girlrocker

Thank you very much. You've been extremely helpful and I won't do what they asked of me. I haven't responded to the email. I'm extremely suspicious nowadays about everybody and everything. Pretty sad. BUT I do trust Malwarebytes that's why I come to you with security questions. I was scammed out of $200...+ dollars about 10-12 years ago. I DO know not to click links in emails, but type the company's website address in the browser's search bar and it will take you straight to the legitimate company. What you said makes sense. They already have my card information. I like the way AT&T works. Before they discuss anything with me they ask for my 4-digit security code and sometimes ask me my address or an answer to a security question. They kind of mix it up! So I try to always think before I act. Thanks again Maurice. Malwarebytes.org and their staff are pretty awesome! Julie

This really doesn't have much to do with PC's etc.but it can be pertinent. I had an issue about a payment to Facebook. I filled out their support form about the problem and submitted it. I received an email today and they are asking me to send them a copy of my bank statement with the charge in question but to black out other sensitive information. Then they want me to send them the first 6 digits and last 4 digits of my bank debit card. Why I'm asking here is because we spend ??? dollars and countless hours developing security software to protect our cards and other persona, sensitive information. It would make me mad (at myself) that I bought both your malware program and the anti-exploit program yesterday only to be stupid enough to give the above information out to, I think the email came from the Facebook Payment Support Ctr, but not 100% positive. I have never heard of giving out the first 6 digits of a card, just the last 4 digits. I just wanted to know your take on this problem and whether I should follow through with this or just take a $10.00 loss, and if I should follow through how would you deal with it? Thank you for any advice anyone could give me. Julie Dwight

Well I definitely won't use AVG. I used it for years. But then they added Tune-Up Utilities for a trial period. Well I had purchased Tune-Up 2012 about a year before. When AVG's trial period of Tune-Up ended I found that I couldn't remove it. Then I started reading forums on it. Not a lot of nice things were said about it, So then I had a hard time uninstalling AVG. I wanted to try AVAST cause I heard lots of good things about it. I installed AVAST and then found out it wasn't really compatible with Chrome. So I uninstalled AVAST and downloaded MSE. Well I guess MSE is going and AVAST is coming back. I guess it works with Chrome now. And everywhere I see it being reviewed or rated, it is the top-of-the-line free AV. Now I typed in KeePass and came to KeePass,com. You would think that was the site that owns KeePass. They state that they aren't the owners of KeePass. In their TOS they warn of all the evils that could happen and they won't be responsible. So I googled keepass just now and really studied the site. Very basic and simple. Then I noticed that it is Keepass.com and not KeePass.com. The "p" is not capitalized. I don't know if it means anything but I went back to the search results and clicked on KeePass.info. That site looks better to me. I'm afraid to go to those download sites like CNET or SourceForge. That's what got me in big trouble a couple of months ago. Oh, and I just hovered my mouse over your KeePass blue link and it's also Keepass.info. Well, I'll deal with all the downloading tomorrow. I'm just super cautious about downloading anything anymore. This sucks as I was a free download addict! Thanks again. I've been learning a lot of things these past couple of weeks by reading forums. And of course in the end I have to make the judgement call as to whether I want the program or not. Where ever there is a pro you'll most likely find a con. Julie

Well thank you Firefox and John. I will give KeePass a try. I can't believe my ears to hear about MSE. Gringo_pr one of your volunteers who helped me about a month ago said he used MSE and MBAM together. And I just read earlier today in Windows Secrets that Fred Langa (I guess a computer genius who puts out his own e-newsletter-I used to subscribe to it) also uses the pair of security programs. Well I guess I need to download AVAST again and remove MSE. And I'll totally give KeePass a try. I do like my list that I painstakingly put together and typed into Excel. I'm a copy and paste and a right-clicking, mouse-using fool! LOL But I'm overwhelmed by it because I have registered with thousands of sites since 1997 or 1998 and I didn't always write the personal stuff down or change it if it needed to be changed. I have scraps of paper and lists and notebooks full of info. It's like I'm a website/personal info collector like a person who collects old pocketknives or old jewelry. Pretty weird huh? I totally trust this site as well as BleepingComputer,com. So I will get on it. Thanks Julie

i didn't think about the clipboard. I guess I need to clear its contents all the time. I'm not really worried. I have MBAM PRO AND MSE and all seems to be okay. Actually I'm more worried about the ransomware. That's some pretty scary stuff. I've been going through everything on the pc so I can backup all my important stuff elsewhere. I've just recently been reading about all the different kinds of malware, etc. and kind of find it exciting (am I weird or what?). Well anyway, thanks for your reply. I guess I'm doing okay but to be even safer I just need to clear the clipboard every time. Thanks for that! Julie

I was wondering. If one were to type a form with all the websites in col. 1, your email in col. 2, user id in col. 3, password in col. 4 and maybe an extra column for other information pertaining to that website. And then you were to keep that form with all your sensitive information on a Disk, Flash Drive or any removable backup source and you are diligent about removing it each time you log off the PC. It's just me and my hubby here and we have a locking safe I put the media in. I don't worry about it getting in the wrong hands here. Now here's what I'm thinking. When you sign into your website, couldn't you copy and paste your email and password from the chart to the boxes on the sign-in page? Wouldn't that thwart the keyloggers? You aren't typing the individual characters which is what the keyloggers are following aren't they? If they were watching my typing, they would only get the copy and paste typing. I use the right button on my mouse more than the left one. I like to use the context menu. So I'm not really doing much typing except here, right now LOL.

Thank you for helping me these last several days. Everything seems to be working better now. My pc starts faster and it loads faster. I'm going to ask myself whether I really need a lot of the free programs that I have installed in the past. I'm going to honestly ask myself whether I need them. I'm going to uninstall them. I think I understand how things work better since you've helped me fix these problems. I get where the PUP's come from and why MBAM detects them over and over each time I run a scan, even if I haven't done anything to the pc between scans. I've learned a lot these last few days and I just want to thank you for your help. I purchased the licensed version of MBAM a couple of days ago (now's a good time to do it since it only charged me 14.95 instead of 24.95 for life) and it's probably one of the best purchases I've made. MBAM is a great program and site and I recommend it to anyone who may be reading this post. Thanks gringo_pc and happy holidays. girlrocker ps please read the pm i sent you too.

