RichAC

aww man once again i forgot to allow the script on this site which is why sometimes my posts are autowrapped...and i have no option to edit my post.

Actually just playing the videos in windows might be a problem. Winamp isn't safe and hasn't been for years,(but i use it to record some fm radio station streams) mpc apparenlty isn't safe either I'm finding out after running all these scans.... wmp isnt' safe even according to Microsoft. Maybe i should use vlc now? lol Its not as good as mpc when it comes to user friendliness and fullscreen features but I guess I have no choice. I mean Microsoft even admits now publicly that videos can be virused and install malware through the video players when you play them, which they are trying to fix while borking their media player at the same time. I mean I've suspected that for years, its been obvious at times, but I guess now its finally publicy confirmed. I would say the same is probably true for mp3 music files also. Which is in many peoples legal rights to download, One argument is for backup of what they already own.(which i do frequently when a cd is damaged or lost) I've bought a bunch of cds this year and have gone to a dozen movies so I don't see a problem especially with so many valid reasons to share information. Amd chipset drivers have something similar to Dsentry in them now to probe drives to protect from autoplay and autorun exploits and prevent even retail dvds from dialing out. But it seems like the internet is dying unless you go on facebook and twitter with your phone. Most of my friends are not too computer savvy, so they end up not using their pc anymore. It either gets too bogged down infested and slow, hijacked, or it just crashes. All it takes now is visiting a url. And I don't believe its because of the Gov't or RIAA. I think its just hackers being malicious for kicks, or trying to add to their botnets for w/e purposes. I would use Linux but it just doesn't have great surround sound support when watching videos or DvDs. Extended displays with non hdmi connections have horrible quality, And I use win 7 to play newer games like battlefield 3. (although steam announcing support for ubuntu sounds promising) Just some thoughts on my mind. Thanks for all your help man I really appreciate it. I was due for a good scanning. Rich.

I think maybe i won't install utorrent again. and just use vm in linux. I still can't totally give up windows though. Its still the best for multimedia, with more options and better quality video and sound drivers. and still needed for most games.

seems to be running good.

C:\Users\Rick\Downloads\coretemp_1236.exe a variant of Win32/InstallIQ.A application cleaned by deleting - quarantined C:\Users\Rick\Downloads\uTorrent.exe a variant of Win32/Bunndle application cleaned by deleting - quarantined C:\Users\Rick\Downloads\Utorrent Download\ubcd521.iso Win32/PSWTool.KonBoot.A application deleted - quarantined

found it in the c: directory. Didn't see that in the instructions but remembered from last time I came here for help about a year ago ComboFix 13-07-16.01 - Rick 07/17/2013 21:14:36.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4869 [GMT -4:00] Running from: c:\users\Rick\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\users\Rick\AppData\Local\assembly\tmp c:\users\Rick\EULA.txt c:\windows\SysWow64\frapsvid.dll . . ((((((((((((((((((((((((( Files Created from 2013-06-18 to 2013-07-18 ))))))))))))))))))))))))))))))) . . 2013-07-17 02:05 . 2013-07-17 02:05 941720 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{103D5384-834B-4D24-AF38-E4BC36E9EC7A}\gapaengine.dll 2013-07-17 02:05 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{20998BA6-ECA2-4259-BDFB-3EAAF391AAF2}\mpengine.dll 2013-07-15 02:09 . 2013-07-15 02:09 -------- d-----w- c:\users\EverydayCool 2013-07-13 08:14 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-07-10 16:58 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\SysWow64\explorer.exe 2013-07-09 22:14 . 2013-07-09 22:16 -------- d-----w- c:\windows\system32\MRT 2013-07-09 21:17 . 