Starblue

Ok I did the tasks on the your list and thanks for the info, THANK YOU SO MUCH for your help

ok I did everything in the post, Computer is working like when I first got it, moves faster than before. It very responsive and no more Death of a Blue Screen, in sight

ok here is the log ComboFix 13-08-21.01 - Jen 08/22/2013 1:03.3.1 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2814.1199 [GMT -4:00] Running from: c:\users\J\Desktop\ComboFix.exe Command switches used :: c:\users\J\Desktop\CFScript.txt AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\Jen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\7ff8dfd3-2477ab6b" "c:\users\Jen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\42cc9baf-3a0ba303" "c:\users\Jen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\61588735-342c1d98" "c:\users\Jen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\521270fa-38f467be" "c:\users\Jen\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\stubinst_pkg_en-us.cab" "c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2M7SGM9W\menshealthbase_passback_300x250[1].htm" "c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\13eef480-38d6e61b" "c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\ef13c94-2658c2a2" "c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\518b4dda-533d44d5" "c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\76a20060-4d4f5f54" "c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\2e74f128-1074dc0b" "c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\646a4eb2-7934118c" "c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2M7SGM9W\menshealthbase_passback_300x250[1].htm" "c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\13eef480-38d6e61b" "c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\ef13c94-2658c2a2" "c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\518b4dda-533d44d5" "c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\76a20060-4d4f5f54" "c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\2e74f128-1074dc0b" "c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\646a4eb2-7934118c" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Jen\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\stubinst_pkg_en-us.cab c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2M7SGM9W\menshealthbase_passback_300x250[1].htm . . ((((((((((((((((((((((((( Files Created from 2013-07-22 to 2013-08-22 ))))))))))))))))))))))))))))))) . . 2013-08-22 05:12 . 2013-08-22 05:12 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-21 05:55 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2013-08-21 05:55 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2013-08-21 05:55 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2013-08-21 05:55 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2013-08-21 05:48 . 2013-08-21 05:48 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-08-21 05:33 . 2013-08-21 05:35 -------- d-----w- c:\windows\system32\MRT 2013-08-21 05:21 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2013-08-21 05:21 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2013-08-21 05:21 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2013-08-21 05:21 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2013-08-21 05:19 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2013-08-21 05:19 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2013-08-21 05:19 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2013-08-21 05:19 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2013-08-21 05:19 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2013-08-21 05:19 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2013-08-21 05:19 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2013-08-21 02:41 . 2013-08-21 02:41 -------- d-----w- c:\program files (x86)\ESET 2013-08-21 02:22 . 2013-08-21 03:00 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-08-21 02:16 . 2013-08-21 02:16 -------- d-----w- c:\users\Jen\AppData\Local\adawarebp 2013-08-21 02:00 . 2013-08-21 02:15 -------- d-----w- C:\AdwCleaner 2013-08-20 23:23 . 2013-08-20 23:23 -------- d-----w- c:\windows\ERUNT 2013-08-20 02:58 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-08-20 02:58 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-08-20 02:58 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll 2013-08-20 02:57 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2013-08-20 02:57 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2013-08-20 02:57 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2013-08-20 02:57 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2013-08-20 02:57 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll 2013-08-20 02:57 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll 2013-08-20 02:57 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-08-20 02:57 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-08-20 02:57 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-08-20 02:57 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll 2013-08-20 02:57 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-08-20 02:57 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-08-20 02:56 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll 2013-08-20 02:56 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll 2013-08-20 02:56 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll 2013-08-20 02:56 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll 2013-08-20 02:56 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll 2013-08-20 02:56 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll 2013-08-20 02:54 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2013-08-20 02:52 