When I turned on my pc the paste worked again so here it is. C:\$RECYCLE.BIN\S-1-5-21-3270532137-1550226475-4088113051-1003\$RHJFSN5.exe Win32/OpenCandy application C:\$RECYCLE.BIN\S-1-5-21-3270532137-1550226475-4088113051-1003\$RXU5PIG.exe Win32/OpenCandy application C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir Win32/Bundled.Toolbar.Ask.B application C:\Documents and Settings\All Users\Application Data\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-Invez-ORG-10289627.exe Win32/DownloadAdmin.G application C:\Documents and Settings\All Users\Application Data\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-Jean-ORG-10445377.exe Win32/DownloadAdmin.G application C:\Documents and Settings\All Users\Application Data\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-LEAHMessage_Manager-ORG-10194149.exe Win32/DownloadAdmin.G application C:\Documents and Settings\All Users\Application Data\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-NoSimplerAccounting-ORG-75666247.exe Win32/DownloadAdmin.G application C:\Documents and Settings\All Users\Application Data\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-OfficePrinter-ORG-10031646.exe Win32/DownloadAdmin.G application C:\Documents and Settings\All Users\Application Data\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-Passwords_Plus-ORG-10186346.exe Win32/DownloadAdmin.G application C:\Documents and Settings\All Users\Application Data\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-Personal_Finance_Manager-ORG-75219313.exe Win32/DownloadAdmin.G application C:\Documents and Settings\All Users\Application Data\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-PhoneFax-ORG-10115388.exe Win32/DownloadAdmin.G application C:\Documents and Settings\All Users\Application Data\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-Troy_Conversion_LITE-ORG-10579376.exe Win32/DownloadAdmin.G application C:\Documents and Settings\All Users\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-Invez-ORG-10289627.exe Win32/DownloadAdmin.G application C:\Documents and Settings\All Users\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-Jean-ORG-10445377.exe Win32/DownloadAdmin.G application C:\Documents and Settings\All Users\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-LEAHMessage_Manager-ORG-10194149.exe Win32/DownloadAdmin.G application C:\Documents and Settings\All Users\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-NoSimplerAccounting-ORG-75666247.exe Win32/DownloadAdmin.G application C:\Documents and Settings\All Users\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-OfficePrinter-ORG-10031646.exe Win32/DownloadAdmin.G application C:\Documents and Settings\All Users\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-Passwords_Plus-ORG-10186346.exe Win32/DownloadAdmin.G application C:\Documents and Settings\All Users\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-Personal_Finance_Manager-ORG-75219313.exe Win32/DownloadAdmin.G application C:\Documents and Settings\All Users\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-PhoneFax-ORG-10115388.exe Win32/DownloadAdmin.G application C:\Documents and Settings\All Users\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-Troy_Conversion_LITE-ORG-10579376.exe Win32/DownloadAdmin.G application C:\Documents and Settings\girlrocker.000\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe Win32/InstallCore.AZ application C:\Documents and Settings\girlrocker.000\Application Data\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe Win32/InstallCore.AZ application C:\Documents and Settings\girlrocker.000\Desktop\applications\3dslots2go.exe multiple threats C:\Documents and Settings\girlrocker.000\Downloads\AdvancedFix_Setup.exe a variant of Win32/RegistryNuke application C:\Documents and Settings\girlrocker.000\Downloads\ArcadeFrontierGames.exe Win32/OpenCandy application C:\Documents and Settings\girlrocker.000\Downloads\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask.D application C:\Documents and Settings\girlrocker.000\Downloads\ANTI VIRUS SPYWARE, PASSWORD MGRS, ETC\avc-free.exe Win32/OpenCandy application C:\Documents and Settings\girlrocker.000\Downloads\ANTI VIRUS SPYWARE, PASSWORD MGRS, ETC\cbsidlm-cbsi134-SysInfoTools_IE_Password_Recovery-ORG-75330504.exe a variant of Win32/CNETInstaller.B application C:\Documents and Settings\girlrocker.000\Downloads\ANTI VIRUS SPYWARE, PASSWORD MGRS, ETC\WHOSESPYINGONYOU.exe a variant of Win32/ExFriendAlert.B application C:\Documents and Settings\girlrocker.000\Downloads\BROWSERS, ADD-INS, BROWSER UTILITIES ETC\IENascarToolbarInstaller_NSC-N_nsc37b_asknfp-603_tbr_1.3.3.0.exe a variant of Win32/Bundled.Toolbar.Ask.A application C:\Documents and Settings\girlrocker.000\Downloads\CD DVD APS CONVERTERS ETC\Music Document Video Converters\m4a-to-mp3-converter.exe a variant of Win32/Bundled.Toolbar.Ask.A application C:\Documents and Settings\girlrocker.000\Downloads\CD DVD APS CONVERTERS ETC\Music Document Video Converters\Setup_FreeConverter.exe Win32/Toolbar.Widgi application C:\Documents and Settings\girlrocker.000\Downloads\FILE AND FOLDER PROGRAMS\cbsidlm-cbsi134-DirPrintAdv-ORG-75904860.exe a variant of Win32/CNETInstaller.B application C:\Documents and Settings\girlrocker.000\Downloads\FILE AND FOLDER PROGRAMS\cbsidlm-cbsi134-Disk_Index-ORG-10224177.exe a variant of Win32/CNETInstaller.B application C:\Documents and Settings\girlrocker.000\Downloads\FILE AND FOLDER PROGRAMS\cbsidlm-cbsi134-DropIt-ORG-75186238.exe a variant of Win32/CNETInstaller.B application C:\Documents and Settings\girlrocker.000\Downloads\FILE AND FOLDER PROGRAMS\cbsidlm-cbsi134-Easy_File_List-ORG-75847530.exe a variant of Win32/CNETInstaller.B application C:\Documents and Settings\girlrocker.000\Downloads\FILE AND FOLDER PROGRAMS\cbsidlm-cbsi134-Free_Empty_Folder_Delete-ORG-76007872.exe a variant of Win32/CNETInstaller.B application C:\Documents and Settings\girlrocker.000\Downloads\FILE AND FOLDER PROGRAMS\cbsidlm-cbsi134-New_Folder_Wizard-ORG-10925277.exe a variant of Win32/CNETInstaller.B application C:\Documents and Settings\girlrocker.000\Downloads\FILE AND FOLDER PROGRAMS\cbsidlm-cbsi134-Rename_and_Sort-ORG-75574894.exe a variant of Win32/CNETInstaller.B application C:\Documents and Settings\girlrocker.000\Downloads\FILE AND FOLDER PROGRAMS\ZipOpenerSetup.exe Win32/InstallCore.GB application C:\Documents and Settings\girlrocker.000\Downloads\Music players, movie players - Win Media player, Itunes, Quicktime, Pandora Radio etc,\GAME APPS\ArcadeFrontierGames.exe Win32/OpenCandy application C:\Documents and Settings\girlrocker.000\Downloads\photoshopy\HighNoon.exe a variant of Win32/CasOnline.F application C:\Documents and Settings\girlrocker.000\Downloads\photoshopy\SlotsJungle.exe a variant of Win32/CasOnline.F application C:\Documents and Settings\girlrocker.000\Downloads\SCREENSAVERS SKINS GADGETS ETC\Elf_1.13.exe a variant of Win32/Toolbar.Conduit.B application C:\Documents and Settings\girlrocker.000\Downloads\SYSTEM INFO BENCHMARKS ETC\siw.exe a variant of Win32/RemoteAdmin.RemoteExec.AA application C:\Documents and Settings\girlrocker.000\Downloads\SYSTEM UTILITIES\asc-setup.exe a variant of Win32/Toolbar.Widgi application C:\Documents and Settings\girlrocker.000\Downloads\SYSTEM UTILITIES\defragsetup.exe a variant of Win32/Toolbar.Widgi application C:\Documents and Settings\girlrocker.000\Downloads\SYSTEM UTILITIES\driversmith.exe Win32/DriverBoss.B application C:\Documents and Settings\girlrocker.000\Downloads\SYSTEM UTILITIES\speedupmypc (1).exe Win32/SpeedUpMyPC.A application C:\Documents and Settings\girlrocker.000\Favorites\fav 2\DOWNLOADS\GAMES\ALL GAMES\bettys-beer-bar.exe a variant of Win32/Bundled.Toolbar.Ask application C:\Documents and Settings\girlrocker.000\Favorites\fav 2\DOWNLOADS\GAMES\ALL GAMES\SoftonicDownloader_for_volley-balley.exe Win32/SoftonicDownloader.A application C:\Documents and Settings\girlrocker.000\Favorites\fav 2\DOWNLOADS\GAMES\ALL GAMES\Super_Mario.exe a variant of Win32/Toolbar.Conduit.B application C:\Documents and Settings\girlrocker.000\Favorites\Favorites\downloads\is360setup.exe a variant of Win32/Toolbar.Widgi application C:\Documents and Settings\Owner\Documents\APNSetup1.exe Win32/Bundled.Toolbar.Ask.B application C:\Documents and Settings\Owner\Downloads\3dslots2go.exe multiple threats C:\Documents and Settings\Owner\Downloads\achilles.exe a variant of Win32/CasOnline.F application C:\Documents and Settings\Owner\My Documents\APNSetup1.exe Win32/Bundled.Toolbar.Ask.B application C:\Documents and Settings\Public\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-Invez-ORG-10289627.exe Win32/DownloadAdmin.G application C:\Documents and Settings\Public\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-Jean-ORG-10445377.exe Win32/DownloadAdmin.G application C:\Documents and Settings\Public\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-LEAHMessage_Manager-ORG-10194149.exe Win32/DownloadAdmin.G application C:\Documents and Settings\Public\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-NoSimplerAccounting-ORG-75666247.exe Win32/DownloadAdmin.G application C:\Documents and Settings\Public\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-OfficePrinter-ORG-10031646.exe Win32/DownloadAdmin.G application C:\Documents and Settings\Public\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-Passwords_Plus-ORG-10186346.exe Win32/DownloadAdmin.G application C:\Documents and Settings\Public\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-Personal_Finance_Manager-ORG-75219313.exe Win32/DownloadAdmin.G application C:\Documents and Settings\Public\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-PhoneFax-ORG-10115388.exe Win32/DownloadAdmin.G application C:\Documents and Settings\Public\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-Troy_Conversion_LITE-ORG-10579376.exe Win32/DownloadAdmin.G application C:\Program Files (x86)\Common Files\Motive\Profiles\BackupIEFavorites\girlrocker.000\Favorites\downloads\cnet2_FastDuplicateFileFinder_exe.exe a variant of Win32/InstallCore.D application C:\Program Files (x86)\FreeGamePick.com\Bettys Beer Bar\Toolbar\AskInstallChecker.exe a variant of Win32/Bundled.Toolbar.Ask application C:\Program Files (x86)\FreeGamePick.com\Bettys Beer Bar\Toolbar\ToolbarSetup.exe a variant of Win32/Bundled.Toolbar.Ask application C:\ProgramData\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-Invez-ORG-10289627.exe Win32/DownloadAdmin.G application C:\ProgramData\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-Jean-ORG-10445377.exe Win32/DownloadAdmin.G application C:\ProgramData\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-LEAHMessage_Manager-ORG-10194149.exe Win32/DownloadAdmin.G application C:\ProgramData\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-NoSimplerAccounting-ORG-75666247.exe Win32/DownloadAdmin.G application C:\ProgramData\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-OfficePrinter-ORG-10031646.exe Win32/DownloadAdmin.G application C:\ProgramData\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-Passwords_Plus-ORG-10186346.exe Win32/DownloadAdmin.G application C:\ProgramData\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-Personal_Finance_Manager-ORG-75219313.exe Win32/DownloadAdmin.G application C:\ProgramData\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-PhoneFax-ORG-10115388.exe Win32/DownloadAdmin.G application C:\ProgramData\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-Troy_Conversion_LITE-ORG-10579376.exe Win32/DownloadAdmin.G application C:\Users\All Users\Application Data\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-Invez-ORG-10289627.exe Win32/DownloadAdmin.G application C:\Users\All Users\Application Data\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-Jean-ORG-10445377.exe Win32/DownloadAdmin.G application C:\Users\All Users\Application Data\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-LEAHMessage_Manager-ORG-10194149.exe Win32/DownloadAdmin.G application C:\Users\All Users\Application Data\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-NoSimplerAccounting-ORG-75666247.exe Win32/DownloadAdmin.G application C:\Users\All Users\Application Data\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-OfficePrinter-ORG-10031646.exe Win32/DownloadAdmin.G application C:\Users\All Users\Application Data\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-Passwords_Plus-ORG-10186346.exe Win32/DownloadAdmin.G application C:\Users\All Users\Application Data\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-Personal_Finance_Manager-ORG-75219313.exe Win32/DownloadAdmin.G application C:\Users\All Users\Application Data\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-PhoneFax-ORG-10115388.exe Win32/DownloadAdmin.G application C:\Users\All Users\Application Data\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-Troy_Conversion_LITE-ORG-10579376.exe Win32/DownloadAdmin.G application C:\Users\All Users\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-Invez-ORG-10289627.exe Win32/DownloadAdmin.G application C:\Users\All Users\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-Jean-ORG-10445377.exe Win32/DownloadAdmin.G application C:\Users\All Users\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-LEAHMessage_Manager-ORG-10194149.exe Win32/DownloadAdmin.G application C:\Users\All Users\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-NoSimplerAccounting-ORG-75666247.exe Win32/DownloadAdmin.G application C:\Users\All Users\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-OfficePrinter-ORG-10031646.exe Win32/DownloadAdmin.G application C:\Users\All Users\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-Passwords_Plus-ORG-10186346.exe Win32/DownloadAdmin.G application C:\Users\All Users\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-Personal_Finance_Manager-ORG-75219313.exe Win32/DownloadAdmin.G application C:\Users\All Users\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-PhoneFax-ORG-10115388.exe Win32/DownloadAdmin.G application C:\Users\All Users\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-Troy_Conversion_LITE-ORG-10579376.exe Win32/DownloadAdmin.G application C:\Users\girlrocker.000\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe Win32/InstallCore.AZ application C:\Users\girlrocker.000\Application Data\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe Win32/InstallCore.AZ application C:\Users\girlrocker.000\Desktop\applications\3dslots2go.exe multiple threats C:\Users\girlrocker.000\Downloads\AdvancedFix_Setup.exe a variant of Win32/RegistryNuke application C:\Users\girlrocker.000\Downloads\ArcadeFrontierGames.exe Win32/OpenCandy application C:\Users\girlrocker.000\Downloads\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask.D application C:\Users\girlrocker.000\Downloads\ANTI VIRUS SPYWARE, PASSWORD MGRS, ETC\avc-free.exe Win32/OpenCandy application C:\Users\girlrocker.000\Downloads\ANTI VIRUS SPYWARE, PASSWORD MGRS, ETC\cbsidlm-cbsi134-SysInfoTools_IE_Password_Recovery-ORG-75330504.exe a variant of Win32/CNETInstaller.B application C:\Users\girlrocker.000\Downloads\ANTI VIRUS SPYWARE, PASSWORD MGRS, ETC\WHOSESPYINGONYOU.exe a variant of Win32/ExFriendAlert.B application C:\Users\girlrocker.000\Downloads\BROWSERS, ADD-INS, BROWSER UTILITIES ETC\IENascarToolbarInstaller_NSC-N_nsc37b_asknfp-603_tbr_1.3.3.0.exe a variant of Win32/Bundled.Toolbar.Ask.A application C:\Users\girlrocker.000\Downloads\CD DVD APS CONVERTERS ETC\Music Document Video Converters\m4a-to-mp3-converter.exe a variant of Win32/Bundled.Toolbar.Ask.A application C:\Users\girlrocker.000\Downloads\CD DVD APS CONVERTERS ETC\Music Document Video Converters\Setup_FreeConverter.exe Win32/Toolbar.Widgi application C:\Users\girlrocker.000\Downloads\FILE AND FOLDER PROGRAMS\cbsidlm-cbsi134-DirPrintAdv-ORG-75904860.exe a variant of Win32/CNETInstaller.B application C:\Users\girlrocker.000\Downloads\FILE AND FOLDER PROGRAMS\cbsidlm-cbsi134-Disk_Index-ORG-10224177.exe a variant of Win32/CNETInstaller.B application C:\Users\girlrocker.000\Downloads\FILE AND FOLDER PROGRAMS\cbsidlm-cbsi134-DropIt-ORG-75186238.exe a variant of Win32/CNETInstaller.B application C:\Users\girlrocker.000\Downloads\FILE AND FOLDER PROGRAMS\cbsidlm-cbsi134-Easy_File_List-ORG-75847530.exe a variant of Win32/CNETInstaller.B application C:\Users\girlrocker.000\Downloads\FILE AND FOLDER PROGRAMS\cbsidlm-cbsi134-Free_Empty_Folder_Delete-ORG-76007872.exe a variant of Win32/CNETInstaller.B application C:\Users\girlrocker.000\Downloads\FILE AND FOLDER PROGRAMS\cbsidlm-cbsi134-New_Folder_Wizard-ORG-10925277.exe a variant of Win32/CNETInstaller.B application C:\Users\girlrocker.000\Downloads\FILE AND FOLDER PROGRAMS\cbsidlm-cbsi134-Rename_and_Sort-ORG-75574894.exe a variant of Win32/CNETInstaller.B application C:\Users\girlrocker.000\Downloads\FILE AND FOLDER PROGRAMS\ZipOpenerSetup.exe Win32/InstallCore.GB application C:\Users\girlrocker.000\Downloads\Music players, movie players - Win Media player, Itunes, Quicktime, Pandora Radio etc,\GAME APPS\ArcadeFrontierGames.exe Win32/OpenCandy application C:\Users\girlrocker.000\Downloads\photoshopy\HighNoon.exe a variant of Win32/CasOnline.F application C:\Users\girlrocker.000\Downloads\photoshopy\SlotsJungle.exe a variant of Win32/CasOnline.F application C:\Users\girlrocker.000\Downloads\SCREENSAVERS SKINS GADGETS ETC\Elf_1.13.exe a variant of Win32/Toolbar.Conduit.B application C:\Users\girlrocker.000\Downloads\SYSTEM INFO BENCHMARKS ETC\siw.exe a variant of Win32/RemoteAdmin.RemoteExec.AA application C:\Users\girlrocker.000\Downloads\SYSTEM UTILITIES\asc-setup.exe a variant of Win32/Toolbar.Widgi application C:\Users\girlrocker.000\Downloads\SYSTEM UTILITIES\defragsetup.exe a variant of Win32/Toolbar.Widgi application C:\Users\girlrocker.000\Downloads\SYSTEM UTILITIES\driversmith.exe Win32/DriverBoss.B application C:\Users\girlrocker.000\Downloads\SYSTEM UTILITIES\speedupmypc (1).exe Win32/SpeedUpMyPC.A application C:\Users\girlrocker.000\Favorites\fav 2\DOWNLOADS\GAMES\ALL GAMES\bettys-beer-bar.exe a variant of Win32/Bundled.Toolbar.Ask application C:\Users\girlrocker.000\Favorites\fav 2\DOWNLOADS\GAMES\ALL GAMES\SoftonicDownloader_for_volley-balley.exe Win32/SoftonicDownloader.A application C:\Users\girlrocker.000\Favorites\fav 2\DOWNLOADS\GAMES\ALL GAMES\Super_Mario.exe a variant of Win32/Toolbar.Conduit.B application C:\Users\girlrocker.000\Favorites\Favorites\downloads\is360setup.exe a variant of Win32/Toolbar.Widgi application C:\Users\Owner\Documents\APNSetup1.exe Win32/Bundled.Toolbar.Ask.B application C:\Users\Owner\Downloads\3dslots2go.exe multiple threats C:\Users\Owner\Downloads\achilles.exe a variant of Win32/CasOnline.F application C:\Users\Owner\My Documents\APNSetup1.exe Win32/Bundled.Toolbar.Ask.B application C:\Users\Public\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-Invez-ORG-10289627.exe Win32/DownloadAdmin.G application C:\Users\Public\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-Jean-ORG-10445377.exe Win32/DownloadAdmin.G application C:\Users\Public\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-LEAHMessage_Manager-ORG-10194149.exe Win32/DownloadAdmin.G application C:\Users\Public\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-NoSimplerAccounting-ORG-75666247.exe Win32/DownloadAdmin.G application C:\Users\Public\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-OfficePrinter-ORG-10031646.exe Win32/DownloadAdmin.G application C:\Users\Public\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-Passwords_Plus-ORG-10186346.exe Win32/DownloadAdmin.G application C:\Users\Public\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-Personal_Finance_Manager-ORG-75219313.exe Win32/DownloadAdmin.G application C:\Users\Public\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-PhoneFax-ORG-10115388.exe Win32/DownloadAdmin.G application C:\Users\Public\Documents\BUSINESS APPLICATIONS\cbsidlm-tr1_13-Troy_Conversion_LITE-ORG-10579376.exe Win32/DownloadAdmin.G application