2013-06-11 23:43 108032 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll 2013-07-09 21:17 . 2013-06-11 23:26 1365504 ----a-w- c:\windows\system32\urlmon.dll 2013-07-09 21:17 . 2013-06-11 23:43 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-07-09 21:17 . 2013-06-11 23:26 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-07-09 21:17 . 2013-06-11 23:25 53248 ----a-w- c:\windows\system32\jsproxy.dll 2013-07-09 21:17 . 2013-06-11 23:43 1767936 ----a-w- c:\windows\SysWow64\wininet.dll 2013-07-09 21:17 . 2013-06-11 23:26 2241024 ----a-w- c:\windows\system32\wininet.dll 2013-07-09 21:17 . 2013-06-11 23:25 15404032 ----a-w- c:\windows\system32\ieframe.dll 2013-07-09 21:17 . 2013-06-11 23:25 19238912 ----a-w- c:\windows\system32\mshtml.dll 2013-07-09 21:12 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll 2013-07-09 21:12 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll 2013-07-08 23:07 . 2013-07-08 23:07 -------- d-----w- C:\FRST 2013-06-30 15:01 . 2013-06-30 15:01 -------- d-----w- c:\program files (x86)\WinPcap 2013-06-30 14:59 . 2013-06-30 15:01 -------- d-----w- c:\program files\Wireshark 2013-06-27 18:43 . 2013-06-27 18:44 -------- d-----w- c:\program files (x86)\Windows Live 2013-06-23 00:11 . 2013-06-23 00:11 -------- d-----w- c:\program files (x86)\LinuxLive USB Creator 2013-06-19 01:50 . 2013-06-19 01:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-06-18 19:56 . 2013-06-18 19:56 -------- d-----w- c:\program files (x86)\EMET 4.0 2013-06-18 05:18 . 2013-06-18 05:18 -------- d-----w- c:\program files (x86)\LiveUSB Creator . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-17 02:39 . 2013-01-26 03:56 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2013-07-17 02:39 . 2013-01-26 01:41 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2013-07-17 02:39 . 2013-01-26 01:41 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2013-07-09 21:10 . 2013-01-25 01:05 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-07-09 21:10 . 2013-01-25 01:05 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-24 04:57 . 2013-01-25 05:12 78277128 ----a-w- c:\windows\system32\MRT.exe 2013-06-21 08:45 . 2013-03-12 15:20 964552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-06-19 01:50 . 2012-08-31 03:03 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2013-06-14 20:19 . 2013-06-14 20:19 549536 ----a-w- c:\windows\apppatch\EMET.dll 2013-06-14 20:19 . 2013-06-14 20:19 149664 ----a-w- c:\windows\apppatch\AppPatch64\EMET64.dll 2013-06-04 22:38 . 2013-02-20 00:11 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2013-06-04 22:38 . 2013-02-20 00:11 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2013-05-13 05:51 . 2013-06-12 00:25 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 05:51 . 2013-06-12 00:25 1464320 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 05:51 . 2013-06-12 00:25 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 05:50 . 2013-06-12 00:25 52224 ----a-w- c:\windows\system32\certenc.dll 2013-05-13 04:45 . 2013-06-12 00:25 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-05-13 04:45 . 2013-06-12 00:25 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-05-13 04:45 . 2013-06-12 00:25 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-05-13 03:43 . 2013-06-12 00:25 1192448 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08 . 2013-06-12 00:25 903168 ----a-w- c:\windows\SysWow64\certutil.exe 2013-05-13 03:08 . 2013-06-12 00:25 43008 ----a-w- c:\windows\SysWow64\certenc.dll 2013-05-10 05:49 . 2013-06-12 01:31 30720 ----a-w- c:\windows\system32\cryptdlg.dll 2013-05-10 03:20 . 2013-06-12 01:31 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll 2013-05-08 06:39 . 2013-06-12 00:25 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-05-02 15:29 . 2013-01-25 01:24 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-26 05:51 . 2013-06-12 00:25 751104 ----a-w- c:\windows\system32\win32spl.dll 2013-04-26 04:55 . 2013-06-12 00:25 492544 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-01-25 01:03 . 