Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random


  • This topic is locked This topic is locked
3 replies to this topic

#1 stevler

stevler

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 01 January 2014 - 07:24 PM

My original post

 

 

title supposed to be "Random ads & music playing"

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7600.16385  BrowserJavaVersion: 10.45.2
Run by Steven at 19:15:26 on 2014-01-01
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.3326.966 [GMT -5:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Steven\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.yahoo.com?type=714647&fr=spigot-yhp-ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [F.lux] "C:\Users\Steven\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} - hxxp://ahnlabdownload.nefficient.co.kr/aos/plugin/aosmgr.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{44AA1EC3-8747-4451-AB0B-99A6ACC41D2A} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{44AA1EC3-8747-4451-AB0B-99A6ACC41D2A}\E4544574541425 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{44AA1EC3-8747-4451-AB0B-99A6ACC41D2A}\E696B6F6D616B6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{466D262F-E169-46C3-B360-DF923745B9CE} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
R3 uvhid;Unified Virtual HID;C:\Windows\System32\drivers\uvhid.sys [2013-6-18 20992]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-10-28 107288]
S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;C:\Windows\System32\drivers\evolve.sys [2013-7-30 21656]
S3 Gun;Gun;C:\Game\SoftnyxGame\GunboundIS\Gun64.sys [2013-4-14 45176]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2014-1-1 32512]
S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2012-7-20 44928]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-7-20 29696]
S3 Mkd2Bthf;Mkd2Bthf;C:\Windows\System32\drivers\Mkd2BthF.sys [2011-1-7 97368]
S3 Mkd2Nadr;Mkd2Nadr;C:\Windows\System32\drivers\Mkd2Nadr.sys [2011-1-7 107096]
S3 Mkd3kfNt;Mkd3kfNt;C:\Windows\System32\drivers\mkd3kfnt.sys [2011-1-7 182872]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-5-20 36720]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-10-28 204568]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\System32\drivers\vpcuxd.sys [2011-4-9 16384]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
FileExt: .vbs: Applications\wordpad.exe="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-01-01 21:43:18 -------- d-----w- C:\Program Files (x86)\ESET
2014-01-01 21:26:41 -------- d-sh--w- C:\$RECYCLE.BIN
2014-01-01 21:03:11 -------- d-----w- C:\ComboFix
2014-01-01 20:43:54 -------- d-----w- C:\Windows\ERUNT
2014-01-01 20:28:42 -------- d-----w- C:\AdwCleaner
2014-01-01 19:51:36 -------- d-----w- C:\Program Files\Enigma Software Group
2014-01-01 19:50:21 -------- d-----w- C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2014-01-01 19:46:22 24448 ----a-w- C:\Windows\SysWow64\drivers\rkhdrv40.sys
2014-01-01 19:33:49 4900568 ----a-w- C:\ProgramData\cis89CB.exe
2014-01-01 19:04:09 117464 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-01-01 19:04:09 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-01 19:03:39 89304 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-01-01 08:42:19 32512 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2014-01-01 08:32:18 145704 ----a-w- C:\Windows\System32\LnkProtect.dll
2014-01-01 08:21:36 -------- d-----w- C:\Program Files\HitmanPro
2014-01-01 08:21:12 -------- d-----w- C:\ProgramData\HitmanPro
2014-01-01 08:17:46 233056 ----a-w- C:\Windows\System32\drivers\10259801.sys.bak
2014-01-01 08:00:59 44544 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys.bak
2014-01-01 07:59:59 359936 ----a-w- C:\Windows\System32\drivers\atikmpag.sys.bak
2013-12-23 02:21:10 -------- d-----w- C:\Program Files (x86)\WinSCP
2013-12-22 20:49:29 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-22 19:39:03 -------- d-----r- C:\Program Files (x86)\Skype
2013-12-21 14:03:02 -------- d-----w- C:\Users\Steven\MediaFire
2013-12-19 22:24:42 20696 ----a-w- C:\Windows\System32\drivers\mfmonitor_x64.sys
2013-12-17 17:07:50 -------- d-----w- C:\Users\Steven\AppData\Roaming\3909
2013-12-12 06:45:13 -------- d-----w- C:\Users\Steven\AppData\Local\Driftmoon
2013-12-12 06:34:25 -------- d-----w- C:\Users\Steven\AppData\Roaming\To the Moon - Freebird Games
2013-12-12 06:28:01 -------- d-----w- C:\Users\Steven\AppData\Roaming\Colibri Games
2013-12-12 06:28:01 -------- d-----w- C:\ProgramData\Colibri Games
2013-12-12 05:55:28 -------- d-----w- C:\Users\Steven\AppData\Local\Angvik
2013-12-12 04:58:32 -------- d-----w- C:\Downloads
.
==================== Find3M  ====================
.
2013-12-11 05:38:31 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 05:38:31 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-17 19:44:12 14848 ----a-w- C:\Windows\System32\slwga.dll
2013-11-17 19:44:11 13824 ----a-w- C:\Windows\SysWow64\slwga.dll
2013-11-17 19:44:10 419840 ----a-w- C:\Windows\System32\systemcpl.dll
2013-11-17 19:44:03 1008640 ----a-w- C:\Windows\System32\user32.dll
2013-11-17 19:44:02 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2013-10-28 06:12:12 204568 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2013-10-28 06:12:10 107288 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2013-10-22 01:26:47 401927 ----a-w- C:\Windows\SysWow64\mioengine.exe
.
============= FINISH: 19:19:50.36 ===============

