Avianspark

Gringo, Thank you for all your help. The computer is running just fine now. I already use MSE and I find that it generally works quite well. I will take a look at the other programs you mentioned.

Alright, I turned off the startup files I don't find myself using often (which is most of them). Here is the ESET scan report: C:\Program Files\LMMS\Babylon9_setup.exe Win32/Toolbar.Babylon application C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\Reactivate.exe.vir a variant of Win32/Toolbar.Zugo application C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\Toolbar32.dll.vir a variant of Win32/Toolbar.Zugo application C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarBroker.exe.vir a variant of Win32/Toolbar.Zugo application C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe.vir a variant of Win32/Toolbar.Zugo application C:\Users\Avianspark\Downloads\avc-free.exe Win32/OpenCandy application C:\Users\Avianspark\Downloads\cnet_asinstall_exe.exe a variant of Win32/InstallCore.D application C:\Users\Avianspark\Downloads\cnet_avidemux_2_5_r7200_win64_exe.exe a variant of Win32/InstallCore.D application C:\Users\Avianspark\Downloads\cnet_debutsetup_exe.exe a variant of Win32/InstallCore.D application C:\Users\Avianspark\Downloads\cnet_full_video_converter_free_exe.exe a variant of Win32/InstallCore.D application C:\Users\Avianspark\Downloads\cnet_JahshakaSetupV2_0_exe.exe a variant of Win32/InstallCore.D application C:\Users\Avianspark\Downloads\cnet_mpsetup_exe.exe a variant of Win32/InstallCore.D application C:\Users\Avianspark\Downloads\cnet_powertab_zip.exe a variant of Win32/InstallCore.D application C:\Users\Avianspark\Downloads\cnet_tefv_exe.exe a variant of Win32/InstallCore.D application C:\Users\Avianspark\Downloads\cnet_VideoSpin_1_1_Setup_exe.exe a variant of Win32/InstallCore.D application C:\Users\Avianspark\Downloads\cnet_youtubemoviemaker_exe.exe a variant of Win32/InstallCore.D application C:\Users\Avianspark\Downloads\FreeVideoToMP3Converter.exe Win32/OpenCandy application C:\Users\Avianspark\Downloads\lmms-0.4.13-win64.exe Win32/Toolbar.Babylon application C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\updater-startnow-200-2.5-g[1].exe a variant of Win32/Toolbar.Zugo application C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\updater-startnow-200-2.5-g[1].exe a variant of Win32/Toolbar.Zugo application

Alright then, here is the Malwarebytes log: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.14.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Avianspark :: WATSON [administrator] 1/14/2013 4:38:46 PM mbam-log-2013-01-14 (16-38-46).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 217095 Time elapsed: 2 minute(s), 39 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Users\Avianspark\Downloads\SoftonicDownloader_for_pinnacle-videospin.exe (PUP.OfferBundler.ST) -> Quarantined and deleted successfully. C:\Users\Avianspark\Downloads\SoftonicDownloader_for_virtualdub.exe (PUP.OfferBundler.ST) -> Quarantined and deleted successfully. (end) And the HijackThis log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 4:48:44 PM, on 1/14/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16457) Boot mode: Normal Running processes: C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Steam\steam.exe C:\Users\Avianspark\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe C:\Program Files (x86)\ubuntuone\dist\ubuntuone-control-panel-qt.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Users\Avianspark\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Bamboo Dock\BambooCore.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\ubuntuone\dist\ubuntuone-proxy-tunnel.exe C:\Program Files (x86)\ubuntuone\dist\ubuntu-sso-login.exe C:\Users\Avianspark\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/g/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED O4 - HKLM\..\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [bambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Avianspark\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Avianspark\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [RockMelt Update] "C:\Users\Avianspark\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c O4 - HKCU\..\Run: [ubuntu One] "C:\Program Files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe" O4 - HKCU\..\Run: [ubuntu One Icon] "C:\Program Files (x86)\ubuntuone\dist\ubuntuone-control-panel-qt.exe" --minimized --with-icon O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - res://C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Add to TOSHIBA Bulletin Board - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll O9 - Extra 'Tools' menuitem: Add to TOSHIBA Bulletin Board - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: *.clonewarsadventures.com O15 - Trusted Zone: *.freerealms.com O15 - Trusted Zone: *.soe.com O15 - Trusted Zone: *.sony.com O16 - DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} (CCAWebLogin Control) - https://ha-netcas01/auth/CCALogin.CAB O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing) O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing) O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 15654 bytes The computer is running well.

Here is the result of that report: µTorrent Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop Elements 8.0 Adobe Photoshop.com Inspiration Browser Adobe Reader X (10.1.5) Amazon Links Anvil Studio 2011 Anvil Studio 2012 Any Video Converter 3.2.7 Apple Application Support Apple Software Update AtomTime Pro 3.1d Audacity 1.3.14 (Unicode) Bamboo Dock Bejeweled 2 Deluxe Cake Mania - Lights, Camera, Action! CamStudio OSS Desktop Recorder Chuzzle Deluxe Cisco Connect Color Efex Pro 3.0 Wacom Edition 3 Corel Painter Essentials 4 Coupon Printer for Windows D3DX10 Debut Video Capture Software eReg Facebook Video Calling 1.2.0.287 FATE - The Traitor Soul FeralHeart version 1.13 Foldit Free Video to MP3 Converter version 5.0.20.1031 Garry's Mod GIMP 2.6.11 Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper Governor of Poker 2 Premium Edition Hewlett-Packard ACLM.NET v1.1.0.0 HP Photo Creations HP Photosmart 6510 series Help HP Product Detection HP Update Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology Intel® Wireless Display Java 7 Update 9 Java Auto Updater Java 6 Update 22 Java 6 Update 35 Jewel Quest - Heritage JMicron Flash Media Controller Driver Junk Mail filter update JustCloud Setup Label@Once 1.0 League of Legends LMMS 0.4.13 LogMeIn Hamachi Mesh Runtime Microsoft .NET Framework 1.1 Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Primary Interoperability Assemblies 2005 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft XNA Framework Redistributable 3.0 Minecraft Texturepack Editor Minutor Mozilla Firefox 18.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 Mystery P.I. - The London Caper Norton PC Checkup OpenOffice.org 3.3 Pando Media Booster PESTERCHUM Picasa 3 Plants vs. Zombies - Game of the Year PlayReady PC Runtime x86 Pokemon Online 1.0.30 Patch 1 Polar Bowler Portal Power Tab Editor 1.7 Prism Video File Converter Project64 1.6 QuickTime Raven Lite 1.0 Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Renesas Electronics USB 3.0 Host Controller Driver RockMelt Safari Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Sid Meier's Civilization V Skype Click to Call Skype Launcher Skype™ 6.0 Spotify Star Wars: The Old Republic Steam Sumo Paint Bamboo 2.2 TEFView 2.69 Toshiba App Place TOSHIBA Application Installer TOSHIBA Assist Toshiba Book Place TOSHIBA Bulletin Board TOSHIBA Face Recognition TOSHIBA Flash Cards Support Utility TOSHIBA Hardware Setup TOSHIBA HDD/SSD Alert Toshiba Laptop Checkup TOSHIBA Media Controller TOSHIBA Media Controller Plug-in Toshiba Online Backup TOSHIBA Quality Application TOSHIBA ReelTime TOSHIBA Service Station TOSHIBA Sleep Utility TOSHIBA Supervisor Password TOSHIBA Value Added Package TOSHIBA VIDEO PLAYER TOSHIBA Web Camera Application ToshibaRegistration Tune Sweeper Ubuntu Ubuntu One Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Utility Common Driver VideoPad Video Editor WebTablet FB Plugin WebTablet IE Plugin WebTablet Netscape Plugin WildTangent Games WildTangent ORB Game Console Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WolfQuest

