atsun12

Will do. Thank you again for your assistance !

Results of screen317's Security Check version 0.99.81 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Firewall Disabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 51 Adobe Reader 9 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````

Runs okay, no problems as far as i can tell.

attached. mbar-log-2014-03-23 (12-21-47).txt system-log.txt

ComboFix 14-03-23.01 - Aaron 03/22/2014 22:45:47.4.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4063.2371 [GMT -7:00] Running from: c:\users\Aaron\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} . . ((((((((((((((((((((((((( Files Created from 2014-02-23 to 2014-03-23 ))))))))))))))))))))))))))))))) . . 2014-03-23 05:56 . 2014-03-23 05:56 -------- d-----w- c:\users\Public\AppData\Local\temp 2014-03-23 05:56 . 2014-03-23 05:56 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-03-20 05:22 . 2014-03-21 22:02 -------- d-----w- C:\FRST 2014-03-19 05:24 . 2014-03-19 05:24 -------- d-----w- c:\users\Aaron\AppData\Roaming\AVAST Software 2014-03-19 05:19 . 2014-03-19 05:19 80184 ----a-w- c:\windows\system32\drivers\aswStm.sys 2014-03-19 05:00 . 2014-03-19 05:00 -------- d-----w- c:\windows\ERUNT 2014-03-19 04:15 . 2014-03-19 04:44 -------- d-----w- C:\AdwCleaner 2014-03-12 04:43 . 2014-02-23 08:11 2648576 ----a-w- c:\windows\system32\iertutil.dll 2014-03-12 04:40 . 2014-02-07 01:23 3156480 ----a-w- c:\windows\system32\win32k.sys 2014-03-12 04:40 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll 2014-03-12 04:40 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll 2014-03-12 04:40 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll 2014-03-12 04:40 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2014-03-12 04:40 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll 2014-03-12 04:40 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2014-03-12 04:40 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-03-19 05:19 . 2013-04-06 17:33 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2014-03-19 05:19 . 2013-04-06 17:33 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2014-03-19 05:19 . 2012-06-22 03:25 421704 ----a-w- c:\windows\system32\drivers\aswSP.sys 2014-03-19 05:19 . 2012-06-22 03:25 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2014-03-19 05:19 . 2012-06-22 03:25 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2014-03-19 05:19 . 2012-06-22 03:25 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-03-19 05:19 . 2012-06-22 03:25 334136 ----a-w- c:\windows\system32\aswBoot.exe 2014-03-19 05:19 . 2012-06-22 03:24 43152 ----a-w- c:\windows\avastSS.scr 2014-03-12 04:44 . 2009-11-05 00:38 90015360 ----a-w- c:\windows\system32\MRT.exe 2014-03-12 03:50 . 2012-11-26 09:18 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-03-12 03:50 . 2012-11-26 09:18 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-01-22 13:52 . 2012-06-22 03:25 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-12-24 23:09 . 2014-02-12 03:02 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2013-12-24 22:48 . 2014-02-12 03:02 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2013-07-13 09:22 . 2013-07-13 09:22 4188160 ----a-w- c:\program files (x86)\GUT787B.tmp . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CAHeadless"="c:\program files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe" [2009-09-06 615808] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720] "AmazonMP3DownloaderHelper"="c:\users\Aaron\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe" [2013-05-09 400704] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-27 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-09-02 80384] "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288] "VMSwitch"="c:\program files (x86)\Sony\VAIO Mode Switch\VMSwitch.exe" [2009-07-29 538472] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992] "googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "WMAAD"="c:\program files (x86)\Sony\WALKMAN Launcher\WMAAD.exe" [2007-02-17 110592] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184] "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-06 43848] "IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-07-25 468112] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-06 152392] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-03-19 3767096] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2009-07-01 18:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x] R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [x] R3 cpuz135;cpuz135;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [x] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 ICScsiSV;Image Converter SCSI Service;c:\program files (x86)\Sony\IMAGE CONVERTER 3\ICScsiSV.exe;c:\program files (x86)\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [x] R3 IcVzMonLauncher;IcVzMonLauncher;c:\program files (x86)\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe;c:\program files (x86)\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [x] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x] R3 MUsbFltr;BUFFALO Tilt