ComboFix 14-12-14.01 - cass 12/19/2014  12:44:05.7.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.1499 [GMT -5:00]
Running from: c:\users\cass\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\sqlite-3.7.151-amd64-sqlitejdbc.dll
.
---- Previous Run -------
.
c:\windows\TEMP\sqlite-3.7.151-amd64-sqlitejdbc.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ANTILOG32
-------\Service_AntiLog32
.
.
(((((((((((((((((((((((((   Files Created from 2014-11-19 to 2014-12-19  )))))))))))))))))))))))))))))))
.
.
2014-12-19 18:04 . 2014-12-19 18:04	--------	d-----w-	c:\users\sass\AppData\Local\temp
2014-12-19 18:04 . 2014-12-19 18:04	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-12-19 18:04 . 2014-12-19 18:04	--------	d-----w-	c:\users\cassyb7\AppData\Local\temp
2014-12-18 02:10 . 2014-12-18 02:10	--------	d-----w-	c:\users\cass\AppData\Roaming\AVAST Software
2014-12-18 02:00 . 2014-12-18 02:00	116728	----a-w-	c:\windows\system32\drivers\aswStm.sys
2014-12-18 02:00 . 2014-12-18 02:00	436624	----a-w-	c:\windows\system32\drivers\aswSP.sys
2014-12-18 02:00 . 2014-12-18 02:00	267632	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-12-18 02:00 . 2014-12-18 02:00	65776	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-12-18 02:00 . 2014-12-18 02:00	83280	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-12-18 02:00 . 2014-12-18 02:00	29208	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2014-12-18 02:00 . 2014-12-18 02:00	93568	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2014-12-18 02:00 . 2014-12-18 02:01	1050432	----a-w-	c:\windows\system32\drivers\aswsnx.sys
2014-12-18 02:00 . 2014-12-18 02:00	364512	----a-w-	c:\windows\system32\aswBoot.exe
2014-12-18 01:59 . 2014-12-18 01:59	43152	----a-w-	c:\windows\avastSS.scr
2014-12-18 01:59 . 2014-12-18 01:59	--------	d-----w-	c:\program files\AVAST Software
2014-12-18 01:55 . 2014-12-18 01:59	--------	d-----w-	c:\programdata\AVAST Software
2014-12-17 17:54 . 2014-07-25 14:52	23645696	----a-w-	c:\windows\system32\mshtml.dll
2014-12-16 21:46 . 2014-12-16 21:46	--------	d-----w-	C:\_OTL
2014-12-16 19:48 . 2014-12-16 19:48	--------	d-----w-	c:\windows\ERUNT
2014-12-16 18:58 . 2014-12-16 18:58	129752	----a-w-	c:\windows\system32\drivers\2BF36771.sys
2014-12-16 15:54 . 2014-12-16 19:33	--------	d-----w-	C:\fd686fd83ba35fe7cd0e6eba11ff
2014-12-16 15:51 . 2014-12-16 15:51	--------	d-----w-	c:\windows\CheckSur
2014-12-16 14:56 . 2014-12-16 14:56	129752	----a-w-	c:\windows\system32\drivers\25F52E0E.sys
2014-12-15 21:04 . 2014-12-15 21:33	129752	----a-w-	c:\windows\system32\drivers\6317795D.sys
2014-12-15 13:40 . 2014-09-19 01:40	547328	---ha-w-	c:\windows\system32\vbscript.dll
2014-12-14 19:25 . 2014-12-15 02:37	--------	d-----w-	c:\program files (x86)\Common Files\Config
2014-12-14 18:24 . 2014-12-14 18:25	--------	d-----w-	c:\program files (x86)\Picture Collage Maker Pro
2014-12-14 00:48 . 2009-07-13 23:21	99840	----a-w-	c:\windows\system32\drivers\tdx.sys
2014-12-13 01:55 . 2014-12-13 02:21	--------	d-----w-	c:\programdata\MFAData
2014-12-13 01:55 . 2014-12-13 01:55	--------	d-----w-	c:\users\cass\AppData\Local\MFAData
2014-12-13 01:55 . 2014-12-13 01:55	--------	d-----w-	c:\users\cass\AppData\Local\Avg2015
2014-12-13 00:26 . 2014-12-13 00:26	--------	d-----w-	c:\programdata\Malwarebytes
2014-12-11 19:55 . 2014-12-17 01:10	--------	d-----w-	C:\FRST
2014-12-11 05:02 . 2014-12-13 01:18	--------	d-----w-	c:\program files (x86)\K-Lite Codec Pack
2014-12-11 02:22 . 2014-12-11 02:22	--------	d-----w-	c:\users\cass\Samsung Link
2014-12-11 01:23 . 2014-12-11 01:23	--------	d-----w-	C:\Upload
2014-12-10 16:34 . 2014-10-30 02:04	1480192	----a-w-	c:\windows\system32\crypt32.dll
2014-12-10 16:34 . 2014-10-30 01:46	1174528	----a-w-	c:\windows\SysWow64\crypt32.dll
2014-12-10 16:34 . 2014-11-11 03:09	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-18 18:14 . 2013-02-05 15:36	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-18 18:14 . 2013-02-05 15:36	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-04 23:28 . 2014-02-24 14:39	20696	---ha-w-	c:\windows\system32\drivers\mfmonitor_x64.sys