2013-01-25 01:03 14794312 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2011-09-09 2676584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808] "THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "EMET Agent"="c:\program files (x86)\EMET 4.0\EMET_agent.exe" [2013-06-14 78496] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R3 ALSysIO;ALSysIO;c:\users\Rick\AppData\Local\Temp\ALSysIO64.sys;c:\users\Rick\AppData\Local\Temp\ALSysIO64.sys [x] R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x] R3 ArgusMonitor;ArgusMonitor kernel mode driver;SysWOW64\drivers\ArgusMonitor.sys;SysWOW64\drivers\ArgusMonitor.sys [x] R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x] R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x] R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 rspLLL;rspLLL;c:\windows\system32\DRIVERS\rspLLL64.sys;c:\windows\SYSNATIVE\DRIVERS\rspLLL64.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 wfpcapture;wfpcapture;c:\windows\System32\Drivers\wfpcapture.sys;c:\windows\SYSNATIVE\Drivers\wfpcapture.sys [x] R3 WfpCaptureUM;WfpCaptureUM;c:\windows\system32\WfpCaptureUM.exe;c:\windows\SYSNATIVE\WfpCaptureUM.exe [x] R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x] R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [x] R4 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x] R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x] R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x] S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x] S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x] S1 pefndis;Microsoft PEF NDIS ETW Provider Driver;c:\windows\system32\DRIVERS\pefndis.sys;c:\windows\SYSNATIVE\DRIVERS\pefndis.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [x] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x] S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x] S2 Windows7FirewallService;Windows7FirewallService;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys;c:\program files\PeerBlock\pbfilter.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - PBFILTER *NewlyCreated* - WS2IFSL . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows7FirewallControl"="c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe" [2012-09-21 1131008] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-21 1356240] "THXCfg64"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184] "RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920] "RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm Trusted Zone: dell.com TCP: Interfaces\{88A77C0C-ED7F-4099-8288-CAA724813347}: NameServer = 68.237.161.12,71.250.0.12 FF - ProfilePath - c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\hx63ye9g.default\ FF - prefs.js: browser.startup.homepage - www.yahoo.com FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2013-06-04 18:38; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . - - - - ORPHANS REMOVED - - - - . HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3572056831-1408111488-1382342558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-3572056831-1408111488-1382342558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\sphinx-soft\Vista-Wall\1.0\AppList\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Zone] "Name"="EnableAll" "Result"=dword:00000000 "Advised"=dword:00000001 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\windows\SysWOW64\PnkBstrA.exe . ************************************************************************** . Completion time: 2013-07-17 21:26:20 - machine was rebooted ComboFix-quarantined-files.txt 2013-07-18 01:26 . Pre-Run: 299,927,846,912 bytes free Post-Run: 299,567,235,072 bytes free . - - End Of File - - 60ACE05AF52AD17EDC1826C25EF6B3E3 89B5DB6675722B3F1FCF978126515316

ok so, I kept getting commandline Standard stream splitter stopped working messages dozens of times throughout the scan. What I did was just kept clicking "close program" button. When the scan finished, after all the stages, it didn't pop up with a log file on the screen? where does it save the log to check it created one?

