I'm Infected with something.

[SimplyVi]

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2

Run by owner at 9:58:16 on 2013-05-04

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.5841 [GMT -5:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Windows\system32\WLANExt.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ASUS\P4G\BatteryLife.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\ExpressGateUtil\VAWinService.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Windows\AsScrPro.exe

C:\ExpressGateUtil\VAWinAgent.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\WimaxConsole.exe

C:\Program Files\Intel\TurboBoost\TurboBoost.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ie

uDefault_Page_URL = hxxp://asus.msn.com

uURLSearchHooks: <No Name>: - LocalServer32 - <no file>

uURLSearchHooks: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.0\ytdToolbarIE.dll

mWinlogon: Userinit = userinit.exe

BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} -

BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - <orphaned>

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Babylon Toolbar by Visicom: {51dd3535-abea-484a-b1cf-06ab7b092c0c} - C:\Program Files (x86)\babylon01\babylon01X.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} -

BHO: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: UrlHelper Class: {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\IEBHO.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>

BHO: Privacy Safeguard BHO: {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll

BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.0\ytdToolbarIE.dll

BHO: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll

TB: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} -

TB: Babylon Toolbar by Visicom: {51dd3535-abea-484a-b1cf-06ab7b092c0c} - C:\Program Files (x86)\babylon01\babylon01X.dll

TB: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.0\ytdToolbarIE.dll

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [Google Update] "C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [AdobeBridge] <no file>

mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"

mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe

mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun: [FLxHCIm64] "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe"

mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe" -u auto-update

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

dRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

dRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup

StartupFolder: C:\Users\owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe

uPolicies-Explorer: NoDriveAutoRun = dword:0

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:60

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} -

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxps://s3.amazonaws.com/content.systemrequirementslab.com/global/bin/srldetect_cyri_4.1.72.0_x.cab

DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

TCP: NameServer = 192.168.1.1 68.238.96.12

TCP: Interfaces\{1CDEE61F-B961-4FC0-826C-7C3BA96331CE} : DHCPNameServer = 192.168.1.1 68.238.96.12

TCP: Interfaces\{1CDEE61F-B961-4FC0-826C-7C3BA96331CE}\3547574697 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{1CDEE61F-B961-4FC0-826C-7C3BA96331CE}\546716E67656C675962756C6563737 : DHCPNameServer = 10.3.255.10 10.3.255.20

TCP: Interfaces\{1CDEE61F-B961-4FC0-826C-7C3BA96331CE}\741425A514D20534F5E4564777F627B6 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{1CDEE61F-B961-4FC0-826C-7C3BA96331CE}\7586164702E4564777F627B6 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{1CDEE61F-B961-4FC0-826C-7C3BA96331CE}\84F657375602F66602051696E6 : DHCPNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{C0FBD7AD-EE55-474C-9702-DBDA63B512FC} : DHCPNameServer = 192.168.1.1 68.238.96.12

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: SDWinLogon - SDWinLogon.dll

AppInit_DLLs= C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Privacy Safeguard BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll

x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: UrlHelper Class: {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\x64\IEBHO.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray

x64-Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash

x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [synAsusAcpi] C:\Program Files (x86)\Synaptics\SynTP\SynAsusAcpi.exe

x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

x64-Run: [intelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"

x64-Run: [intelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\qjsw1is1.default\

FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll

FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll

FF - plugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll

FF - plugin: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Users\owner\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Users\owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-5-3 65336]

R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-5-3 189936]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-1-30 55856]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-5-3 1025808]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-5-3 378432]

R1 ATKWMIACPIIO_;ATKWMIACPI Driver_;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]

R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-3-26 39768]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-5-3 33400]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-5-3 80816]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-3 46808]

R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-11-7 499200]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-11 2655768]

R2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2011-3-25 91464]

R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-3-27 968880]

R2 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-10-5 109064]

R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-11-7 869376]