There was no "show results" when the scan was done. Maybe because there wasn't any threats this time? Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.12.02.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16428 girlrocker :: GIRLROCKER [limited] Protection: Enabled 12/2/2013 12:41:49 PM mbam-log-2013-12-02 (12-41-49).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 376204 Time elapsed: 9 minute(s), 56 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Okay when I downloaded HijackThis and clicked "Do A system scan and save a logfile" I saw the log running on notepad and then a window popped up and well unfortunately I don't remember exactly what it said but it said something like I would have to do something manually. type in the run box Notepad C:\windows\System32\drivers\etc\hosts then enter. It further said find the lines HijackThis reports and delete them. Save file as 'hosts' (with quotes) and reboot. I wrote those last 3 sentences down from this popup. But I didn't do this. When I clicked okay in the box and it disappeared I saw the log and all seemed okay. I ran "Do a system scan and save a logfile" again and the box didn't pop up this time. I hope this was okay. If I need to do what it said then I do have the info on what to do if you think I need to do this manual thing. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:59:32 PM, on 12/2/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.16428) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\girlrocker.000\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O3 - Toolbar: (no name) - {41525333-0076-A76A-76A7-7A786E7484D7} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\RunOnce: [1] C:\Users\girlrocker.000\Desktop\SECURITY UTILITIES\mbam-chameleon.exe /r /p O4 - HKCU\..\Run: [FBCD0EDB5087DADD7FBFBFEBFC95F48C83B3F906._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service O4 - HKCU\..\RunOnce: [uninstall C:\Users\girlrocker.000\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\girlrocker.000\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910" O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Flash - 7 Sultans Casino - {696f9e30-a28b-4fec-9be7-be1c24431cd5} - https://7sultans.gameassists.co.uk/aurora/?gameid=theosbournes&extgameid=rubytheosbournes&system=ruby&ul=en&theme=7sultans (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} - http://www.worldwinner.com/games/v53/wwhearts/wwhearts.cab O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - http://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} - http://www.worldwinner.com/games/v42/tilecity/tilecity.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8113 bytes Yes, I like MBAM and I purchased the license today. I also took your advice and downloaded Foxit PDF Reader instead of Adobe. Okay, you wanted me to uninstall any previous versions of Adobe reader if there were any. I typed Adobe Reader in my Start Menu and clicked "show more results". In my list where applications like MarkReader.exe, AdobeARMHelper.exe, MSReaderSetupUSA.exe, and setup.exe (I clicked the column header "file types" to get all the applications in alphabetical order) Are these considered previous versions? Because in the folder column Adobe was mentioned in the folder name, i.e., MarkReader (C:\Users\girlrocker.000\Downloads\ADOBE\markreader 1.0.0 portable), and the other apps had ADOBE in the folder name as well. Also in the list was MarkReader1.0.0 portable.zip. Should I delete any of these apps or zip files? I don't have Adobe Photoshop Album Starter Edition installed on my pc, As you can see I download things I think would be useful to me. I read the reviews from users first before I download. I love the free utilities I find on CNET. After I hit the download button and then view the downloads page (Chrome), I always click "show in folder". When I get to the folder I then right click the file (always do and very dedicated to doing this) and click scan with my antivirus program and now my MBAM program. BUT I ALWAYS GET NO THREATS DETECTED. I'm 99% sure that most of the malware I get is from these free downloads. Should I instead go to the programs website and see if I can find a free download there? And if there were would the chances of the malware downloading with the free file most likely be eliminated? I do notice sometimes when you do go to the website to download the file it doesn't actually have the download for you but gives you a choice of where you want to go to download the program like CNET, FileHippo or Tucows. Or sometimes you need to pick a location like North America or Asia. Are any of these software download sites any good? Is there one better than another? I've always used CNET but that's when I started getting threats (I used to use PCWorld before CNET) Some of these free programs have worked pretty good for me like Belarc Advisor or Free M4a to MP3 converter. I purchased music on itunes but own an MP3 player. Had to convert the files to mp3 and it worked really well. Okay when I downloaded HijackThis and clicked "Do A system scan and save a logfile" I saw the log running on notepad and then a window popped up and well unfortunately I don't remember exactly what it said but it said something like I would have to do something manually. I did write the instructions down though. It said to type in the run box Notepad C:\windows\System32\drivers\etc\hosts then enter. It further said find the lines HijackThis reports and delete them. Save file as 'hosts' (with quotes) and reboot. But I didn't do this. When I clicked okay in the box and it disappeared I saw the logfile and all seemed okay. I ran "Do a system scan and save a logfile" again and the box didn't pop up this time. I hope this was okay. If I need to do what it said then I do have the info on what to do if you think I need to do this manual thing. After doing all the above I decided to go do what I do on facebook and the minute I started a slot game my pc started whirring and the CPU usage in task manager went up to 49 to 75%. Physical memory is steady at 61%. Maybe another thing that I do that most other people I know don't is I open tons of tabs on my chrome browser. I have two tabs one for one slot game and the other for the another one. I have a couple of things that caught my eye when downloading Hijack This open in 2 more tabs. Sometimes I have 30, 40 or 50 tabs open (just a temporary thing when I want to check a list of things out.) One item on the list that I want to research on the web gets its own tab. It's just easier than clicking links or hitting the back button all the time. I go to tab number 1 do what I need to do then close it or save it in bookmarks. Then onto tab number 2 and 3 and so on. Right now I have 4 tabs open and task manager is on my taskbar as well as this page. While I'm typing this cpu went down to around 12 - 20% and the pc has quieted down. But when I play one of the games the whir starts up again. Sometimes when I'm playing the slots (video) they keep spinning and the reels don't stop. Does that have to do with Flash player? I wouldn't think malware would cause that. Well its about an hour or so later from doing the above. The laptop still seems like its working too hard. I just don't know. It makes noises and then it quiets down I was searching for a file and it was pretty quiet and like I said before it seems like its faster. I opened an excel file and it loaded really quick. I had one slot game open and I clicked another one from the link and it switched over pretty quick. The games load pretty fast. I have been testing the most graphic intensive games The ones that have given me problems in the past. So far so good. I overall performance is pretty good but not great. I seen the mouse cursor loading a lot still. Would the physical memory chip or board inside the laptop cause any of this if it was maybe just a tad bit loose? Or would that just cause everything to go haywire?

Adobe AIR Adobe Flash Player 11 ActiveX Adobe Photoshop CS6 Adobe Photoshop Elements 10 Adobe Photoshop.com Inspiration Browser Adobe Reader X (10.1.8) MUI Adobe Shockwave Player 12.0 Aladdins Gold Any Video Converter 5.0.5 Apple Application Support Apple Software Update AT&T Troubleshoot & Resolve Tool att.net Internet Mail Bejeweled 3 Belarc Advisor 8.2 Bettys Beer Bar Bing Bar Bing Rewards Client Installer Bubbletown D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Disk Index DivX Setup DriverUpdate Dropbox Elements 10 Organizer Expenses Manager 1.0.3.1 Folder Size 2.9.0.0 Free Coins Desktop App 1.13 Free Empty Folder Delete 4.2.6 Free M4a to MP3 Converter 6.1 Free Window Registry Repair Frostbow Home Inventory 5 Lite Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper Gutterball 3D Hoyle Card Games 2005 Hoyle Casino Hoyle Puzzle and Board Games HP Photo Creations HP Photosmart 7510 series Help HP Update Indeo® software Intel AppUp(SM) center Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology Intel® SDK for OpenCL - CPU Only Runtime Package Intel® WiDi Intel® PROSet/Wireless Software Java 7 Update 45 Java Auto Updater Junk Mail filter update Label@Once 1.0 Malwarebytes Anti-Malware version 1.75.0.1300 Masque IGT Slots Little Green Men Masque IGT Slots Lucky Larry's Lobstermania Masque IGT Slots Texas Tea Masque IGT Slots Wolf Run Masque Slots - IGT and MultiPlay Video Poker Masque Video Slots Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft SkyDrive Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft_VC80_CRT_x86 Microsoft_VC90_CRT_x86 Movie Maker MSVCRT MSVCRT_amd64 MSVCRT110 Octoshape add-in for Adobe Flash Player Password Corral v4.0 PDF Settings CS6 Peggle Nights 1.0 Photo Common Photo Gallery PlayReady PC Runtime x86 PSE10 STI Installer QuickTime Realtek Ethernet Controller Driver Realtek High Definition Audio Driver REALTEK Wireless LAN Driver Renesas Electronics USB 3.0 Host Controller Driver Revo Uninstaller 1.95 Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2) Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition Sierra Sports GameRoom Slingo Quest (remove only) STG FolderPrint Plus 4.09 Super Collapse II swMSM TOSHIBA Application Installer TOSHIBA Assist Toshiba Book Place TOSHIBA Bulletin Board TOSHIBA Flash Cards Support Utility TOSHIBA Hardware Setup TOSHIBA Media Controller TOSHIBA Media Controller Plug-in TOSHIBA Quality Application TOSHIBA Recovery Media Creator TOSHIBA ReelTime TOSHIBA Resolution+ Plug-in for Windows Media Player TOSHIBA Service Station TOSHIBA Sleep Utility TOSHIBA Supervisor Password TOSHIBA Value Added Package TOSHIBA VIDEO PLAYER TOSHIBA Web Camera Application TOSHIBA Wireless Display Monitor TOSHIBA Wireless LAN Indicator TOSHIBARegistration Troy Conversion LITE TuneUp Utilities Language Pack (en-US) Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2836939) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition Update for Zip Opener Utility Common Driver VC80CRTRedist - 8.0.50727.6195 Vernons Casino Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WYO Home Inventory 4.16 I feel like such an idiot. I just figured out why those games weren't working. I checked the box in my Chrome settings to block third party cookies etc. I unchecked it and zynga and clickfun worked. So I'm thinking that things are way better on my pc. So I guess we can ignore the games issue I just posted. Where do we go from here? What about keeping combofix on my pc? What do I need to do next after things are better? Should I keep the combofix program and all the logs? Or uninstall it and keep the logs? What about the JRT program? Keep or uninstall? Oh and the adwcleaner program and logs? And one more, the MiniToolBox program? etc.