Here is the other log: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 1/24/2013 7:43:52 PM System Uptime: 7/13/2013 6:06:48 PM (2 hours ago) . Motherboard: Dell Inc. | | 0NWWY0 Processor: AMD Phenom II X4 820 Processor | CPU 1 | 1596/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 638 GiB total, 280.913 GiB free. D: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft ISATAP Adapter Device ID: ROOT\*ISATAP\0000 Manufacturer: Microsoft Name: Microsoft ISATAP Adapter PNP Device ID: ROOT\*ISATAP\0000 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft Teredo Tunneling Adapter Device ID: ROOT\*TEREDO\0000 Manufacturer: Microsoft Name: Teredo Tunneling Pseudo-Interface PNP Device ID: ROOT\*TEREDO\0000 Service: tunnel . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: AODDriver4.2 Device ID: ROOT\LEGACY_AODDRIVER4.2\0000 Manufacturer: Name: AODDriver4.2 PNP Device ID: ROOT\LEGACY_AODDRIVER4.2\0000 Service: AODDriver4.2 . ==== System Restore Points =================== . RP138: 6/23/2013 6:22:20 AM - Windows Update RP139: 6/27/2013 5:13:49 AM - Windows Update RP140: 6/27/2013 2:34:43 PM - Windows Live Essentials RP141: 6/27/2013 2:34:52 PM - WLSetup RP142: 6/27/2013 2:42:44 PM - Windows Live Essentials RP143: 6/27/2013 2:43:40 PM - WLSetup RP144: 7/1/2013 1:06:02 AM - Windows Update RP145: 7/4/2013 2:00:32 PM - Windows Update RP146: 7/8/2013 4:13:51 AM - Windows Update RP147: 7/9/2013 5:13:50 PM - Windows Update RP148: 7/9/2013 6:11:23 PM - Windows Update RP149: 7/9/2013 6:14:09 PM - Windows Update RP150: 7/13/2013 4:13:36 AM - Windows Update . ==== Installed Programs ====================== . µTorrent 3DMark 11 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.03) Age of Conan: Unchained - US version Aion AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Fuel AMD Media Foundation Decoders AMD OverDrive Beta AMD VISION Engine Control Center ArgusMonitor Audacity 2.0.3 Auslogics BoostSpeed Battlefield 3™ Battlefield: Bad Company™ 2 Battlelog Web Plugins Broadcom NetXtreme-I Netlink Driver and Management Installer Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Counter-Strike: Source D3DX10 Dell System Detect Dell System Detect Bootstrapper EMET 4.0 ESN Sonar FileHippo.com Update Checker foobar2000 v1.2.8 Fraps Futuremark SystemInfo Gpg4win (2.1.1) HD Tach version 3 HP Officejet Pro 8600 Basic Device Software IsoBuster 3.2 Junk Mail filter update LastPass(uninstall only) LatencyMon 4.02 LinuxLive USB Creator LiveUSB Creator (remove only) Malwarebytes Anti-Malware version 1.75.0.1300 MD5 Checker version 4.0.0 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Message Analyzer Microsoft Security Client Microsoft Security Essentials Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 22.0 (x86 en-US) Mozilla Maintenance Service MPC-HC 1.6.7.7114 (9eb64ec) MPC-HC 1.6.8 (64-bit) MSVCRT MSVCRT_amd64 MSVCRT110 MSVCRT110_amd64 MSXML 4.0 SP2 (KB973688) Multimedia Card Reader NCsoft Launcher Nero 11 Collection 1 Nero 11 Kwik Themes 3 Nero 11 Kwik Themes 4 Nero 11 Mini Repack Nero 11 PiP Effects 1 Nero 11 v11.2.4.100 (x64) Nero 11 Video Transitions 1 Nero Backup Drivers Nexus Mod Manager NVIDIA PhysX Origin PeerBlock 1.1 (r518) PerformanceTest v8.0 Photo Common PunkBuster Services Quake Live Mozilla Plugin RealDownloader RealNetworks - Microsoft Visual C++ 2008 Runtime RealNetworks - Microsoft Visual C++ 2010 Runtime RealPlayer Realtek High Definition Audio Driver RealUpgrade 1.1 Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) SoulSeek 157 NS 13e SpeedFan (remove only) Steam Team Fortress 2 TechPowerUp GPU-Z TERA THX TruStudio PC Trillian Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2836939) Winamp Winamp Detector Plug-in Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows7FirewallControl (x64) 5.1.7.69 WinPcap 4.1.3 WinRAR 4.20 (64-bit) Wireshark 1.10.0 (64-bit) World of Warcraft WOT for Internet Explorer . ==== Event Viewer Messages From Past Week ======== . 7/7/2013 1:32:18 AM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 7/13/2013 6:07:56 PM, Error: Microsoft-Windows-Time-Service [4] - The time provider 'VMICTimeProvider' failed to start due to the following error: The specified module could not be found. (0x8007007E) 7/13/2013 6:07:42 PM, Error: Service Control Manager [7000] - The AODDriver4.2 service failed to start due to the following error: The system cannot find the file specified. 