R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2011-6-11 17152]

R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\Windows\System32\drivers\bpenum.sys [2010-10-25 75264]

R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2010-10-25 173568]

R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\Windows\System32\drivers\bpusb.sys [2010-10-25 81408]

R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2012-7-19 246568]

R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2012-7-19 76584]

R3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2013-5-4 36680]

R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2011-6-11 32344]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-3-29 471144]

R3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver.sys [2012-1-26 22800]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

S1 7918163drv;7918163drv;C:\Windows\System32\drivers\7918163drv.sys [2012-10-2 556632]

S2 Application Updater;Application Updater;"C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe" --> C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-6-11 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-6-11 79360]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-2-19 57856]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-29 19456]

S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\rtsuvstor.sys [2011-6-11 290920]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-29 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-29 30208]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-9 1255736]

S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem --> C:\Windows\System32\xsherlock.xem [?]

.

=============== File Associations ===============

.

FileExt: .js: JSFile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"

.

=============== Created Last 30 ================

.

2013-05-04 07:10:57 36680 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2013-05-04 05:58:11 9317456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9257C825-5FA3-4887-B1B5-748EFA19FE7D}\mpengine.dll

2013-05-04 05:09:29 -------- d-----w- C:\Windows\pss

2013-05-04 05:03:39 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-05-04 04:54:25 -------- d-----w- C:\Users\owner\AppData\Local\Avg2013

2013-05-03 22:00:16 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2013-05-03 22:00:15 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

2013-05-03 22:00:15 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2013-05-03 22:00:14 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys

2013-05-03 22:00:11 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2013-05-03 21:59:35 41664 ----a-w- C:\Windows\avastSS.scr

2013-05-03 21:59:06 -------- d-----w- C:\Program Files\AVAST Software

2013-05-03 21:58:29 -------- d-----w- C:\ProgramData\AVAST Software

2013-05-03 05:16:56 -------- d-----w- C:\Users\owner\AppData\Roaming\Malwarebytes

2013-05-03 05:16:41 -------- d-----w- C:\ProgramData\Malwarebytes

2013-05-03 05:16:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-05-03 03:53:46 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2013-05-03 03:53:33 17272 ----a-w- C:\Windows\System32\sdnclean64.exe

2013-05-03 03:53:08 -------- d-----w- C:\Users\owner\AppData\Local\Programs

2013-04-28 21:36:24 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-04-23 19:01:16 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-15 20:32:30 6128760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

2013-04-15 20:32:30 6128760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

2013-04-10 14:08:42 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-04-10 14:08:40 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys

2013-04-10 14:08:38 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-04-10 14:08:37 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-04-10 14:08:37 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-04-10 14:08:37 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-04-10 14:08:37 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-04-10 14:08:37 112640 ----a-w- C:\Windows\System32\smss.exe

2013-04-04 18:51:24 -------- d-----w- C:\Users\owner\AppData\Roaming\Curse Advertising

.

==================== Find3M ====================

.

2013-05-04 14:43:17 380 ----a-w- C:\Users\owner\AppData\Roaming\sp_data.sys

2013-05-02 07:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-28 21:36:15 866720 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2013-04-28 21:36:15 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-03-27 13:44:50 39768 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys

2013-03-18 03:28:50 283032 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-03-18 03:28:50 283032 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-03-15 04:16:18 3477280 ----a-w- C:\Windows\System32\nvsvc64.dll

2013-03-15 04:16:17 6398240 ----a-w- C:\Windows\System32\nvcpl.dll

2013-03-15 04:16:10 877856 ----a-w- C:\Windows\System32\nvvsvc.exe

2013-03-15 04:16:10 63776 ----a-w- C:\Windows\System32\nvshext.dll

2013-03-15 04:16:10 2555680 ----a-w- C:\Windows\System32\nvsvcr.dll

2013-03-15 04:16:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll

2013-03-15 03:07:52 559904 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2013-03-14 14:52:56 283032 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2013-03-13 21:28:43 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2013-03-13 08:40:30 3130440 ----a-w- C:\Windows\SysWow64\pbsvc_blr.exe