Log from ComboFix: ComboFix 13-01-14.01 - Avianspark 01/14/2013 12:42:59.4.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.3704 [GMT -5:00] Running from: c:\users\Avianspark\Desktop\ComboFix.exe Command switches used :: c:\users\Avianspark\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-12-14 to 2013-01-14 ))))))))))))))))))))))))))))))) . . 2013-01-14 17:53 . 2013-01-14 17:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-14 04:26 . 2013-01-14 04:27 -------- d-----w- c:\users\Avianspark\AppData\Roaming\.techniclauncher 2013-01-13 18:47 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2A529E4-8A08-4C3D-806E-575623EE965A}\mpengine.dll 2013-01-13 18:46 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys 2013-01-13 18:46 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll 2013-01-13 18:46 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll 2013-01-13 18:46 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2013-01-13 18:46 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll 2013-01-13 18:46 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2013-01-13 18:46 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2013-01-13 18:46 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2013-01-13 18:46 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2013-01-13 18:25 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-13 04:39 . 2013-01-13 04:40 -------- d-----w- c:\users\Avianspark\lmms 2013-01-12 08:28 . 2013-01-12 08:28 -------- d-----w- C:\FRST 2013-01-09 15:54 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll 2013-01-09 15:53 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe 2013-01-09 15:53 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2013-01-09 04:02 . 2013-01-09 04:02 16369160 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2013-01-06 03:12 . 2013-01-06 03:12 -------- d-----w- c:\users\Avianspark\AppData\Local\pesterchum 2013-01-06 03:09 . 2013-01-06 03:10 -------- d-----w- C:\Pesterchum 2012-12-28 03:01 . 2012-12-28 03:01 -------- d-----w- c:\program files\WinBoard-4.6.2 2012-12-22 16:29 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-22 16:29 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-22 16:29 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-22 16:29 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-10 15:06 . 2011-09-03 00:07 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-09 04:02 . 2012-04-06 00:42 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-09 04:02 . 2011-09-07 17:51 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-11-30 04:45 . 2013-01-09 15:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-29 02:41 . 2012-11-29 02:42 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04DD7EF8-BCBF-41C2-80D1-8BB0531C9EF0}\gapaengine.dll 2012-11-24 22:53 . 2011-09-07 16:03 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-11-14 07:06 . 2012-12-13 14:17 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-13 14:17 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-13 14:18 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-13 14:18 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-13 14:18 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-13 14:18 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-13 14:18 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-13 14:18 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-13 14:18 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-13 14:18 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-13 14:18 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-13 14:17 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-13 14:18 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-13 14:18 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-13 14:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-13 14:18 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-13 14:18 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-13 14:18 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-13 14:18 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-13 14:18 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-13 14:18 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-13 14:18 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 18:52 . 2012-11-09 18:52 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll 2012-11-09 18:52 . 2012-11-09 18:52 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll 2012-11-09 05:45 . 2012-12-12 14:49 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:42 . 2012-12-12 14:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-02 05:59 . 2012-12-12 14:48 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-11-02 05:11 . 2012-12-12 14:48 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-10-22 14:10 . 2012-10-22 14:11 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-10-22 14:10 . 2012-06-30 18:06 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-10-22 14:10 . 2010-12-28 15:41 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-29 39408] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-08 1354736] "Spotify Web Helper"="c:\users\Avianspark\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-31 1193176] "Facebook Update"="c:\users\Avianspark\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096] "RockMelt Update"="c:\users\Avianspark\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2012-07-03 136336] "Ubuntu One"="c:\program files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe" [2012-08-15 47304] "Ubuntu One Icon"="c:\program files (x86)\ubuntuone\dist\ubuntuone-control-panel-qt.exe" [2012-08-15 40136] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480] "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936] "KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-09-14 35440] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-07-01 1295224] "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-11-02 2475384] "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792] "ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2013-01-10 646744] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] . c:\users\Avianspark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-11-29 173656] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-07 340240] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2011-09-08 13312] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-03 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024] S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880] S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2010-12-18 482384] S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712] S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2012-12-05 132056] S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe [2009-08-24 126392] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-04-07 294328] S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560] S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-11-16 822704] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-10-24 42392] . . Contents of the 'Scheduled Tasks' folder . 2013-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 04:02] . 2013-01-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-408874301-226799211-2608599606-1001Core.job - c:\users\Avianspark\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-11 20:38] . 2013-01-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-408874301-226799211-2608599606-1001UA.job - c:\users\Avianspark\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-11 20:38] . 2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 00:52] . 2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 00:52] . 2013-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-408874301-226799211-2608599606-1001Core.job - c:\users\Avianspark\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-07 02:45] . 2013-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-408874301-226799211-2608599606-1001UA.job - c:\users\Avianspark\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-07 02:45] . 2013-01-14 c:\windows\Tasks\HP Photo Creations Messager.job - c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11] . 2013-01-14 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-408874301-226799211-2608599606-1001Core.job - c:\users\Avianspark\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-07-03 03:29] . 2013-01-14 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-408874301-226799211-2608599606-1001UA.job - c:\users\Avianspark\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-07-03 03:29] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}] c:\program files (x86)\Expat Shield\HssIE\ExpatIE_64.dll [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ThpSrv"="c:\windows\system32\thpsrv" [X] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU] "HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [bU] "SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [bU] "00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-09 11663976] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-12-10 2186856] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [bU] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-07 1933584] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976] "TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [bU] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU] "TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-05 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-05 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-05 418840] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704] "Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://start.toshiba.com/g/ uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local>;*.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: Interfaces\{1CC681C3-D959-483B-8390-AA2E7B904364}\2656C6B696E6534376: DhcpNameServer = 192.168.2.1 DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} - hxxps://ha-netcas01/auth/CCALogin.CAB FF - ProfilePath - c:\users\Avianspark\AppData\Roaming\Mozilla\Firefox\Profiles\n4821xg8.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q= FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-12-13 09:51; tabforacause@tabforacause.org; c:\users\Avianspark\AppData\Roaming\Mozilla\Firefox\Profiles\n4821xg8.default\extensions\tabforacause@tabforacause.org.xpi . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) ShellIconOverlayIdentifiers-{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} - (no file) AddRemove-WT089366 - c:\program files (x86)\TOSHIBA Games\Cake Mania - Lights AddRemove-_{53A908D4-99C6-469B-BC13-F4189F260742} - c:\program files (x86)\Corel\Corel Painter Essentials 4\MSILauncher {53A908D4-99C6-469B-BC13-F4189F260742} . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr] "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-14 13:23:49 ComboFix-quarantined-files.txt 2013-01-14 18:23 ComboFix2.txt 2013-01-14 17:17 ComboFix3.txt 2013-01-12 21:49 ComboFix4.txt 2013-01-12 20:56 . Pre-Run: 423,035,887,616 bytes free Post-Run: 422,741,590,016 bytes free . - - End Of File - - 9456EAE2DE07375D88547EA599BF3FF2

Here is the Combofix log: ComboFix 13-01-14.01 - Avianspark 01/14/2013 12:08:25.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.3730 [GMT -5:00] Running from: c:\users\Avianspark\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-12-14 to 2013-01-14 ))))))))))))))))))))))))))))))) . . 2013-01-14 17:14 . 2013-01-14 17:14 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-14 04:26 . 2013-01-14 04:27 -------- d-----w- c:\users\Avianspark\AppData\Roaming\.techniclauncher 2013-01-13 18:47 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2A529E4-8A08-4C3D-806E-575623EE965A}\mpengine.dll 2013-01-13 18:46 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys 2013-01-13 18:46 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll 2013-01-13 18:46 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll 2013-01-13 18:46 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2013-01-13 18:46 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll 2013-01-13 18:46 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2013-01-13 18:46 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2013-01-13 18:46 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2013-01-13 18:46 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2013-01-13 18:25 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-13 04:39 . 2013-01-13 04:40 -------- d-----w- c:\users\Avianspark\lmms 2013-01-12 08:28 . 2013-01-12 08:28 -------- d-----w- C:\FRST 2013-01-09 15:54 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll 2013-01-09 15:53 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe 2013-01-09 15:53 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2013-01-09 04:02 . 2013-01-09 04:02 16369160 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2013-01-06 03:12 . 2013-01-06 03:12 -------- d-----w- c:\users\Avianspark\AppData\Local\pesterchum 2013-01-06 03:09 . 2013-01-06 03:10 -------- d-----w- C:\Pesterchum 2012-12-28 03:01 . 2012-12-28 03:01 -------- d-----w- c:\program files\WinBoard-4.6.2 2012-12-22 16:29 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-22 16:29 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-22 16:29 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-22 16:29 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-10 15:06 . 2011-09-03 00:07 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-09 04:02 . 2012-04-06 00:42 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-09 04:02 . 2011-09-07 17:51 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-11-30 04:45 . 2013-01-09 15:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-29 02:41 . 2012-11-29 02:42 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04DD7EF8-BCBF-41C2-80D1-8BB0531C9EF0}\gapaengine.dll 2012-11-24 22:53 . 2011-09-07 16:03 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-11-14 07:06 . 2012-12-13 14:17 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-13 14:17 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-13 14:18 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-13 14:18 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-13 14:18 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-13 14:18 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-13 14:18 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-13 14:18 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-13 14:18 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-13 14:18 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-13 14:18 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-13 14:17 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-13 14:18 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-13 14:18 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-13 14:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-13 14:18 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-13 14:18 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-13 14:18 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-13 14:18 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-13 14:18 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-13 14:18 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-13 14:18 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 18:52 . 2012-11-09 18:52 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll 2012-11-09 18:52 . 2012-11-09 18:52 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll 2012-11-09 05:45 . 2012-12-12 14:49 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:42 . 2012-12-12 14:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-02 05:59 . 2012-12-12 14:48 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-11-02 05:11 . 2012-12-12 14:48 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-10-22 14:10 . 2012-10-22 14:11 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-10-22 14:10 . 2012-06-30 18:06 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-10-22 14:10 . 2010-12-28 15:41 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-29 39408] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-08 1354736] "Spotify Web Helper"="c:\users\Avianspark\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-31 1193176] "Facebook Update"="c:\users\Avianspark\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096] "RockMelt Update"="c:\users\Avianspark\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2012-07-03 136336] "Ubuntu One"="c:\program files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe" [2012-08-15 47304] "Ubuntu One Icon"="c:\program files (x86)\ubuntuone\dist\ubuntuone-control-panel-qt.exe" [2012-08-15 40136] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480] "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936] "KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-09-14 35440] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-07-01 1295224] "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-11-02 2475384] "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792] "ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2013-01-10 646744] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] . c:\users\Avianspark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-07 340240] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2011-09-08 13312] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-03 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024] S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880] S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2010-12-18 482384] S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712] S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2012-12-05 132056] S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe [2009-08-24 126392] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-04-07 294328] S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-11-29 173656] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560] S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-11-16 822704] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-10-24 42392] . . Contents of the 'Scheduled Tasks' folder . 2013-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 04:02] . 2013-01-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-408874301-226799211-2608599606-1001Core.job - c:\users\Avianspark\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-11 20:38] . 2013-01-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-408874301-226799211-2608599606-1001UA.job - c:\users\Avianspark\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-11 20:38] . 2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 00:52] . 2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 00:52] . 2013-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-408874301-226799211-2608599606-1001Core.job - c:\users\Avianspark\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-07 02:45] . 2013-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-408874301-226799211-2608599606-1001UA.job - c:\users\Avianspark\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-07 02:45] . 2013-01-14 c:\windows\Tasks\HP Photo Creations Messager.job - c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11] . 2013-01-14 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-408874301-226799211-2608599606-1001Core.job - c:\users\Avianspark\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-07-03 03:29] . 2013-01-14 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-408874301-226799211-2608599606-1001UA.job - c:\users\Avianspark\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-07-03 03:29] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}] c:\program files (x86)\Expat Shield\HssIE\ExpatIE_64.dll [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ThpSrv"="c:\windows\system32\thpsrv" [X] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU] "HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [bU] "SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [bU] "00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-09 11663976] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-12-10 2186856] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [bU] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-07 1933584] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976] "TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [bU] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU] "TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-05 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-05 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-05 418840] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704] "Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://start.toshiba.com/g/ uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local>;*.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.254.254 TCP: Interfaces\{1CC681C3-D959-483B-8390-AA2E7B904364}\2656C6B696E6534376: DhcpNameServer = 192.168.2.1 DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} - hxxps://ha-netcas01/auth/CCALogin.CAB FF - ProfilePath - c:\users\Avianspark\AppData\Roaming\Mozilla\Firefox\Profiles\n4821xg8.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q= FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-12-13 09:51; tabforacause@tabforacause.org; c:\users\Avianspark\AppData\Roaming\Mozilla\Firefox\Profiles\n4821xg8.default\extensions\tabforacause@tabforacause.org.xpi . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) ShellIconOverlayIdentifiers-{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} - (no file) AddRemove-WT089366 - c:\program files (x86)\TOSHIBA Games\Cake Mania - Lights AddRemove-_{53A908D4-99C6-469B-BC13-F4189F260742} - c:\program files (x86)\Corel\Corel Painter Essentials 4\MSILauncher {53A908D4-99C6-469B-BC13-F4189F260742} . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr] "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-14 12:17:07 ComboFix-quarantined-files.txt 2013-01-14 17:17 ComboFix2.txt 2013-01-12 21:49 ComboFix3.txt 2013-01-12 20:56 . Pre-Run: 423,008,657,408 bytes free Post-Run: 422,954,999,808 bytes free . - - End Of File - - AF7493420399CF57E232945140F80C7A My computer is running well. I haven't had any further problems.