7/10/2013 12:58:28 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 7/10/2013 12:58:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 7/10/2013 12:57:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy pefndis Psched rdbss spldr tdx Wanarpv6 WfpLwf 7/10/2013 12:57:17 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 7/10/2013 12:57:17 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 7/10/2013 12:57:17 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 7/10/2013 12:57:17 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 7/10/2013 12:57:17 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 7/10/2013 12:57:17 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 7/10/2013 12:57:17 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 7/10/2013 12:57:17 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning. 7/10/2013 12:57:17 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 7/10/2013 12:57:17 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. . ==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16635 Run by Rick at 20:30:33 on 2013-07-13 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.3879 [GMT -4:00] . AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\PeerBlock\peerblock.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\System32\rundll32.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\EMET 4.0\EMET_Agent.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe C:\Windows\System32\WUDFHost.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\mmc.exe C:\Users\Rick\AppData\Local\Apps\2.0\1K7HLRXZ.MQ2\CQ98DNZ8.5PV\dell..tion_0f612f649c4a10af_0005.0000_a97905297feaae2c\DellSystemDetect.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\EMET 4.0\EMET_GUI.exe C:\Windows\system32\mmc.exe C:\Windows\System32\msdt.exe C:\Windows\System32\sdiagnhost.exe C:\Windows\system32\notepad.exe c:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve mWinlogon: Userinit = userinit.exe, BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN21PAR18Z05KF:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1 uRun: [DellSystemDetect] C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r mRun: [updReg] C:\Windows\UpdReg.EXE mRun: [EMET Agent] "C:\Program Files (x86)\EMET 4.0\EMET_agent.exe" uPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll Trusted Zone: dell.com TCP: Interfaces\{88A77C0C-ED7F-4099-8288-CAA724813347} : NameServer = 68.237.161.12,71.250.0.12 Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll SSODL: WebCheck - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll x64-Run: [Windows7FirewallControl] C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64 x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64 x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64 x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\hx63ye9g.default\ FF - prefs.js: browser.startup.homepage - www.yahoo.com FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll FF - plugin: C:\Users\Rick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-06-04 18:38; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2012-4-10 82560] R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2012-4-10 42624] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216] R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2013-1-27 72240] R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2013-1-27 15920] R1 pefndis;Microsoft PEF NDIS ETW Provider Driver;C:\Windows\System32\drivers\pefndis.sys [2013-2-3 61032] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984] R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472] R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2012-9-20 57512] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056] R2 Windows7FirewallService;Windows7FirewallService;C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [2013-1-26 764416] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-10-16 321064] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-25 25928] R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2013-1-26 24176] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-5-20 58536] S2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-25 701512] S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-2-4 46136] S3 DIRECTIO;DIRECTIO;C:\Program Files\PerformanceTest\DirectIo64.sys [2013-2-7 25704] S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2013-1-31 21712] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 139616] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600] S3 rspLLL;rspLLL;C:\Windows\System32\drivers\rspLLL64.sys [2013-1-24 24672] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-25 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-25 1255736] S3 wfpcapture;wfpcapture;C:\Windows\System32\drivers\wfpcapture.sys [2013-2-3 60024] S3 WfpCaptureUM;WfpCaptureUM;C:\Windows\System32\WfpCaptureUM.exe [2013-2-3 20480] S4 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2012-9-20 136648] S4 DirMngr;DirMngr;C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [2013-5-28 218112] S4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2013-2-3 135584] S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-25 418376] . =============== Created Last 30 ================ . 