Possible Browser Hi-Jack and other signs of malware.

[Drenferalis]

Browser is Google Chrome latest version.

Version 27.0.1453.94 m

Even about://chrome takes anywhere from 5 to 30 seconds to load.

I have been trying to find a bottleneck in my system and the only bottleneck I get is the occasional Hard Disk I/O when doing multiple things at once. Other than that everything is sluggish.

Computer is set to automatically defragment weekly. Computer is rebooted weekly. (Speeds go up for about 2 hours after reboot then suddenly drop, browser always has issues though.

I do have metasploit as I am a network administrator for a private server farm. I understand metasploit has malware and DO NOT wish for it to be removed.

TDSSKiller has returned no problems other than unsigned drivers for things such as WAMP and Icecast. My computer is also running in Test Mode for PS3 controller driver support and other kernel debugging uses.

I do not use IE and never will.

DDS Log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 8.0.7600.16385

Run by Dren at 4:59:50 on 2013-05-28

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3069.876 [GMT -7:00]

.

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Tablet\Pen\WTabletServiceCon.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\explorer.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

C:\Program Files\Tablet\Pen\WacomHost.exe

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files\Core Temp\Core Temp.exe

C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe

C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Users\Dren\AppData\Local\Audiogalaxy\Audiogalaxy.exe

C:\Program Files (x86)\No-IP\DUC40.exe

C:\Users\Dren\AppData\Roaming\Spotify\spotify.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe

C:\Program Files (x86)\MagicDisc\MagicDisc.exe

C:\Program Files (x86)\Icecast KH\icecast.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Users\Dren\Documents\StarCraft II\Accounts\55366726\1-S2-1-1242182\Banks\WinLaunch\WinLaunch.exe

C:\METASP~1\POSTGR~1\bin\pg_ctl.exe

C:\METASP~1\ruby\bin\ruby.exe

C:\METASP~1\POSTGR~1\bin\postgres.exe

C:\METASP~1\ruby\bin\ruby.exe

C:\Program Files (x86)\No-IP\ducservice.exe

C:\METASP~1\POSTGR~1\bin\postgres.exe

C:\Program Files (x86)\Common Files\Motive\pcCMService.exe

C:\Program Files\Common Files\Motive\pcCMService.exe

C:\METASP~1\POSTGR~1\bin\postgres.exe

C:\METASP~1\POSTGR~1\bin\postgres.exe

C:\METASP~1\POSTGR~1\bin\postgres.exe

C:\METASP~1\POSTGR~1\bin\postgres.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\SysWOW64\cmd.exe

C:\metasploit\apps\pro\engine\arch-lib\win32\nginx\bin\nginxr7.exe

C:\metasploit\apps\pro\engine\arch-lib\win32\nginx\bin\nginxr7.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\METASP~1\POSTGR~1\bin\postgres.exe

C:\METASP~1\POSTGR~1\bin\postgres.exe

C:\METASP~1\POSTGR~1\bin\postgres.exe

C:\METASP~1\POSTGR~1\bin\postgres.exe

C:\!Games\Steam\steam.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Program Files (x86)\OpenOffice.org 3\program\scalc.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Users\Dren\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\LOLReplay\LOLRecorder.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\splwow64.exe

C:\Program Files (x86)\puush\puush.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files\CCleaner\CCleaner64.exe

C:\Windows\System32\perfmon.exe

C:\Users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Desura\desura.exe

C:\Users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Common Files\Desura\desura_service.exe

C:\Users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxps://isearch.avg.com/?cid={4DA75312-B72A-4E3A-8D72-F9836268232E}&mid=98c18df4cae947d099a481ac0fbf2ddd-10006b474ed346a36e59a740082962451f7bb100〈=en&ds=pp016&pr=sa&d=2012-07-23 08:23:34&v=12.2.5.32&sap=hp

uProxyOverride = localhost; 127.0.0.1; <local>

uWinlogon: Shell = expstart.exe

mWinlogon: Userinit = userinit.exe,

BHO: Claro LTD Helper Object: {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\bh\claro.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll

BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>

TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll

TB: Claro LTD Toolbar: {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\claroTlbr.dll

uRun: [RockMelt Update] "C:\Users\Dren\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c

uRun: [puush] C:\Program Files (x86)\puush\puush.exe

uRun: [Audiogalaxy] "C:\Users\Dren\AppData\Local\Audiogalaxy\Audiogalaxy.exe" /startup

uRun: [NoIPDUCv4] "C:\Program Files (x86)\No-IP\DUC40.exe" /minimize

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [Desura] C:\Program Files (x86)\Desura\desura.exe -autostart

uRun: [AdobeBridge] <no file>

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [FileZilla Server Interface] "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"

mRun: [RaidCall] C:\Program Files (x86)\RaidCall\raidcall.exe

mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

StartupFolder: C:\Users\Dren\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe

StartupFolder: C:\Users\Dren\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe

StartupFolder: C:\Users\Dren\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WINLAU~1.LNK - C:\Users\Dren\Documents\StarCraft II\Accounts\55366726\1-S2-1-1242182\Banks\WinLaunch\WinLaunch.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:255

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableInstallerDetection = dword:0

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableSecureUIAPaths = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Assign &hot key - C:\Program Files (x86)\Hot Keyboard Pro\IEScript.htm

IE: Sothink Flash Downloader For IE - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: Interfaces\{6BC27F81-8C6D-40A6-9ED6-F3668D92C97A} : NameServer = 192.168.1.1,8.8.8.8

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll

SSODL: WebCheck - <orphaned>

x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll

x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-STS: ObjectDockShlExt Class - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Dren\AppData\Roaming\Mozilla\Firefox\Profiles\z3mcfpay.default\

FF - prefs.js: browser.search.selectedEngine - Claro Search

FF - prefs.js: browser.startup.homepage - hxxp://www.claro-search.com/?affID=116198&tt=4212_1&babsrc=HP_ss&mntrId=129be6e700000000000000fffda253d2

FF - prefs.js: keyword.URL - hxxp://www.claro-search.com/?affID=116198&tt=4212_1&babsrc=KW_ss&mntrId=129be6e700000000000000fffda253d2&q=

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\npsitesafety.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll

FF - plugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll

FF - plugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Users\Dren\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Users\Dren\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll

FF - plugin: C:\Users\Dren\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: !HIDDEN! 2012-10-15 17:28; infoatoms@infoatoms.com; C:\Program Files (x86)\Mozilla Firefox\extensions\infoatoms@infoatoms.com

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.claro.id - 129be6e700000000000000fffda253d2

FF - user.js: extensions.claro.instlDay - 15629

FF - user.js: extensions.claro.vrsn - 1.6.4.1

FF - user.js: extensions.claro.vrsni - 1.6.4.1

FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.117:27:22

FF - user.js: extensions.claro.prtnrId - claro

FF - user.js: extensions.claro.prdct - claro

FF - user.js: extensions.claro.aflt - babsst

FF - user.js: extensions.claro_i.smplGrp - none

FF - user.js: extensions.claro.tlbrId - claro

FF - user.js: extensions.claro.instlRef - sst

FF - user.js: extensions.claro.dfltLng - en

FF - user.js: extensions.claro.excTlbr - false

FF - user.js: extensions.claro.admin - false

.

============= SERVICES / DRIVERS ===============

.

R0 amdide64;amdide64;C:\Windows\System32\drivers\amdide64.sys [2010-6-29 11832]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-9-25 52760]

R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2012-11-30 210016]

R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\drivers\vsflt53.sys [2012-11-30 141920]

R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-7-1 21616]

R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-7-23 45856]

R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]

R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2012-7-1 87168]

R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-7-1 46136]

R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2012-7-1 188544]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-7-1 565352]

R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]

R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2012-10-7 31232]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-7-1 47232]

S3 ampa;ampa;C:\Windows\System32\ampa.sys [2012-11-30 15288]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2012-12-2 36328]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-7-1 231440]

S3 etdrv;etdrv;C:\Windows\etdrv.sys [2012-7-1 25640]

S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-7-1 30528]

S3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2012-12-17 13728]

S3 libusb0;LibUsb-Win32 - Kernel Driver 08/27/2006, 0.1.12.0;C:\Windows\System32\drivers\libusb0.sys [2012-10-31 32768]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2012-7-16 121416]

S3 PsSdk41;PsSdk41;C:\Windows\System32\drivers\pssdk41.sys [2012-10-4 51776]

S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2012-11-29 19936]

S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2012-11-29 13280]

S3 RTCore64;RTCore64;C:\Program Files (x86)\RMClock\RTCore64.sys [2012-11-4 8192]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2012-12-2 125416]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2012-12-2 16872]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2012-12-2 159208]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2012-12-2 126952]

S3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2012-12-17 81312]

S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2012-12-17 15776]

S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-11-13 14544]

.

=============== Created Last 30 ================

.