Alright, the Security Check report: Results of screen317's Security Check version 0.99.57 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 6 Update 22 Java 6 Update 35 Java 7 Update 9 Java version out of Date! Adobe Flash Player 11.5.502.146 Adobe Reader 10.1.5 Adobe Reader out of Date! Mozilla Firefox (18.0) Google Chrome 23.0.1271.97 Google Chrome 24.0.1312.52 Google Chrome plugins... ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` The AdwCleaner report: # AdwCleaner v2.105 - Logfile created 01/14/2013 at 11:06:40 # Updated 08/01/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Avianspark - WATSON # Boot Mode : Normal # Running from : C:\Users\Avianspark\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Mozilla Firefox v18.0 (en-US) File : C:\Users\Avianspark\AppData\Roaming\Mozilla\Firefox\Profiles\n4821xg8.default\prefs.js [OK] File is clean. -\\ Google Chrome v24.0.1312.52 File : C:\Users\Avianspark\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [6162 octets] - [12/01/2013 15:05:37] AdwCleaner[s2].txt - [886 octets] - [14/01/2013 11:06:40] ########## EOF - C:\AdwCleaner[s2].txt - [945 octets] ########## And the RogueKiller report: RogueKiller V8.4.3 [Jan 10 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Avianspark [Admin rights] Mode : Remove -- Date : 01/14/2013 11:14:58 ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH] RockMeltCrashHandler.exe -- C:\Users\Avianspark\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 5 ¤¤¤ [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK6475GSX +++++ --- User --- [MBR] b160487bfc6ac84ce560763677cc8463 [bSP] 9aea41b8e68f29d8e55f759e679e76ba : Windows Vista MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 595667 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1223000064 | Size: 13312 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[4]_D_01142013_02d1114.txt >> RKreport[1]_S_01122013_02d1518.txt ; RKreport[2]_D_01122013_02d1518.txt ; RKreport[3]_S_01142013_02d1112.txt ; RKreport[4]_D_01142013_02d1114.txt

Here is the Combofix report after running the script: ComboFix 13-01-12.01 - Avianspark 01/12/2013 16:09:24.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.3715 [GMT -5:00] Running from: c:\users\Avianspark\Desktop\ComboFix.exe Command switches used :: c:\users\Avianspark\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-12-12 to 2013-01-12 ))))))))))))))))))))))))))))))) . . 2013-01-12 21:19 . 2013-01-12 21:19 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-12 20:24 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1D0918E3-27E8-4FD3-9985-A62598A970F8}\mpengine.dll 2013-01-12 08:28 . 2013-01-12 08:28 -------- d-----w- C:\FRST 2013-01-11 15:14 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-09 15:54 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll 2013-01-09 15:53 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe 2013-01-09 15:53 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2013-01-09 04:02 . 2013-01-09 04:02 16369160 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2013-01-06 03:12 . 2013-01-06 03:12 -------- d-----w- c:\users\Avianspark\AppData\Local\pesterchum 2013-01-06 03:09 . 2013-01-06 03:10 -------- d-----w- C:\Pesterchum 2012-12-28 03:01 . 2012-12-28 03:01 -------- d-----w- c:\program files\WinBoard-4.6.2 2012-12-22 16:29 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-22 16:29 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-22 16:29 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-22 16:29 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll 2012-12-15 15:45 . 2012-12-15 15:45 -------- d-----w- c:\program files\iPod 2012-12-15 15:45 . 2012-12-15 15:46 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-15 15:45 . 2012-12-15 15:46 -------- d-----w- c:\program files\iTunes 2012-12-15 15:45 . 2012-12-15 15:46 -------- d-----w- c:\program files (x86)\iTunes 2012-12-14 20:19 . 2013-01-11 20:25 -------- d-----w- c:\users\Avianspark\AppData\Roaming\logs 2012-12-14 16:44 . 2012-12-14 16:46 -------- d-----w- c:\users\Avianspark\AppData\Roaming\ftblauncher . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-10 15:06 . 2011-09-03 00:07 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-09 04:02 . 2012-04-06 00:42 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-09 04:02 . 2011-09-07 17:51 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-11-30 04:45 . 2013-01-09 15:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-29 02:41 . 2012-11-29 02:42 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04DD7EF8-BCBF-41C2-80D1-8BB0531C9EF0}\gapaengine.dll 2012-11-24 22:53 . 2011-09-07 16:03 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-11-14 07:06 . 2012-12-13 14:17 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-13 14:17 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-13 14:18 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-13 14:18 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-13 14:18 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-13 14:18 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-13 14:18 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-13 14:18 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-13 14:18 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-13 14:18 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-13 14:18 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-13 14:17 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-13 14:18 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-13 14:18 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-13 14:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-13 14:18 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-13 14:18 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-13 14:18 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-13 14:18 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-13 14:18 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-13 14:18 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-13 14:18 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 18:52 . 2012-11-09 18:52 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll 2012-11-09 18:52 . 2012-11-09 18:52 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll 2012-11-09 05:45 . 2012-12-12 14:49 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:42 . 2012-12-12 14:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-02 05:59 . 2012-12-12 14:48 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-11-02 05:11 . 2012-12-12 14:48 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-10-22 14:10 . 2012-10-22 14:11 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-10-22 14:10 . 2012-06-30 18:06 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-10-22 14:10 . 2010-12-28 15:41 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-10-16 08:38 . 2012-11-28 13:43 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-28 13:43 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-28 13:43 561664 ----a-w- c:\windows\apppatch\AcLayers.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-29 39408] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-08 1354736] "Spotify Web Helper"="c:\users\Avianspark\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-31 1193176] "Facebook Update"="c:\users\Avianspark\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096] "RockMelt Update"="c:\users\Avianspark\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2012-07-03 136336] "Ubuntu One"="c:\program files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe" [2012-08-15 47304] "Ubuntu One Icon"="c:\program files (x86)\ubuntuone\dist\ubuntuone-control-panel-qt.exe" [2012-08-15 40136] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480] "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936] "KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-09-14 35440] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-07-01 1295224] "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-11-02 2475384] "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792] "ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2013-01-10 646744] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] . c:\users\Avianspark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-11-29 173656] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-07 340240] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2011-09-08 13312] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-03 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024] S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880] S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2010-12-18 482384] S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712] S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2012-12-05 132056] S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe [2009-08-24 126392] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-04-07 294328] S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 412264] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560] S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-11-16 822704] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-10-24 42392] . . Contents of the 'Scheduled Tasks' folder . 2013-01-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 04:02] . 2013-01-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-408874301-226799211-2608599606-1001Core.job - c:\users\Avianspark\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-11 20:38] . 2013-01-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-408874301-226799211-2608599606-1001UA.job - c:\users\Avianspark\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-11 20:38] . 2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 00:52] . 2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 00:52] . 2013-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-408874301-226799211-2608599606-1001Core.job - c:\users\Avianspark\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-07 02:45] . 2013-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-408874301-226799211-2608599606-1001UA.job - c:\users\Avianspark\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-07 02:45] . 2013-01-12 c:\windows\Tasks\HP Photo Creations Messager.job - c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11] . 2013-01-11 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-408874301-226799211-2608599606-1001Core.job - c:\users\Avianspark\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-07-03 03:29] . 2013-01-12 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-408874301-226799211-2608599606-1001UA.job - c:\users\Avianspark\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-07-03 03:29] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}] c:\program files (x86)\Expat Shield\HssIE\ExpatIE_64.dll [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ThpSrv"="c:\windows\system32\thpsrv" [X] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU] "HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [bU] "SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [bU] "00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-09 11663976] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-12-10 2186856] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [bU] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-07 1933584] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976] "TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [bU] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU] "TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-05 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-05 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-05 418840] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704] "Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://start.toshiba.com/g/ uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local>;*.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.254.254 TCP: Interfaces\{1CC681C3-D959-483B-8390-AA2E7B904364}\2656C6B696E6534376: DhcpNameServer = 192.168.2.1 DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} - hxxps://ha-netcas01/auth/CCALogin.CAB FF - ProfilePath - c:\users\Avianspark\AppData\Roaming\Mozilla\Firefox\Profiles\n4821xg8.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q= FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-12-13 09:51; tabforacause@tabforacause.org; c:\users\Avianspark\AppData\Roaming\Mozilla\Firefox\Profiles\n4821xg8.default\extensions\tabforacause@tabforacause.org.xpi . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) ShellIconOverlayIdentifiers-{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} - (no file) AddRemove-WT089366 - c:\program files (x86)\TOSHIBA Games\Cake Mania - Lights AddRemove-_{53A908D4-99C6-469B-BC13-F4189F260742} - c:\program files (x86)\Corel\Corel Painter Essentials 4\MSILauncher {53A908D4-99C6-469B-BC13-F4189F260742} . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr] "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-12 16:48:50 ComboFix-quarantined-files.txt 2013-01-12 21:48 ComboFix2.txt 2013-01-12 20:56 . Pre-Run: 422,269,747,200 bytes free Post-Run: 421,972,140,032 bytes free . - - End Of File - - E4FDABB1CC77B7FEEED5FC97D730C409 My computer seems to be running just fine. Thank you again for all your help.