2014-11-11 03:08 . 2014-11-19 15:47	241152	----a-w-	c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 15:47	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-11-19 15:47	186880	----a-w-	c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 15:47	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-10-25 01:57 . 2014-11-12 18:05	77824	----a-w-	c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 18:05	67584	----a-w-	c:\windows\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-12 18:04	861696	----a-w-	c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-12 18:04	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16 . 2014-11-12 18:08	155064	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-12 18:08	683520	----a-w-	c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-12 18:05	3241984	----a-w-	c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-12 18:08	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-12 18:08	146432	----a-w-	c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-12 18:08	681984	----a-w-	c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-12 18:08	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-12 18:05	2363904	----a-w-	c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-12 18:08	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-12 18:08	146432	----a-w-	c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-12 18:08	681984	----a-w-	c:\windows\SysWow64\adtschema.dll
2014-10-10 00:57 . 2014-11-12 18:05	3198976	----a-w-	c:\windows\system32\win32k.sys
2014-10-03 02:12 . 2014-11-12 18:06	500224	----a-w-	c:\windows\system32\AUDIOKSE.dll
2014-10-03 02:11 . 2014-11-12 18:06	284672	----a-w-	c:\windows\system32\EncDump.dll
2014-10-03 02:11 . 2014-11-12 18:06	680960	----a-w-	c:\windows\system32\audiosrv.dll
2014-10-03 02:11 . 2014-11-12 18:06	440832	----a-w-	c:\windows\system32\AudioEng.dll
2014-10-03 02:11 . 2014-11-12 18:06	296448	----a-w-	c:\windows\system32\AudioSes.dll
2014-10-03 01:44 . 2014-11-12 18:06	442880	----a-w-	c:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44 . 2014-11-12 18:06	374784	----a-w-	c:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44 . 2014-11-12 18:06	195584	----a-w-	c:\windows\SysWow64\AudioSes.dll
2014-09-25 02:08 . 2014-10-01 15:55	371712	----a-w-	c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 15:55	519680	----a-w-	c:\windows\SysWow64\qdvd.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\cass\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\cass\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\cass\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\cass\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\cass\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\cass\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\cass\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\cass\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00001YSISyncComplete]
@="{89B5F9CC-C4A2-462C-BD27-29CEAC972135}"
[HKEY_CLASSES_ROOT\CLSID\{89B5F9CC-C4A2-462C-BD27-29CEAC972135}]
2013-10-28 15:58	2844728	----a-w-	c:\program files (x86)\Hightail Desktop App\YSINSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00002YSISyncActive]
@="{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}"
[HKEY_CLASSES_ROOT\CLSID\{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}]
2013-10-28 15:58	2844728	----a-w-	c:\program files (x86)\Hightail Desktop App\YSINSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00003YSISyncError]
@="{306A9CDE-AC70-453A-8008-B5F9962B8F88}"
[HKEY_CLASSES_ROOT\CLSID\{306A9CDE-AC70-453A-8008-B5F9962B8F88}]
2013-10-28 15:58	2844728	----a-w-	c:\program files (x86)\Hightail Desktop App\YSINSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00004YSILocalOnly]
@="{23A7D2DC-F395-4E33-876C-84A2DFAB0EBB}"
[HKEY_CLASSES_ROOT\CLSID\{23A7D2DC-F395-4E33-876C-84A2DFAB0EBB}]
2013-10-28 15:58	2844728	----a-w-	c:\program files (x86)\Hightail Desktop App\YSINSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2014-05-28 896400]
"IDMan"="c:\program files (x86)\Internet Download Manager\idman.exe" [2013-06-02 3532224]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-01-29 39408]
"GoogleChromeAutoLaunch_7190BA47928DF024343A1C8C28746913"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-12-06 856904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-12-18 5227112]
.