Attached Files


Edited by stevler, 01 January 2014 - 07:29 PM.


BC AdBot (Login to Remove)

 


#2 stevler

stevler
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 01 January 2014 - 07:43 PM

ComboFix 14-01-01.01 - Steven 01/01/2014  16:05:08.3.2 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.3326.2093 [GMT -5:00]
Running from: C:\Users\Steven\Downloads\help programss\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
 
(((((((((((((((((((((((((   Files Created from 2013-12-01 to 2014-01-01  )))))))))))))))))))))))))))))))
 
 
2014-01-01 21:18:49 . 2014-01-01 21:18:49 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\temp
2014-01-01 21:18:49 . 2014-01-01 21:18:49 -------- d-----w- C:\Users\TEMP\AppData\Local\temp
2014-01-01 21:18:49 . 2014-01-01 21:18:49 -------- d-----w- C:\Users\Public\AppData\Local\temp
2014-01-01 21:18:49 . 2014-01-01 21:18:49 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-01-01 20:43:54 . 2014-01-01 20:43:54 -------- d-----w- C:\Windows\ERUNT
2014-01-01 20:28:42 . 2014-01-01 20:35:22 -------- d-----w- C:\AdwCleaner
2014-01-01 19:51:36 . 2014-01-01 19:51:36 -------- d-----w- C:\Program Files\Enigma Software Group
2014-01-01 19:50:21 . 2014-01-01 20:22:53 -------- d-----w- C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2014-01-01 19:46:22 . 2014-01-01 19:46:22 24448 ----a-w- C:\Windows\SysWow64\drivers\rkhdrv40.sys
2014-01-01 19:33:49 . 2013-11-11 19:58:50 4900568 ----a-w- C:\ProgramData\cis89CB.exe
2014-01-01 19:04:09 . 2014-01-01 19:37:34 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-01 19:04:09 . 2014-01-01 19:04:09 117464 ----a-w- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-01-01 19:03:39 . 2014-01-01 19:03:39 89304 ----a-w- C:\Windows\system32\drivers\mbamchameleon.sys
2014-01-01 08:42:19 . 2014-01-01 08:42:19 32512 ----a-w- C:\Windows\system32\drivers\hitmanpro37.sys
2014-01-01 08:32:18 . 2014-01-01 08:32:18 145704 ----a-w- C:\Windows\system32\LnkProtect.dll
2014-01-01 08:21:36 . 2014-01-01 08:21:36 -------- d-----w- C:\Program Files\HitmanPro
2014-01-01 08:21:12 . 2014-01-01 11:32:13 -------- d-----w- C:\ProgramData\HitmanPro
2014-01-01 08:17:46 . 2014-01-01 08:17:48 233056 ----a-w- C:\Windows\system32\drivers\10259801.sys.bak
2014-01-01 08:00:59 . 2014-01-01 08:19:50 23552 ----a-w- C:\Windows\system32\drivers\tdtcp.sys.bak
2014-01-01 07:59:59 . 2014-01-01 08:17:59 359936 ----a-w- C:\Windows\system32\drivers\atikmpag.sys.bak
2013-12-23 02:21:10 . 2013-12-31 21:19:39 -------- d-----w- C:\Program Files (x86)\WinSCP
2013-12-22 20:50:28 . 2013-12-22 20:50:28 -------- d-----w- C:\Program Files (x86)\Common Files\Java
2013-12-22 20:49:29 . 2013-12-22 20:49:18 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-22 19:39:03 . 2013-12-22 19:39:03 -------- d-----w- C:\Program Files (x86)\Common Files\Skype
2013-12-22 19:39:03 . 2013-12-22 19:39:03 -------- d-----r- C:\Program Files (x86)\Skype
2013-12-21 14:03:02 . 2013-12-21 14:03:02 -------- d-----w- C:\Users\Steven\MediaFire
2013-12-19 22:24:42 . 2013-12-06 16:42:01 20696 ----a-w- C:\Windows\system32\drivers\mfmonitor_x64.sys
2013-12-17 17:07:50 . 2013-12-17 17:07:50 -------- d-----w- C:\Users\Steven\AppData\Roaming\3909
2013-12-12 06:45:13 . 2013-12-12 06:45:13 -------- d-----w- C:\Users\Steven\AppData\Local\Driftmoon
2013-12-12 06:34:25 . 2013-12-12 06:36:59 -------- d-----w- C:\Users\Steven\AppData\Roaming\To the Moon - Freebird Games
2013-12-12 06:28:01 . 2013-12-12 06:28:01 -------- d-----w- C:\Users\Steven\AppData\Roaming\Colibri Games
2013-12-12 06:28:01 . 2013-12-12 06:28:01 -------- d-----w- C:\ProgramData\Colibri Games
2013-12-12 05:55:28 . 2013-12-17 17:06:41 -------- d-----w- C:\Users\Steven\AppData\Local\Angvik
2013-12-12 04:58:32 . 2013-12-12 04:58:33 -------- d-----w- C:\Downloads
2013-12-08 05:56:45 . 2013-12-08 05:56:46 -------- d-----w- C:\Program Files\Microsoft Silverlight
2013-12-08 05:56:45 . 2013-12-08 05:56:46 -------- d-----w- C:\Program Files (x86)\Microsoft Silverlight
.
 