Mouse;c:\windows\system32\drivers\MUsbFltr.sys;c:\windows\SYSNATIVE\drivers\MUsbFltr.sys [x] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x] R3 RTCore64;RTCore64;c:\users\Aaron\Desktop\rmclock_235_bin\RTCore64.sys;c:\users\Aaron\Desktop\rmclock_235_bin\RTCore64.sys [x] R3 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe;c:\program files\Sony\VAIO Care\collsvc.exe [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys;c:\windows\SYSNATIVE\DRIVERS\shpf.sys [x] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x] S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x] S1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);c:\windows\system32\Drivers\NEOFLTR_650_15991.SYS;c:\windows\SYSNATIVE\Drivers\NEOFLTR_650_15991.SYS [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\Logitech\SolarApp\L4301_Solar.exe;c:\program files\Logitech\SolarApp\L4301_Solar.exe [x] S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x] S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] start [bU] . Contents of the 'Scheduled Tasks' folder . 2014-03-23 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-26 03:50] . 2014-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 03:21] . 2014-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 03:21] . 2014-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3578647892-2928166785-2268897593-1001Core.job - c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 00:32] . 2014-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3578647892-2928166785-2268897593-1001UA.job - c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 00:32] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2014-03-19 05:19 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2009-07-20 21:18 5943048 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2009-07-20 21:18 5943048 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-24 7938080] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-24 1833504] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2009-07-20 84744] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 2419512] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\system32\blank.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 Trusted Zone: ticketmaster.com\www TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) AddRemove-MyFreeCodec - c:\program files (x86)\MyFree Codec\1.0b beta\uninstall.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\"" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.12" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Alias] @="" "0"="ActionsPane Schema for Add-Ins" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2014-03-22 23:13:24 ComboFix-quarantined-files.txt 2014-03-23 06:13 . Pre-Run: 176,388,198,400 bytes free Post-Run: 176,313,192,448 bytes free . - - End Of File - - 386F9DC554EA3636347F19273B215BE0 5C616939100B85E558DA92B899A0FC36

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014 Ran by Aaron at 2014-03-21 15:02:31 Run:2 Running from C:\Users\Aaron\Desktop\Fix Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM-x32\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNzM3NTQ4NjE5LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1RSVgxKzQtWDIwMTArMi1GMTBNMTBEKzEtTElDKzIyLUZMMTArMS1TUDErMS1TUDFUQisxLVNQMVMyKzEtU1VEKzEtUzFJKzEtU1UzKzEtRERUKzQ1MzYyLUxTRCsyLUREMTBGKzEtU1QxMEZBUFArMS1MMTBNKzItRjEwTTEyQVQrMi1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1TVDEyRk9JKzEtRjEwTTEyQVUrMQ"&"prod=90"&"ver=2012.0.1831"&"mid=c295cea7427a87111536fa9b9fede807-0f5db481345980a8c4b1d629e759d1ac41812328 [X] SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - No File C:\Users\Aaron\AppData\Local\Temp\ntdll_dump.dll C:\Users\Aaron\AppData\Local\Temp\Quarantine.exe ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL => Value not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value not found. HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found. HKCR\PROTOCOLS\Handler\ipp\0x00000001 => Key not found. HKCR\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} => Key not found. "C:\Users\Aaron\AppData\Local\Temp\ntdll_dump.dll" => File/Directory not found. "C:\Users\Aaron\AppData\Local\Temp\Quarantine.exe" => File/Directory not found. ==== End of Fixlog ====

FRST.txt and Addition.txt attached to keep post clean. FRST.txt Addition.txt

Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.03.20.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16844 Aaron :: HIMITSU2 [administrator] 3/19/2014 10:28:01 PM mbam-log-2014-03-19 (22-28-01).