2013-07-13 08:14:07 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0003E7B4-2A90-476A-9466-B628A31401BC}\mpengine.dll 2013-07-12 14:27:45 9552976 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-07-10 16:58:36 2871808 ----a-w- C:\Windows\SysWow64\explorer.exe 2013-07-09 22:14:22 -------- d-----w- C:\Windows\System32\MRT 2013-07-09 21:17:59 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll 2013-07-09 21:17:58 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-07-09 21:17:58 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-07-09 21:17:57 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-07-09 21:17:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-07-09 21:12:46 1643520 ----a-w- C:\Windows\System32\DWrite.dll 2013-07-09 21:12:46 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll 2013-07-08 23:07:29 -------- d-----w- C:\FRST 2013-07-07 04:27:00 92056 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe 2013-07-07 04:27:00 867072 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe 2013-07-07 04:27:00 272792 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updater.exe 2013-07-07 04:27:00 20132248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll 2013-07-07 04:27:00 170232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe 2013-07-07 04:27:00 151960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll 2013-07-07 04:27:00 12800 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll 2013-07-07 04:27:00 124504 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll 2013-06-30 15:01:34 -------- d-----w- C:\Program Files (x86)\WinPcap 2013-06-30 14:59:52 -------- d-----w- C:\Program Files\Wireshark 2013-06-23 00:11:36 -------- d-----w- C:\Program Files (x86)\LinuxLive USB Creator 2013-06-21 08:45:15 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E91DC55F-2DCD-46F6-8A21-5AA48CE9FF24}\gapaengine.dll 2013-06-19 01:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys 2013-06-18 19:56:36 -------- d-----w- C:\Program Files (x86)\EMET 4.0 2013-06-18 05:18:29 -------- d-----w- C:\Program Files (x86)\LiveUSB Creator 2013-06-14 13:47:37 -------- d-----w- C:\Program Files (x86)\MD5 Checker . ==================== Find3M ==================== . 2013-07-13 22:34:02 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2013-07-13 22:34:02 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2013-07-13 22:33:33 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2013-07-09 21:10:33 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-07-09 21:10:33 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-06-19 01:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2013-06-14 20:19:42 549536 ----a-w- C:\Windows\apppatch\EMET.dll 2013-06-14 20:19:42 149664 ----a-w- C:\Windows\apppatch\AppPatch64\EMET64.dll 2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-06-04 22:38:02 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2013-06-04 22:38:02 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll 2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll 2013-05-20 20:01:55 0 ----a-w- C:\Windows\ativpsrm.bin 2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll 2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe 2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe 2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll 2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll 2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll 2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-05-06 06:03:49 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2013-05-06 04:56:35 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL 2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll 2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-01-25 01:03:32 14794312 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe . ============= FINISH: 20:31:19.34 ===============

yes sorry let me repost.

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll x64-Run: [Windows7FirewallControl] C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64 x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64 x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64 x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll x64-SSODL: WebCheck - . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\hx63ye9g.default\ FF - prefs.js: browser.startup.homepage - www.yahoo.com FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll FF - plugin: C:\Users\Rick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-06-04 18:38; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2012-4-10 82560] R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2012-4-10 42624] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216] R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2013-1-27 72240] R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2013-1-27 15920] R1 pefndis;Microsoft PEF NDIS ETW Provider Driver;C:\Windows\System32\drivers\pefndis.sys [2013-2-3 61032] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984] R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472] R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2012-9-20 57512] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056] R2 