Here is the ComboFix log: ComboFix 13-01-12.01 - Avianspark 01/12/2013 15:44:21.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.3993 [GMT -5:00] Running from: c:\users\Avianspark\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\StartNow Toolbar c:\program files (x86)\StartNow Toolbar\Reactivate.exe c:\program files (x86)\StartNow Toolbar\ReactivateFF.exe c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png c:\program files (x86)\StartNow Toolbar\Resources\installer.xml c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml c:\program files (x86)\StartNow Toolbar\Resources\update.xml c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe c:\program files (x86)\StartNow Toolbar\Toolbar32.dll c:\program files (x86)\StartNow Toolbar\ToolbarBroker.exe c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe c:\program files (x86)\StartNow Toolbar\uninstall.dat c:\program files (x86)\StartNow Toolbar\XBrowser.dll c:\programdata\Roaming c:\users\Avianspark\AppData\Roaming\Mozilla\Firefox\Profiles\n4821xg8.default\searchplugins\bing-zugo.xml c:\users\Avianspark\AppData\Roaming\WTouch c:\users\Avianspark\AppData\Roaming\WTouch\WTouch.xml c:\windows\SysWow64\URTTemp c:\windows\SysWow64\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2012-12-12 to 2013-01-12 ))))))))))))))))))))))))))))))) . . 2013-01-12 20:53 . 2013-01-12 20:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-12 20:24 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1D0918E3-27E8-4FD3-9985-A62598A970F8}\mpengine.dll 2013-01-12 08:28 . 2013-01-12 08:28 -------- d-----w- C:\FRST 2013-01-11 15:14 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-09 15:54 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll 2013-01-09 15:53 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe 2013-01-09 15:53 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2013-01-09 04:02 . 2013-01-09 04:02 16369160 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2013-01-06 03:12 . 2013-01-06 03:12 -------- d-----w- c:\users\Avianspark\AppData\Local\pesterchum 2013-01-06 03:09 . 2013-01-06 03:10 -------- d-----w- C:\Pesterchum 2012-12-28 03:01 . 2012-12-28 03:01 -------- d-----w- c:\program files\WinBoard-4.6.2 2012-12-22 16:29 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-22 16:29 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-22 16:29 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-22 16:29 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll 2012-12-15 15:45 . 2012-12-15 15:45 -------- d-----w- c:\program files\iPod 2012-12-15 15:45 . 2012-12-15 15:46 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-15 15:45 . 2012-12-15 15:46 -------- d-----w- c:\program files\iTunes 2012-12-15 15:45 . 2012-12-15 15:46 -------- d-----w- c:\program files (x86)\iTunes 2012-12-14 20:19 . 2013-01-11 20:25 -------- d-----w- c:\users\Avianspark\AppData\Roaming\logs 2012-12-14 16:44 . 2012-12-14 16:46 -------- d-----w- c:\users\Avianspark\AppData\Roaming\ftblauncher . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-10 15:06 . 2011-09-03 00:07 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-09 04:02 . 2012-04-06 00:42 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-09 04:02 . 2011-09-07 17:51 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-11-30 04:45 . 2013-01-09 15:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-29 02:41 . 2012-11-29 02:42 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04DD7EF8-BCBF-41C2-80D1-8BB0531C9EF0}\gapaengine.dll 2012-11-24 22:53 . 2011-09-07 16:03 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-11-14 07:06 . 2012-12-13 14:17 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-13 14:17 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-13 14:18 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-13 14:18 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-13 14:18 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-13 14:18 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-13 14:18 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-13 14:18 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-13 14:18 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-13 14:18 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-13 14:18 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-13 14:17 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-13 14:18 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-13 14:18 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-13 14:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-13 14:18 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-13 14:18 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-13 14:18 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-13 14:18 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-13 14:18 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-13 14:18 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-13 14:18 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 18:52 . 2012-11-09 18:52 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll 2012-11-09 18:52 . 2012-11-09 18:52 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll 2012-11-09 05:45 . 2012-12-12 14:49 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:42 . 2012-12-12 14:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-02 05:59 . 2012-12-12 14:48 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-11-02 05:11 . 2012-12-12 14:48 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-10-22 14:10 . 2012-10-22 14:11 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-10-22 14:10 . 2012-06-30 18:06 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-10-22 14:10 . 2010-12-28 15:41 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-10-16 08:38 . 2012-11-28 13:43 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-28 13:43 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-28 13:43 561664 ----a-w- c:\windows\apppatch\AcLayers.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-29 39408] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-08 1354736] "Spotify Web Helper"="c:\users\Avianspark\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-31 1193176] "Facebook Update"="c:\users\Avianspark\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096] "RockMelt Update"="c:\users\Avianspark\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2012-07-03 136336] "Ubuntu One"="c:\program files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe" [2012-08-15 47304] "Ubuntu One Icon"="c:\program files (x86)\ubuntuone\dist\ubuntuone-control-panel-qt.exe" [2012-08-15 40136] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480] "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936] "KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-09-14 35440] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-07-01 1295224] "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-11-02 2475384] "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792] "ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2013-01-10 646744] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] . c:\users\Avianspark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-11-29 173656] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-07 340240] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2011-09-08 13312] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-03 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024] S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880] S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2010-12-18 482384] S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712] S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2012-12-05 132056] S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe [2009-08-24 126392] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-04-07 294328] S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 412264] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560] S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-11-16 822704] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-10-24 42392] . . Contents of the 'Scheduled Tasks' folder . 2013-01-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 04:02] . 2013-01-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-408874301-226799211-2608599606-1001Core.job - c:\users\Avianspark\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-11 20:38] . 2013-01-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-408874301-226799211-2608599606-1001UA.job - c:\users\Avianspark\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-11 20:38] . 2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 00:52] . 2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 00:52] . 2013-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-408874301-226799211-2608599606-1001Core.job - c:\users\Avianspark\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-07 02:45] . 2013-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-408874301-226799211-2608599606-1001UA.job - c:\users\Avianspark\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-07 02:45] . 2013-01-12 c:\windows\Tasks\HP Photo Creations Messager.job - c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11] . 2013-01-11 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-408874301-226799211-2608599606-1001Core.job - c:\users\Avianspark\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-07-03 03:29] . 2013-01-12 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-408874301-226799211-2608599606-1001UA.job - c:\users\Avianspark\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-07-03 03:29] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ThpSrv"="c:\windows\system32\thpsrv" [X] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-09 11663976] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-12-10 2186856] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-07 1933584] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-05 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-05 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-05 418840] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://start.toshiba.com/g/ uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local>;*.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: Interfaces\{1CC681C3-D959-483B-8390-AA2E7B904364}\2656C6B696E6534376: DhcpNameServer = 192.168.2.1 DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} - hxxps://ha-netcas01/auth/CCALogin.CAB FF - ProfilePath - c:\users\Avianspark\AppData\Roaming\Mozilla\Firefox\Profiles\n4821xg8.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q= FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-12-13 09:51; tabforacause@tabforacause.org; c:\users\Avianspark\AppData\Roaming\Mozilla\Firefox\Profiles\n4821xg8.default\extensions\tabforacause@tabforacause.org.xpi . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) ShellIconOverlayIdentifiers-{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} - (no file) Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe Wow6432Node-HKLM-Run-<NO NAME> - (no file) BHO-{3706EE7C-3CAD-445D-8A43-03EBC3B75908} - c:\program files (x86)\Expat Shield\HssIE\ExpatIE_64.dll Toolbar-Locked - (no file) ShellIconOverlayIdentifiers-{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} - (no file) HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe AddRemove-WT089366 - c:\program files (x86)\TOSHIBA Games\Cake Mania - Lights AddRemove-_{53A908D4-99C6-469B-BC13-F4189F260742} - c:\program files (x86)\Corel\Corel Painter Essentials 4\MSILauncher {53A908D4-99C6-469B-BC13-F4189F260742} . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr] "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-12 15:56:32 ComboFix-quarantined-files.txt 2013-01-12 20:56 . Pre-Run: 417,884,618,752 bytes free Post-Run: 422,214,901,760 bytes free . - - End Of File - - D566691CF8F0082E3FA38909E5682976 I have not had any subsequent problems. My computer seems to be operating fine.