2013-03-13 06:43:27 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-13 06:43:27 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-02-28 03:49:23 338432 ----a-w- C:\Windows\SysWow64\REX Shared Library.dll

2013-02-28 03:49:18 406528 ----a-w- C:\Windows\SysWow64\ReWire.dll

2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll

2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-21 10:14:05 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-02-19 12:01:03 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-02-19 11:42:14 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-19 11:10:53 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-02-19 10:51:18 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-02-10 03:25:27 1807136 ----a-w- C:\Windows\System32\nvdispco6420294.dll

2013-02-10 03:25:27 1510176 ----a-w- C:\Windows\System32\nvdispgenco6420162.dll

.

============= FINISH: 9:58:48.96 ===============

[Robybel]

Hi and Welcome!!

My name is Robybel.

I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

• I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  
• The fixes are specific to your problem and should only be used for the issues on this machine.
  
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  
• It's often worth reading through these instructions and printing them for ease of reference.
  
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  
• Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Vista and Windows 7 users:

These tools MUST be run from the executable. (.exe) every time you run them

with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

Having said that....Let's get going!!

===================

I don't see the attach txt, please post it in your next reply

===================

Download Security Check by screen317 from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Next

AdwCleaner

• Please download AdwCleaner by Xplode onto your desktop.
  
• Close all open programs and internet browsers.
  
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
  
• Please post the content of that logfile with your next answer.
  
• You can find the logfile at C:\AdwCleaner[s1].txt as well.

Next

• Download RogueKiller and save it to your desktop.
  
• Quit all other programs
  
• Start RogueKiller.exe
  
• Wait until the Prescan has finished ...
  
• Click on Scan
  
  
• Wait for the end of the scan
  
• A report will be created on your desktop.
  
• Click on the Delete button
  
  
• Next click on the ShortcutsFix
  
  
• another report will be created on your desktop.
  

Please post: All RKreport.txt text files located on your desktop.

On your next reply please post :

• Attach.txt
  
• checkup.txt
  
• AdwCleaner[s1].txt
  
• All RKreport.txt
  

Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

[SimplyVi]

Here you go! Sorry it took so long. In RogueKiller, it said Fix Shortcuts and not Shortcut fix, so I clicked on it assuming it was the same thing? Thank you so much!

AdwCleanerS1.txt

Attachv2.txt

checkup.txt

RKreport1_S_05042013_02d1035.txt

RKreport2_D_05042013_02d1036.txt

RKreport3_SC_05042013_02d1042.txt

[Robybel]

Hi SimplyVi

Please do not attach the logs, but copy/paste the content of these

======================

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
  
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  
• The tool will open and start scanning your system.
  
• Please be patient as this can take a while to complete depending on your system's specifications.
  
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  
• Post the contents of JRT.txt into your next message.
  

Next

Please read through these instructions to familarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs

====================================================

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

[SimplyVi]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.3 (04.29.2013:2)

OS: Windows 7 Home Premium x64

Ran by owner on Sat 05/04/2013 at 11:31:12.71

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{51dd3535-abea-484a-b1cf-06ab7b092c0c}

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3038C36E-DCDE-446B-8128-16440C5B4695}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51DD3535-ABEA-484A-B1CF-06AB7B092C0C}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74322BF9-DF26-493F-B0DA-6D2FC5E6429E}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE}

~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho1370.tmp

Successfully deleted: [File] C:\Windows\syswow64\shoB2D1.tmp

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"

Successfully deleted: [Folder] "C:\ProgramData\free ride games"

Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"

Successfully deleted: [Folder] "C:\Users\owner\appdata\local\best buy pc app"

Successfully deleted: [Folder] "C:\Users\owner\appdata\locallow\datamngr"