Windows7FirewallService;Windows7FirewallService;C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [2013-1-26 764416] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-10-16 321064] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-25 25928] R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2013-1-26 24176] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-5-20 58536] S2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-25 701512] S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-2-4 46136] S3 DIRECTIO;DIRECTIO;C:\Program Files\PerformanceTest\DirectIo64.sys [2013-2-7 25704] S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2013-1-31 21712] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 139616] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600] S3 rspLLL;rspLLL;C:\Windows\System32\drivers\rspLLL64.sys [2013-1-24 24672] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-25 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-25 1255736] S3 wfpcapture;wfpcapture;C:\Windows\System32\drivers\wfpcapture.sys [2013-2-3 60024] S3 WfpCaptureUM;WfpCaptureUM;C:\Windows\System32\WfpCaptureUM.exe [2013-2-3 20480] S4 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2012-9-20 136648] S4 DirMngr;DirMngr;C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [2013-5-28 218112] S4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2013-2-3 135584] S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-25 418376] . =============== Created Last 30 ================ . 2013-07-13 08:14:07 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0003E7B4-2A90-476A-9466-B628A31401BC}\mpengine.dll 2013-07-12 14:27:45 9552976 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-07-10 16:58:36 2871808 ----a-w- C:\Windows\SysWow64\explorer.exe 2013-07-09 22:14:22 -------- d-----w- C:\Windows\System32\MRT 2013-07-09 21:17:59 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll 2013-07-09 21:17:58 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-07-09 21:17:58 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-07-09 21:17:57 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-07-09 21:17:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-07-09 21:12:46 1643520 ----a-w- C:\Windows\System32\DWrite.dll 2013-07-09 21:12:46 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll 2013-07-08 23:07:29 -------- d-----w- C:\FRST 2013-07-07 04:27:00 92056 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe 2013-07-07 04:27:00 867072 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe 2013-07-07 04:27:00 272792 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updater.exe 2013-07-07 04:27:00 20132248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll 2013-07-07 04:27:00 170232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe 2013-07-07 04:27:00 151960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll 2013-07-07 04:27:00 12800 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll 2013-07-07 04:27:00 124504 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll 2013-06-30 15:01:34 -------- d-----w- C:\Program Files (x86)\WinPcap 2013-06-30 14:59:52 -------- d-----w- C:\Program Files\Wireshark 2013-06-23 00:11:36 -------- d-----w- C:\Program Files (x86)\LinuxLive USB Creator 2013-06-21 08:45:15 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E91DC55F-2DCD-46F6-8A21-5AA48CE9FF24}\gapaengine.dll 2013-06-19 01:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys 2013-06-18 19:56:36 -------- d-----w- C:\Program Files (x86)\EMET 4.0 2013-06-18 05:18:29 -------- d-----w- C:\Program Files (x86)\LiveUSB Creator 2013-06-14 13:47:37 -------- d-----w- C:\Program Files (x86)\MD5 Checker . ==================== Find3M ==================== . 2013-07-13 22:34:02 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2013-07-13 22:34:02 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2013-07-13 22:33:33 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2013-07-09 21:10:33 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-07-09 21:10:33 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-06-19 01:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2013-06-14 20:19:42 549536 ----a-w- C:\Windows\apppatch\EMET.dll 2013-06-14 20:19:42 149664 ----a-w- C:\Windows\apppatch\AppPatch64\EMET64.dll 2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-06-04 22:38:02 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2013-06-04 22:38:02 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll 2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll 2013-05-20 20:01:55 0 ----a-w- C:\Windows\ativpsrm.bin 2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll 2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe 2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe 2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll 2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll 2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll 2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-05-06 06:03:49 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2013-05-06 04:56:35 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL 2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll 2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-01-25 01:03:32 14794312 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe . ============= FINISH: 20:31:19.34 ===============