Also, what should I do with the "RK_Quarantine" folder on my desktop?

Alright, here is the AdwCleaner report: # AdwCleaner v2.105 - Logfile created 01/12/2013 at 15:05:37 # Updated 08/01/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Avianspark - WATSON # Boot Mode : Normal # Running from : C:\Users\Avianspark\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** Stopped & Deleted : Updater Service for StartNow Toolbar ***** [Files / Folders] ***** File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\Users\AVIANS~1\AppData\Local\Temp\boost_interprocess ***** [Registry] ***** Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\StartNow Toolbar Key Deleted : HKCU\Software\Zugo Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E} Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1 Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA} Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\Software\StartNow Toolbar Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Deleted : HKLM\SOFTWARE\Software Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [startNowToolbarHelper] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Mozilla Firefox v18.0 (en-US) File : C:\Users\Avianspark\AppData\Roaming\Mozilla\Firefox\Profiles\n4821xg8.default\prefs.js C:\Users\Avianspark\AppData\Roaming\Mozilla\Firefox\Profiles\n4821xg8.default\user.js ... Deleted ! Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.install_folder", "C:\\Program Files (x86)\\StartNo[...] Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.name", "StartNow Toolbar"); Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.startpage", "lf.startnow.com"); -\\ Google Chrome v24.0.1312.52 File : C:\Users\Avianspark\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [6045 octets] - [12/01/2013 15:05:37] ########## EOF - C:\AdwCleaner[s1].txt - [6105 octets] ########## And here is the RogueKiller report: RogueKiller V8.4.3 [Jan 10 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Avianspark [Admin rights] Mode : Remove -- Date : 01/12/2013 15:18:52 ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH] RockMeltCrashHandler.exe -- C:\Users\Avianspark\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 4 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : EPSON Stylus CX7800 Series (C:\windows\system32\spool\DRIVERS\x64\3\E_IATIAFA.EXE /FU "C:\windows\TEMP\E_SCE09.tmp" /EF "HKCU") -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ] HKCU\[...]\Command Processor : AutoRun ("C:\Users\Avianspark\AppData\Local\_gzysxapmk.exe") -> DELETED ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK6475GSX +++++ --- User --- [MBR] b160487bfc6ac84ce560763677cc8463 [bSP] 9aea41b8e68f29d8e55f759e679e76ba : Windows Vista MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 595667 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1223000064 | Size: 13312 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_01122013_02d1518.txt >> RKreport[1]_S_01122013_02d1518.txt ; RKreport[2]_D_01122013_02d1518.txt

Yes, it will. Thank you so much for your help! Are there any other scans, etc. that I need to run?

Here is the Fixlog.txt file: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-01-2013 Ran by SYSTEM at 2013-01-12 12:58:44 Run:1 Running from E:\ ============================================== HKEY_USERS\Avianspark\Software\Microsoft\Windows\CurrentVersion\Run\\og_fehuborr Value deleted successfully. HKEY_USERS\Avianspark\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr Value deleted successfully. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value was restored successfully . C:\Users\Avianspark\AppData\Roaming\_gzysxapmk.exe moved successfully. C:\Users\Avianspark\AppData\Local\_gzysxapmk.exe moved successfully. C:\Users\All Users\_gzysxapmk.exe moved successfully. ==== End of Fixlog ====