2013-05-28 11:40:24 -------- d-----w- C:\Users\Dren\AppData\Local\Desura

2013-05-23 23:22:13 -------- d-----w- C:\Users\Dren\KAG-Beta

2013-05-15 22:55:34 -------- d-----w- C:\Users\Dren\AppData\Roaming\Carbon

2013-05-15 00:26:12 -------- d-----w- C:\Users\Dren\AppData\Local\Introversion

2013-05-15 00:19:57 -------- d-----w- C:\Users\Dren\.jxbattle

2013-05-13 01:16:05 -------- d-----w- C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP

2013-05-13 01:15:16 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2013-05-09 22:45:36 -------- d-----w- C:\Users\Dren\AppData\Local\Spotify

2013-05-09 22:45:27 -------- d-----w- C:\Users\Dren\AppData\Roaming\Spotify

2013-05-07 16:49:33 -------- d-----w- C:\Program Files (x86)\LOLReplay

2013-05-05 15:12:02 -------- d-----w- C:\Users\Dren\AppData\Roaming\Transformice

2013-05-05 15:11:52 -------- d-----w- C:\Program Files (x86)\Transformice

2013-04-29 08:13:43 -------- d-----w- C:\Program Files (x86)\ESET

2013-04-29 06:57:04 -------- d-----w- C:\Users\Dren\AppData\Roaming\PDAppFlex

.

==================== Find3M ====================

.

2013-05-21 12:28:26 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys

2013-04-28 05:16:26 1396346733 ----a-w- C:\Users\Dren\Adobe Photoshop CS6 Extended.exe

2013-04-17 05:34:11 466520 ----a-w- C:\Windows\System32\wrap_oal.dll

2013-04-17 05:34:11 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2013-04-17 05:34:11 123480 ----a-w- C:\Windows\System32\OpenAL32.dll

2013-04-17 05:34:11 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2013-04-13 00:14:08 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-13 00:14:08 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-04-04 21:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-09 08:47:56 1111744082 ----a-w- C:\Users\Dren\Adobe Flash CS5.5 Professional.exe

.

============= FINISH: 5:01:03.63 ===============

attach log:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 7/1/2012 7:59:08 PM

System Uptime: 5/12/2013 9:22:24 PM (368 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | GA-A75M-D2H

Processor: AMD A8-3850 APU with Radeon HD Graphics | Socket M2 | 2900/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 1863 GiB total, 1364.987 GiB free.

D: is CDROM ()

E: is CDROM (UDF)

F: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e96e-e325-11ce-bfc1-08002be10318}

Description: Generic Non-PnP Monitor

Device ID: DISPLAY\DEFAULT_MONITOR\5&3ABF4E63&0&UID1048833

Manufacturer: (Standard monitor types)

Name: Generic Non-PnP Monitor

PNP Device ID: DISPLAY\DEFAULT_MONITOR\5&3ABF4E63&0&UID1048833

Service: monitor

.

==== System Restore Points ===================

.

RP142: 5/20/2013 9:14:09 AM - Scheduled Checkpoint

RP143: 5/23/2013 4:21:25 PM - Installed King Arthur's Gold Beta

.

==== Installed Programs ======================

.

.sol Editor 1.1.0.1

010 Editor 4.0.3

7-Zip 9.20 (x64 edition)

A Game of Dwarves

A Handful Of Audiosurf Addons

Aced.com

Acronis Migrate Easy

Adobe AIR

Adobe Community Help

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Flash Professional CS5.5

Adobe Photoshop CS6

Adobe Reader X (10.1.4)

Age of Wushu

Airfoil

AirMech

Akamai NetSession Interface

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Fuel

AMD Media Foundation Decoders

AMD Steady Video Plug-In

AMD VISION Engine Control Center

ANNO 2070

AOMEI Partition Assistant Pro Edition 5.1 (Demo)

Arma 2

ArmA 2 Free Uninstall

Arma 2: Operation Arrowhead

Atlantica

Audiogalaxy

Audiosurf

AutoHotkey 1.1.09.01

AVG Security Toolbar

Bamboo

Battle for Wesnoth 1.10.4

BattlEye for OA Uninstall

BlueBurstServ version 1.5

Bonjour

BPM Counter 1.6.0.0

Brick-Force

Cannon Brawl

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

Cheat Engine 6.2

Cities in Motion 2

Cities XL Platinum

Claro LTD toolbar

Clonk Rage

Core Temp 1.0 RC3

CPUID CPU-Z 1.61

CrystalDiskInfo 5.0.5

Dark Souls Prepare to Die Edition

DayZ Commander

Desura

Desura: OpenRA

Desura: Project Zomboid

DLC Quest

Dolby Home Theater v4

Don't Starve

Dota 2

DragonNest

Dungeon Defenders

Dwarfs F2P

Dynasty Warriors Online

Easy Tune 6 B11.1209.1

EasyBCD 2.2

EVE Online (remove only)

EVEREST Home Edition v2.20

FFsplit version Alpha

FileZilla Client 3.6.0.2

FileZilla Server

Firebird 2.5.0.26074 (Win32)

Free Mouse Auto Clicker 3.0

GamersFirst LIVE!