Yep.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-07-2013 Ran by Rick at 2013-07-10 12:58:35 Run:1 Running from E:\ Boot Mode: Safe Mode (minimal) ============================================== HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad58c0c5-669f-11e2-8abf-806e6f6e6963} => Key deleted successfully. HKCR\CLSID\{ad58c0c5-669f-11e2-8abf-806e6f6e6963} => Key not found. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbfbb5a4-db75-11e2-b613-842b2b9a14b5} => Key deleted successfully. HKCR\CLSID\{bbfbb5a4-db75-11e2-b613-842b2b9a14b5} => Key not found. C:\Users\Rick\Volumeid.exe => Moved successfully. Could not find C:\Windows\SysWOW64\explorer.exe. C:\Windows\explorer.exe copied successfully to C:\Windows\SysWOW64\explorer.exe ==== End of Fixlog ====

I moved the supposedly infected explorer.exe to a linux lvm partition. Should i move it back and re-scan? Here is the Search log as of now: Farbar Recovery Scan Tool (x64) Version: 08-07-2013 Ran by Rick at 2013-07-09 22:45:17 Running from E:\ Boot Mode: Safe Mode (minimal) ================== Search: "explorer.exe" =================== C:\Windows\explorer.exe [2013-01-25 00:44] - [2011-02-25 02:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3 C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2013-01-25 00:44] - [2011-02-26 01:19] - 2616320 ____A (Microsoft Corporation) 0FB9C74046656D1579A64660AD67B746 C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2013-01-25 02:32] - [2010-11-20 08:17] - 2616320 ____A (Microsoft Corporation) 40D777B7A95E00593EB1568C68514493 C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2013-01-25 00:44] - [2011-02-26 01:51] - 2614784 ____A (Microsoft Corporation) 255CF508D7CFB10E0794D6AC93280BD8 C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2013-01-25 00:45] - [2009-10-31 02:00] - 2614272 ____A (Microsoft Corporation) C76153C7ECA00FA852BB0C193378F917 C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2013-01-25 00:46] - [2009-08-03 01:49] - 2613248 ____A (Microsoft Corporation) 9FF6C4C91A3711C0A3B18F87B08B518D C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2013-01-25 00:44] - [2011-02-26 01:33] - 2614784 ____A (Microsoft Corporation) 2AF58D15EDC06EC6FDACCE1F19482BBF C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2013-01-25 00:45] - [2009-10-31 01:45] - 2614272 ____A (Microsoft Corporation) 2626FC9755BE22F805D3CFA0CE3EE727 C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2013-01-25 00:46] - [2009-08-03 01:35] - 2613248 ____A (Microsoft Corporation) B95EEB0F4E5EFBF1038A35B3351CF047 C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009-07-13 19:41] - [2009-07-13 21:14] - 2613248 ____A (Microsoft Corporation) 15BC38A7492BEFE831966ADB477CF76F C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2013-01-25 00:44] - [2011-02-26 02:14] - 2871808 ____A (Microsoft Corporation) 3B69712041F3D63605529BD66DC00C48 C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2013-01-25 00:44] - [2011-02-25 02:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3 C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2013-01-25 02:32] - [2010-11-20 09:24] - 2872320 ____A (Microsoft Corporation) AC4C51EB24AA95B77F705AB159189E24 C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2013-01-25 00:44] - [2011-02-26 02:26] - 2870784 ____A (Microsoft Corporation) E38899074D4951D31B4040E994DD7C8D C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2013-01-25 00:45] - [2009-10-31 02:38] - 2870272 ____A (Microsoft Corporation) B8EC4BD49CE8F6FC457721BFC210B67F C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2013-01-25 00:46] - [2009-08-03 02:19] - 2868224 ____A (Microsoft Corporation) 700073016DAC1C3D2E7E2CE4223334B6 C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2013-01-25 00:44] - [2011-02-26 02:23] - 2870272 ____A (Microsoft Corporation) 0862495E0C825893DB75EF44FAEA8E93 C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2013-01-25 00:45] - [2009-10-31 02:34] - 2870272 ____A (Microsoft Corporation) 9AAAEC8DAC27AA17B053E6352AD233AE C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe [2013-01-25 00:46] - [2009-08-03 02:17] - 2868224 ____A (Microsoft Corporation) F170B4A061C9E026437B193B4D571799 C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009-07-13 19:56] - [2009-07-13 21:39] - 2868224 ____A (Microsoft Corporation) C235A51CB740E45FFA0EBFB9BAFCDA64 ====== End Of Search ====== Thanks again. Rick.

I notice it shows a warning for missing explorer.exe which is one of the files the vscan quarantined.