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 245131 Time elapsed: 8 minute(s), 23 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.2 (02.20.2014:1) OS: Windows 7 Professional x64 Ran by Aaron on Tue 03/18/2014 at 22:00:49.54 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Myfree Codec ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\freerip" Successfully deleted: [Folder] "C:\Program Files (x86)\freerip3" Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec" Successfully deleted: [Empty Folder] C:\Users\Aaron\appdata\local\{0120E248-D3C3-4182-B2F7-4F04F4941E56} Successfully deleted: [Empty Folder] C:\Users\Aaron\appdata\local\{23FF907A-7185-4B7C-8D18-F04F02BD8C3B} Successfully deleted: [Empty Folder] C:\Users\Aaron\appdata\local\{4E977F02-1E03-4819-B5EC-72E5EA0FBAC0} Successfully deleted: [Empty Folder] C:\Users\Aaron\appdata\local\{60CBB7CF-6D81-43C9-971F-554DAD54AB95} Successfully deleted: [Empty Folder] C:\Users\Aaron\appdata\local\{72518A99-5812-415E-8CCC-767CC219C69C} Successfully deleted: [Empty Folder] C:\Users\Aaron\appdata\local\{89187F7E-FC59-46C7-A8EC-E7E8B419BD91} Successfully deleted: [Empty Folder] C:\Users\Aaron\appdata\local\{94CF4B33-9386-48E2-B544-938FB36CDCDE} Successfully deleted: [Empty Folder] C:\Users\Aaron\appdata\local\{963C2EA0-EB8E-4B61-B109-26E82053FB75} Successfully deleted: [Empty Folder] C:\Users\Aaron\appdata\local\{D958EA2C-502F-4C72-B8F1-162F757E9208} Successfully deleted: [Empty Folder] C:\Users\Aaron\appdata\local\{D9DD71B7-9CCA-49C5-85F6-D322A7BF5FE9} Successfully deleted: [Empty Folder] C:\Users\Aaron\appdata\local\{DDC79F3D-DE8B-48B4-81C9-526D681536DF} Successfully deleted: [Empty Folder] C:\Users\Aaron\appdata\local\{F3B32CF9-20F2-411E-B377-6CD89CB4AE0E} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 03/18/2014 at 22:08:18.36 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.022 - Report created 18/03/2014 at 21:44:49 # Updated 13/03/2014 by Xplode # Operating System : Windows 7 Professional Service Pack 1 (64 bits) # Username : Aaron - HIMITSU2 # Running from : C:\Users\Aaron\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** [#] Service Deleted : Partner Service ***** [ Files / Folders ] ***** [x] Not Deleted : C:\ProgramData\FreeRIP Folder Deleted : C:\ProgramData\Partner [x] Not Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeRIP3 [x] Not Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec [x] Not Deleted : C:\Program Files (x86)\FreeRIP3 [x] Not Deleted : C:\Program Files (x86)\myfree codec Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility Folder Deleted : C:\Program Files (x86)\Common Files\Spigot Folder Deleted : C:\Users\Aaron\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Aaron\AppData\LocalLow\PriceGong ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1 Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1 Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1 Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs [x] Not Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FreeRIP3_RASAPI32 [x] Not Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FreeRIP3_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\Myfree Codec Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings Key Deleted : HKLM\Software\Conduit [x] Not Deleted : HKLM\Software\Myfree Codec Key Deleted : HKLM\Software\PIP Key Deleted : HKLM\Software\systweak [x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{501451DE-5808-4599-B544-8BD0915B6B24}_is1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility [x] Not Deleted : [x64] HKCU\Software\Myfree Codec Key Deleted : [x64] HKLM\SOFTWARE\systweak ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16843 -\\ Google Chrome v [ File : C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [6317 octets] - [18/03/2014 21:28:38] AdwCleaner[s0].txt - [6317 octets] - [18/03/2014 21:44:49] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6377 octets] ##########

RK Report: RogueKiller V8.8.11 _x64_ [Mar 14 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Safe mode with network support User : Aaron [Admin rights] Mode : Scan -- Date : 03/18/2014 17:55:26 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 18 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : AmazonMP3DownloaderHelper (C:\Users\Aaron\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [7]) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-3578647892-2928166785-2268897593-1001\[...]\Run : AmazonMP3DownloaderHelper (C:\Users\Aaron\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [7]) -> FOUND [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS723232L9SA60 +++++ --- User --- [MBR] f5a946cb3c73b4d41171e2d4298cffcd [bSP] b4edb318e6463599526d3e324c234c7e : Windows Vista MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 6310 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 12924928 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 13129728 | Size: 298833 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_03182014_175526.txt >>

Rogue Killer keeps BSODing my computer.. Here is the error report from Windows: Problem signature: Problem Event Name: BlueScreen OS Version: 6.1.7601.2.1.0.256.48 Locale ID: 1033 Additional information about the problem: BCCode: 50 BCP1: FFFFFA800D978840 BCP2: 0000000000000001 BCP3: FFFFF88005868830 BCP4: 0000000000000002 OS Version: 6_1_7601 Service Pack: 1_0 Product: 256_1 Files that help describe the problem: C:\Windows\Minidump\031714-29125-01.dmp C:\Users\Aaron\AppData\Local\Temp\WER-61573-0.sysdata.xml Read our privacy statement online: http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409 If the online privacy statement is not available, please read our privacy statement offline: C:\Windows\system32\en-US\erofflps.txt Help ?