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll 2013-08-20 02:52 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2013-08-20 02:52 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll 2013-08-20 02:52 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2013-08-20 02:52 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll 2013-08-20 02:52 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll 2013-08-20 02:52 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-08-20 02:52 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-08-20 02:52 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-08-20 02:52 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-08-20 02:52 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-08-20 02:52 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-08-20 02:52 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2013-08-20 02:49 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll 2013-08-20 02:47 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll 2013-08-20 02:47 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2013-08-20 02:47 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll 2013-08-20 02:47 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-08-20 02:47 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-08-20 02:47 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe 2013-08-20 02:47 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll 2013-08-20 02:47 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll 2013-08-20 02:44 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-20 02:44 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-08-20 02:44 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-08-20 02:44 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-08-20 02:44 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe 2013-08-20 02:44 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-08-20 02:44 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll 2013-08-20 02:44 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll 2013-08-20 02:44 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe 2013-08-20 02:44 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe 2013-08-20 02:20 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll 2013-08-20 01:32 . 2013-08-20 01:32 -------- d-----w- c:\programdata\Malwarebytes 2013-08-19 21:58 . 2013-08-19 21:58 -------- d-----w- C:\FRST 2013-08-01 03:04 . 2013-08-01 03:04 -------- d-----w- c:\users\Jen\AppData\Roaming\LavasoftStatistics 2013-08-01 03:04 . 2013-08-01 03:04 -------- d-----w- c:\programdata\Ad-Aware Antivirus 2013-08-01 03:00 . 2013-08-20 22:27 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus 2013-08-01 03:00 . 2013-08-01 03:00 -------- d-----w- c:\programdata\Lavasoft 2013-08-01 02:59 . 2013-08-01 02:59 -------- d-----w- c:\programdata\Downloaded Installations 2013-08-01 02:59 . 2013-08-19 08:17 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection 2013-08-01 02:59 . 2013-08-01 02:59 -------- d-----w- c:\program files (x86)\Toolbar Cleaner 2013-08-01 02:58 . 2013-08-01 02:58 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys 2013-08-01 02:58 . 2013-08-20 02:11 -------- d-----w- c:\users\Jen\AppData\Roaming\Ad-Aware Antivirus 2013-08-01 02:42 . 2013-08-01 02:42 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software 2013-07-28 14:31 . 2013-07-28 14:31 -------- d-----w- c:\users\Jen\AppData\Roaming\AVG2013 2013-07-28 14:30 . 2013-07-28 14:30 -------- d-----w- c:\users\Jen\AppData\Roaming\TuneUp Software 2013-07-28 14:28 . 2013-07-28 14:30 -------- d-----w- c:\programdata\AVG2013 2013-07-28 14:28 . 2013-07-28 14:28 -------- d-----w- C:\$AVG 2013-07-28 14:28 . 2013-07-28 14:28 -------- d-----w- c:\program files (x86)\AVG 2013-07-28 14:26 . 2013-08-19 05:03 -------- d-----w- c:\users\Jen\AppData\Local\Avg2013 2013-07-28 14:26 . 2013-07-28 14:26 -------- d-----w- c:\users\Jen\AppData\Local\MFAData . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-05 20:14 . 2010-12-14 04:26 78161360 ----a-w- c:\windows\system32\MRT.exe 2013-07-20 05:51 . 2013-07-20 05:51 311608 ----a-w- c:\windows\system32\drivers\avgloga.sys 2013-07-20 05:50 . 2013-07-20 05:50 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2013-07-20 05:50 . 2013-07-20 05:50 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys 2013-07-20 05:50 . 2013-07-20 05:50 206648 ----a-w- c:\windows\system32\drivers\avgldx64.sys 2013-07-10 05:32 . 2013-07-10 05:32 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys 2013-07-01 05:45 . 2013-07-01 05:45 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys 2013-06-27 16:14 . 2010-01-21 09:27 2237968 ----a-w- C:\tdsskiller.exe 2013-06-12 03:51 . 2012-08-18 18:02 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-12 03:51 . 2012-08-18 18:02 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AOL Fast Start"="c:\program files (x86)\AOL Desktop 9.6a\AOL.EXE" [2011-04-25 42320] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HostManager"="c:\program files (x86)\Common Files\AOL\1291691248\ee\AOLSoftware.exe" [2010-03-08 41800] "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-07-01 4411440] "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-07-15 554384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x] S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] . . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-29 16333856] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-14 610360] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SYSTEM32\blank.htm TCP: DhcpNameServer = 167.206.254.1 167.206.254.2 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-08-22 01:23:07 ComboFix-quarantined-files.txt 2013-08-22 05:23 ComboFix2.txt 2013-08-22 04:54 ComboFix3.txt 2013-08-20 22:58 . Pre-Run: 244,881,625,088 bytes free Post-Run: 244,897,583,104 bytes free . - - End Of File - - D95CA0B884E99C2EC423A904EAB4502A 6A3BB38EF08BCB99A37E0133C3888935