 
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
 
2013-12-19 22:25:02 . 2013-12-19 22:25:02 1409 ----a-w- C:\Windows\Fonts\OpenSans-Regular.fot
2013-12-19 22:25:02 . 2013-12-19 22:25:02 1409 ----a-w- C:\Windows\Fonts\OpenSans-Light.fot
2013-12-19 22:25:02 . 2013-12-19 22:25:02 1409 ----a-w- C:\Windows\Fonts\OpenSans-Bold.fot
2013-12-11 05:38:31 . 2012-04-23 08:40:02 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-11 05:38:31 . 2011-05-18 00:40:12 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-17 19:44:12 . 2009-07-13 23:52:11 14848 ----a-w- C:\Windows\system32\slwga.dll
2013-11-17 19:44:11 . 2009-07-13 23:36:22 13824 ----a-w- C:\Windows\SysWow64\slwga.dll
2013-11-17 19:44:10 . 2009-07-13 23:56:12 419840 ----a-w- C:\Windows\system32\systemcpl.dll
2013-11-17 19:44:03 . 2009-07-13 23:38:19 1008640 ----a-w- C:\Windows\system32\user32.dll
2013-11-17 19:44:02 . 2011-04-09 03:03:17 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2013-10-28 06:12:12 . 2013-10-28 06:12:12 204568 ----a-w- C:\Windows\system32\drivers\ssudmdm.sys
2013-10-28 06:12:10 . 2013-10-28 06:12:10 107288 ----a-w- C:\Windows\system32\drivers\ssudbus.sys
2013-10-22 01:26:47 . 2011-10-02 11:28:18 401927 ----a-w- C:\Windows\SysWow64\mioengine.exe
 
 
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
 
[7] 2009-07-14 01:41:53 . 7266972E86890E2B30C0C322E906B027 . 509440 . . [6.1.7600.16385 (win7_rtm.090713-1255)] .. C:\Windows\erdnt\cache64\rpcss.dll
[7] 2009-07-14 01:41:53 . 7266972E86890E2B30C0C322E906B027 . 509440 . . [6.1.7600.16385 (win7_rtm.090713-1255)] .. C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[-] 2009-07-14 01:41:53 . FEEDC1EFF740B065E45E847D407D32C5 . 509952 . . [6.1.7600.16385 (win7_rtm.090713-1255)] .. C:\Windows\system32\rpcss.dll
 