Nothing detected, I did a scan and removal previously. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.03.17.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16844 Aaron :: HIMITSU2 [administrator] 3/17/2014 5:57:00 PM mbam-log-2014-03-17 (17-57-00).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 241710 Time elapsed: 6 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

DDS.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16843 BrowserJavaVersion: 10.51.2 Run by Aaron at 14:14:53 on 2014-03-15 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4063.2071 [GMT -7:00] . . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\Logitech\SolarApp\L4301_Solar.exe C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Protector Suite\upeksvr.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k WbioSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k HsfXAudioService C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Sony\VAIO Power Management\SPMService.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Users\Aaron\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Protector Suite\psqltray.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe C:\Program Files (x86)\Sony\VAIO Mode Switch\VMSwitch.exe C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Sony\VAIO Care\VCsystray.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll uRun: [CAHeadless] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe uRun: [Google Update] "C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe uRun: [AmazonMP3DownloaderHelper] C:\Users\Aaron\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" mRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" mRun: [VMSwitch] "C:\Program Files (x86)\Sony\VAIO Mode Switch\VMSwitch.exe" mRun: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" mRun: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart mRun: [WMAAD] C:\Program Files (x86)\Sony\WALKMAN Launcher\WMAAD.exe mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNzM3NTQ4NjE5LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1RSVgxKzQtWDIwMTArMi1GMTBNMTBEKzEtTElDKzIyLUZMMTArMS1TUDErMS1TUDFUQisxLVNQMVMyKzEtU1VEKzEtUzFJKzEtU1UzKzEtRERUKzQ1MzYyLUxTRCsyLUREMTBGKzEtU1QxMEZBUFArMS1MMTBNKzItRjEwTTEyQVQrMi1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1TVDEyRk9JKzEtRjEwTTEyQVUrMQ"&"prod=90"&"ver=2012.0.1831"&"mid=c295cea7427a87111536fa9b9fede807-0f5db481345980a8c4b1d629e759d1ac41812328 StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: NameServer = 209.18.47.61 209.18.47.62 192.168.1.1 TCP: Interfaces\{0FDB6DF3-7F90-400A-88BB-35067E7A6DE7} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{0FDB6DF3-7F90-400A-88BB-35067E7A6DE7}\07F6E623 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{0FDB6DF3-7F90-400A-88BB-35067E7A6DE7}\37471697F6E6C696E656 : DHCPNameServer = 172.16.0.1 TCP: Interfaces\{0FDB6DF3-7F90-400A-88BB-35067E7A6DE7}\84F657375602F66602C45656 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{0FDB6DF3-7F90-400A-88BB-35067E7A6DE7}\D496B656 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{10FF0534-E749-4209-8B6B-59AB8650A830} : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 TCP: Interfaces\{9E496D44-0552-48DF-AF8E-708D23F5BA00} : DHCPNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll Notify: VESWinlogon - VESWinlogon.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL LSA: Notification Packages = scecli C:\Program Files\Protector Suite\psqlpwd.dll x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe x64-Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe x64-Run: [PSQLLauncher] "C:\Program Files\Protector Suite\launcher.exe" /startup x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll x64-Notify: psfus - C:\Program Files\Protector Suite\psqlpwd.