ok here is the ESET log after 2 hours....that's long, lol My computer is out of safe mode and working well, no problems with boot ups so far and the screen hasn't show up. I'm runnung regular mode C:\AdwCleaner\Quarantine\C\Users\Jen\AppData\LocalLow\MapsGalaxy_39EI\Installr\Cache\018D03BF.exe.vir a variant of Win32/Toolbar.MyWebSearch.O application C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip Win32/Bagle.gen.zip worm C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp1.zip Win32/Bagle.gen.zip worm C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp2.zip Win32/Bagle.gen.zip worm C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp3.zip Win32/Bagle.gen.zip worm C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp4.zip Win32/Bagle.gen.zip worm C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp5.zip Win32/Bagle.gen.zip worm C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp6.zip Win32/Bagle.gen.zip worm C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip Win32/Bagle.gen.zip worm C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgp1.zip Win32/Bagle.gen.zip worm C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgp2.zip Win32/Bagle.gen.zip worm C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgp3.zip Win32/Bagle.gen.zip worm C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgp4.zip Win32/Bagle.gen.zip worm C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgp5.zip Win32/Bagle.gen.zip worm C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgp6.zip Win32/Bagle.gen.zip worm C:\Users\Jen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\7ff8dfd3-2477ab6b a variant of Java/JShrink.A application C:\Users\Jen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\42cc9baf-3a0ba303 multiple threats C:\Users\Jen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\61588735-342c1d98 a variant of Java/Exploit.Blacole.AK trojan C:\Users\Jen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\521270fa-38f467be multiple threats C:\Users\Jen\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\stubinst_pkg_en-us.cab Win32/OpenCandy application C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2M7SGM9W\menshealthbase_passback_300x250[1].htm JS/Agent.NJV trojan C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\13eef480-38d6e61b multiple threats C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\ef13c94-2658c2a2 Java/Exploit.Agent.NGS trojan C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\518b4dda-533d44d5 a variant of Java/Exploit.Agent.NJV trojan C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\76a20060-4d4f5f54 multiple threats C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\2e74f128-1074dc0b multiple threats C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\646a4eb2-7934118c multiple threats C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2M7SGM9W\menshealthbase_passback_300x250[1].htm JS/Agent.NJV trojan C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\13eef480-38d6e61b multiple threats C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\ef13c94-2658c2a2 Java/Exploit.Agent.NGS trojan C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\518b4dda-533d44d5 a variant of Java/Exploit.Agent.NJV trojan C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\76a20060-4d4f5f54 multiple threats C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\2e74f128-1074dc0b multiple threats C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\646a4eb2-7934118c multiple threats

I got half of log for the the ESET last log , sorry, it takes a really long time to scan I'll try again, after work tomorrow

# AdwCleaner v3.000 - Report created 20/08/2013 at 22:15:19 # Updated 20/08/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : # Running from : C:\Users\J\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files (x86)\MapsGalaxy_39EI Folder Deleted : C:\Program Files (x86)\Viewpoint Folder Deleted : C:\Users\\AppData\LocalLow\MapsGalaxy_39EI ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [39ffxtbr@MapsGalaxy_39.com] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@MapsGalaxy_39.com/Plugin Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}] Key Deleted : HKCU\Software\AppDataLow\Software\adawaretb Key Deleted : HKCU\Software\AppDataLow\Software\MapsGalaxy_39 Key Deleted : HKCU\Software\AppDataLow\Software\MapsGalaxy_39EI Key Deleted : HKLM\Software\adawaretb Key Deleted : HKLM\Software\MapsGalaxy_39 Key Deleted : HKLM\Software\MetaStream Key Deleted : HKLM\Software\Viewpoint Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16502 ************************* AdwCleaner[R0].txt - [2675 octets] - [20/08/2013 22:00:43] AdwCleaner[R1].txt - [2735 octets] - [20/08/2013 22:14:57] AdwCleaner[s0].txt - [2599 octets] - [20/08/2013 22:15:19] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2659 octets] ########## I hope this is the correct log, I kinda got confused in that section Malwarebytes Anti-Rootkit BETA 1.06.1.1005 www.malwarebytes.org Database version: v2013.08.20.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 8/20/2013 10:22:46 PM mbar-log-2013-08-20 (22-22-46).