Successfully deleted: [Folder] "C:\Program Files (x86)\startnow toolbar"

Successfully deleted: [Folder] "C:\Program Files (x86)\ytd toolbar"

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\privacy safeguard"

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"

Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{7CEA6CB6-7677-466F-B417-31D4E0EC21C5}

Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{A2BF7A32-96AD-44CA-B9A6-560BC6CB0A08}

Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{D6D0A9A7-771C-48D9-AFCE-5DD82D8CC9F6}

Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{FB8F6450-11C2-451A-B9E4-A8EEE0342E9E}

~~~ FireFox

Failed to delete: [Folder] C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\qjsw1is1.default\extensions\wtxpcom@mybrowserbar.com

Failed to delete: [Folder] C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\qjsw1is1.default\extensions\ytd@mybrowserbar.com

Successfully deleted the following from C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\qjsw1is1.default\prefs.js

user_pref("browser.startup.homepage", "hxxp://search.bearshare.com/");

Emptied folder: C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\qjsw1is1.default\minidumps [1 files]

~~~ Chrome

Successfully deleted: [Folder] C:\Users\owner\appdata\local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\geggofhlfbcmanadhknllmlajiafopoh

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 05/04/2013 at 11:35:54.42

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ComboFix 13-05-04.01 - owner 05/04/2013 11:52:37.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.5896 [GMT -5:00]

Running from: c:\users\owner\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\PrivacySafeGuard\PrIVacysafeguard.dll

c:\programdata\Roaming

c:\users\owner\AppData\Local\assembly\tmp

c:\windows\AsPatch10430001.exe

c:\windows\SysWow64\frapsvid.dll

.

.

((((((((((((((((((((((((( Files Created from 2013-04-04 to 2013-05-04 )))))))))))))))))))))))))))))))

.

.

2013-05-04 16:31 . 2013-05-04 16:31 -------- d-----w- c:\windows\ERUNT

2013-05-04 16:30 . 2013-05-04 16:30 -------- d-----w- C:\JRT

2013-05-04 07:10 . 2013-05-04 07:10 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2013-05-04 05:58 . 2013-04-17 11:31 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9257C825-5FA3-4887-B1B5-748EFA19FE7D}\mpengine.dll

2013-05-04 05:03 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-05-04 04:54 . 2013-05-04 04:54 -------- d-----w- c:\users\owner\AppData\Local\Avg2013

2013-05-03 22:00 . 2013-05-01 23:34 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-05-03 22:00 . 2013-05-01 23:34 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-05-03 22:00 . 2013-05-01 23:34 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-05-03 22:00 . 2013-05-01 23:34 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-05-03 22:00 . 2013-05-02 15:44 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-05-03 22:00 . 2013-05-01 23:34 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-05-03 22:00 . 2013-05-01 23:34 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-05-03 22:00 . 2013-05-01 23:34 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-05-03 22:00 . 2013-05-01 23:33 287840 ----a-w- c:\windows\system32\aswBoot.exe

2013-05-03 21:59 . 2013-05-01 23:33 41664 ----a-w- c:\windows\avastSS.scr

2013-05-03 21:59 . 2013-05-03 21:59 -------- d-----w- c:\program files\AVAST Software

2013-05-03 21:58 . 2013-05-03 21:59 -------- d-----w- c:\programdata\AVAST Software

2013-05-03 12:59 . 2013-05-03 12:59 -------- d-----w- c:\program files (x86)\Common Files\Skype

2013-05-03 05:16 . 2013-05-03 05:16 -------- d-----w- c:\users\owner\AppData\Roaming\Malwarebytes

2013-05-03 05:16 . 2013-05-04 05:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-05-03 05:16 . 2013-05-03 05:16 -------- d-----w- c:\programdata\Malwarebytes

2013-05-03 03:53 . 2013-05-03 04:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2013-05-03 03:53 . 2009-01-25 17:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe

2013-05-03 03:53 . 2013-05-03 03:53 -------- d-----w- c:\users\owner\AppData\Local\Programs

2013-05-02 00:25 . 2013-05-02 22:53 -------- d-----w- c:\users\Public\Games

2013-04-28 21:36 . 2013-04-28 21:36 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-04-23 19:01 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-15 20:32 . 2013-04-15 20:32 6128760 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

2013-04-15 20:32 . 2013-04-15 20:32 6128760 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

2013-04-10 14:08 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-04-10 14:08 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys

2013-04-10 14:08 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-04-10 14:08 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-04-10 14:08 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-04-10 14:08 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-04-10 14:08 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-04-10 14:08 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe

2013-04-04 18:51 . 2013-04-04 18:52 -------- d-----w- c:\users\owner\AppData\Roaming\Curse Advertising

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-04 15:32 . 2012-03-29 20:12 380 ----a-w- c:\users\owner\AppData\Roaming\sp_data.sys

2013-05-02 07:06 . 2011-07-09 19:01 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-04-28 21:36 . 2012-08-10 05:55 866720 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2013-04-28 21:36 . 2011-12-28 18:01 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-04-11 05:00 . 2011-07-09 19:00 72702784 ----a-w- c:\windows\system32\MRT.exe

2013-03-27 13:44 . 2013-03-26 06:23 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2013-03-18 03:28 . 2012-09-24 02:23 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2013-03-18 03:28 . 2012-09-21 14:56 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2013-03-15 05:53 . 2013-03-26 06:43 9414456 ----a-w- c:\windows\system32\nvcuda.dll

2013-03-15 05:53 . 2013-03-26 06:43 7959000 ----a-w- c:\windows\SysWow64\nvcuda.dll

2013-03-15 05:53 . 2013-03-26 06:43 7573816 ----a-w- c:\windows\system32\nvopencl.dll

2013-03-15 05:53 . 2013-03-26 06:43 6271872 ----a-w- c:\windows\SysWow64\nvopencl.dll

2013-03-15 05:53 . 2013-03-26 06:43 2913056 ----a-w- c:\windows\system32\nvcuvid.dll

2013-03-15 05:53 . 2013-03-26 06:43 2728736 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2013-03-15 05:53 . 2013-03-26 06:43 26956576 ----a-w- c:\windows\system32\nvoglv64.dll

2013-03-15 05:53 . 2013-03-26 06:43 25256736 ----a-w- c:\windows\system32\nvcompiler.dll

2013-03-15 05:53 . 2013-03-26 06:43 2355488 ----a-w- c:\windows\system32\nvcuvenc.dll

2013-03-15 05:53 . 2013-03-26 06:43 20542752 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2013-03-15 05:53 . 2013-03-26 06:43 1995552 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2013-03-15 05:53 . 2013-03-26 06:43 1807136 ----a-w- c:\windows\system32\nvdispco6431422.dll

2013-03-15 05:53 . 2013-03-26 06:43 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2013-03-15 05:53 . 2013-03-26 06:43 1510176 ----a-w- c:\windows\system32\nvdispgenco6431422.dll

2013-03-15 05:53 . 2013-03-26 06:43 13088000 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2013-03-15 05:53 . 2013-03-26 06:43 11048736 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2013-03-15 05:53 . 2013-03-13 21:34 2539128 ----a-w- c:\windows\SysWow64\nvapi.dll

2013-03-15 05:53 . 2012-05-17 00:37 17990800 ----a-w- c:\windows\system32\nvd3dumx.dll

2013-03-15 05:53 . 2011-12-28 18:17 15042928 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2013-03-15 05:53 . 2011-06-11 15:14 15508512 ----a-w- c:\windows\system32\nvwgf2umx.dll

2013-03-15 05:53 . 2011-06-11 15:14 2864144 ----a-w- c:\windows\system32\nvapi64.dll