Like I said before clicking links seem to be faster but I still have loadup problems. Two casino games on facebook won't load at all. I'm sure it has something to do with flashplayer. I tried in both chrome and ie. One of the games Zynga Slots says: "Loading Game... If your game does not load within 10 seconds, you may need to upgrade your version of Flash. Please do so by clicking here" Clickfun casino says: "To view this page ensure that Adobe Flash Player version 10.0.0 or greater is installed. Get Flash now" I definitely have Flashplayer 11. I sent an email to Clickfun a few minutes ago, I haven't sent one to Zynga yet. I ran Malwarebytes and have 4 objects: I copied the log and pasted it here. This is before removal. (The second log, below is after removal). Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.12.01.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16428 girlrocker :: GIRLROCKER [administrator] Protection: Enabled 12/1/2013 12:26:03 PM MBAM-log-2013-12-01 (12-49-08).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 376697 Time elapsed: 10 minute(s), 22 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 3 HKCR\AppID\AdpeakProxy.exe (PUP.Optional.Adpeak) -> No action taken. HKCR\Wow6432Node\AppID\AdpeakProxy.exe (PUP.Optional.Adpeak) -> No action taken. HKLM\SOFTWARE\Wow6432Node\Wow6432Node\Adpeak, Inc. (PUP.Optional.Adpeak) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\$RECYCLE.BIN\S-1-5-21-3270532137-1550226475-4088113051-1003\$RZUQR7I.exe (PUP.Optional.BundleInstaller.A) -> No action taken. (end) Log after removal. Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.12.01.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16428 girlrocker :: GIRLROCKER [administrator] Protection: Enabled 12/1/2013 12:26:03 PM mbam-log-2013-12-01 (12-26-03).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 376697 Time elapsed: 10 minute(s), 22 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 3 HKCR\AppID\AdpeakProxy.exe (PUP.Optional.Adpeak) -> Quarantined and deleted successfully. HKCR\Wow6432Node\AppID\AdpeakProxy.exe (PUP.Optional.Adpeak) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Wow6432Node\Wow6432Node\Adpeak, Inc. (PUP.Optional.Adpeak) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\$RECYCLE.BIN\S-1-5-21-3270532137-1550226475-4088113051-1003\$RZUQR7I.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully. (end) It just seems like everytime I run either Malwarebytes or an antivirus scan (even when I don't do anything on the pc) there's always a threat of some kind. I just ran Microsoft Security Essentials and It says I don't have any threats on my pc.