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: PUP Objects scanned: 243016 Time elapsed: 10 minute(s), 39 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) and the

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.5.1 (08.19.2013:1) OS: Windows 7 Home Premium x64 Ran by on Tue 08/20/2013 at 19:23:54.30 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3217652057-2821476037-1169716605-1001\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} ~~~ Files Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\viewpoint" Successfully deleted: [Folder] "C:\Users\Jen\appdata\local\adawarebp" Successfully deleted: [Folder] "C:\Users\Jen\appdata\locallow\adawaretb" Successfully deleted: [Folder] "C:\Users\Jen\appdata\locallow\mapsgalaxy_39" Successfully deleted: [Folder] "C:\Program Files (x86)\mapsgalaxy_39" Failed to delete: [Folder] "C:\Program Files (x86)\viewpoint" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 08/20/2013 at 19:28:28.49 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ComboFix 13-08-19.02 - 08/20/2013 18:36:17.1.1 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2814.1641 [GMT -4:00] Running from: c:\users\\Desktop\ComboFix.exe AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWow64\config\systemprofile\8817879.exe c:\windows\SysWow64\config\systemprofile\opera.exe c:\windows\SysWow64\config\systemprofile\rundll32.exe c:\windows\SysWow64\config\systemprofile\spoolsv.exe . . ((((((((((((((((((((((((( Files Created from 2013-07-20 to 2013-08-20 ))))))))))))))))))))))))))))))) . . 2013-08-20 22:47 . 2013-08-20 22:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-20 03:29 . 2013-07-25 03:35 10926080 ----a-w- c:\windows\system32\ieframe.dll 2013-08-20 02:44 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll 2013-08-20 02:44 . 2012-02-11 06:39 956928 ----a-w- c:\windows\system32\localspl.dll 2013-08-20 02:44 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe 2013-08-20 02:44 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe 2013-08-20 02:44 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-08-20 01:32 . 2013-08-20 01:32 -------- d-----w- c:\programdata\Malwarebytes 2013-08-19 21:58 . 2013-08-19 21:58 -------- d-----w- C:\FRST 2013-08-01 03:04 . 2013-08-01 03:04 -------- d-----w- c:\users\Jen\AppData\Roaming\LavasoftStatistics 2013-08-01 03:04 . 2013-08-01 03:04 -------- d-----w- c:\programdata\Ad-Aware Antivirus 2013-08-01 03:00 . 2013-08-20 22:27 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus 2013-08-01 03:00 . 2013-08-01 03:00 -------- d-----w- c:\programdata\Lavasoft 2013-08-01 02:59 . 2013-08-01 02:59 -------- d-----w- c:\programdata\Downloaded Installations 2013-08-01 02:59 . 2013-08-01 02:59 -------- d-----w- c:\users\Jen\AppData\Local\adawarebp 2013-08-01 02:59 . 2013-08-19 08:17 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection 2013-08-01 02:59 . 2013-08-01 02:59 -------- d-----w- c:\program files (x86)\Toolbar Cleaner 2013-08-01 02:58 . 2013-08-01 02:58 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys 2013-08-01 02:58 . 2013-08-20 02:11 -------- d-----w- c:\users\Jen\AppData\Roaming\Ad-Aware Antivirus 2013-08-01 02:42 . 2013-08-01 02:42 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software 2013-07-28 14:31 . 2013-07-28 14:31 -------- d-----w- c:\users\Jen\AppData\Roaming\AVG2013 2013-07-28 14:30 . 2013-07-28 14:30 -------- d-----w- c:\users\Jen\AppData\Roaming\TuneUp Software 2013-07-28 14:28 . 2013-07-28 14:30 -------- d-----w- c:\programdata\AVG2013 2013-07-28 14:28 . 2013-07-28 14:28 -------- d-----w- C:\$AVG 2013-07-28 14:28 . 2013-07-28 14:28 -------- d-----w- c:\program files (x86)\AVG 2013-07-28 14:26 . 2013-08-19 05:03 -------- d-----w- c:\users\Jen\AppData\Local\Avg2013 2013-07-28 14:26 . 2013-07-28 14:26 -------- d-----w- c:\users\Jen\AppData\Local\MFAData . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-20 02:03 . 2010-12-14 04:26 62134624 ----a-w- c:\windows\system32\MRT.exe 2013-07-20 05:51 . 2013-07-20 05:51 311608 ----a-w- c:\windows\system32\drivers\avgloga.sys 2013-07-20 05:50 . 2013-07-20 05:50 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2013-07-20 05:50 . 2013-07-20 05:50 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys 2013-07-20 05:50 . 2013-07-20 05:50 206648 ----a-w- c:\windows\system32\drivers\avgldx64.sys 2013-07-10 05:32 . 2013-07-10 05:32 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys 2013-07-01 05:45 . 2013-07-01 05:45 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys 2013-06-27 16:14 . 2010-01-21 09:27 2237968 ----a-w- C:\tdsskiller.exe 2013-06-12 03:51 . 2012-08-18 18:02 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-12 03:51 . 2012-08-18 18:02 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}] 2013-07-29 06:52 87440 ----a-w- c:\program files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll" [2013-07-29 87440] . [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AOL Fast Start"="c:\program files (x86)\AOL Desktop 9.6a\AOL.EXE" [2011-04-25 42320] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HostManager"="c:\program files (x86)\Common Files\AOL\1291691248\ee\AOLSoftware.exe" [2010-03-08 41800] "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-07-01 4411440] "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-07-15 554384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x] S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] . . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-29 16333856] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-14 610360] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mStart Page = about:blank mLocal Page = c:\windows\SYSTEM32\blank.htm TCP: DhcpNameServer = 167.206.254.1 167.206.254.2 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-Search Protection - c:\programdata\Search Protection\SearchProtection.exe Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe SafeBoot-17290921.sys . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-08-20 18:58:05 ComboFix-quarantined-files.txt 2013-08-20 22:58 . Pre-Run: 230,445,355,008 bytes free Post-Run: 245,943,717,888 bytes free . - - End Of File - - BD3038D0D260800E125927355AE2D7A9 6A3BB38EF08BCB99A37E0133C3888935