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-6 65336] R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-4-6 189936] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-2-2 55024] R0 shpf;Sony HDD Protection Filter Driver;C:\Windows\System32\drivers\shpf.sys [2009-8-19 25120] R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-6-21 1030952] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-6-21 378944] R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\System32\drivers\HWiNFO64A.SYS [2013-8-13 31136] R1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);C:\Windows\System32\drivers\NEOFLTR_650_15991.SYS [2012-8-4 100472] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-3 238080] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-6-21 33400] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-6-21 80816] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-3-14 46808] R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136] R2 L4301_Solar;Logitech Solar Keyboard Service;C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [2010-10-26 403536] R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-8-19 189984] R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-10-27 411496] R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-8-19 292864] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2012-9-18 78648] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2012-9-18 15160] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-6-7 5435904] R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-8-19 11392] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-11-17 395264] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-8-19 35104] S3 cpuz135;cpuz135;C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [2012-6-9 24368] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-11-17 103576] S3 ICScsiSV;Image Converter SCSI Service;C:\Program Files (x86)\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2009-11-4 75952] S3 IcVzMonLauncher;IcVzMonLauncher;C:\Program Files (x86)\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [2009-11-4 67760] S3 MUsbFltr;BUFFALO Tilt Mouse;C:\Windows\System32\drivers\MUsbFltr.sys [2007-4-18 12672] S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2009-10-27 332272] S3 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2009-10-27 167424] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-11-17 204568] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-16 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-26 1255736] . =============== File Associations =============== . ShellExec: VCExporterLaunch.exe: open="C:\Program Files (x86)\Sony\VAIO VP Utilities\VCELaunch.exe" "%1" . =============== Created Last 30 ================ . 2014-03-12 04:40:29 3156480 ----a-w- C:\Windows\System32\win32k.sys 2014-03-12 04:40:29 228864 ----a-w- C:\Windows\System32\wwansvc.dll 2014-03-12 04:40:28 484864 ----a-w- C:\Windows\System32\wer.dll 2014-03-12 04:40:28 381440 ----a-w- C:\Windows\SysWow64\wer.dll 2014-03-12 04:40:27 624128 ----a-w- C:\Windows\System32\qedit.dll 2014-03-12 04:40:27 509440 ----a-w- C:\Windows\SysWow64\qedit.dll 2014-03-12 04:40:27 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2014-03-12 04:40:26 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2014-02-19 07:49:57 -------- d-----r- C:\Program Files (x86)\Skype 2014-02-19 07:49:16 -------- d-----w- C:\Program Files\AuthenTec . ==================== Find3M ==================== . 2014-03-12 03:50:08 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-03-12 03:50:08 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2014-02-23 08:13:41 2241536 ----a-w- C:\Windows\System32\wininet.dll 2014-02-23 08:11:59 3960320 ----a-w- C:\Windows\System32\jscript9.dll 2014-02-23 08:11:52 67072 ----a-w- C:\Windows\System32\iesetup.dll 2014-02-23 08:11:52 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2014-02-23 06:54:46 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2014-02-23 06:53:22 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll 2014-02-23 06:53:18 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2014-02-23 06:53:18 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2014-02-23 06:35:36 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2014-02-23 06:31:25 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2014-02-23 05:39:39 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2014-02-23 05:35:24 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2014-01-22 13:52:21 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2014-01-22 13:52:21 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys 2014-01-22 13:52:21 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2014-01-22 13:52:21 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2014-01-22 13:52:19 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2014-01-22 13:51:40 41664 ----a-w- C:\Windows\avastSS.scr 2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll 2013-12-21 09:39:33 600064 ----a-w- C:\Windows\System32\vbscript.dll 2013-12-21 07:56:10 523776 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-12-19 05:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-07-13 09:22:52 4188160 ----a-w- C:\Program Files (x86)\GUT787B.tmp . ============= FINISH: 14:15:17.26 =============== Combofix.txt. ComboFix 14-03-13.01 - Aaron 03/15/2014 14:18:40.2.