[7] 2009-07-14 01:41:56 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385 (win7_rtm.090713-1255)] .. C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2013-11-17 19:44:03 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385 (win7_rtm.090713-1255)] .. C:\Windows\system32\user32.dll
 
[-] 2013-11-17 19:44:02 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385 (win7_rtm.090713-1255)] .. C:\Windows\SysWOW64\user32.dll
[7] 2009-07-14 01:11:24 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385 (win7_rtm.090713-1255)] .. C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20:44 64792 ----a-w- C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20:44 64792 ----a-w- C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20:44 64792 ----a-w- C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20:44 64792 ----a-w- C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20:44 64792 ----a-w- C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20:44 64792 ----a-w- C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20:44 64792 ----a-w- C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20:44 64792 ----a-w- C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20:44 64792 ----a-w- C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="C:\Users\Steven\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 23:06:12 1016712]
"Steam"="C:\Program Files (x86)\Steam\steam.exe" [2013-12-11 19:40:36 1823656]
"uTorrent"="C:\Program Files (x86)\uTorrent\uTorrent.exe" [2013-05-01 20:31:27 802136]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe" [2013-10-02 16:08:56 20472992]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"VirtualCloneDrive"="C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 13:33:08 89456]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 00:06:18 59280]
"TkBellExe"="C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" [2013-01-11 03:15:41 295072]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-16 20:10:12 641704]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 21:06:36 958576]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 14:16:26 254336]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
 
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ragnarok;ragnarok;C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld --defaults-file=C:\ProgramData\MySQL\MySQL Server 5.6\my.ini ragnarok;C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld --defaults-file=C:\ProgramData\MySQL\MySQL Server 5.6\my.ini ragnarok [x]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys;C:\Windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;C:\Windows\system32\DRIVERS\dc3d.sys;C:\Windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys;C:\Windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dump_wmimmc;dump_wmimmc;C:\IgnitedGames\WindSlayer2\GameGuard\dump_wmimmc.sys;C:\IgnitedGames\WindSlayer2\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;C:\Windows\system32\drivers\EagleX64.sys;C:\Windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;C:\Windows\system32\DRIVERS\evolve.sys;C:\Windows\SYSNATIVE\DRIVERS\evolve.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;C:\Program Files (x86)\Garena Plus\Room\safedrv.sys;C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 Gun;Gun;C:\Game\SoftnyxGame\GunBoundIS\Gun64.sys;C:\Game\SoftnyxGame\GunBoundIS\Gun64.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\system32\drivers\hitmanpro37.sys;C:\Windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\system32\DRIVERS\mcvidrv_x64.sys;C:\Windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\system32\drivers\mcaudrv_x64.sys;C:\Windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 Mkd2Bthf;Mkd2Bthf;C:\Windows\system32\drivers\Mkd2Bthf.sys;C:\Windows\SYSNATIVE\drivers\Mkd2Bthf.sys [x]
R3 Mkd2Nadr;Mkd2Nadr;C:\Windows\system32\drivers\Mkd2Nadr.sys;C:\Windows\SYSNATIVE\drivers\Mkd2Nadr.sys [x]
R3 Mkd3kfNt;Mkd3kfNt;C:\Windows\system32\drivers\Mkd3kfNt.sys;C:\Windows\SYSNATIVE\drivers\Mkd3kfNt.sys [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys;C:\Windows\SYSNATIVE\Drivers\nx6000.sys [x]
R3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des;C:\Windows\SYSNATIVE\GameMon.des [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\system32\DRIVERS\point64.sys;C:\Windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 rkhdrv40;Rootkit Unhooker Driver; [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys;C:\Windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys;C:\Windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys;C:\Windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys;C:\Windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys;C:\Windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys;C:\Windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 usj;usj;C:\AeriaGames\EdenEternal\avital\ussjcs64.sys;C:\AeriaGames\EdenEternal\avital\ussjcs64.sys [x]
R3 vpcuxd;USB Virtualization Stub Service;C:\Windows\system32\DRIVERS\vpcuxd.sys;C:\Windows\SYSNATIVE\DRIVERS\vpcuxd.sys [x]
R3 VST64_DPV;VST64_DPV;C:\Windows\system32\DRIVERS\VSTDPV6.SYS;C:\Windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 VST64HWBS2;VST64HWBS2;C:\Windows\system32\DRIVERS\VSTBS26.SYS;C:\Windows\SYSNATIVE\DRIVERS\VSTBS26.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys;C:\Windows\SYSNATIVE\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys;C:\Windows\SYSNATIVE\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys;C:\Windows\SYSNATIVE\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys;C:\Windows\SYSNATIVE\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys;C:\Windows\SYSNATIVE\drivers\WsAudio_DeviceS(5).sys [x]
R3 X6va003;X6va003;C:\Users\Steven\AppData\Local\Temp\0034E00.tmp;C:\Users\Steven\AppData\Local\Temp\0034E00.tmp [x]
R3 X6va012;X6va012;C:\Windows\SysWOW64\Drivers\X6va012;C:\Windows\SysWOW64\Drivers\X6va012 [x]
R3 X6va014;X6va014;C:\Windows\SysWOW64\Drivers\X6va014;C:\Windows\SysWOW64\Drivers\X6va014 [x]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe;C:\Windows\SYSNATIVE\atiesrxx.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys;C:\Windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 uvhid;Unified Virtual HID;C:\Windows\system32\DRIVERS\uvhid.sys;C:\Windows\SYSNATIVE\DRIVERS\uvhid.sys [x]
 