2013-03-15 04:16 . 2011-04-27 13:17 3477280 ----a-w- c:\windows\system32\nvsvc64.dll

2013-03-15 04:16 . 2011-04-27 13:17 6398240 ----a-w- c:\windows\system32\nvcpl.dll

2013-03-15 04:16 . 2011-04-27 13:17 237856 ----a-w- c:\windows\system32\nvmctray.dll

2013-03-15 04:16 . 2011-04-27 13:17 877856 ----a-w- c:\windows\system32\nvvsvc.exe

2013-03-15 04:16 . 2011-04-27 13:17 63776 ----a-w- c:\windows\system32\nvshext.dll

2013-03-15 04:16 . 2011-04-27 13:17 2555680 ----a-w- c:\windows\system32\nvsvcr.dll

2013-03-15 03:07 . 2013-03-15 03:07 559904 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2013-03-14 14:52 . 2012-09-21 14:56 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2013-03-14 08:04 . 2013-03-14 08:04 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-03-14 08:04 . 2013-03-14 08:04 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-03-14 08:04 . 2013-03-14 08:04 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-03-14 08:04 . 2013-03-14 08:04 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-03-14 08:04 . 2013-03-14 08:04 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-03-14 08:04 . 2013-03-14 08:04 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-03-14 08:04 . 2013-03-14 08:04 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-03-14 08:04 . 2013-03-14 08:04 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-03-14 08:04 . 2013-03-14 08:04 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-03-14 08:04 . 2013-03-14 08:04 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-03-14 08:04 . 2013-03-14 08:04 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-03-14 08:04 . 2013-03-14 08:04 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-03-14 08:04 . 2013-03-14 08:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-03-14 08:04 . 2013-03-14 08:04 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-03-14 08:04 . 2013-03-14 08:04 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-03-14 08:04 . 2013-03-14 08:04 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-03-14 08:04 . 2013-03-14 08:04 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-03-14 08:04 . 2013-03-14 08:04 216064 ----a-w- c:\windows\system32\msls31.dll

2013-03-14 08:04 . 2013-03-14 08:04 197120 ----a-w- c:\windows\system32\msrating.dll

2013-03-14 08:04 . 2013-03-14 08:04 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-03-14 08:04 . 2013-03-14 08:04 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-03-14 08:04 . 2013-03-14 08:04 81408 ----a-w- c:\windows\system32\icardie.dll

2013-03-14 08:04 . 2013-03-14 08:04 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-03-14 08:04 . 2013-03-14 08:04 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-03-14 08:04 . 2013-03-14 08:04 441856 ----a-w- c:\windows\system32\html.iec

2013-03-14 08:04 . 2013-03-14 08:04 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-03-14 08:04 . 2013-03-14 08:04 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-03-14 08:04 . 2013-03-14 08:04 235008 ----a-w- c:\windows\system32\url.dll

2013-03-14 08:04 . 2013-03-14 08:04 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-03-14 08:04 . 2013-03-14 08:04 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-03-14 08:04 . 2013-03-14 08:04 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-03-14 08:04 . 2013-03-14 08:04 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-03-14 08:04 . 2013-03-14 08:04 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-03-14 08:04 . 2013-03-14 08:04 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-03-14 08:04 . 2013-03-14 08:04 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-03-14 08:04 . 2013-03-14 08:04 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-03-14 08:04 . 2013-03-14 08:04 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-03-14 08:04 . 2013-03-14 08:04 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-03-14 08:04 . 2013-03-14 08:04 149504 ----a-w- c:\windows\system32\occache.dll

2013-03-14 08:04 . 2013-03-14 08:04 144896 ----a-w- c:\windows\system32\wextract.exe

2013-03-14 08:04 . 2013-03-14 08:04 13824 ----a-w- c:\windows\system32\mshta.exe

2013-03-14 08:04 . 2013-03-14 08:04 102912 ----a-w- c:\windows\system32\inseng.dll