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4063.2124 [GMT -7:00] Running from: C:\Users\Aaron\Desktop\ComboFix.exe ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\prefs.js C:\Users\Aaron\AppData\Local\Microsoft\Windows\Temporary Internet Files\{845697C1-3AB3-435F-AF5D-7DEDB7D15FD3}.xps C:\Windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb C:\Windows\wininit.ini ((((((((((((((((((((((((( Files Created from 2014-02-15 to 2014-03-15 ))))))))))))))))))))))))))))))) 2014-03-15 21:56:26 . 2014-03-15 21:56:26 -------- d-----w- C:\Users\Public\AppData\Local\temp 2014-03-15 21:56:26 . 2014-03-15 21:56:26 -------- d-----w- C:\Users\Default\AppData\Local\temp 2014-03-12 04:43:59 . 2014-02-23 08:11:52 2648576 ----a-w- C:\Windows\system32\iertutil.dll 2014-03-12 04:40:29 . 2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\system32\win32k.sys 2014-03-12 04:40:29 . 2014-01-28 02:32:46 228864 ----a-w- C:\Windows\system32\wwansvc.dll 2014-03-12 04:40:28 . 2014-01-29 02:32:18 484864 ----a-w- C:\Windows\system32\wer.dll 2014-03-12 04:40:28 . 2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll 2014-03-12 04:40:27 . 2014-02-04 02:32:22 1424384 ----a-w- C:\Windows\system32\WindowsCodecs.dll 2014-03-12 04:40:27 . 2014-02-04 02:32:12 624128 ----a-w- C:\Windows\system32\qedit.dll 2014-03-12 04:40:27 . 2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll 2014-03-12 04:40:26 . 2014-02-04 02:04:22 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2014-02-19 07:49:57 . 2014-02-19 07:49:57 -------- d-----w- C:\Program Files (x86)\Common Files\Skype 2014-02-19 07:49:57 . 2014-02-19 07:49:57 -------- d-----r- C:\Program Files (x86)\Skype 2014-02-19 07:49:16 . 2014-02-19 07:49:16 -------- d-----w- C:\Program Files\AuthenTec . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2014-03-12 04:44:52 . 2009-11-05 00:38:18 90015360 ----a-w- C:\Windows\system32\MRT.exe 2014-03-12 03:50:08 . 2012-11-26 09:18:19 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-03-12 03:50:08 . 2012-11-26 09:18:19 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2014-01-22 13:52:21 . 2013-04-06 17:33:24 65336 ----a-w- C:\Windows\system32\drivers\aswRvrt.sys 2014-01-22 13:52:21 . 2013-04-06 17:33:24 189936 ----a-w- C:\Windows\system32\drivers\aswVmm.sys 2014-01-22 13:52:21 . 2012-06-22 03:25:45 378944 ----a-w- C:\Windows\system32\drivers\aswSP.sys 2014-01-22 13:52:21 . 2012-06-22 03:25:42 72016 ----a-w- C:\Windows\system32\drivers\aswRdr2.sys 2014-01-22 13:52:21 . 2012-06-22 03:25:41 64288 ----a-w- C:\Windows\system32\drivers\aswTdi.sys 2014-01-22 13:52:21 . 2012-06-22 03:25:40 1030952 ----a-w- C:\Windows\system32\drivers\aswSnx.sys 2014-01-22 13:52:19 . 2012-06-22 03:25:45 33400 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys 2014-01-22 13:52:19 . 2012-06-22 03:25:35 80816 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys 2014-01-22 13:51:40 . 2012-06-22 03:24:57 41664 ----a-w- C:\Windows\avastSS.scr 2014-01-22 13:51:08 . 2012-06-22 03:25:35 295544 ----a-w- C:\Windows\system32\aswBoot.exe 2013-12-24 23:09:41 . 2014-02-12 03:02:57 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2013-12-24 22:48:32 . 2014-02-12 03:02:57 2565120 ----a-w- C:\Windows\system32\d3d10warp.dll 2013-12-21 09:39:33 . 2014-02-12 03:08:43 600064 ----a-w- C:\Windows\system32\vbscript.dll 2013-12-21 07:56:10 . 2014-02-12 03:08:43 523776 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-12-19 05:09:39 . 2014-01-20 05:46:33 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-07-13 09:22:52 . 2013-07-13 09:22:38 4188160 ----a-w- C:\Program Files (x86)\GUT787B.tmp ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}] 2009-10-27 18:54:16 433648 ----a-w- C:\ProgramData\Partner\Partner.