ok here is the log

ok here are the 2 logs, thanks mbar-log-2013-08-19 (21-34-46).txt system-log.txt

ok Here is the log Boot Mode: Safe Mode (with Networking) ============================================== Content of fixlist: ***************** start SearchScopes: HKLM - {ADB441EA-547C-401A-9B96-E2608E95E3A3} URL = http://search.mywebs...or={searchTerms} Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File Toolbar: HKCU - No Name - {364EA597-E728-4CE4-BB4A-ED846EF47970} - No File Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 06 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 06 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" S2 MapsGalaxy_39Service; C:\PROGRA~2\MAPSGA~2\bar\1.bin\39barsvc.exe [42504 2011-09-16] (COMPANYVERS_NAME) 2013-08-19 04:17 - 2013-07-31 22:59 - 00000000 ____D C:\ProgramData\Search Protection 2013-07-31 22:59 - 2013-07-31 22:59 - 00000000 ____D C:\ProgramData\blekko toolbars C:\Windows\Installer\{47ad6d15-b214-984f-6b2f-1fa76e001fd4} C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{47ad6d15-b214-984f-6b2f-1fa76e001fd4} C:\Windows\svchost.exe end ***************** HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ADB441EA-547C-401A-9B96-E2608E95E3A3} => Key deleted successfully. HKCR\CLSID\{ADB441EA-547C-401A-9B96-E2608E95E3A3} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{ADB441EA-547C-401A-9B96-E2608E95E3A3} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{ADB441EA-547C-401A-9B96-E2608E95E3A3} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{b0441a0e-a49a-4e16-afc1-74ecced1921f} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Value deleted successfully. HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{364EA597-E728-4CE4-BB4A-ED846EF47970} => Value deleted successfully. HKCR\CLSID\{364EA597-E728-4CE4-BB4A-ED846EF47970} => Key not found. Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll Winsock: Catalog5 entry 000000000006\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll Winsock: Catalog5-x64 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll Winsock: Catalog5-x64 entry 000000000006\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll MapsGalaxy_39Service => Service deleted successfully. C:\ProgramData\Search Protection => Moved successfully. C:\ProgramData\blekko toolbars => Moved successfully. C:\Windows\Installer\{47ad6d15-b214-984f-6b2f-1fa76e001fd4} => Moved successfully. C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{47ad6d15-b214-984f-6b2f-1fa76e001fd4} => Moved successfully. C:\Windows\svchost.exe => Moved successfully. ==== End of Fixlog ====

ok here are the 2 logs, thanks Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-08-2013 03 Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Safe Mode (with Networking) ==================== Processes (Whitelisted) ================= (Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Microsoft Corporation) C:\Windows\System32\WerFault.exe (AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.6a\waol.exe (AOL LLC) C:\Program Files (x86)\Common Files\AOL\ACS\AOLacsd.exe (GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.6a\shellmon.exe (AOL Inc.) C:\Program Files (x86)\Common Files\aol\1291691248\ee\aolsoftware.exe (AOL Inc.) C:\Program Files (x86)\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe (AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.6a\AOLBrowser\aolbrowser.exe (Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE (AOL Inc.) C:\Program Files (x86)\Common Files\aol\1291691248\ee\aolupdates.exe (Farbar) C:\Users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10DE6E20\FRST64[1].exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16333856 2009-07-29] (NVIDIA Corporation) HKLM\...\Run: [smartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] () HKCU\...\Run: [AOL Fast Start] - C:\Program Files (x86)\AOL Desktop 9.6a\AOL.EXE [42320 2011-04-25] (AOL Inc.) HKLM-x32\...\Run: [HostManager] - C:\Program Files (x86)\Common Files\AOL\1291691248\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.) HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft) HKLM-x32\...\Run: [search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe [943016 2013-07-16] (Lavasoft) HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x] HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [x] HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [x] ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_2&ent=hp&u=85C0E9511DC82D8B533EAC51F9CEC8D6 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {3C174079-C04A-491C-8883-E19FFF34D324} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {ADB441EA-547C-401A-9B96-E2608E95E3A3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd SearchScopes: HKLM-x32 - DefaultScope {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={SearchTerms}&invocationType=tb50TB50CL-chromesbox-en-us SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={SearchTerms}&invocationType=tb50TB50CL-chromesbox-en-us SearchScopes: HKLM-x32 - {ADB441EA-547C-401A-9B96-E2608E95E3A3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd SearchScopes: HKLM-x32 - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=UXxdm002YYus&ptnrS=UXxdm002YYus&ptb=B62329B3-1499-4D09-A5E1-5FE59C8B5EE6&ind=2011092302&n=77ded54e&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKCU - DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_2&hsimp=yhs-lavasoft&ent=ch&q={searchTerms} SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_2&hsimp=yhs-lavasoft&ent=ch&q={searchTerms} SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = SearchScopes: HKCU - {ADB441EA-547C-401A-9B96-E2608E95E3A3} URL = SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO-x32: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll () BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM-x32 - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll () Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File Toolbar: HKCU - No Name - {364EA597-E728-4CE4-BB4A-ED846EF47970} - No File DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 06 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 06 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog9-x64 01 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 02 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 03 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 04 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 05 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 06 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 07 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 08 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 09 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 10 mswsock.dll File Not found (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 167.206.254.1 167.206.254.2 ==================== Services (Whitelisted) ================= R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited) S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.) S2 MapsGalaxy_39Service; C:\PROGRA~2\MAPSGA~2\bar\1.bin\39barsvc.exe [42504 2011-09-16] (COMPANYVERS_NAME) R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software) ==================== Drivers (Whitelisted) ==================== S3 ATWPKT2; C:\Windows\system32\drivers\ATWPKT264.SYS [33400 2009-08-31] (America Online) S3 ATWPKT2; C:\Windows\system32\drivers\ATWPKT264.SYS [33400 2009-08-31] (America Online) S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.) S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-31] (GFI Software) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-19 17:49 - 2013-08-19 17:49 - 00292456 _____ C:\Windows\Minidump\081913-29530-01.dmp 2013-08-19 01:03 - 2013-08-19 01:23 - 00096142 _____ C:\Users\Jen\Desktop\avgrep.txt 2013-08-19 00:32 - 2013-08-19 00:32 - 00292456 _____ C:\Windows\Minidump\081913-31481-01.dmp 2013-08-12 01:23 - 2013-08-12 01:23 - 00001190 _____ C:\Windows\SysWOW64\ServiceConfig.xml 2013-08-08 21:37 - 2013-08-08 21:37 - 00003332 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3217652057-2821476037-1169716605-1001 2013-08-06 23:32 - 2013-08-08 21:37 - 00003194 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3217652057-2821476037-1169716605-1001 2013-07-31 23:05 - 2013-07-31 23:05 - 00004314 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan 2013-07-31 23:04 - 2013-07-31 23:04 - 00000000 ____D C:\Users\Jen\AppData\Roaming\LavasoftStatistics 2013-07-31 23:04 - 2013-07-31 23:04 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus 2013-07-31 23:00 - 2013-08-19 17:46 - 00001830 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk 2013-07-31 23:00 - 2013-08-19 04:17 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus 2013-07-31 23:00 - 2013-07-31 23:00 - 00000000 ____D C:\ProgramData\Lavasoft 2013-07-31 22:59 - 2013-08-19 04:17 - 00000000 ____D C:\ProgramData\Search Protection 2013-07-31 22:59 - 2013-08-19 04:17 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection 2013-07-31 22:59 - 2013-07-31 22:59 - 00000000 ____D C:\Users\Jen\AppData\Local\adawarebp 2013-07-31 22:59 - 2013-07-31 22:59 - 00000000 ____D C:\ProgramData\Downloaded Installations 2013-07-31 22:59 - 2013-07-31 22:59 - 00000000 ____D C:\ProgramData\blekko toolbars 2013-07-31 22:59 - 2013-07-31 22:59 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner 2013-07-31 22:58 - 2013-08-01 01:17 - 00000000 ____D C:\Users\Jen\AppData\Roaming\Ad-Aware Antivirus 2013-07-31 22:58 - 2013-07-31 22:58 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe 2013-07-31 22:58 - 2013-07-31 22:58 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys 2013-07-31 22:42 - 2013-07-31 22:42 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software 2013-07-31 22:42 - 2013-07-31 22:42 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software 2013-07-28 10:31 - 2013-07-28 10:31 - 00000000 ____D C:\Users\Jen\AppData\Roaming\AVG2013 2013-07-28 10:30 - 2013-07-31 22:42 - 00000927 _____ C:\Users\Public\Desktop\AVG 2013.lnk 2013-07-28 10:30 - 2013-07-28 10:30 - 00000000 ____D C:\Users\Jen\AppData\Roaming\TuneUp Software 2013-07-28 10:28 - 2013-07-28 10:30 - 00000000 ____D C:\ProgramData\AVG2013 2013-07-28 10:28 - 2013-07-28 10:28 - 00000000 ___HD C:\$AVG 2013-07-28 10:28 - 2013-07-28 10:28 - 00000000 ____D C:\Program Files (x86)\AVG 2013-07-28 10:26 - 2013-08-19 01:03 - 00000000 ____D C:\Users\Jen\AppData\Local\Avg2013 2013-07-28 10:26 - 2013-07-28 10:26 - 00000000 ____D C:\Users\Jen\AppData\Local\MFAData 2013-07-28 10:25 - 2013-07-28 10:25 - 04463512 _____ (AVG Technologies) C:\Users\Jen\Downloads\avg_free_stb_all_2013_3349_cnet.exe 2013-07-20 01:51 - 2013-07-20 01:51 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys 2013-07-20 01:50 - 2013-07-20 01:50 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys 2013-07-20 01:50 - 2013-07-20 01:50 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys 2013-07-20 01:50 - 2013-07-20 01:50 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys ==================== One Month Modified Files and Folders ======= 2013-08-19 17:58 - 2013-08-19 17:58 - 00000000 ____D C:\FRST 2013-08-19 17:49 - 2013-08-19 