Gringo, thank you very much for your fast reply. Here is the FRST.txt file: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-01-2013 Ran by SYSTEM at 12-01-2013 11:24:28 Running from E:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [] [x] HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2010-10-18] (TOSHIBA Corporation) HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation) HKLM\...\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation) HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11663976 2010-12-09] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [2186856 2010-12-10] (Realtek Semiconductor) HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2107176 2010-03-11] (Synaptics Incorporated) HKLM\...\Run: [ThpSrv] C:\windows\system32\thpsrv /logon [x] HKLM\...\Run: [smartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation) HKLM\...\Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2010-12-07] (Intel® Corporation) HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-11-16] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [597416 2010-11-16] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-07-09] (TOSHIBA Corporation) HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation) HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1544104 2011-04-07] (TOSHIBA Corporation) HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.) HKLM-x32\...\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL [532480 2010-11-09] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP [423936 2010-03-04] (TOSHIBA Electronics, Inc.) HKLM-x32\...\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [35440 2010-09-14] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [x] HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1295224 2010-07-01] (TOSHIBA Corporation) HKLM-x32\...\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2475384 2010-11-02] (TOSHIBA CORPORATION.) HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED [3218792 2010-08-17] (Toshiba) HKLM-x32\...\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [552960 2010-09-23] (Toshiba) HKLM-x32\...\Run: [startNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe" [x] HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [bambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2013-01-10] () HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2254768 2012-12-10] (LogMeIn Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.) HKU\Avianspark\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-12-28] (Google Inc.) HKU\Avianspark\...\Run: [EPSON Stylus CX7800 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIAFA.EXE /FU "C:\windows\TEMP\E_SCE09.tmp" /EF "HKCU" [211968 2007-01-23] (SEIKO EPSON CORPORATION) HKU\Avianspark\...\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1354736 2012-12-08] (Valve Corporation) HKU\Avianspark\...\Run: [Google Update] "C:\Users\Avianspark\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-03-06] (Google Inc.) HKU\Avianspark\...\Run: [spotify Web Helper] "C:\Users\Avianspark\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-07-30] () HKU\Avianspark\...\Run: [Facebook Update] "C:\Users\Avianspark\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.) HKU\Avianspark\...\Run: [RockMelt Update] "C:\Users\Avianspark\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c [136336 2012-07-02] (RockMelt Inc.) HKU\Avianspark\...\Run: [ubuntu One] "C:\Program Files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe" [47304 2012-08-15] () HKU\Avianspark\...\Run: [ubuntu One Icon] "C:\Program Files (x86)\ubuntuone\dist\ubuntuone-control-panel-qt.exe" --minimized --with-icon [40136 2012-08-15] () HKU\Avianspark\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation) HKU\Avianspark\...\Run: [og_fehuborr] C:\ProgramData\_gzysxapmk [x] HKU\Avianspark\...\Policies\system: [DisableTaskMgr] 1 HKLM\...\Winlogon: [shell] explorer.exe, C:\ProgramData\_gzysxapmk [x ] () Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) Startup: C:\Users\Avianspark\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Services (Whitelisted) =================== 2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation) 3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-07] () 3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation) 2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe /s [132056 2012-12-05] (Symantec Corporation) 2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\diMaster.dll" /prefetch:1 [132984 2009-08-29] (Symantec Corporation) 2 Updater Service for StartNow Toolbar; C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [265952 2012-06-22] () 3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x] ==================== Drivers (Whitelisted) ===================== 0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation) 2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2013-01-12 00:28 - 2013-01-12 00:28 - 00000000 ____D C:\FRST 2013-01-11 19:01 - 2013-01-11 21:10 - 00153088 ____A (Eventys Co. Ltd.) C:\Users\Avianspark\AppData\Roaming\_gzysxapmk.exe 2013-01-11 18:57 - 2013-01-11 21:10 - 00153088 ____A (Eventys Co. Ltd.) C:\Users\Avianspark\AppData\Local\_gzysxapmk.exe 2013-01-11 18:57 - 2013-01-11 21:08 - 00153088 ____A (Eventys Co. Ltd.) C:\Users\All Users\_gzysxapmk.exe 2013-01-11 07:49 - 2013-01-11 07:49 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{25B108D3-3FB3-41BC-B8DE-C839BA7AC73D} 2013-01-11 07:30 - 2013-01-11 07:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-01-10 07:44 - 2013-01-10 07:44 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{C4E527E8-55E9-42C4-BADB-E9F6B09F2052} 2013-01-09 19:43 - 2013-01-09 19:44 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{117421A2-FD67-472E-86C6-B71424A25AC4} 2013-01-09 07:55 - 2012-12-07 05:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll 2013-01-09 07:55 - 2012-12-07 05:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll 2013-01-09 07:55 - 2012-12-07 04:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll 2013-01-09 07:55 - 2012-12-07 04:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll 2013-01-09 07:55 - 2012-12-07 03:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs 2013-01-09 07:55 - 2012-12-07 03:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs 2013-01-09 07:55 - 2012-12-07 03:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs 2013-01-09 07:55 - 2012-12-07 03:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs 2013-01-09 07:55 - 2012-12-07 03:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs 2013-01-09 07:55 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs 2013-01-09 07:55 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs 2013-01-09 07:55 - 2012-12-07 03:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs 2013-01-09 07:55 - 2012-12-07 03:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs 2013-01-09 07:55 - 2012-12-07 03:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs 2013-01-09 07:55 - 2012-12-07 03:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs 2013-01-09 07:55 - 2012-12-07 03:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs 2013-01-09 07:55 - 2012-12-07 03:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs 2013-01-09 07:55 - 2012-12-07 03:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs 2013-01-09 07:55 - 2012-12-07 02:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs 2013-01-09 07:55 - 2012-12-07 02:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs 2013-01-09 07:55 - 2012-12-07 02:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs 2013-01-09 07:55 - 2012-12-07 02:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs 2013-01-09 07:55 - 2012-12-07 02:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs 2013-01-09 07:55 - 2012-12-07 02:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs 2013-01-09 07:55 - 2012-12-07 02:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs 2013-01-09 07:55 - 2012-12-07 02:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs 2013-01-09 07:55 - 2012-12-07 02:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs 2013-01-09 07:55 - 2012-12-07 02:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs 2013-01-09 07:55 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs 2013-01-09 07:55 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs 2013-01-09 07:55 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs 2013-01-09 07:55 - 2012-12-07 02:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs 2013-01-09 07:55 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-01-09 07:55 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-01-09 07:55 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2013-01-09 07:55 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2013-01-09 07:55 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2013-01-09 07:55 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2013-01-09 07:54 - 2012-11-29 21:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll 2013-01-09 07:54 - 2012-11-29 21:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll 2013-01-09 07:54 - 2012-11-29 21:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2013-01-09 07:54 - 2012-11-29 21:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll 2013-01-09 07:54 - 2012-11-29 21:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll 2013-01-09 07:54 - 2012-11-29 21:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2013-01-09 07:54 - 2012-11-29 21:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll 2013-01-09 07:54 - 2012-11-29 21:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 21:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 20:54 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-01-09 07:54 - 2012-11-29 20:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-01-09 07:54 - 2012-11-29 20:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2013-01-09 07:54 - 2012-11-29 20:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 20:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 19:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe 2013-01-09 07:54 - 2012-11-29 18:44 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-01-09 07:54 - 2012-11-29 18:44 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-01-09 07:54 - 2012-11-29 18:44 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-01-09 07:54 - 2012-11-29 18:44 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-01-09 07:54 - 2012-11-29 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-01-09 07:54 - 2012-11-29 15:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls 2013-01-09 07:54 - 2012-11-29 15:15 - 00420064 ____A C:\Windows\System32\locale.nls 2013-01-09 07:54 - 2012-11-21 21:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll 2013-01-09 07:54 - 2012-11-21 20:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2013-01-09 07:54 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2013-01-09 07:54 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2013-01-09 07:53 - 2012-11-22 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-01-09 07:53 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe 2013-01-09 07:43 - 2013-01-09 07:43 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{7B515C4F-2647-491B-A4E3-2FE89999EC94} 2013-01-08 20:02 - 2013-01-08 20:02 - 16369160 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2013-01-08 19:42 - 2013-01-08 19:43 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{ED424D80-AFEB-4E7E-A6FE-4B40E8801FFD} 2013-01-08 08:28 - 2013-01-08 08:28 - 00006585 ____A C:\Users\Avianspark\.recently-used.xbel 2013-01-08 07:42 - 2013-01-08 07:42 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{48290ACC-A291-4D36-8E82-147425FEB73A} 2013-01-07 19:37 - 2013-01-07 19:37 