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CAHeadless"="C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe" [2009-09-06 12:40:00 615808] "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 23:43:26 59720] "AmazonMP3DownloaderHelper"="C:\Users\Aaron\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe" [2013-05-09 20:37:02 400704] "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-27 18:54:06 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "SmartWiHelper"="C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-09-02 23:45:44 80384] "ISBMgr.exe"="C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 16:23:14 317288] "VMSwitch"="C:\Program Files (x86)\Sony\VAIO Mode Switch\VMSwitch.exe" [2009-07-29 03:45:34 538472] "NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [2001-07-09 18:50:42 155648] "Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 05:38:56 623992] "googletalk"="C:\Program Files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 21:22:02 3739648] "WMAAD"="C:\Program Files (x86)\Sony\WALKMAN Launcher\WMAAD.exe" [2007-02-17 02:41:36 110592] "VirtualCloneDrive"="C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 11:44:11 85160] "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 09:57:28 35760] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 23:57:56 948672] "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 19:27:46 89184] "EEventManager"="C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 16:13:10 673616] "FUFAXSTM"="C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 07:00:00 843776] "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-06 08:52:12 43848] "avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2014-01-22 13:51:33 4858968] "IJNetworkScannerSelectorEX"="C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-07-25 18:10:34 468112] "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 11:03:04 641704] "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2013-05-01 10:59:04 421888] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 16:16:26 254336] "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2014-02-06 16:27:00 152392] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctNzM3NTQ4NjE5LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1RSVgxKzQtWDIwMTArMi1GMTBNMTBEKzEtTElDKzIyLUZMMTArMS1TUDErMS1TUDFUQisxLVNQMVMyKzEtU1VEKzEtUzFJKzEtU1UzKzEtRERUKzQ1MzYyLUxTRCsyLUREMTBGKzEtU1QxMEZBUFArMS1MMTBNKzItRjEwTTEyQVQrMi1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1TVDEyRk9JKzEtRjEwTTEyQVUrMQ∏=90&ver=2012.0.1831&mid=c295cea7427a87111536fa9b9fede807-0f5db481345980a8c4b1d629e759d1ac41812328" [?] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2009-07-01 18:49:36 98304 ----a-w- C:\Windows\System32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli C:\Program Files\Protector Suite\psqlpwd.dll R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe [x] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys;C:\Windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] R3 cpuz134;cpuz134;C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys;C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [x] R3 cpuz135;cpuz135;C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys;C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [x] R3 dc3d;MS Hardware Device Detection Driver (USB);C:\Windows\system32\DRIVERS\dc3d.sys;C:\Windows\SYSNATIVE\DRIVERS\dc3d.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys;C:\Windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 ICScsiSV;Image Converter SCSI Service;C:\Program Files (x86)\Sony\IMAGE CONVERTER 3\ICScsiSV.exe;C:\Program Files (x86)\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [x] R3 IcVzMonLauncher;IcVzMonLauncher;C:\Program Files (x86)\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe;C:\Program Files (x86)\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [x] R3 MUsbFltr;BUFFALO Tilt Mouse;C:\Windows\system32\drivers\MUsbFltr.sys;C:\Windows\SYSNATIVE\drivers\MUsbFltr.sys [x] R3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe;C:\ProgramData\Partner\Partner.exe [x] R3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\system32\DRIVERS\point64.sys;C:\Windows\SYSNATIVE\DRIVERS\point64.sys [x] R3 RTCore64;RTCore64;C:\Users\Aaron\Desktop\rmclock_235_bin\RTCore64.sys;C:\Users\Aaron\Desktop\rmclock_235_bin\RTCore64.sys [x] R3 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe;C:\Program Files\Sony\VAIO Care\collsvc.exe [x] R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS;C:\Windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS;C:\Windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS;C:\Windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys;C:\Windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys;C:\Windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 aswRvrt;aswRvrt; [x] S0 aswVmm;aswVmm; [x] S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys;C:\Windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S0 shpf;Sony HDD Protection Filter Driver;C:\Windows\system32\DRIVERS\shpf.sys;C:\Windows\SYSNATIVE\DRIVERS\shpf.