17:49 - 00292456 _____ C:\Windows\Minidump\081913-29530-01.dmp 2013-08-19 17:49 - 2012-07-20 23:38 - 414150379 _____ C:\Windows\MEMORY.DMP 2013-08-19 17:49 - 2012-07-20 23:38 - 00000000 ____D C:\Windows\Minidump 2013-08-19 17:46 - 2013-07-31 23:00 - 00001830 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk 2013-08-19 17:46 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-19 17:45 - 2009-07-14 00:51 - 00148492 _____ C:\Windows\setupact.log 2013-08-19 04:17 - 2013-07-31 23:00 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus 2013-08-19 04:17 - 2013-07-31 22:59 - 00000000 ____D C:\ProgramData\Search Protection 2013-08-19 04:17 - 2013-07-31 22:59 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection 2013-08-19 04:17 - 2013-03-23 16:22 - 00000000 ____D C:\Program Files (x86)\AOL Desktop 9.6a 2013-08-19 04:17 - 2011-08-12 12:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client 2013-08-19 04:17 - 2010-12-10 20:39 - 00000000 ____D C:\Program Files (x86)\Bonjour 2013-08-19 04:17 - 2010-12-06 23:31 - 00000000 ____D C:\ProgramData\MFAData 2013-08-19 04:17 - 2010-01-21 05:32 - 00000000 ____D C:\backups 2013-08-19 04:17 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat 2013-08-19 04:16 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration 2013-08-19 04:15 - 2011-10-08 21:24 - 00000000 ____D C:\ProgramData\Real 2013-08-19 01:23 - 2013-08-19 01:03 - 00096142 _____ C:\Users\Jen\Desktop\avgrep.txt 2013-08-19 01:22 - 2012-11-21 21:04 - 00007933 _____ C:\Users\Jen\Downloads\hijackthis.log 2013-08-19 01:03 - 2013-07-28 10:26 - 00000000 ____D C:\Users\Jen\AppData\Local\Avg2013 2013-08-19 00:53 - 2009-07-14 01:13 - 00727136 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-19 00:32 - 2013-08-19 00:32 - 00292456 _____ C:\Windows\Minidump\081913-31481-01.dmp 2013-08-19 00:32 - 2010-12-06 22:44 - 00000000 ____D C:\Users\Jen 2013-08-17 19:43 - 2011-01-02 22:05 - 00000000 ____D C:\Users\Jen\Documents\JenSolarReturn 2013-08-12 17:14 - 2009-07-14 00:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-12 17:14 - 2009-07-14 00:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-12 01:23 - 2013-08-12 01:23 - 00001190 _____ C:\Windows\SysWOW64\ServiceConfig.xml 2013-08-08 21:37 - 2013-08-08 21:37 - 00003332 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3217652057-2821476037-1169716605-1001 2013-08-08 21:37 - 2013-08-06 23:32 - 00003194 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3217652057-2821476037-1169716605-1001 2013-08-04 22:02 - 2010-08-05 20:31 - 01196759 _____ C:\Windows\WindowsUpdate.log 2013-08-02 18:52 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache 2013-08-01 01:17 - 2013-07-31 22:58 - 00000000 ____D C:\Users\Jen\AppData\Roaming\Ad-Aware Antivirus 2013-07-31 23:05 - 2013-07-31 23:05 - 00004314 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan 2013-07-31 23:04 - 2013-07-31 23:04 - 00000000 ____D C:\Users\Jen\AppData\Roaming\LavasoftStatistics 2013-07-31 23:04 - 2013-07-31 23:04 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus 2013-07-31 23:00 - 2013-07-31 23:00 - 00000000 ____D C:\ProgramData\Lavasoft 2013-07-31 22:59 - 2013-07-31 22:59 - 00000000 ____D C:\Users\Jen\AppData\Local\adawarebp 2013-07-31 22:59 - 2013-07-31 22:59 - 00000000 ____D C:\ProgramData\Downloaded Installations 2013-07-31 22:59 - 2013-07-31 22:59 - 00000000 ____D C:\ProgramData\blekko toolbars 2013-07-31 22:59 - 2013-07-31 22:59 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner 2013-07-31 22:59 - 2011-01-14 01:23 - 00000000 ____D C:\Program Files (x86)\Lavasoft 2013-07-31 22:58 - 2013-07-31 22:58 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe 2013-07-31 22:58 - 2013-07-31 22:58 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys 2013-07-31 22:45 - 2011-08-12 12:52 - 00000000 ____D C:\Users\Jen\AppData\Roaming\SoftGrid Client 2013-07-31 22:45 - 2010-07-31 04:31 - 00219768 _____ C:\Windows\PFRO.log 2013-07-31 22:42 - 2013-07-31 22:42 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software 2013-07-31 22:42 - 2013-07-31 22:42 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software 2013-07-31 22:42 - 2013-07-28 10:30 - 00000927 _____ C:\Users\Public\Desktop\AVG 2013.lnk 2013-07-31 22:37 - 2011-08-12 12:51 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform 2013-07-28 10:31 - 2013-07-28 10:31 - 00000000 ____D C:\Users\Jen\AppData\Roaming\AVG2013 2013-07-28 10:30 - 2013-07-28 10:30 - 00000000 ____D C:\Users\Jen\AppData\Roaming\TuneUp Software 2013-07-28 10:30 - 2013-07-28 10:28 - 00000000 ____D C:\ProgramData\AVG2013 2013-07-28 10:28 - 2013-07-28 10:28 - 00000000 ___HD C:\$AVG 2013-07-28 10:28 - 2013-07-28 10:28 - 00000000 ____D C:\Program Files (x86)\AVG 2013-07-28 10:26 - 2013-07-28 10:26 - 00000000 ____D C:\Users\Jen\AppData\Local\MFAData 2013-07-28 10:25 - 2013-07-28 10:25 - 04463512 _____ (AVG Technologies) C:\Users\Jen\Downloads\avg_free_stb_all_2013_3349_cnet.exe 2013-07-20 01:51 - 2013-07-20 01:51 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys 2013-07-20 01:50 - 2013-07-20 01:50 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys 2013-07-20 01:50 - 2013-07-20 01:50 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys 2013-07-20 01:50 - 2013-07-20 01:50 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys ZeroAccess: C:\Windows\Installer\{47ad6d15-b214-984f-6b2f-1fa76e001fd4} C:\Windows\Installer\{47ad6d15-b214-984f-6b2f-1fa76e001fd4}\L\00000004.@ C:\Windows\Installer\{47ad6d15-b214-984f-6b2f-1fa76e001fd4}\L\201d3dde C:\Windows\Installer\{47ad6d15-b214-984f-6b2f-1fa76e001fd4}\L\4cce1f70 C:\Windows\Installer\{47ad6d15-b214-984f-6b2f-1fa76e001fd4}\L\6715e287 C:\Windows\Installer\{47ad6d15-b214-984f-6b2f-1fa76e001fd4}\L\76603ac3 ZeroAccess: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{47ad6d15-b214-984f-6b2f-1fa76e001fd4} C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{47ad6d15-b214-984f-6b2f-1fa76e001fd4}\@ Files to move or delete: ==================== C:\Windows\svchost.exe ATTENTION ====> Check for partition/boot infection. ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-12 21:04 ==================== End Of Log ============================ txt.txt