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{A366CB7E-CE1C-4B9E-B927-6DDECF15843F} 2013-01-07 07:36 - 2013-01-07 07:36 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{1AA1C239-7587-4FC2-8512-6D227EE76120} 2013-01-06 08:45 - 2013-01-06 08:45 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{407B28B4-2DE8-4DD5-B980-94D56AEBED47} 2013-01-05 20:44 - 2013-01-05 20:45 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{82589F10-6D51-4C10-B08A-85535AF7D6D7} 2013-01-05 19:12 - 2013-01-05 19:12 - 00000000 ____D C:\Users\Avianspark\AppData\Local\pesterchum 2013-01-05 19:09 - 2013-01-05 19:10 - 00000000 ____D C:\Pesterchum 2013-01-05 19:06 - 2013-01-05 19:09 - 26452857 ____A C:\Users\Avianspark\Downloads\pesterchum3.41.exe 2013-01-05 08:44 - 2013-01-05 08:44 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{4EF95165-E12C-4846-9349-1C1F7832A20A} 2013-01-04 22:01 - 2013-01-04 22:01 - 00031673 ____A C:\Users\Avianspark\Downloads\Dice.zip 2013-01-04 22:01 - 2013-01-04 22:01 - 00000000 ____D C:\Users\Avianspark\Downloads\Dice 2013-01-04 20:02 - 2013-01-04 20:02 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{203378BD-0862-425F-BC61-316EB04A3CAA} 2013-01-04 08:01 - 2013-01-04 08:02 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{BE091666-5388-4ED4-A14B-CACC19EB860E} 2013-01-03 20:01 - 2013-01-03 20:01 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{F37419E8-F7B9-4DB2-94DE-44B7A5706042} 2013-01-03 08:01 - 2013-01-03 08:01 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{88A9FE20-3C2F-49BD-A7F7-5B026CDCA2F7} 2013-01-02 09:52 - 2013-01-02 09:52 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{904F853D-B4D4-4816-BD9D-E1EC5322EF3B} 2013-01-01 21:52 - 2013-01-01 21:52 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{41D1B1E4-0122-4614-9E3E-8D966F74E177} 2013-01-01 09:51 - 2013-01-01 09:51 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{FDB966B6-ACFE-4EDF-BCC8-15CB5B04DE9B} 2012-12-31 20:18 - 2012-12-31 20:18 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{29622F1C-C87E-4463-8FB0-C97C51E1366F} 2012-12-31 08:17 - 2012-12-31 08:18 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{AC4CA78E-0352-4D8F-BB4E-6CC5896CC7B4} 2012-12-30 20:17 - 2012-12-30 20:17 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{FB0E5AEB-2A7C-4936-94F4-251828ADE615} 2012-12-30 19:54 - 2012-12-30 19:54 - 00000352 ____A C:\Users\Avianspark\Desktop\Chess.lnk 2012-12-30 08:17 - 2012-12-30 08:17 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{7BD52E56-8C09-4751-8C2E-2BD70D5A1F45} 2012-12-29 20:00 - 2012-12-29 20:03 - 00000000 ____D C:\Users\Avianspark\Downloads\LOTR 2012-12-29 19:53 - 2012-12-29 19:53 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{DD079835-66D9-45C5-B507-A2ED41B89DEC} 2012-12-28 20:03 - 2012-12-28 20:03 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{CB1D2D94-F0DF-4AA2-B8E3-2CE0C6B7A993} 2012-12-28 08:02 - 2012-12-28 08:03 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{534F652E-338F-4D41-83FE-EAA02F046B93} 2012-12-27 19:30 - 2012-12-29 15:27 - 00012734 ____A C:\Users\Avianspark\AppData\Roaming\winboard.ini 2012-12-27 19:06 - 2012-12-27 19:06 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{597D78D7-426F-417E-B0B2-2B4A3D663295} 2012-12-27 19:01 - 2012-12-27 19:01 - 00000000 ____D C:\Program Files\WinBoard-4.6.2 2012-12-27 18:22 - 2012-12-27 19:00 - 02293515 ____A C:\Users\Avianspark\Downloads\WinBoard-4.6.2.exe 2012-12-27 07:05 - 2012-12-27 07:05 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{E8EB331B-2664-48AE-A6ED-0255A1A1C7B9} 2012-12-26 19:05 - 2012-12-26 19:05 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{A078E920-00C4-41FE-A11C-68B88E45AABD} 2012-12-26 07:04 - 2012-12-26 07:04 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{56CD2398-9C2A-4485-8ABB-E031CD1696B2} 2012-12-25 17:57 - 2012-12-25 17:57 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{926FDFE4-D4FE-4715-9120-80E32E8CE021} 2012-12-22 08:29 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll 2012-12-22 08:29 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll 2012-12-22 08:29 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2012-12-22 08:29 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2012-12-18 16:57 - 2012-12-18 16:58 - 00000000 ____D C:\Users\Avianspark\Downloads\Porter's cmd parody 2012-12-18 16:57 - 2012-12-18 16:57 - 00000066 ____A C:\Users\Avianspark\Downloads\RUN.bat 2012-12-18 16:56 - 2012-12-18 16:56 - 00003344 ____A C:\Users\Avianspark\Downloads\Commands.jar 2012-12-18 09:45 - 2012-12-18 09:46 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{054CB3B0-DBA0-47E4-BECC-84F4EDDF47B1} 2012-12-17 21:07 - 2012-12-17 21:07 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{AF796F66-E88F-47A3-A606-14AE615DCB99} 2012-12-17 09:07 - 2012-12-17 09:07 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{48661CD0-51BA-49D7-805C-8718B0AC90A6} 2012-12-16 19:54 - 2012-12-16 19:55 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{E491B107-7097-44D2-A8BE-D2A172E5BD15} 2012-12-16 07:54 - 2012-12-16 07:54 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{A885F97D-9B00-4A67-BAB6-EAEC29F30DFC} 2012-12-15 19:37 - 2012-12-15 19:37 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{F4EBF2BB-710F-4702-96C9-7553995BA228} 2012-12-15 07:46 - 2012-12-15 07:46 - 00001794 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-12-15 07:45 - 2012-12-15 07:46 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-15 07:45 - 2012-12-15 07:46 - 00000000 ____D C:\Program Files\iTunes 2012-12-15 07:45 - 2012-12-15 07:46 - 00000000 ____D C:\Program Files (x86)\iTunes 2012-12-15 07:45 - 2012-12-15 07:45 - 00000000 ____D C:\Program Files\iPod 2012-12-15 07:36 - 2012-12-15 07:36 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{873C91E1-573F-41C0-94F8-665A44EED239} 2012-12-14 12:19 - 2013-01-06 18:09 - 00582227 ____A C:\Users\Avianspark\AppData\Roaming\technic-launcher.jar 2012-12-14 12:19 - 2012-12-14 12:19 - 00581642 ____A C:\Users\Avianspark\AppData\Roaming\technic-launcher.jar.bak 2012-12-14 12:19 - 2012-12-14 12:19 - 00001860 ____A C:\Users\Avianspark\Desktop\Technic Launcher.lnk 2012-12-14 08:44 - 2012-12-14 08:46 - 00000000 ____D C:\Users\Avianspark\AppData\Roaming\ftblauncher 2012-12-14 08:18 - 2012-12-14 08:18 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{901C16BD-859F-45F0-BDB0-F32916880501} 2012-12-13 07:17 - 2012-12-13 07:17 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{AA58B6A4-B3C1-4CA3-AA1E-33CF7FF698C2} 2012-12-13 06:18 - 2012-11-13 22:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-12-13 06:18 - 2012-11-13 22:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-12-13 06:18 - 2012-11-13 22:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-12-13 06:18 - 2012-11-13 22:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-12-13 06:18 - 2012-11-13 22:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-12-13 06:18 - 2012-11-13 21:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-12-13 06:18 - 2012-11-13 21:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-12-13 06:18 - 2012-11-13 21:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-12-13 06:18 - 2012-11-13 21:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-12-13 06:18 - 2012-11-13 21:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-12-13 06:18 - 2012-11-13 21:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-12-13 06:18 - 2012-11-13 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-12-13 06:18 - 2012-11-13 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-12-13 06:18 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-12-13 06:18 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-12-13 06:18 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-12-13 06:18 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-12-13 06:18 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-12-13 06:18 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-12-13 06:18 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-12-13 06:18 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-12-13 06:18 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-12-13 06:18 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-12-13 06:18 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-12-13 06:18 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-12-13 06:17 - 2012-11-13 23:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-12-13 06:17 - 2012-11-13 22:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-12-13 06:17 - 2012-11-13 21:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-12-13 06:17 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-12-13 06:17 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-12-13 06:17 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-12-13 06:17 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll ==================== One Month Modified Files and Folders ======= 2013-01-12 00:28 - 2013-01-12 00:28 - 00000000 ____D C:\FRST 2013-01-11 21:10 - 2013-01-11 19:01 - 00153088 ____A (Eventys Co. Ltd.) C:\Users\Avianspark\AppData\Roaming\_gzysxapmk.exe 2013-01-11 21:10 - 2013-01-11 18:57 - 00153088 ____A (Eventys Co. Ltd.) C:\Users\Avianspark\AppData\Local\_gzysxapmk.exe 2013-01-11 21:08 - 2013-01-11 18:57 - 00153088 ____A (Eventys Co. Ltd.) C:\Users\All Users\_gzysxapmk.exe 2013-01-11 21:02 - 2009-07-13 21:13 - 00741092 ____A C:\Windows\System32\PerfStringBackup.INI 2013-01-11 20:50 - 2011-12-09 17:32 - 00000000 ____D C:\Program Files (x86)\Steam 2013-01-11 20:50 - 2010-12-28 16:52 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-01-11 20:49 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-01-11 20:49 - 2009-07-13 20:51 - 00057606 ____A C:\Windows\setupact.log 2013-01-11 19:17 - 2011-09-02 15:51 - 00000000 ____D C:\Users\Avianspark\AppData\Roaming\Skype 2013-01-11 19:10 - 2011-06-11 16:15 - 01420693 ____A C:\Windows\WindowsUpdate.log 2013-01-11 19:09 - 2009-07-13 20:45 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-01-11 19:09 - 2009-07-13 20:45 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-01-11 19:02 - 2012-10-15 10:52 - 00000000 ____D C:\Users\Avianspark\AppData\Local\LogMeIn Hamachi 2013-01-11 19:00 - 2012-06-13 09:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-01-11 19:00 - 2010-12-28 16:55 - 00268772 ____A C:\Windows\PFRO.log 2013-01-11 18:34 - 2012-07-02 19:29 - 00000948 ____A C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-408874301-226799211-2608599606-1001UA.job 2013-01-11 18:29 - 2012-03-06 18:45 - 00000928 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-408874301-226799211-2608599606-1001UA.job 2013-01-11 18:24 - 2010-12-28 16:52 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-01-11 18:01 - 2012-06-30 12:14 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-01-11 18:01 - 2012-03-26 06:32 - 00000266 ____A C:\Windows\Tasks\HP Photo Creations Messager.job 2013-01-11 16:45 - 2012-01-22 08:34 - 00000000 ____D C:\Users\Avianspark\AppData\Local\PMB Files 2013-01-11 16:45 - 2012-01-22 08:34 - 00000000 ____D C:\Users\All Users\PMB Files 2013-01-11 16:43 - 2012-05-11 09:33 - 00000948 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-408874301-226799211-2608599606-1001UA.job 2013-01-11 13:43 - 2012-05-11 09:33 - 00000926 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-408874301-226799211-2608599606-1001Core.job 2013-01-11 12:25 - 2012-07-07 09:47 - 00000000 ____D C:\Users\Avianspark\AppData\Roaming\.techniclauncher 2013-01-11 08:29 - 2012-12-05 13:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak 2013-01-11 07:49 - 2013-01-11 07:49 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{25B108D3-3FB3-41BC-B8DE-C839BA7AC73D} 2013-01-11 07:30 - 2013-01-11 07:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-01-11 07:29 - 2012-03-06 18:45 - 00000876 