Sorry it's taking me so long to get back to you. I just want to try the pc out a bit before getting back to you, It's still not right. It seems like its fast but then it doesn't. It goes to the site fast enough. I typed this page into chrome's search bar and it was here like right now. But when I click on links it seems to take a longer time to load. Now some of the game sites aren't really great. I play casino-style games in facebook. Now Clickfun doesn't load up at all in chrome and it does in internet explorer. Zynga slots doesn't load in either browser. I haven't had to restart the pc at all. I ran a scan today with malwarebytes and it says we are all good. The laptop is still whirring. I used the can of air to clean it out and I've got the fan underneath it, I'm the curious sort and whenever my pc acts up like whirring a lot, I look in the files and bring out the task manager. I don't touch anything I just look. I found an unusual sounding file called Qoobox. Of course I was suspicious. I looked inside and found level quality watcher and adpeak. I googled it and found out that it's associated with ComboFix. I also found out that combofix is a dangerous program to have. Of course I won't touch it. I'll will follow whatever instruction you give me. So having the malware in that file is safe or do they still cause the sluggishness and whirring? I've been keeping my pc cleaned out with disk cleaner (Windows) and the temp file. I clear the cache in Chrome regularly. A while back my performance information and tools told me I needed to update a driver. I guess I did because there aren't any issues now. I've gotten myself into trouble with pcs before but I've always been able to correct the situation even though I'm extremely amateurish. This is the first time I've ever had to deal with this. Maybe the viruses and the malware are getting meaner. lol Well anyway here's the new log file. ComboFix 13-11-23.02 - girlrocker 11/24/2013 1:54.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.3412 [GMT -8:00] Running from: c:\users\girlrocker.000\Downloads\ComboFix.exe Command switches used :: c:\users\girlrocker.000\Desktop\CFScript.txt AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . FILE :: "c:\windows\system32\AdpeakProxy64.dll" "c:\windows\SysWow64\AdpeakProxy.dll" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Level Quality Watcher c:\program files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe c:\program files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe c:\windows\system32\AdpeakProxy64.dll c:\windows\SysWow64\AdpeakProxy.dll c:\windows\SysWow64\FlashPlayerApp.exe . . ((((((((((((((((((((((((( Files Created from 2013-10-24 to 2013-11-24 ))))))))))))))))))))))))))))))) . . 2013-11-24 10:14 . 2013-11-24 10:14 -------- d-----w- c:\users\Owner\AppData\Local\temp 2013-11-23 05:52 . 2013-11-23 05:52 965000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E997C2BC-DAE1-4205-ABAF-142E47EC8D70}\gapaengine.dll 2013-11-23 05:51 . 2013-11-23 05:51 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2013-11-23 05:50 . 2013-11-23 05:51 -------- dc----w- c:\program files\Microsoft Security Client 2013-11-22 13:18 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A5AEF8E4-F536-4286-A60C-CE3724EB20D4}\mpengine.dll 2013-11-21 11:12 . 2013-11-21 11:12 -------- d-----w- c:\users\girlrocker.000\AppData\Local\ElevatedDiagnostics 2013-11-21 05:45 . 2013-11-21 12:09 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-11-21 04:34 . 2013-11-21 09:34 -------- d-----w- c:\program files (x86)\Advanced Fix 2013 2013-11-21 03:58 . 2013-11-21 03:58 -------- d-----w- c:\windows\ERUNT 2013-11-21 03:52 . 2013-11-21 03:52 -------- d-----w- c:\users\girlrocker.000\AppData\Roaming\SUPERAntiSpyware.com 2013-11-21 03:52 . 2013-11-21 03:52 -------- dc----w- c:\program files\SUPERAntiSpyware 2013-11-21 03:52 . 2013-11-21 03:52 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2013-11-21 03:51 . 2013-11-21 03:51 -------- d-----w- c:\users\girlrocker.000\AppData\Roaming\Malwarebytes 2013-11-21 03:51 . 2013-11-21 03:51 -------- d-----w- c:\programdata\Malwarebytes 2013-11-21 03:51 . 2013-11-21 03:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-11-21 03:51 . 2013-04-04 22:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-11-21 03:51 . 2013-11-21 03:51 -------- d-----w- c:\users\girlrocker.000\AppData\Local\Programs 2013-11-21 02:14 . 2013-11-22 22:28 -------- dc----w- C:\AdwCleaner 2013-11-17 15:13 . 2013-10-15 02:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE 2013-11-17 10:00 . 2013-11-17 10:00 -------- dc----w- C:\Casino 2013-11-16 05:59 . 2013-11-16 05:59 -------- d-----w- c:\users\girlrocker.000\AppData\Roaming\TuneUp Software 2013-11-14 01:40 . 2013-11-14 01:40 -------- d-----w- c:\windows\SysWow64\wbem\Logs 2013-11-14 01:33 . 2013-11-14 01:38 -------- d-----w- c:\users\girlrocker.000\AppData\Roaming\FolderPrint 2013-11-14 01:01 . 2013-11-19 19:35 -------- d-----w- c:\program files (x86)\Disk Index 2013-11-14 00:32 . 2013-11-14 00:32 -------- d-----w- c:\users\girlrocker.000\AppData\Local\Free_Empty_Folder_Delete 2013-11-14 00:16 . 2013-11-14 00:16 -------- d-----w- c:\users\girlrocker.000\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z 2013-11-14 00:14 . 2013-11-14 00:23 -------- d-----w- c:\users\girlrocker.000\AppData\Roaming\DropIt 2013-11-14 00:14 . 2013-11-14 00:14 -------- dc----w- c:\program files\DropIt 2013-11-14 00:07 . 2013-11-14 00:07 -------- d-----w- c:\program files (x86)\Free Empty Folder Delete 2013-11-13 23:58 . 2013-11-13 23:58 -------- d-----w- c:\program files (x86)\Folder Size 2013-11-13 23:58 . 2013-11-13 23:58 -------- d-----w- c:\programdata\MindGems 2013-11-13 23:54 . 2013-11-13 23:54 -------- d-----w- c:\program files (x86)\stg 2013-11-13 06:45 . 2013-11-21 17:54 -------- d-----w- c:\program files (x86)\Aladdins Gold 2013-11-05 01:18 . 2013-11-05 01:18 -------- d-----w- c:\users\girlrocker.000\AppData\Roaming\FreeCoins 2013-11-05 01:18 . 2013-11-05 01:18 -------- d-----w- c:\program files (x86)\FCE 2013-11-05 01:18 . 2013-11-19 15:04 -------- d-----w- c:\users\girlrocker.000\AppData\Local\FCU 2013-11-05 01:18 . 2013-11-19 15:04 -------- d-----w- c:\users\girlrocker.000\AppData\Local\FCM 2013-11-05 01:18 . 2013-11-05 01:18 -------- d-----w- c:\users\girlrocker.000\AppData\Local\FCE 2013-11-05 01:17 . 2013-11-13 05:16 -------- d-----w- c:\users\girlrocker.000\AppData\Local\FreeCoins 2013-11-03 19:25 . 2013-11-03 19:26 -------- d-----w- c:\users\girlrocker.000\UTILITIES 2013-11-03 19:16 . 2013-11-03 19:17 -------- d-----w- c:\users\girlrocker.000\BACKUPS 2013-11-03 13:51 . 2013-10-08 15:50 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-11-02 16:06 . 2009-10-29 18:24 440320 ----a-w- c:\windows\system32\drivers\rtl8187Se.sys 2013-11-02 16:05 . 2009-04-02 17:27 188416 ----a-w- c:\windows\system32\RTLExtUI.dll 2013-11-02 16:05 . 2009-04-02 17:27 188416 ----a-w- c:\windows\RTLExtUI.dll 2013-11-02 16:05 . 2009-03-31 21:31 380928 ----a-w- c:\windows\system32\RtlUI2.exe 2013-11-02 16:05 . 2009-03-31 21:31 380928 ----a-w- c:\windows\RtlUI2.exe 2013-11-02 16:05 . 2008-07-01 19:31 614400 ----a-w- c:\windows\system32\Rtlihvs.dll 2013-11-02 16:05 . 2008-07-01 19:31 614400 ----a-w- c:\windows\Rtlihvs.dll 2013-11-02 16:05 . 2013-11-02 16:06 -------- d-----w- c:\program files (x86)\REALTEK RTL8187SE Wireless LAN Driver 2013-11-02 16:05 . 2009-02-05 09:49 451072 ----a-w- c:\windows\SysWow64\ISSRemoveSP.exe 2013-10-27 20:31 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2013-10-27 20:31 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-10-27 20:31 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys 2013-10-27 20:31 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2013-10-27 20:31 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2013-10-27 20:31 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-11-24 07:27 . 2013-06-27 01:31 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-11-19 10:21 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe 2013-11-13 11:02 . 2012-01-11 04:05 82896128 ----a-w- c:\windows\system32\MRT.exe 2013-10-13 17:33 . 2013-10-13 17:33 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys 2013-10-04 10:31 . 2013-10-04 10:31 312744 ----a-w- c:\windows\system32\javaws.exe 2013-10-04 10:31 . 2013-10-04 10:31 189352 ----a-w- c:\windows\system32\javaw.exe 2013-10-04 10:31 . 2013-10-04 10:31 189352 ----a-w- c:\windows\system32\java.exe 2013-10-04 10:31 . 2013-10-04 10:31 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2013-10-04 10:31 . 2013-09-22 05:23 973736 ----a-w- c:\windows\system32\deployJava1.dll 2013-10-04 10:31 . 2013-09-22 05:23 1095080 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-09-29 03:26 . 2013-09-29 03:26 110080 ----a-w- c:\users\girlrocker.000\AppData\Roaming\Microsoft\Installer\{86CA3695-A412-4BAE-92B6-49A60C2AC663}\IconF7A21AF7.exe 2013-09-29 03:26 . 2013-09-29 03:26 110080 ----a-w- c:\users\girlrocker.000\AppData\Roaming\Microsoft\Installer\{86CA3695-A412-4BAE-92B6-49A60C2AC663}\IconD7F16134.exe 2013-09-29 03:26 . 2013-09-29 03:26 110080 ----a-w- c:\users\girlrocker.000\AppData\Roaming\Microsoft\Installer\{86CA3695-A412-4BAE-92B6-49A60C2AC663}\Icon1226A4C5.exe 2013-09-27 17:53 . 2013-09-27 17:53 248240 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-09-27 17:53 . 2013-09-27 17:53 134944 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2013-09-26 04:07 . 2013-09-26 04:07 148792 ----a-w- c:\windows\system32\drivers\avgdiska.sys 2013-09-09 13:40 . 2013-09-22 08:52 40248 ----a-w- c:\windows\system32\TURegOpt.exe 2013-09-09 13:40 . 2013-09-22 08:54 42808 ----a-w- c:\windows\system32\uxtuneup.dll 2013-09-09 13:40 . 2013-09-22 08:52 29496 ----a-w- c:\windows\system32\authuitu.dll 2013-09-09 13:40 . 2013-09-22 08:52 25400 ----a-w- c:\windows\SysWow64\authuitu.dll 2013-09-09 13:40 . 2013-09-22 08:54 35640 ----a-w- c:\windows\SysWow64\uxtuneup.dll 2013-09-09 08:54 . 2011-06-11 08:15 829264 ----a-w- c:\windows\system32\msvcr100.dll 2013-09-09 08:54 . 2011-06-11 08:15 608080 ----a-w- c:\windows\system32\msvcp100.dll 2013-09-09 05:11 . 2013-09-09 05:11 31544 ----a-w- c:\windows\system32\drivers\avgrkx64.sys 2013-09-08 02:30 . 2013-10-13 10:06 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-09-08 02:27 . 2013-10-13 10:06 327168 ----a-w- c:\windows\system32\mswsock.dll 2013-09-08 02:03 . 2013-10-13 10:06 231424 ----a-w- c:\windows\SysWow64\mswsock.dll 2013-09-04 12:11 . 2011-07-27 06:56 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-09-02 17:59 . 2013-09-02 17:59 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys 2013-09-02 17:29 . 2013-09-02 17:29 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys 2013-09-02 17:26 . 2013-09-02 17:26 192824 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2013-09-02 17:26 . 2013-09-02 17:26 241464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys 2013-08-30 07:47 . 2013-05-15 05:23 287840 ----a-w- c:\windows\system32\aswBoot.exe 2013-08-29 02:17 . 2013-10-13 10:06 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-29 02:16 . 2013-10-13 10:06 1732032 ----a-w- c:\windows\system32\ntdll.dll 2013-08-29 02:16 . 2013-10-13 10:06 243712 ----a-w- c:\windows\system32\wow64.dll 2013-08-29 02:16 . 2013-10-13 10:06 859648 ----a-w- c:\windows\system32\tdh.dll 2013-08-29 02:13 . 2013-10-13 10:06 878080 ----a-w- c:\windows\system32\advapi32.dll 2013-08-29 01:51 . 2013-10-13 10:06 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-08-29 01:51 . 2013-10-13 10:06 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-08-29 01:50 . 2013-10-13 10:06 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-08-29 01:50 . 2013-10-13 10:06 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll 2013-08-29 01:50 . 2013-10-13 10:06 619520 ----a-w- c:\windows\SysWow64\tdh.dll 2013-08-29 01:48 . 2013-10-13 10:06 640512 ----a-w- c:\windows\SysWow64\advapi32.dll 2013-08-29 01:48 . 2013-10-13 10:06 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-08-29 00:49 . 2013-10-13 10:06 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-08-29 00:49 . 2013-10-13 10:06 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-08-29 00:49 . 2013-10-13 10:06 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-08-29 00:49 . 2013-10-13 10:06 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-08-28 01:21 . 2013-10-13 10:06 3155968 ----a-w- c:\windows\system32\win32k.sys 2013-08-28 01:12 . 2013-10-13 10:06 461312 ----a-w- c:\windows\system32\scavengeui.dll 2013-04-25 12:01 . 2013-04-25 08:07 4126720 ----a-w- c:\program files (x86)\GUTF5D8.tmp 2012-03-09 22:32 . 2012-03-09 22:32 480 ----a-w- c:\program files (x86)\0309201214321526.bat . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-06-15 00:37 220632 ----a-w- c:\users\girlrocker.000\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-06-15 00:37 220632 ----a-w- c:\users\girlrocker.000\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-06-15 00:37 220632 ----a-w- c:\users\girlrocker.000\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 130736 ----a-w- c:\users\girlrocker.000\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 130736 ----a-w- c:\users\girlrocker.000\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 130736 ----a-w- c:\users\girlrocker.000\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FBCD0EDB5087DADD7FBFBFEBFC95F48C83B3F906._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-11-14 863184] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-21 39408] "GoogleChromeAutoLaunch_83F120BF1CCD59EA28EE9ACACC88D534"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-11-14 863184] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *autocheck autochk * . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup] 2011-03-10 20:06 423936 ----a-w- c:\program files\TOSHIBA\Utilities\HWSetup.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify] 2010-08-16 18:54 34160 ----a-w- c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL] 2010-11-09 20:09 532480 ----a-w- c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" . R1 lsnfd;lsnfd;c:\windows\system32\drivers\lsnfd.sys;c:\windows\SYSNATIVE\drivers\lsnfd.sys [x] R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x] R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.107.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.107.0\BBSvc.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 cpuz134;cpuz134;c:\users\GIRLRO~1.000\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\GIRLRO~1.000\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x] R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x] R3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1x64.sys;c:\windows\SYSNATIVE\drivers\dfx11_1x64.sys [x] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x] R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x] R4 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [x] R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x] R4 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe;c:\program files\Common Files\Motive\pcCMService.exe [x] R4 pcServiceHost;pcServiceHost;c:\program files (x86)\Common Files\Motive\pcServiceHost.exe;c:\program files (x86)\Common Files\Motive\pcServiceHost.exe [x] R4 SRSHDAudioService;SRS HDAudio Lab Service;c:\program files (x86)\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe;c:\program files (x86)\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe [x] R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R4 taisregispinger;taisregispinger;c:\program files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe;c:\program files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [x] R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x] R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x] R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x] R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x] R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x] S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x] S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x] S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.107.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.107.0\SeaPort.exe [x] S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys;c:\windows\SYSNATIVE\DRIVERS\CeKbFilter.sys [x] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] S3 SRS_AE_Service;SRS Audio;c:\windows\system32\drivers\SRS_AE_amd64.sys;c:\windows\SYSNATIVE\drivers\SRS_AE_amd64.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-11-24 09:33 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-27 07:27] . 2013-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-21 02:18] . 2013-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-21 02:18] . 2013-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3270532137-1550226475-4088113051-1003Core1cec8fee9056182.job - c:\users\girlrocker.000\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-14 01:13] . 2013-11-04 c:\windows\Tasks\HP Photo Creations Messager.job - c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-06-15 00:37 244696 ----a-w- c:\users\girlrocker.000\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-06-15 00:37 244696 ----a-w- c:\users\girlrocker.000\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-06-15 00:37 244696 ----a-w- c:\users\girlrocker.000\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 164016 ----a-w- c:\users\girlrocker.000\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 164016 ----a-w- c:\users\girlrocker.000\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 164016 ----a-w- c:\users\girlrocker.000\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 164016 ----a-w- c:\users\girlrocker.000\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-24 1266912] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\system32\blank.htm uInternet Settings,ProxyOverride = *.local;<local> TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . Toolbar-{41525333-0076-A76A-76A7-7A786E7484D7} - (no file) MSConfigStartUp-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a, eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8, 89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b "{6F282B65-56BF-4BD1-A8B2-A4449A05863D}"=hex:51,66,7a,6c,4c,1d,38,12,0b,28,3b, 6b,8d,18,bf,0e,d7,a4,e7,04,9f,5b,c2,29 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}"=hex:51,66,7a,6c,4c,1d,38,12,da,39,34, 5d,e1,a9,97,05,de,be,2c,e9,c9,ff,c2,38 "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95, 8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{963B125B-8B21-49A2-A3A8-E37092276531}"=hex:51,66,7a,6c,4c,1d,38,12,35,11,28, 92,13,c5,cc,0c,dc,be,a0,30,97,79,21,25 "{A0E8BC7D-6959-40B6-8E05-204D9768AD6E}"=hex:51,66,7a,6c,4c,1d,38,12,13,bf,fb, a4,6b,27,d8,05,f1,13,63,0d,92,36,e9,7a "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3 "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0, b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb "{CB0D163C-E9F4-4236-9496-0597E24B23A5}"=hex:51,66,7a,6c,4c,1d,38,12,52,15,1e, cf,c6,a7,58,07,eb,80,46,d7,e7,15,67,b1 "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd, d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f, e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec "{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db, f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00 "{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be, f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95 "{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}"=hex:51,66,7a,6c,4c,1d,3b,1b,e3,de,f2, ed,48,70,39,39,96,99,8d,11,69,db,ca,81 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:c0,00,d6,61,10,28,cd,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c6,90,e9,10,c1,0c,8d,4e,bf,9f,cf,\ . [HKEY_USERS\S-1-5-21-3270532137-1550226475-4088113051-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:87,70,3e,2e,10,c0,fb,e7,2a,4f,a2,43,20,73,b3,72,62,5a,a8,0b,1b,e4,9b, 5a,47,08,1b,b6,8b,69,80,d7,34,47,41,41,5f,8e,ce,5f,1e,00,a4,58,2b,65,13,6b,\ "??"=hex:7f,38,05,e5,de,da,22,c6,d3,6d,4c,da,19,56,a5,d2 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-11-24 02:17:48 ComboFix-quarantined-files.txt 2013-11-24 10:17 ComboFix2.txt 2013-11-24 05:25 ComboFix3.txt 2013-11-24 04:16 . Pre-Run: 519,175,467,008 bytes free Post-Run: 519,590,174,720 bytes free . - - End Of File - - 626E6EF230079065F3B3F0CE5E359971