I think I have a trojan virus, I keep getting the Death of the Blue Screen - saying windows 7 is unable to start. I took the computer to someone to make the computer work because I couldn't get passed the window won't start error screen. But now I still have the same problem, I really want need help with this problem I have a Hijackthis log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:41:50 AM, on 8/19/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16496) Boot mode: Safe mode with network support Running processes: C:\Program Files (x86)\AOL Desktop 9.6a\waol.exe C:\Program Files (x86)\Common Files\AOL\ACS\AOLacsd.exe C:\Program Files (x86)\AOL Desktop 9.6a\shellmon.exe C:\Program Files (x86)\Common Files\aol\1291691248\ee\aolsoftware.exe C:\Program Files (x86)\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe C:\Program Files (x86)\AOL Desktop 9.6a\AOLBrowser\aolbrowser.exe C:\Program Files (x86)\Common Files\aol\1291691248\ee\aolupdates.exe C:\Users\Jen\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_2&ent=hp&u=85C0E9511DC82D8B533EAC51F9CEC8D6 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll O4 - HKLM\..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1291691248\ee\AOLSoftware.exe O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" O4 - HKLM\..\Run: [search Protection] C:\ProgramData\Search Protection\SearchProtection.exe O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files (x86)\AOL Desktop 9.6a\AOL.EXE" -b O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex (User 'Default user') O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: MapsGalaxyService (MapsGalaxy_39Service) - COMPANYVERS_NAME - C:\PROGRA~2\MAPSGA~2\bar\1.bin\39barsvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 7932 bytes

Hello this my Hijack This computer log, A Trojan Alert keeps popping up on my computer any help would be appreciated Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:14:15 PM, on 11/21/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files (x86)\AOL Desktop 9.6\waol.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\aol\1291691248\ee\aolsoftware.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files (x86)\iTunes\iTunes.exe C:\Program Files (x86)\AOL Desktop 9.6\shellmon.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files (x86)\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe C:\Program Files (x86)\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe C:\Program Files (x86)\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe C:\Users\Jen\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Toolbar BHO - {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - C:\PROGRA~2\MAPSGA~2\bar\1.bin\39bar.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Assistant BHO - {71c1d63a-c944-428a-a5bd-ba513190e5d2} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll O3 - Toolbar: MapsGalaxy - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED O4 - HKLM\..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1291691248\ee\AOLSoftware.exe O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [MapsGalaxy_39 Browser Plugin Loader] C:\PROGRA~2\MAPSGA~2\bar\1.bin\39brmon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files (x86)\AOL Desktop 9.6\AOL.EXE" -b O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: MapsGalaxyService (MapsGalaxy_39Service) - COMPANYVERS_NAME - C:\PROGRA~2\MAPSGA~2\bar\1.bin\39barsvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11514 bytes

Hello this my Hijack This computer log, A Trojan Alert keeps popping up on my computer any help would be appreciated Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:14:15 PM, on 11/21/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files (x86)\AOL Desktop 9.6\waol.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\aol\1291691248\ee\aolsoftware.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files (x86)\iTunes\iTunes.exe C:\Program Files (x86)\AOL Desktop 9.6\shellmon.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files (x86)\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe C:\Program Files (x86)\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe C:\Program Files (x86)\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe C:\Users\Jen\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Toolbar BHO - {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - C:\PROGRA~2\MAPSGA~2\bar\1.bin\39bar.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Assistant BHO - {71c1d63a-c944-428a-a5bd-ba513190e5d2} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll O3 - Toolbar: MapsGalaxy - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED O4 - HKLM\..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1291691248\ee\AOLSoftware.exe O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [MapsGalaxy_39 Browser Plugin Loader] C:\PROGRA~2\MAPSGA~2\bar\1.bin\39brmon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files (x86)\AOL Desktop 9.6\AOL.EXE" -b O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: MapsGalaxyService (MapsGalaxy_39Service) - COMPANYVERS_NAME - C:\PROGRA~2\MAPSGA~2\bar\1.bin\39barsvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11514 bytes