2013-03-14 08:04 . 2013-03-14 08:04 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-03-14 08:04 . 2013-03-14 08:04 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-03-14 08:04 . 2013-03-14 08:04 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-03-14 08:04 . 2013-03-14 08:04 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-03-14 08:04 . 2013-03-14 08:04 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-03-14 08:04 . 2013-03-14 08:04 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-03-14 08:04 . 2013-03-14 08:04 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-03-13 21:28 . 2012-09-21 14:56 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2013-03-13 08:40 . 2013-03-13 20:31 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe

2013-03-13 06:43 . 2012-04-13 16:03 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-03-13 06:43 . 2012-02-16 19:52 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-28 03:49 . 2013-02-28 03:49 338432 ----a-w- c:\windows\SysWow64\REX Shared Library.dll

2013-02-28 03:49 . 2013-02-28 03:49 406528 ----a-w- c:\windows\SysWow64\ReWire.dll

2013-02-12 05:45 . 2013-03-12 19:24 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45 . 2013-03-12 19:24 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45 . 2013-03-12 19:24 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45 . 2013-03-12 19:24 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48 . 2013-03-12 19:24 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-03-12 19:24 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-02-12 04:12 . 2013-03-14 06:03 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-02-10 03:25 . 2013-03-13 21:34 1807136 ----a-w- c:\windows\system32\nvdispco6420294.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2013-02-20 02:43 220632 ----a-w- c:\users\owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2013-02-20 02:43 220632 ----a-w- c:\users\owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2013-02-20 02:43 220632 ----a-w- c:\users\owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-11 2018032]

"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-06-11 3058304]

"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-03-17 909312]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2011-04-08 45448]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-23 318080]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-24 174720]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-07 102568]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072]

"FLxHCIm64"="c:\program files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" [2012-07-19 48128]

"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jaureg.exe" [2012-07-03 232368]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-01 4858456]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-11 548528]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe

.

R1 7918163drv;7918163drv;c:\windows\system32\DRIVERS\7918163drv.sys [2012-10-01 556632]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]

R2 X5XSEx_Pr143;X5XSEx_Pr143;c:\program files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [x]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-06-11 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-06-11 79360]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-11-02 75928]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-05-04 36680]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-11-02 50856]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]

R3 vtany;vtany;c:\windows\vtany.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-09 1255736]

R3 wolf;wolf;c:\aeriagames\Wolfteam\wolf64.sys [x]

R3 X6va005;X6va005;c:\users\owner\AppData\Local\Temp\00578B8.tmp [x]

R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]

S0 aswRvrt;aswRvrt; [x]

S0 aswVmm;aswVmm; [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-29 55856]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-03-27 39768]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-01 80816]

S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-11-07 499200]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-15 383264]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]

S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2011-03-26 91464]

S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-11-07 869376]

S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2012-01-30 17152]

S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2010-10-26 75264]

S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2010-10-26 173568]

S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2010-10-26 81408]

S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2012-07-19 246568]

S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2012-07-19 76584]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-22 471144]

S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys [2012-01-26 22800]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 06:43]

.

2013-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2306519532-2526775429-461329876-1000Core.job

- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-11 18:23]

.

2013-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2306519532-2526775429-461329876-1000UA.job

- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-11 18:23]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86}]

2012-08-08 04:08 105472 ----a-w- c:\program files\PrivacySafeGuard\PrivacySafeGuard-x64.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]

2011-06-01 18:28 1793456 ----a-w- c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2013-02-20 02:42 244696 ----a-w- c:\users\owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2013-02-20 02:42 244696 ----a-w- c:\users\owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2013-02-20 02:42 244696 ----a-w- c:\users\owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-05-01 23:33 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-01 12446824]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]

"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-11-14 1605632]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]

"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]