Well my laptop seems faster. The level quality watcher is gone from "services". It's still located in C:\Program Files. Can I delete it? My pc still whirrs but not as much. My memory in task manager is stays around 47-48% and the cpu right now is very low. It was running a little bit higher earlier. I went to facebook to try out a couple of games that have a tendency to freeze and the bingo game that I play has a small slot game on the same page as the bingo game. I was playing the slot game waiting for the bingo game to end. It seemed to be much faster. But when the new bingo game was about to start I hit the play button and Chrome went into "not responding" mode. I couldn't even hit the minimize button like I usually do. So I tried control-alternate-delete and it wouldn't come up. So I just hit the power button to shut the pc down. I also went to enable Windows Defender and Microsoft Security Essentials and both of them took a bit of time loading up. But it's definitely better. It's much faster. ComboFix 13-11-23.02 - girlrocker 11/23/2013 21:04:09.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.4218 [GMT -8:00] Running from: c:\users\girlrocker.000\Downloads\ComboFix.exe AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-10-24 to 2013-11-24 ))))))))))))))))))))))))))))))) . . 2013-11-24 04:40 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DEE3E00E-ADB9-4F42-AE61-9531C7CEC37D}\mpengine.dll 2013-11-23 05:52 . 2013-11-23 05:52 965000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E997C2BC-DAE1-4205-ABAF-142E47EC8D70}\gapaengine.dll 2013-11-23 05:51 . 2013-11-23 05:51 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2013-11-23 05:50 . 2013-11-23 05:51 -------- dc----w- c:\program files\Microsoft Security Client 2013-11-22 13:18 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A5AEF8E4-F536-4286-A60C-CE3724EB20D4}\mpengine.dll 2013-11-21 11:12 . 2013-11-21 11:12 -------- d-----w- c:\users\girlrocker.000\AppData\Local\ElevatedDiagnostics 2013-11-21 05:45 . 2013-11-21 12:09 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-11-21 04:34 . 2013-11-21 09:34 -------- d-----w- c:\program files (x86)\Advanced Fix 2013 2013-11-21 03:58 . 2013-11-21 03:58 -------- d-----w- c:\windows\ERUNT 2013-11-21 03:52 . 2013-11-21 03:52 -------- d-----w- c:\users\girlrocker.000\AppData\Roaming\SUPERAntiSpyware.com 2013-11-21 03:52 . 2013-11-21 03:52 -------- dc----w- c:\program files\SUPERAntiSpyware 2013-11-21 03:52 . 2013-11-21 03:52 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2013-11-21 03:51 . 2013-11-21 03:51 -------- d-----w- c:\users\girlrocker.000\AppData\Roaming\Malwarebytes 2013-11-21 03:51 . 2013-11-21 03:51 -------- d-----w- c:\programdata\Malwarebytes 2013-11-21 03:51 . 2013-11-21 03:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-11-21 03:51 . 2013-04-04 22:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-11-21 03:51 . 2013-11-21 03:51 -------- d-----w- c:\users\girlrocker.000\AppData\Local\Programs 2013-11-21 02:14 . 2013-11-22 22:28 -------- dc----w- C:\AdwCleaner 2013-11-17 15:13 . 2013-10-15 02:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE 2013-11-17 10:00 . 2013-11-17 10:00 -------- dc----w- C:\Casino 2013-11-16 05:59 . 2013-11-16 05:59 -------- d-----w- c:\users\girlrocker.000\AppData\Roaming\TuneUp Software 2013-11-15 00:01 . 2013-10-16 18:18 439296 ----a-w- c:\windows\system32\AdpeakProxy64.dll 2013-11-15 00:01 . 2013-10-16 18:18 338944 ----a-w- c:\windows\SysWow64\AdpeakProxy.dll 2013-11-14 01:40 . 2013-11-14 01:40 -------- d-----w- c:\windows\SysWow64\wbem\Logs 2013-11-14 01:33 . 2013-11-14 01:38 -------- d-----w- c:\users\girlrocker.000\AppData\Roaming\FolderPrint 2013-11-14 01:01 . 2013-11-19 19:35 -------- d-----w- c:\program files (x86)\Disk Index 2013-11-14 00:32 . 2013-11-14 00:32 -------- d-----w- c:\users\girlrocker.000\AppData\Local\Free_Empty_Folder_Delete 2013-11-14 00:16 . 2013-11-14 00:16 -------- d-----w- c:\users\girlrocker.000\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z 2013-11-14 00:14 . 2013-11-14 00:23 -------- d-----w- c:\users\girlrocker.000\AppData\Roaming\DropIt 2013-11-14 00:14 . 2013-11-14 00:14 -------- dc----w- c:\program files\DropIt 2013-11-14 00:07 . 2013-11-14 00:07 -------- d-----w- c:\program files (x86)\Free Empty Folder Delete 2013-11-13 23:59 . 2013-11-13 23:59 -------- dc----w- c:\program files\Level Quality Watcher 2013-11-13 23:58 . 2013-11-13 23:58 -------- d-----w- c:\program files (x86)\Folder Size 2013-11-13 23:58 . 2013-11-13 23:58 -------- d-----w- c:\programdata\MindGems 2013-11-13 23:54 . 2013-11-13 23:54 -------- d-----w- c:\program files (x86)\stg 2013-11-13 06:45 . 2013-11-21 17:54 -------- d-----w- c:\program files (x86)\Aladdins Gold 2013-11-05 01:18 . 2013-11-05 01:18 -------- d-----w- c:\users\girlrocker.000\AppData\Roaming\FreeCoins 2013-11-05 01:18 . 2013-11-05 01:18 -------- d-----w- c:\program files (x86)\FCE 2013-11-05 01:18 . 2013-11-19 15:04 -------- d-----w- c:\users\girlrocker.000\AppData\Local\FCU 2013-11-05 01:18 . 2013-11-19 15:04 -------- d-----w- c:\users\girlrocker.000\AppData\Local\FCM 2013-11-05 01:18 . 2013-11-05 01:18 -------- d-----w- c:\users\girlrocker.000\AppData\Local\FCE 2013-11-05 01:17 . 2013-11-13 05:16 -------- d-----w- c:\users\girlrocker.000\AppData\Local\FreeCoins 2013-11-03 19:25 . 2013-11-03 19:26 -------- d-----w- c:\users\girlrocker.000\UTILITIES 2013-11-03 19:16 . 2013-11-03 19:17 -------- d-----w- c:\users\girlrocker.000\BACKUPS 2013-11-03 13:51 . 2013-10-08 15:50 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-11-02 16:06 . 2009-10-29 18:24 440320 ----a-w- c:\windows\system32\drivers\rtl8187Se.sys 2013-11-02 16:05 . 2009-04-02 17:27 188416 ----a-w- c:\windows\system32\RTLExtUI.dll 2013-11-02 16:05 . 2009-04-02 17:27 188416 ----a-w- c:\windows\RTLExtUI.dll 2013-11-02 16:05 . 2009-03-31 21:31 380928 ----a-w- c:\windows\system32\RtlUI2.exe 2013-11-02 16:05 . 2009-03-31 21:31 380928 ----a-w- c:\windows\RtlUI2.exe 2013-11-02 16:05 . 2008-07-01 19:31 614400 ----a-w- c:\windows\system32\Rtlihvs.dll 2013-11-02 16:05 . 2008-07-01 19:31 614400 ----a-w- c:\windows\Rtlihvs.dll 2013-11-02 16:05 . 2013-11-02 16:06 -------- d-----w- c:\program files (x86)\REALTEK RTL8187SE Wireless LAN Driver 2013-11-02 16:05 . 2009-02-05 09:49 451072 ----a-w- c:\windows\SysWow64\ISSRemoveSP.exe 2013-10-27 20:31 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2013-10-27 20:31 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-10-27 20:31 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys 2013-10-27 20:31 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2013-10-27 20:31 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2013-10-27 20:31 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-11-19 10:21 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe 2013-11-13 11:02 . 2012-01-11 04:05 82896128 ----a-w- c:\windows\system32\MRT.exe 2013-10-13 17:33 . 2013-10-13 17:33 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys 2013-10-04 10:31 . 2013-10-04 10:31 312744 ----a-w- c:\windows\system32\javaws.exe 2013-10-04 10:31 . 2013-10-04 10:31 189352 ----a-w- c:\windows\system32\javaw.exe 2013-10-04 10:31 . 2013-10-04 10:31 189352 ----a-w- c:\windows\system32\java.exe 2013-10-04 10:31 . 2013-10-04 10:31 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2013-10-04 10:31 . 2013-09-22 05:23 973736 ----a-w- c:\windows\system32\deployJava1.dll 2013-10-04 10:31 . 2013-09-22 05:23 1095080 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-09-30 01:49 . 2013-06-27 01:31 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-09-29 03:26 . 2013-09-29 03:26 110080 ----a-w- c:\users\girlrocker.000\AppData\Roaming\Microsoft\Installer\{86CA3695-A412-4BAE-92B6-49A60C2AC663}\IconF7A21AF7.exe 2013-09-29 03:26 . 2013-09-29 03:26 110080 ----a-w- c:\users\girlrocker.000\AppData\Roaming\Microsoft\Installer\{86CA3695-A412-4BAE-92B6-49A60C2AC663}\IconD7F16134.exe 2013-09-29 03:26 . 2013-09-29 03:26 110080 ----a-w- c:\users\girlrocker.000\AppData\Roaming\Microsoft\Installer\{86CA3695-A412-4BAE-92B6-49A60C2AC663}\Icon1226A4C5.exe 2013-09-27 17:53 . 2013-09-27 17:53 248240 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-09-27 17:53 . 2013-09-27 17:53 134944 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2013-09-26 04:07 . 2013-09-26 04:07 148792 ----a-w- c:\windows\system32\drivers\avgdiska.sys 2013-09-09 13:40 . 2013-09-22 08:52 40248 ----a-w- c:\windows\system32\TURegOpt.exe 2013-09-09 13:40 . 2013-09-22 08:54 42808 ----a-w- c:\windows\system32\uxtuneup.dll 2013-09-09 13:40 . 2013-09-22 08:52 29496 ----a-w- c:\windows\system32\authuitu.dll 2013-09-09 13:40 . 2013-09-22 08:52 25400 ----a-w- c:\windows\SysWow64\authuitu.dll 2013-09-09 13:40 . 2013-09-22 08:54 35640 ----a-w- c:\windows\SysWow64\uxtuneup.dll 2013-09-09 08:54 . 2011-06-11 08:15 829264 ----a-w- c:\windows\system32\msvcr100.dll 2013-09-09 08:54 . 2011-06-11 08:15 608080 ----a-w- c:\windows\system32\msvcp100.dll 2013-09-09 05:11 . 2013-09-09 05:11 31544 ----a-w- c:\windows\system32\drivers\avgrkx64.sys 2013-09-08 02:30 . 2013-10-13 10:06 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-09-08 02:27 . 2013-10-13 10:06 327168 ----a-w- c:\windows\system32\mswsock.dll 2013-09-08 02:03 . 2013-10-13 10:06 231424 ----a-w- c:\windows\SysWow64\mswsock.dll 2013-09-04 12:11 . 2011-07-27 06:56 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-09-02 17:59 . 2013-09-02 17:59 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys 2013-09-02 17:29 . 2013-09-02 17:29 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys 2013-09-02 17:26 . 2013-09-02 17:26 192824 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2013-09-02 17:26 . 2013-09-02 17:26 241464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys 2013-08-30 07:47 . 2013-05-15 05:23 287840 ----a-w- c:\windows\system32\aswBoot.exe 2013-08-29 02:17 . 2013-10-13 10:06 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-29 02:16 . 2013-10-13 10:06 1732032 ----a-w- c:\windows\system32\ntdll.dll 2013-08-29 02:16 . 2013-10-13 10:06 243712 ----a-w- c:\windows\system32\wow64.dll 2013-08-29 02:16 . 2013-10-13 10:06 859648 ----a-w- c:\windows\system32\tdh.dll 2013-08-29 02:13 . 2013-10-13 10:06 878080 ----a-w- c:\windows\system32\advapi32.dll 2013-08-29 01:51 . 2013-10-13 10:06 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-08-29 01:51 . 2013-10-13 10:06 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-08-29 01:50 . 2013-10-13 10:06 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-08-29 01:50 . 2013-10-13 10:06 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll 2013-08-29 01:50 . 2013-10-13 10:06 619520 ----a-w- c:\windows\SysWow64\tdh.dll 2013-08-29 01:48 . 2013-10-13 10:06 640512 ----a-w- c:\windows\SysWow64\advapi32.dll 2013-08-29 01:48 . 2013-10-13 10:06 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-08-29 00:49 . 2013-10-13 10:06 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-08-29 00:49 . 2013-10-13 10:06 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-08-29 00:49 . 2013-10-13 10:06 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-08-29 00:49 . 2013-10-13 10:06 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-08-28 01:21 . 2013-10-13 10:06 3155968 ----a-w- c:\windows\system32\win32k.sys 2013-08-28 01:12 . 2013-10-13 10:06 461312 ----a-w- c:\windows\system32\scavengeui.dll 2013-04-25 12:01 . 2013-04-25 08:07 4126720 ----a-w- c:\program files (x86)\GUTF5D8.tmp 2012-03-09 22:32 . 2012-03-09 22:32 480 ----a-w- c:\program files (x86)\0309201214321526.bat . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-06-15 00:37 220632 ----a-w- c:\users\girlrocker.000\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-06-15 00:37 220632 ----a-w- c:\users\girlrocker.000\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-06-15 00:37 220632 ----a-w- c:\users\girlrocker.000\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 130736 ----a-w- c:\users\girlrocker.000\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 130736 ----a-w- c:\users\girlrocker.000\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 130736 ----a-w- c:\users\girlrocker.000\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FBCD0EDB5087DADD7FBFBFEBFC95F48C83B3F906._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-11-14 863184] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-21 39408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *autocheck autochk * . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup] 2011-03-10 20:06 423936 ----a-w- c:\program files\TOSHIBA\Utilities\HWSetup.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify] 2010-08-16 18:54 34160 ----a-w- c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL] 2010-11-09 20:09 532480 ----a-w- c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" . R1 lsnfd;lsnfd;c:\windows\system32\drivers\lsnfd.sys;c:\windows\SYSNATIVE\drivers\lsnfd.sys [x] R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x] R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.107.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.107.0\BBSvc.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 cpuz134;cpuz134;c:\users\GIRLRO~1.000\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\GIRLRO~1.000\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x] R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x] R3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1x64.sys;c:\windows\SYSNATIVE\drivers\dfx11_1x64.sys [x] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x] R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x] R4 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [x] R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x] R4 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe;c:\program files\Common Files\Motive\pcCMService.exe [x] R4 pcServiceHost;pcServiceHost;c:\program files (x86)\Common Files\Motive\pcServiceHost.exe;c:\program files (x86)\Common Files\Motive\pcServiceHost.exe [x] R4 SRSHDAudioService;SRS HDAudio Lab Service;c:\program files (x86)\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe;c:\program files (x86)\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe [x] R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R4 taisregispinger;taisregispinger;c:\program files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe;c:\program files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [x] R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x] R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x] R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x] R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x] R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x] S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x] S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x] S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.107.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.107.0\SeaPort.exe [x] S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys;c:\windows\SYSNATIVE\DRIVERS\CeKbFilter.sys [x] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] S3 SRS_AE_Service;SRS Audio;c:\windows\system32\drivers\SRS_AE_amd64.sys;c:\windows\SYSNATIVE\drivers\SRS_AE_amd64.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-11-18 08:16 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-11-04 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-27 01:49] . 2013-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-21 02:18] . 2013-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-21 02:18] . 2013-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3270532137-1550226475-4088113051-1003Core1cec8fee9056182.job - c:\users\girlrocker.000\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-14 01:13] . 2013-11-04 c:\windows\Tasks\HP Photo Creations Messager.job - c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-06-15 00:37 244696 ----a-w- c:\users\girlrocker.000\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-06-15 00:37 244696 ----a-w- c:\users\girlrocker.000\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-06-15 00:37 244696 ----a-w- c:\users\girlrocker.000\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 164016 ----a-w- c:\users\girlrocker.000\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 164016 ----a-w- c:\users\girlrocker.000\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 164016 ----a-w- c:\users\girlrocker.000\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 164016 ----a-w- c:\users\girlrocker.000\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-24 1266912] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\system32\blank.htm uInternet Settings,ProxyOverride = *.local;<local> TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . Toolbar-{41525333-0076-A76A-76A7-7A786E7484D7} - (no file) MSConfigStartUp-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a, eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8, 89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b "{6F282B65-56BF-4BD1-A8B2-A4449A05863D}"=hex:51,66,7a,6c,4c,1d,38,12,0b,28,3b, 6b,8d,18,bf,0e,d7,a4,e7,04,9f,5b,c2,29 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}"=hex:51,66,7a,6c,4c,1d,38,12,da,39,34, 5d,e1,a9,97,05,de,be,2c,e9,c9,ff,c2,38 "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95, 8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{963B125B-8B21-49A2-A3A8-E37092276531}"=hex:51,66,7a,6c,4c,1d,38,12,35,11,28, 92,13,c5,cc,0c,dc,be,a0,30,97,79,21,25 "{A0E8BC7D-6959-40B6-8E05-204D9768AD6E}"=hex:51,66,7a,6c,4c,1d,38,12,13,bf,fb, a4,6b,27,d8,05,f1,13,63,0d,92,36,e9,7a "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3 "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0, b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb "{CB0D163C-E9F4-4236-9496-0597E24B23A5}"=hex:51,66,7a,6c,4c,1d,38,12,52,15,1e, cf,c6,a7,58,07,eb,80,46,d7,e7,15,67,b1 "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd, d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f, e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec "{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db, f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00 "{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be, f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95 "{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}"=hex:51,66,7a,6c,4c,1d,3b,1b,e3,de,f2, ed,48,70,39,39,96,99,8d,11,69,db,ca,81 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:c0,00,d6,61,10,28,cd,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c6,90,e9,10,c1,0c,8d,4e,bf,9f,cf,\ . [HKEY_USERS\S-1-5-21-3270532137-1550226475-4088113051-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:87,70,3e,2e,10,c0,fb,e7,2a,4f,a2,43,20,73,b3,72,62,5a,a8,0b,1b,e4,9b, 5a,47,08,1b,b6,8b,69,80,d7,34,47,41,41,5f,8e,ce,5f,1e,00,a4,58,2b,65,13,6b,\ "??"=hex:7f,38,05,e5,de,da,22,c6,d3,6d,4c,da,19,56,a5,d2 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-11-23 21:25:44 ComboFix-quarantined-files.txt 2013-11-24 05:25 ComboFix2.txt 2013-11-24 04:16 . Pre-Run: 519,229,423,616 bytes free Post-Run: 519,206,789,120 bytes free . - - End Of File - - F2C2FA9C9ADAB8B4EB0F98BD7659AA8C