c:\users\cass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\cass\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-12-8 39207112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MF NTFS Monitor;MediaFire NTFS Monitor;c:\users\cass\AppData\Local\MEDIAF~2\MFUSNM~1.EXE;c:\users\cass\AppData\Local\MEDIAF~2\MFUSNM~1.EXE [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 GSService;GSService;c:\windows\SysWOW64\GSService.exe;c:\windows\SysWOW64\GSService.exe [x]
R3 IEEtwCollectorService;IEEtwCollectorService;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\2BF36771.sys;c:\windows\SYSNATIVE\drivers\2BF36771.sys [x]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AllShare Framework DMS;AllShare Framework DMS;c:\program files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe;c:\program files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 mfmonitor;mfmonitor;c:\windows\system32\DRIVERS\mfmonitor_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mfmonitor_x64.sys [x]
S2 Samsung Link Service;Samsung Link Service;c:\program files\Samsung\Samsung Link\Samsung Link.exe;c:\program files\Samsung\Samsung Link\Samsung Link.exe [x]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys;c:\windows\SYSNATIVE\drivers\SndTAudio.sys [x]
S3 WsAudio_Device(1);WsAudio_Device(1);c:\windows\system32\drivers\VirtualAudio1.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio1.sys [x]
S3 WsAudio_Device(2);WsAudio_Device(2);c:\windows\system32\drivers\VirtualAudio2.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio2.sys [x]
S3 WsAudio_Device(3);WsAudio_Device(3);c:\windows\system32\drivers\VirtualAudio3.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio3.sys [x]
S3 WsAudio_Device(4);WsAudio_Device(4);c:\windows\system32\drivers\VirtualAudio4.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio4.sys [x]
S3 WsAudio_Device(5);WsAudio_Device(5);c:\windows\system32\drivers\VirtualAudio5.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio5.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 16:29	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-14 01:00	1087816	----a-w-	c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-05 18:14]
.