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-408874301-226799211-2608599606-1001Core.job 2013-01-11 07:03 - 2012-07-02 19:29 - 00000896 ____A C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-408874301-226799211-2608599606-1001Core.job 2013-01-10 13:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-01-10 08:09 - 2009-07-13 21:08 - 00028776 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-01-10 08:08 - 2009-07-13 20:45 - 00305248 ____A C:\Windows\System32\FNTCACHE.DAT 2013-01-10 07:44 - 2013-01-10 07:44 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{C4E527E8-55E9-42C4-BADB-E9F6B09F2052} 2013-01-10 07:17 - 2012-06-20 13:27 - 00000000 ____D C:\Users\All Users\Wacom 2013-01-10 07:16 - 2012-06-20 13:27 - 00000000 ____D C:\Users\Avianspark\AppData\Roaming\Wacom 2013-01-10 07:16 - 2012-06-20 13:26 - 00000000 ____D C:\Program Files (x86)\Bamboo Dock 2013-01-10 07:06 - 2011-09-02 16:07 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-01-09 19:44 - 2013-01-09 19:43 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{117421A2-FD67-472E-86C6-B71424A25AC4} 2013-01-09 08:04 - 2011-10-31 11:33 - 00000000 ____D C:\Users\Avianspark\AppData\Roaming\.minecraft 2013-01-09 07:43 - 2013-01-09 07:43 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{7B515C4F-2647-491B-A4E3-2FE89999EC94} 2013-01-08 20:02 - 2013-01-08 20:02 - 16369160 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2013-01-08 20:02 - 2012-04-05 16:42 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-01-08 20:02 - 2011-09-07 09:51 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-01-08 19:43 - 2013-01-08 19:42 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{ED424D80-AFEB-4E7E-A6FE-4B40E8801FFD} 2013-01-08 08:28 - 2013-01-08 08:28 - 00006585 ____A C:\Users\Avianspark\.recently-used.xbel 2013-01-08 08:28 - 2011-10-25 08:49 - 00000000 ____D C:\Users\Avianspark\AppData\Roaming\gtk-2.0 2013-01-08 08:28 - 2011-10-25 08:45 - 00000000 ____D C:\Users\Avianspark\.gimp-2.6 2013-01-08 08:28 - 2011-09-01 17:59 - 00000000 ____D C:\users\Avianspark 2013-01-08 07:42 - 2013-01-08 07:42 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{48290ACC-A291-4D36-8E82-147425FEB73A} 2013-01-07 19:37 - 2013-01-07 19:37 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{A366CB7E-CE1C-4B9E-B927-6DDECF15843F} 2013-01-07 07:36 - 2013-01-07 07:36 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{1AA1C239-7587-4FC2-8512-6D227EE76120} 2013-01-06 18:09 - 2012-12-14 12:19 - 00582227 ____A C:\Users\Avianspark\AppData\Roaming\technic-launcher.jar 2013-01-06 08:45 - 2013-01-06 08:45 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{407B28B4-2DE8-4DD5-B980-94D56AEBED47} 2013-01-05 20:45 - 2013-01-05 20:44 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{82589F10-6D51-4C10-B08A-85535AF7D6D7} 2013-01-05 19:12 - 2013-01-05 19:12 - 00000000 ____D C:\Users\Avianspark\AppData\Local\pesterchum 2013-01-05 19:10 - 2013-01-05 19:09 - 00000000 ____D C:\Pesterchum 2013-01-05 19:09 - 2013-01-05 19:06 - 26452857 ____A C:\Users\Avianspark\Downloads\pesterchum3.41.exe 2013-01-05 18:24 - 2012-11-19 08:46 - 00000000 ____D C:\Program Files (x86)\PC Checkup 2013-01-05 08:44 - 2013-01-05 08:44 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{4EF95165-E12C-4846-9349-1C1F7832A20A} 2013-01-04 22:01 - 2013-01-04 22:01 - 00031673 ____A C:\Users\Avianspark\Downloads\Dice.zip 2013-01-04 22:01 - 2013-01-04 22:01 - 00000000 ____D C:\Users\Avianspark\Downloads\Dice 2013-01-04 21:32 - 2011-09-01 18:10 - 00000000 ____D C:\Users\Avianspark\AppData\Local\Google 2013-01-04 20:02 - 2013-01-04 20:02 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{203378BD-0862-425F-BC61-316EB04A3CAA} 2013-01-04 08:02 - 2013-01-04 08:01 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{BE091666-5388-4ED4-A14B-CACC19EB860E} 2013-01-03 20:01 - 2013-01-03 20:01 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{F37419E8-F7B9-4DB2-94DE-44B7A5706042} 2013-01-03 16:09 - 2011-09-02 16:37 - 00000000 ____D C:\Users\Avianspark\AppData\Local\CrashDumps 2013-01-03 08:01 - 2013-01-03 08:01 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{88A9FE20-3C2F-49BD-A7F7-5B026CDCA2F7} 2013-01-02 09:52 - 2013-01-02 09:52 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{904F853D-B4D4-4816-BD9D-E1EC5322EF3B} 2013-01-01 21:52 - 2013-01-01 21:52 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{41D1B1E4-0122-4614-9E3E-8D966F74E177} 2013-01-01 17:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF 2013-01-01 09:51 - 2013-01-01 09:51 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{FDB966B6-ACFE-4EDF-BCC8-15CB5B04DE9B} 2012-12-31 20:18 - 2012-12-31 20:18 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{29622F1C-C87E-4463-8FB0-C97C51E1366F} 2012-12-31 08:18 - 2012-12-31 08:17 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{AC4CA78E-0352-4D8F-BB4E-6CC5896CC7B4} 2012-12-30 20:17 - 2012-12-30 20:17 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{FB0E5AEB-2A7C-4936-94F4-251828ADE615} 2012-12-30 19:54 - 2012-12-30 19:54 - 00000352 ____A C:\Users\Avianspark\Desktop\Chess.lnk 2012-12-30 12:57 - 2012-04-04 09:29 - 00000000 ____D C:\Users\Avianspark\AppData\Roaming\uTorrent 2012-12-30 08:17 - 2012-12-30 08:17 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{7BD52E56-8C09-4751-8C2E-2BD70D5A1F45} 2012-12-29 20:03 - 2012-12-29 20:00 - 00000000 ____D C:\Users\Avianspark\Downloads\LOTR 2012-12-29 19:53 - 2012-12-29 19:53 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{DD079835-66D9-45C5-B507-A2ED41B89DEC} 2012-12-29 19:48 - 2012-04-04 09:28 - 00969104 ____A (BitTorrent, Inc.) C:\Users\Avianspark\Downloads\uTorrent.exe 2012-12-29 15:27 - 2012-12-27 19:30 - 00012734 ____A C:\Users\Avianspark\AppData\Roaming\winboard.ini 2012-12-28 20:03 - 2012-12-28 20:03 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{CB1D2D94-F0DF-4AA2-B8E3-2CE0C6B7A993} 2012-12-28 08:03 - 2012-12-28 08:02 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{534F652E-338F-4D41-83FE-EAA02F046B93} 2012-12-27 23:19 - 2011-09-01 18:04 - 00067976 ____A C:\Users\Avianspark\AppData\Local\GDIPFONTCACHEV1.DAT 2012-12-27 19:06 - 2012-12-27 19:06 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{597D78D7-426F-417E-B0B2-2B4A3D663295} 2012-12-27 19:01 - 2012-12-27 19:01 - 00000000 ____D C:\Program Files\WinBoard-4.6.2 2012-12-27 19:00 - 2012-12-27 18:22 - 02293515 ____A C:\Users\Avianspark\Downloads\WinBoard-4.6.2.exe 2012-12-27 07:05 - 2012-12-27 07:05 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{E8EB331B-2664-48AE-A6ED-0255A1A1C7B9} 2012-12-26 19:05 - 2012-12-26 19:05 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{A078E920-00C4-41FE-A11C-68B88E45AABD} 2012-12-26 07:04 - 2012-12-26 07:04 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{56CD2398-9C2A-4485-8ABB-E031CD1696B2} 2012-12-25 17:57 - 2012-12-25 17:57 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{926FDFE4-D4FE-4715-9120-80E32E8CE021} 2012-12-19 07:39 - 2011-09-02 12:20 - 00000000 ____D C:\Users\Avianspark\AppData\Roaming\SoftGrid Client 2012-12-18 16:58 - 2012-12-18 16:57 - 00000000 ____D C:\Users\Avianspark\Downloads\Porter's cmd parody 2012-12-18 16:57 - 2012-12-18 16:57 - 00000066 ____A C:\Users\Avianspark\Downloads\RUN.bat 2012-12-18 16:56 - 2012-12-18 16:56 - 00003344 ____A C:\Users\Avianspark\Downloads\Commands.jar 2012-12-18 09:46 - 2012-12-18 09:45 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{054CB3B0-DBA0-47E4-BECC-84F4EDDF47B1} 2012-12-17 21:07 - 2012-12-17 21:07 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{AF796F66-E88F-47A3-A606-14AE615DCB99} 2012-12-17 09:07 - 2012-12-17 09:07 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{48661CD0-51BA-49D7-805C-8718B0AC90A6} 2012-12-16 19:55 - 2012-12-16 19:54 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{E491B107-7097-44D2-A8BE-D2A172E5BD15} 2012-12-16 09:11 - 2012-12-22 08:29 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll 2012-12-16 07:54 - 2012-12-16 07:54 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{A885F97D-9B00-4A67-BAB6-EAEC29F30DFC} 2012-12-16 06:45 - 2012-12-22 08:29 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll 2012-12-16 06:13 - 2012-12-22 08:29 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2012-12-16 06:13 - 2012-12-22 08:29 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2012-12-15 19:37 - 2012-12-15 19:37 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{F4EBF2BB-710F-4702-96C9-7553995BA228} 2012-12-15 07:46 - 2012-12-15 07:46 - 00001794 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-12-15 07:46 - 2012-12-15 07:45 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-15 07:46 - 2012-12-15 07:45 - 00000000 ____D C:\Program Files\iTunes 2012-12-15 07:46 - 2012-12-15 07:45 - 00000000 ____D C:\Program Files (x86)\iTunes 2012-12-15 07:45 - 2012-12-15 07:45 - 00000000 ____D C:\Program Files\iPod 2012-12-15 07:36 - 2012-12-15 07:36 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{873C91E1-573F-41C0-94F8-665A44EED239} 2012-12-14 12:19 - 2012-12-14 12:19 - 00581642 ____A C:\Users\Avianspark\AppData\Roaming\technic-launcher.jar.bak 2012-12-14 12:19 - 2012-12-14 12:19 - 00001860 ____A C:\Users\Avianspark\Desktop\Technic Launcher.lnk 2012-12-14 08:46 - 2012-12-14 08:44 - 00000000 ____D C:\Users\Avianspark\AppData\Roaming\ftblauncher 2012-12-14 08:18 - 2012-12-14 08:18 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{901C16BD-859F-45F0-BDB0-F32916880501} 2012-12-13 14:18 - 2011-09-02 12:05 - 00000000 ____D C:\Users\Avianspark\AppData\Roaming\Apple Computer 2012-12-13 07:17 - 2012-12-13 07:17 - 00000000 ____D C:\Users\Avianspark\AppData\Local\{AA58B6A4-B3C1-4CA3-AA1E-33CF7FF698C2} ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-12-28 19:27:08 Restore point made on: 2013-01-01 10:03:04 Restore point made on: 2013-01-04 17:33:21 Restore point made on: 2013-01-07 19:03:49 Restore point made on: 2013-01-10 07:03:02 ==================== Memory info =========================== Percentage of memory in use: 11% Total physical RAM: 6050.69 MB Available physical RAM: 5378.4 MB Total Pagefile: 6048.84 MB Available Pagefile: 5364.15 MB Total Virtual: 8192 MB Available Virtual: 8191.91 MB ==================== Partitions ============================= 1 Drive c: (TI106051W0J) (Fixed) (Total:581.71 GB) (Free:383.04 GB) NTFS ==>[system with boot components (obtained from reading drive)] 2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[system with boot components (obtained from reading drive)] 3 Drive e: (Jan 12 2013) (CDROM) (Total:0.69 GB) (Free:0.54 GB) UDF 4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 596 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Recovery 1500 MB 1024 KB Partition 2 Primary 581 GB 1501 MB Partition 3 Primary 13 GB 583 GB ================================================================================== Disk: 0 Partition 1 Type : 27 Hidden: Yes Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D System NTFS Partition 1500 MB Healthy Hidden ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C TI106051W0J NTFS Partition 581 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 17 (Suspicious Type) Hidden: Yes Active: No There is no volume associated with this partition. ========================================================= Last Boot: 2013-01-05 18:16 ==================== End Of Log ============================= And here is the Search.txt: Farbar Recovery Scan Tool (x64) Version: 09-01-2013 Ran by SYSTEM at 2013-01-12 11:29:58 Running from E:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB ====== End Of Search ======

Hello, I am using Windows 7 64-bit. My PC has been infected with the FBI MoneyPak virus and the virus has blocked my safe mode. What should I do to remove the virus without reinstalling my OS? I am writing this on a borrowed PC.