I believe I did everything exactly as you said. So here it is: # AdwCleaner v3.012 - Report created 22/11/2013 at 14:28:25 # Updated 11/11/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : girlrocker - GIRLROCKER # Running from : C:\Users\girlrocker.000\Desktop\SECURITY UTILITIES\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Google Chrome v31.0.1650.57 ************************* AdwCleaner[R0].txt - [16679 octets] - [20/11/2013 19:35:18] AdwCleaner[R1].txt - [828 octets] - [21/11/2013 03:29:41] AdwCleaner[R2].txt - [946 octets] - [21/11/2013 11:24:28] AdwCleaner[R3].txt - [1065 octets] - [22/11/2013 14:27:06] AdwCleaner[s0].txt - [16334 octets] - [20/11/2013 19:36:37] AdwCleaner[s1].txt - [888 octets] - [21/11/2013 03:30:33] AdwCleaner[s2].txt - [1006 octets] - [21/11/2013 12:06:50] AdwCleaner[s3].txt - [988 octets] - [22/11/2013 14:28:25] ########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [1047 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.8 (11.05.2013:1)OS: Windows 7 Home Premium x64Ran by girlrocker on Fri 11/22/2013 at 14:42:33.48~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Fri 11/22/2013 at 14:48:36.98End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ You know when I download something I always uncheck any toolbars or whatever they sneak in there. So do they download these items anyway? Even though I unchecked them? Thank you,girlrocker

