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\RO\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\RO\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2013-02-24 192520]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2013-02-24 1119392]
"CAHS1Sound"="c:\windows\Syswow64\CAHS1.dll" [2011-07-08 8724480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-22 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-22 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-22 442352]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-03-29 13513288]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2013-04-30 57928]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-01-21 2234144]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-01-21 1179576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\RO\AppData\Roaming\Mozilla\Firefox\Profiles\hm4opiy8.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{11111111-1111-1111-1111-110311281150} - (no file)
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-BattlEye for A2 - g:\steamlibrary\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
AddRemove-My Vapor Record 1.4 - c:\windows\system32\Ying-UnInstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-sl-dlc - c:\program files (x86)\OApps\sl-dlc_uninstall.exe
AddRemove-YouTube Accelerator - c:\program files (x86)\YouTube Accelerator\VARemove.exe
AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files (x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-777521174-3464708935-2093631653-1000\Software\SecuROM\License information*]
"datasecu"=hex:55,f6,ff,40,7c,36,9d,62,1e,57,82,87,0f,4e,5f,64,c5,82,97,08,2f,
   b1,2a,a2,78,a1,d9,33,13,b2,d6,c4,cb,f9,4e,69,fd,96,c4,35,c7,0f,e7,44,be,e6,\
"rkeysecu"=hex:53,c2,53,31,59,4f,0f,16,a3,c5,f2,e1,22,e0,14,5c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-09  01:46:43
ComboFix-quarantined-files.txt  2014-02-09 01:46
ComboFix2.txt  2014-02-08 02:47
.
Pre-Run: 32,359,100,416 bytes free
Post-Run: 32,283,525,120 bytes free
.
- - End Of File - - F1E7EACAE4E01BBAD4C80F52550CE153
5FB38429D5D77768867C76DCBDB35194
Link to post
Share on other sites

  • Staff

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur

Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

  • Programs to remove
    • Ask Toolbar

      µTorrent

      SelectionLinks

  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner

    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.
: Malwarebytes' Anti-Malware :

I see You have MBAM installed on the computer - that is great!! it is a very good program! I would like you to run a quick scan for me now

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
Link to post
Share on other sites

Hi Gringo,

Here are the log files. The system seems to be doing well now, however I did find a disabled Chrome startup for Webcake in the CCleaner browser startup page, I may have managed to remove previously and it was just a part of the remnants.

 

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.15.04
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
RO :: RO-PC [administrator]
 
Protection: Enabled
 
15/02/2014 10:39:39
mbam-log-2014-02-15 (10-39-39).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 252586
Time elapsed: 6 minute(s), 4 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKLM\SOFTWARE\YingSoft (Malware.Trace) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:50:19, on 15/02/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal
 
Running processes:
G:\NEW Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\RO\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE
C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
C:\Users\RO\AppData\Local\Akamai\netsession_win.exe
C:\Users\RO\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Corsair\M90 Mouse\M90Hid.exe
C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe
C:\Program Files (x86)\PGWARE\PCBoost\PCBoostTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
G:\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
C:\Program Files (x86)\Corsair\M90 Mouse\CorsTra.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\Kingsoft\Kingsoft Office\office6\wps.exe
G:\Downloads SSD OS\Chrome DLDS\HijackThis (1).exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Corsair Garros] C:\Program Files (x86)\Corsair\M90 Mouse\M90Hid.exe
O4 - HKLM\..\Run: [MSUTray] C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [PCBoost] "C:\Program Files (x86)\PGWARE\PCBoost\PCBoostTray.exe" /start
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AmazonGSDownloaderTray] G:\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\RO\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
O4 - Startup: Dropbox.lnk = RO\AppData\Roaming\Dropbox\bin\Dropbox.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O15 - Trusted IP range: http://127.0.0.1
O15 - Trusted IP range: http://localhost
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/select/asusTek_sys_ctrl3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF364D91-5D58-4C11-9A2D-00CDD7D1E1F3}: NameServer = 108.171.182.159,108.171.177.124
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Amazon Download Agent - Amazon.com - G:\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Desura Install Service - Desura Pty Ltd - C:\Program Files (x86)\Common Files\Desura\desura_service.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - G:\New Progs\Ashampoo WinOptimizer 2013\DfsdkS64.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: Marvell Storage Management Service (Marvell Storage Management) - Marvell - C:\Program Files (x86)\Marvell\storage\svc\mvraidsvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - G:\NEW Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - G:\NEW Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MSU Web Service (MSUWebService) - Apache Software Foundation - C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: SMServer - Unknown owner - G:\Program Files (x86)\Mirasys\SystemManagement\SMServer.exe (file missing)
O23 - Service: SMSServer - Unknown owner - G:\Program Files (x86)\Mirasys\SMSServer\SMSServer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: YouTubeDownloaderConverter - Unknown owner - C:\Users\RO\AppData\Roaming\GVU Technologies\Free YouTube Downloader Converter\CertifiedBrowserService.exe (file missing)
 
--
End of file - 12908 bytes
 
Link to post
Share on other sites

  • Staff

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional

These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):
    • O4 - HKLM\..\Run: [PCBoost] "C:\Program Files (x86)\PGWARE\PCBoost\PCBoostTray.exe" /start

      O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

      O4 - HKLM\..\Run: [AmazonGSDownloaderTray] G:\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

      O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

      O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\RO\AppData\Local\Akamai\netsession_win.exe"

      O4 - HKCU\..\Run: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"

      O4 - Startup: Dropbox.lnk = RO\AppData\Roaming\Dropbox\bin\Dropbox.exe

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    • NOTE**You can research each of those lines >here< and see if you want to keep them or not

      just copy the name between the brackets and paste into the search space

      O4 - HKLM\..\Run: [IntelliPoint]

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
When the scan is complete
  • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
  • If threats were found
    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    • close program
    • copy and paste the report here
Gringo
Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.