"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>??????????????????????;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>???????????????????????????????†††??†††?????????????????????????????????????????????????†††??††††???????††††???††††??????????????????†††??††††??????????????????????????????????????????????=?††††?†††††??????†††††??†††††?????????????????††††??†††?????????????????????????????????????????????????†††??††††???????††††???††††??????????????????†††??††††??????????????????????????????????????????????=?††††?†††††??????†††††??†††††?????????????????††††??†††?????????????????????????????????????????????????†††??††††???????††††???††††??????????????????†††??††††??????????????????????????????????????????????=?††††?†††††??????†††††??†††††?????????????????††††?†††??††????????†††?††††??????????????????††††??????????????????††††??????????????????††††??????????????????††††????????????????:?††??†††????????†††?††††?????????????†††???†††???????????††††??††??†††????????????†††?????????????????????????????????????????????††???????????????????††?????????;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.1 68.238.96.12

FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\qjsw1is1.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)

Wow6432Node-HKCU-Run-Exetender - c:\program files (x86)\Free Ride Games\GPlayer.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

Wow6432Node-HKU-Default-Run-Exetender - c:\program files (x86)\Free Ride Games\GPlayer.exe

Notify-SDWinLogon - SDWinLogon.dll

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe

AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe

AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe

AddRemove-48e4cff94f039634 - c:\programdata\Best Buy pc app\ClickOnceUninstaller.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]

"ImagePath"="\??\c:\users\owner\AppData\Local\Temp\00578B8.tmp"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]

"ImagePath"="c:\windows\system32\xsherlock.xem"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2306519532-2526775429-461329876-1000\Software\SecuROM\License information*]

"datasecu"=hex:2d,3a,d8,12,c6,83,49,6e,92,93,19,71,b1,49,ae,0d,c1,ea,7c,30,4a,

f7,d3,96,b0,c7,51,11,da,ff,91,0f,58,a2,b4,89,6a,a8,c8,41,d7,ff,a6,63,72,54,\

"rkeysecu"=hex:81,ae,46,d3,20,87,dc,f3,5c,47,83,85,4f,ad,d2,54

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\ASUS\FaceLogon\smartlogon.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\ASUS\FaceLogon\sensorsrv.exe

c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

.

**************************************************************************

.

Completion time: 2013-05-04 12:09:23 - machine was rebooted

ComboFix-quarantined-files.txt 2013-05-04 17:09

.

Pre-Run: 72,376,320,000 bytes free

Post-Run: 72,998,211,584 bytes free

.

- - End Of File - - 580823C7953A82FB72CC9EBC24BEFA48

[Robybel]

Hi SimplyVi

Please follow all previous instructions regarding security programs.

Open a new Notepad session

• Click the Start button, click run
  
• in the run box type notepad
  
• click ok
  
• In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  
• Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE
  

ClearJavaCache

In the notepad

• Click File, Save as..., and set the Save in to your Desktop
  
• In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  
• Click save
  

Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Next

• Please open your MalwareBytes AntiMalware Program
  
• Click the Update Tab and search for updates
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish, so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected. <-- very important
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Next

ESET Online Scanner

I'd like us to scan your machine with ESET OnlineScan

Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

*Note

It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.

Please don't go surfing while your resident protection is disabled!

Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
   
2. Click the button.
   
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. 
      
   2. Click on to download the ESET Smart Installer. Save it to your desktop.
      
   3. Double click on the icon on your desktop.
      
      
   4. Check
      
   5. Click the button.
      
   6. Accept any security warnings from your browser.
      
   7. Check
      
   8. Make sure that the option "Remove found threats" is Unchecked
      
   9. Push the Start button.
      
   10. ESET will then download updates for itself, install itself, and begin
       scanning your computer. Please be patient as this can take some time.
       
   11. When the scan completes, push
       
   12. Push , and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
       
   13. Push the Back button.
       
   14. Select Uninstall application on close check box and push
       
       
       On your next reply please post :
       
       • MBAM log
         
       • ESET Report
         

Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

[Robybel]

Still need help?

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!