 
--- Other Services/Drivers In Memory ---
 
*NewlyCreated* - 61259483
*Deregistered* - 61259483
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 21:40:59 1210320 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
 
Contents of the 'Scheduled Tasks' folder
 
2014-01-01 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 08:40:02 . 2013-12-11 05:38:37]
 
2014-01-01 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-07 07:06:25 . 2010-11-07 07:06:15]
 
2014-01-01 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-07 07:06:25 . 2010-11-07 07:06:15]
 
2013-12-31 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4174637778-3069213611-923670797-1000Core.job
- C:\Users\Steven\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-01 11:50:37 . 2012-09-17 08:03:04]
 
2014-01-01 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4174637778-3069213611-923670797-1000UA.job
- C:\Users\Steven\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-01 11:50:37 . 2012-09-17 08:03:04]
 
2014-01-01 C:\Windows\Tasks\ReclaimerUpdateFiles_Steven.job
- C:\Users\Steven\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-12-03 18:25:40 . 2013-12-03 18:25:38]
 
2013-12-31 C:\Windows\Tasks\ReclaimerUpdateXML_Steven.job
- C:\Users\Steven\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-12-03 18:25:40 . 2013-12-03 18:25:38]
 
2014-01-01 C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Steven.job
- C:\Users\Steven\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-12-03 18:25:40 . 2013-12-03 18:25:38]
 
 
--------- X64 Entries -----------
 
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20:44 75544 ----a-w- C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20:44 75544 ----a-w- C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20:44 75544 ----a-w- C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20:44 75544 ----a-w- C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20:44 75544 ----a-w- C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20:44 75544 ----a-w- C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20:44 75544 ----a-w- C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20:44 75544 ----a-w- C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20:44 75544 ----a-w- C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2009-09-23 23:30:44 165912]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2009-09-23 23:30:44 385560]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2009-09-23 23:30:44 363544]
 
------- Supplementary Scan -------
 
uLocal Page = C:\Windows\system32\blank.htm
uStart Page = hxxp://search.yahoo.com?type=714647&fr=spigot-yhp-ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
 
- - - - ORPHANS REMOVED - - - -
 
SafeBoot-26659728.sys
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
AddRemove-GOGPACKPAPERSPLEASE_is1 - C:\Users\Steven\Desktop\MUST PLAYS\Papers
AddRemove-Disney - C:\Program Files (x86)\ScreenSaverGift\Disney\Disney\Uninstall Disney Screensaver.exe
AddRemove-Mega Cars - C:\Program Files (x86)\ScreenSaverGift\Mega Cars\Mega Cars\Uninstall Mega Cars Screensaver.exe
AddRemove-Snakes - C:\Program Files (x86)\ScreenSaverGift\Snakes\Snakes\Uninstall Snakes Screensaver.exe
AddRemove-World Of Fantasies - C:\Program Files (x86)\ScreenSaverGift\World Of Fantasies\World Of Fantasies\Uninstall World Of Fantasies Screensaver.exe
AddRemove-eAthena Shop Studio - C:\Program Files (x86)\Kingdom Sieger\eAthena Shop Studio\Uninstal.exe


#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,490 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:32 PM

Posted 05 January 2014 - 09:32 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,490 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:32 PM

Posted 11 January 2014 - 08:12 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users