2014-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-29 20:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00001YSISyncComplete]
@="{89B5F9CC-C4A2-462C-BD27-29CEAC972135}"
[HKEY_CLASSES_ROOT\CLSID\{89B5F9CC-C4A2-462C-BD27-29CEAC972135}]
2013-10-28 16:00	2983992	----a-w-	c:\program files (x86)\Hightail Desktop App\YSINSE64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00002YSISyncActive]
@="{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}"
[HKEY_CLASSES_ROOT\CLSID\{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}]
2013-10-28 16:00	2983992	----a-w-	c:\program files (x86)\Hightail Desktop App\YSINSE64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00003YSISyncError]
@="{306A9CDE-AC70-453A-8008-B5F9962B8F88}"
[HKEY_CLASSES_ROOT\CLSID\{306A9CDE-AC70-453A-8008-B5F9962B8F88}]
2013-10-28 16:00	2983992	----a-w-	c:\program files (x86)\Hightail Desktop App\YSINSE64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00004YSILocalOnly]
@="{23A7D2DC-F395-4E33-876C-84A2DFAB0EBB}"
[HKEY_CLASSES_ROOT\CLSID\{23A7D2DC-F395-4E33-876C-84A2DFAB0EBB}]
2013-10-28 16:00	2983992	----a-w-	c:\program files (x86)\Hightail Desktop App\YSINSE64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-12-18 02:00	860984	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconError]
@="{5EE8C634-CDC0-453D-9731-DF0B19F4E807}"
[HKEY_CLASSES_ROOT\CLSID\{5EE8C634-CDC0-453D-9731-DF0B19F4E807}]
2014-07-02 18:13	89600	----a-w-	c:\program files (x86)\MediaFire Desktop\MediaFireIcon3_8e3c2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconReadOnly]
@="{7995D0FC-769B-4197-AEC0-991921CB99E1}"
[HKEY_CLASSES_ROOT\CLSID\{7995D0FC-769B-4197-AEC0-991921CB99E1}]
2014-07-02 18:13	89088	----a-w-	c:\program files (x86)\MediaFire Desktop\MediaFireIcon5_8e3c2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconSynched]
@="{9A3B79CB-D899-40B5-8DBC-20447F1ADC8F}"
[HKEY_CLASSES_ROOT\CLSID\{9A3B79CB-D899-40B5-8DBC-20447F1ADC8F}]
2014-07-02 18:13	84992	----a-w-	c:\program files (x86)\MediaFire Desktop\MediaFireIcon_8e3c2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconSyncing]
@="{C4D81971-6B13-4173-AB21-F83AD20CCC04}"
[HKEY_CLASSES_ROOT\CLSID\{C4D81971-6B13-4173-AB21-F83AD20CCC04}]
2014-07-02 18:13	86528	----a-w-	c:\program files (x86)\MediaFire Desktop\MediaFireIcon2_8e3c2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\cass\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\cass\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\cass\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\cass\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49	23432	----a-w-	c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MediaFireIconLock]
@="{759F3E92-F4E8-4953-8315-238B8B17E0F3}"
[HKEY_CLASSES_ROOT\CLSID\{759F3E92-F4E8-4953-8315-238B8B17E0F3}]
2014-07-02 18:13	84992	----a-w-	c:\program files (x86)\MediaFire Desktop\MediaFireIcon4_8e3c2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hightail Sync Agent"="c:\program files (x86)\Hightail Desktop App\Hightail.exe" [2013-10-28 7040056]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://comcast.net/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
uSearchAssistant = hxxp://www.google.com
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
Trusted Zone: sendmyway.com\www
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} - hxxp://www.digitalwebbooks.com/reader/dbplugin.cab
FF - ProfilePath - c:\users\cass\AppData\Roaming\Mozilla\Firefox\Profiles\2mttk1mj.default-1404400294804\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-{A526332D-E81C-452D-9502-289F13BA1791} - c:\programdata\{C2441AF5-E036-488E-8909-467A85EB8A7E}\Setup.exe
AddRemove-{C611CF88-969D-43E6-A877-D6D6439DD081} - c:\programdata\{D441869F-BEC4-446D-9888-C5CA29F160F9}\HP_Remote_Solution_Install.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3204655562-3042467115-2064883207-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3204655562-3042467115-2064883207-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):c3,d4,32,c0,c1,ad,de,0e,64,c4,65,41,7f,50,6e,18,71,38,0f,55,4b,
   53,70,1e,97,ed,a2,26,66,46,cc,5b,75,50,d6,1b,eb,3e,57,8a,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-12-19  13:08:59
ComboFix-quarantined-files.txt  2014-12-19 18:08
ComboFix2.txt  2014-12-19 03:48
.
Pre-Run: 455,332,270,080 bytes free
Post-Run: 455,239,225,344 bytes free
.
- - End Of File - - 03D2D829ABE351684B1E6F77D6C62EB7
2B0D0C4350483AF8027AFD03690D74F1