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\system32\drivers\HWiNFO64A.SYS;C:\Windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x] S1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS;C:\Windows\SYSNATIVE\Drivers\NEOFLTR_650_15991.SYS [x] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe;C:\Windows\SYSNATIVE\atiesrxx.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys;C:\Windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe;C:\Windows\SYSNATIVE\svchost.exe [x] S2 L4301_Solar;Logitech Solar Keyboard Service;C:\Program Files\Logitech\SolarApp\L4301_Solar.exe;C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [x] S2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [x] S2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [x] S3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys;C:\Windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys;C:\Windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys;C:\Windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys;C:\Windows\SYSNATIVE\DRIVERS\netw5v64.sys [x] S3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys;C:\Windows\SYSNATIVE\DRIVERS\SFEP.sys [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys;C:\Windows\SYSNATIVE\DRIVERS\yk62x64.sys [x] Contents of the 'Scheduled Tasks' folder 2014-03-15 C:\Windows\Tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-26 09:18:20 . 2014-03-12 03:50:09] 2014-03-15 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 03:21:32 . 2010-02-02 03:21:26] 2014-03-15 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 03:21:32 . 2010-02-02 03:21:26] 2014-03-15 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3578647892-2928166785-2268897593-1001Core.job - C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 02:25:58 . 2010-03-18 00:32:52] 2014-03-15 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3578647892-2928166785-2268897593-1001UA.job - C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 02:25:58 . 2010-03-18 00:32:52] --------- X64 Entries ----------- [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}] 2009-10-27 18:54:16 750064 ----a-w- C:\ProgramData\Partner\Partner64.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2014-01-22 13:51:06 133840 ----a-w- C:\Program Files\AVAST Software\Avast\ashShA64.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2009-07-20 21:18:46 5943048 ----a-w- C:\Program Files\Protector Suite\farchns.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2009-07-20 21:18:46 5943048 ----a-w- C:\Program Files\Protector Suite\farchns.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-24 04:34:01 7938080] "Skytel"="C:\Program Files\Realtek\Audio\HDA\Skytel.exe" [2009-07-24 04:35:03 1833504] "IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 02:03:32 186904] "PSQLLauncher"="C:\Program Files\Protector Suite\launcher.exe" [2009-07-20 18:42:24 84744] "IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 22:04:36 2399632] "EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 17:42:10 2419512] ------- Supplementary Scan ------- uLocal Page = C:\Windows\system32\blank.htm mLocal Page = C:\Windows\system32\blank.htm IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 Trusted Zone: ticketmaster.com\www TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start HKLM-Run-SynTPEnh - C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe END ! dds.txt attach.txt ComboFix.txt

it runs well but ESET detected stuff... Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.28.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Aaron :: HIMITSU2 [administrator] 11/27/2012 6:00:31 PM mbam-log-2012-11-27 (18-00-31).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 217159 Time elapsed: 4 minute(s), 30 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ESET: C:\TDSSKiller_Quarantine\25.11.2012_17.45.15\zasubsys0000\file0000\tsk0000.dta Win64/Patched.B.Gen trojan C:\_OTL\MovedFiles\06222012_091010\C_Users\Aaron\AppData\Local\Apple\AOL\dqzev.dll a variant of Win32/Kryptik.AHOG trojan C:\_OTL\MovedFiles\06222012_091010\C_Windows\Installer\{88a3ef15-86f2-57de-1477-2fc96c2d87b1}\U\800000cb.@ Win64/Sirefef.T trojan