I believe I did everything exactly as you said. So here it is: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2 Run by girlrocker at 13:42:00 on 2013-11-21 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.3373 [GMT -8:00] . AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2014\avgrsa.exe C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k GPSvcGroup C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\windows\system32\SearchIndexer.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\System32\alg.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\SeaPort.exe C:\windows\system32\taskmgr.exe C:\windows\System32\perfmon.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\AVG\AVG2014\avgui.exe C:\Program Files\Windows NT\Accessories\WORDPAD.EXE C:\windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe C:\windows\system32\msiexec.exe C:\Users\GIRLRO~1.000\AppData\Local\Temp\SHSetup.exe C:\windows\system32\SearchProtocolHost.exe C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe C:\windows\system32\vssvc.exe C:\windows\System32\svchost.exe -k swprv C:\windows\system32\SearchFilterHost.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve mURLSearchHooks: {11111111-1111-1111-1111-110011201183} - <orphaned> mWinlogon: Userinit = userinit.exe, TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BingExt.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [FBCD0EDB5087DADD7FBFBFEBFC95F48C83B3F906._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service uPolicies-Explorer: NoDriveTypeAutoRun = dword:181 uPolicies-Explorer: NoDriveAutoRun = dword:67043323 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:60 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - TCP: NameServer = 192.168.1.254 TCP: Interfaces\{AF6375BE-0CA8-415D-9A3A-A2560696AF4C} : DHCPNameServer = 192.168.1.254 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\amd64\BingExt.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll x64-TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\windows\System32\rundll32.exe C:\windows\System32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2013-9-2 192824] R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2013-9-2 294712] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2013-8-20 123704] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2013-9-8 31544] R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2012-1-16 55856] R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2011-3-23 36992] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784] R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2011-11-20 482384] R1 Avgdiska;AVG Disk Driver;C:\windows\System32\drivers\avgdiska.sys [2013-9-25 148792] R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2013-9-2 241464] R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2013-9-2 212280] R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2013-8-1 251192] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-25 301152] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-20 701512] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472] R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\SeaPort.EXE [2013-8-30 240288] R3 CeKbFilter;CeKbFilter;C:\windows\System32\drivers\CeKbFilter.sys [2011-11-20 20592] R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2013-7-1 342528] R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\drivers\iwdbus.sys [2011-6-21 25496] R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-11-20 25928] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2011-2-10 82432] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760] R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-11-20 38096] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240] R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144] R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576] R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840] R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528] R3 SRS_AE_Service;SRS Audio;C:\windows\System32\drivers\SRS_AE_amd64.sys [2012-6-21 549704] S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-10-3 3538480] S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BBSvc.EXE [2013-8-30 193696] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update --> C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [?] S3 DFX11_1;DFX Audio Enhancer 11.1;C:\windows\System32\drivers\dfx11_1x64.sys [2012-12-13 28008] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2013-11-17 111616] S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\drivers\intelaud.sys [2011-6-21 34200] S3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2011-5-26 174680] S3 mbamchameleon;mbamchameleon;C:\windows\System32\drivers\mbamchameleon.sys [2013-11-20 91352] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-11-17 19456] S3 SWDUMon;SWDUMon;C:\windows\System32\drivers\SWDUMon.sys [2013-10-13 16152] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-11-17 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-11-17 30208] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-1-10 1255736] S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152] S4 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624] S4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-7-14 1436424] S4 Level Quality Watcher;Level Quality Watcher;C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=F5D333A8-C748-4686-AE0A-9E008F670C22 --> C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=F5D333A8-C748-4686-AE0A-9E008F670C22 [?] S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-20 418376] S4 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2013-5-28 369152] S4 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-5-28 460288] S4 pcServiceHost;pcServiceHost;C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [2013-5-28 342528] S4 SRSHDAudioService;SRS HDAudio Lab Service;C:\Program Files (x86)\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe [2012-6-25 13232] S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S4 taisregispinger;taisregispinger;C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [2011-7-26 297344] S4 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-11-20 57216] S4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-5-24 294848] S4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152] S4 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-7-1 828856] S4 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-20 2656280] . =============== File Associations =============== . FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [userChoice] . =============== Created Last 30 ================ . 2013-11-21 21:24:08 -------- d-----w- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs 2013-11-21 11:12:15 -------- d-----w- C:\Users\girlrocker.000\AppData\Local\ElevatedDiagnostics 2013-11-21 05:45:02 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys 2013-11-21 04:34:14 -------- d-----w- C:\Program Files (x86)\Advanced Fix 2013 2013-11-21 03:58:29 -------- d-----w- C:\windows\ERUNT 2013-11-21 03:52:56 -------- d-----w- C:\Users\girlrocker.000\AppData\Roaming\SUPERAntiSpyware.com 2013-11-21 03:52:26 -------- dc----w- C:\Program Files\SUPERAntiSpyware 2013-11-21 03:52:26 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2013-11-21 03:51:51 -------- d-----w- C:\Users\girlrocker.000\AppData\Roaming\Malwarebytes 2013-11-21 03:51:49 -------- d-----w- C:\ProgramData\Malwarebytes 2013-11-21 03:51:47 25928 ----a-w- C:\windows\System32\drivers\mbam.sys 2013-11-21 03:51:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-11-21 03:51:36 -------- d-----w- C:\Users\girlrocker.000\AppData\Local\Programs 2013-11-21 02:43:19 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F774FE2B-A0A7-4A7E-A46D-FE73913536B8}\mpengine.dll 2013-11-21 02:14:30 -------- dc----w- C:\AdwCleaner 2013-11-17 10:00:50 -------- dc----w- C:\Casino 2013-11-16 05:59:54 -------- d-----w- C:\Users\girlrocker.000\AppData\Roaming\TuneUp Software 2013-11-15 00:01:55 439296 ----a-w- C:\windows\System32\AdpeakProxy64.dll 2013-11-15 00:01:50 338944 ----a-w- C:\windows\SysWow64\AdpeakProxy.dll 2013-11-14 01:40:52 -------- d-----w- C:\windows\SysWow64\wbem\Logs 2013-11-14 01:33:44 -------- d-----w- C:\Users\girlrocker.000\AppData\Roaming\FolderPrint 2013-11-14 01:01:20 -------- d-----w- C:\Program Files (x86)\Disk Index 2013-11-14 00:32:46 -------- d-----w- C:\Users\girlrocker.000\AppData\Local\Free_Empty_Folder_Delete 2013-11-14 00:16:12 -------- d-----w- C:\Users\girlrocker.000\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z 2013-11-14 00:14:59 -------- d-----w- C:\Users\girlrocker.000\AppData\Roaming\DropIt 2013-11-14 00:14:49 -------- dc----w- C:\Program Files\DropIt 2013-11-14 00:07:22 -------- d-----w- C:\Program Files (x86)\Free Empty Folder Delete 2013-11-13 23:59:11 -------- dc----w- C:\Program Files\Level Quality Watcher 2013-11-13 23:58:16 -------- d-----w- C:\ProgramData\MindGems 2013-11-13 23:58:16 -------- d-----w- C:\Program Files (x86)\Folder Size 2013-11-13 23:54:40 -------- d-----w- C:\Program Files (x86)\stg 2013-11-13 06:45:45 -------- d-----w- C:\Program Files (x86)\Aladdins Gold 2013-11-05 01:18:24 -------- d-----w- C:\Users\girlrocker.000\AppData\Roaming\FreeCoins 2013-11-05 01:18:20 -------- d-----w- C:\Program Files (x86)\FCE 2013-11-05 01:18:05 -------- d-----w- C:\Users\girlrocker.000\AppData\Local\FCU 2013-11-05 01:18:04 -------- d-----w- C:\Users\girlrocker.000\AppData\Local\FCM 2013-11-05 01:18:02 -------- d-----w- C:\Users\girlrocker.000\AppData\Local\FCE 2013-11-05 01:17:54 -------- d-----w- C:\Users\girlrocker.000\AppData\Local\FreeCoins 2013-11-03 19:25:57 -------- d-----w- C:\Users\girlrocker.000\UTILITIES 2013-11-03 19:16:38 -------- d-----w- C:\Users\girlrocker.000\BACKUPS 2013-11-03 13:51:29 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-11-02 16:06:00 440320 ----a-w- C:\windows\System32\drivers\rtl8187Se.sys 2013-11-02 16:05:59 614400 ----a-w- C:\windows\System32\Rtlihvs.dll 2013-11-02 16:05:59 614400 ----a-w- C:\windows\Rtlihvs.dll 2013-11-02 16:05:59 380928 ----a-w- C:\windows\System32\RtlUI2.exe 2013-11-02 16:05:59 380928 ----a-w- C:\windows\RtlUI2.exe 2013-11-02 16:05:59 188416 ----a-w- C:\windows\System32\RTLExtUI.dll 2013-11-02 16:05:59 188416 ----a-w- C:\windows\RTLExtUI.dll 2013-11-02 16:05:58 451072 ----a-w- C:\windows\SysWow64\ISSRemoveSP.exe 2013-11-02 16:05:58 -------- d-----w- C:\Program Files (x86)\REALTEK RTL8187SE Wireless LAN Driver 2013-10-27 20:31:29 7808 ----a-w- C:\windows\System32\drivers\usbd.sys 2013-10-27 20:31:29 52736 ----a-w- C:\windows\System32\drivers\usbehci.sys 2013-10-27 20:31:29 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys 2013-10-27 20:31:29 325120 ----a-w- C:\windows\System32\drivers\usbport.sys 2013-10-27 20:31:29 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys 2013-10-27 20:31:29 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys . ==================== Find3M ==================== . 2013-10-13 17:33:21 16152 ----a-w- C:\windows\System32\drivers\SWDUMon.sys 2013-10-12 02:30:42 830464 ----a-w- C:\windows\System32\nshwfp.dll 2013-10-12 02:29:21 859648 ----a-w- C:\windows\System32\IKEEXT.DLL 2013-10-12 02:29:08 324096 ----a-w- C:\windows\System32\FWPUCLNT.DLL 2013-10-12 02:03:08 656896 ----a-w- C:\windows\SysWow64\nshwfp.dll 2013-10-12 02:01:25 216576 ----a-w- C:\windows\SysWow64\FWPUCLNT.DLL 2013-10-05 20:25:35 1474048 ----a-w- C:\windows\System32\crypt32.dll 2013-10-05 19:57:25 1168384 ----a-w- C:\windows\SysWow64\crypt32.dll 2013-10-04 10:31:11 973736 ----a-w- C:\windows\System32\deployJava1.dll 2013-10-04 10:31:11 1095080 ----a-w- C:\windows\System32\npDeployJava1.dll 2013-10-04 10:31:11 108968 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll 2013-10-04 02:28:31 190464 ----a-w- C:\windows\System32\SmartcardCredentialProvider.dll 2013-10-04 02:25:17 197120 ----a-w- C:\windows\System32\credui.dll 2013-10-04 02:24:49 1930752 ----a-w- C:\windows\System32\authui.dll 2013-10-04 01:58:50 152576 ----a-w- C:\windows\SysWow64\SmartcardCredentialProvider.dll 2013-10-04 01:56:25 168960 ----a-w- C:\windows\SysWow64\credui.dll 2013-10-04 01:56:00 1796096 ----a-w- C:\windows\SysWow64\authui.dll 2013-10-03 02:23:48 404480 ----a-w- C:\windows\System32\gdi32.dll 2013-10-03 02:00:44 311808 ----a-w- C:\windows\SysWow64\gdi32.dll 2013-09-30 01:49:32 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-09-30 01:49:32 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2013-09-28 01:09:10 497152 ----a-w- C:\windows\System32\drivers\afd.sys 2013-09-26 04:07:30 148792 ----a-w- C:\windows\System32\drivers\avgdiska.sys 2013-09-25 02:26:40 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys 2013-09-25 02:26:40 154560 ----a-w- C:\windows\System32\drivers\ksecpkg.sys 2013-09-25 02:23:33 28672 ----a-w- C:\windows\System32\sspisrv.dll 2013-09-25 02:23:33 135680 ----a-w- C:\windows\System32\sspicli.dll 2013-09-25 02:23:01 28160 ----a-w- C:\windows\System32\secur32.dll 2013-09-25 02:22:59 340992 ----a-w- C:\windows\System32\schannel.dll 2013-09-25 02:21:50 307200 ----a-w- C:\windows\System32\ncrypt.dll 2013-09-25 02:21:07 1447936 ----a-w- C:\windows\System32\lsasrv.dll 2013-09-25 01:58:17 96768 ----a-w- C:\windows\SysWow64\sspicli.dll 2013-09-25 01:57:26 22016 ----a-w- C:\windows\SysWow64\secur32.dll 2013-09-25 01:57:24 247808 ----a-w- C:\windows\SysWow64\schannel.dll 2013-09-25 01:56:42 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll 2013-09-25 01:03:24 30720 ----a-w- C:\windows\System32\lsass.exe 2013-09-09 13:40:10 40248 ----a-w- C:\windows\System32\TURegOpt.exe 2013-09-09 13:40:02 42808 ----a-w- C:\windows\System32\uxtuneup.dll 2013-09-09 13:40:02 29496 ----a-w- C:\windows\System32\authuitu.dll 2013-09-09 13:40:02 25400 ----a-w- C:\windows\SysWow64\authuitu.dll 2013-09-09 13:40:00 35640 ----a-w- C:\windows\SysWow64\uxtuneup.dll 2013-09-09 08:54:22 829264 ----a-w- C:\windows\System32\msvcr100.dll 2013-09-09 08:54:22 608080 ----a-w- C:\windows\System32\msvcp100.dll 2013-09-09 05:11:42 31544 ----a-w- C:\windows\System32\drivers\avgrkx64.sys 2013-09-08 02:30:37 1903552 ----a-w- C:\windows\System32\drivers\tcpip.sys 2013-09-08 02:27:14 327168 ----a-w- C:\windows\System32\mswsock.dll 2013-09-08 02:03:58 231424 ----a-w- C:\windows\SysWow64\mswsock.dll 2013-09-04 12:11:49 99840 ----a-w- C:\windows\System32\drivers\usbccgp.sys 2013-09-03 21:35:10 278800 ------w- C:\windows\System32\MpSigStub.exe 2013-09-02 17:59:14 212280 ----a-w- C:\windows\System32\drivers\avgldx64.sys 2013-09-02 17:29:18 294712 ----a-w- C:\windows\System32\drivers\avgloga.sys 2013-09-02 17:26:50 192824 ----a-w- C:\windows\System32\drivers\avgidsha.sys 2013-09-02 17:26:42 241464 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys 2013-08-29 02:17:48 5549504 ----a-w- C:\windows\System32\ntoskrnl.exe 2013-08-29 02:16:35 1732032 ----a-w- C:\windows\System32\ntdll.dll 2013-08-29 02:16:28 243712 ----a-w- C:\windows\System32\wow64.dll 2013-08-29 02:16:14 859648 ----a-w- C:\windows\System32\tdh.dll 2013-08-29 02:13:28 878080 ----a-w- C:\windows\System32\advapi32.dll 2013-08-29 01:51:45 3969472 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2013-08-29 01:51:45 3914176 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2013-08-29 01:50:31 5120 ----a-w- C:\windows\SysWow64\wow32.dll 2013-08-29 01:50:30 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll 2013-08-29 01:50:16 619520 ----a-w- C:\windows\SysWow64\tdh.dll 2013-08-29 01:48:17 640512 ----a-w- C:\windows\SysWow64\advapi32.dll 2013-08-29 01:48:15 44032 ----a-w- C:\windows\apppatch\acwow64.dll 2013-08-29 00:49:53 25600 ----a-w- C:\windows\SysWow64\setup16.exe 2013-08-29 00:49:52 7680 ----a-w- C:\windows\SysWow64\instnm.exe 2013-08-29 00:49:52 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll 2013-08-29 00:49:49 2048 ----a-w- C:\windows\SysWow64\user.exe 2013-08-28 01:21:06 3155968 ----a-w- C:\windows\System32\win32k.sys 2013-08-28 01:12:33 461312 ----a-w- C:\windows\System32\scavengeui.dll 2013-04-25 12:01:14 4126720 ----a-w- C:\Program Files (x86)\GUTF5D8.tmp 2012-03-09 22:32:15 480 ----a-w- C:\Program Files (x86)\0309201214321526.bat . ============= FINISH: 13:42:15.10 =============== ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.8 (11.05.2013:1)OS: Windows 7 Home Premium x64Ran by girlrocker on Fri 11/22/2013 at 14:42:33.48~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Fri 11/22/2013 at 14:48:36.98End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ You know when I download something I always uncheck any toolbars or whatever they sneak in there. So do they download these items anyway? Even though I unchecked them? Thank you,girlrocker