Garry's Mod

Geometry Wars: Retro Evolved

GimpShop 2.8

Google Chrome

Half-Life Dedicated Server Update Tool

Happy Cloud Client

Hawken

HF pAppLoc version 1.0

Hi-Rez Studios Games

Hot Keyboard Pro 4

HxD Hex Editor version 1.7.7.0

Icecast KH

Icecast v2.0.2

ImgBurn

InfoAtoms

IntelliWare

Java 7 Update 17

Java Auto Updater

Java 7 Update 5 (64-bit)

JavaFX 2.1.1

King Arthur's Gold

King Arthur's Gold Beta

Knights of Honor

Kongregate Client version 1.0.0.0

LAME v3.99.3 (for Windows)

Left 4 Dead 2

Lightning Warrior Raidy

Livestream Procaster

LOLReplay

Mabinogi

MagicDisc 2.7.106

Malwarebytes Anti-Malware version 1.75.0.1300

Metasploit

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106

Microsoft Windows Application Compatibility Database

Microsoft XNA Framework Redistributable 3.1

Microsoft XNA Framework Redistributable 4.0

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

Microsoft_VC90_MFCLOC_x86

Miner Wars 2081

MiniTool Drive Copy 5.0

MorphVOX Pro

MotioninJoy Gamepad tool 0.7.1001

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSI to redistribute MS VS2005 CRT libraries

Need for Speed Underground 2

Need For Speed™ World

Nexon Game Manager

No-IP DUC

Notepad++

NVIDIA 3D Vision Controller Driver 314.07

NVIDIA 3D Vision Driver 314.07

NVIDIA Control Panel 314.07

NVIDIA Graphics Driver 314.07

NVIDIA HD Audio Driver 1.3.23.1

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.1031

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.12.12

NVIDIA Update Components

ObjectDock Plus 2

“Œ•ûƒXƒJƒCƒAƒŠ[ƒiEŒ¶‘z‹½‹óí•P

“Œ•ûƒXƒJƒCƒAƒŠ[ƒiEŒ¶‘z‹½‹óí•P-KURENAI-

ON_OFF Charge B11.1102.1

OpenAL

OpenOffice.org 3.4.1

PaintTool SAI Ver.1

Pando Media Booster

Path of Exile

PCGen6000

PCSX2 - Playstation 2 Emulator

PDF Settings CS5

PDF Settings CS6

piaip AppLocale

PlanetSide 2

Project Zomboid (remove only)

PunkBuster Services

puush

Python 3.3.0 (64-bit)

RaidCall

Rainmeter

Razer Game Booster

Realm of the Mad God

Realtek Ethernet Controller Driver

Realtek HDMI Audio Driver for ATI

Realtek High Definition Audio Driver

Renaissance Heroes

Renesas Electronics USB 3.0 Host Controller Driver

RocketDock 1.3.5

RockMelt

SAGA

Saints Row The Third

SAM Broadcaster v4

SAMSUNG USB Driver for Mobile Phones

Sanctum

SCAR Divi MDE 3.38.00

Seagate DiscWizard

Sid Meier's Civilization 4

Sid Meier's Civilization 4 - Beyond the Sword

Sid Meier's Civilization 4 - Warlords

SimCity 4 Deluxe

Skype Click to Call

Skype™ 6.3

Skyrim Heavens by DanteJinx

Smashmuck Champions

Sonic Adventure 2 © SEGA version 1

SonicStage 4.3

Sothink SWF Decompiler

Spotify

Starbank

StarCraft II

Stardock Software

StepMania v5.0 beta 1a (remove only)

Stronghold 3

Swf To Gif Converter 3.9

SWFWire Inspector

Sword 2

System Requirements Lab CYRI

TeamSpeak 3 Client

TeamViewer 8

TERA

Terraria 1.1.2

The Banner Saga: Factions

TLB: System Monitor plugin

TortoiseSVN 1.7.8.23174 (64 bit)

Total Game Control v3.7

Towns

Transformice

Tribes Ascend

Trillian

Tropico 4 1.00

True Launch Bar

True Launch Bar: Add Or Remove Programs plugin

True Launch Bar: Battery Monitor plugin

True Launch Bar: Calendar plugin

True Launch Bar: Device Manager plugin

True Launch Bar: Disable Windows Keys

True Launch Bar: Display Mode plugin

True Launch Bar: Key State plugin

True Launch Bar: Moon Monitor plugin

True Launch Bar: Net Monitor plugin

True Launch Bar: Select Color plugin

True Launch Bar: Slide Show plugin

True Launch Bar: Spacer plugin

True Launch Bar: Startup Manager plugin

True Launch Bar: TLB Clock plugin

True Launch Bar: Up Time plugin

True Launch Bar: Virtual Desktops plugin

True Launch Bar: Wireless Monitor plugin

TrueCrypt

Tunngle beta

Ubisoft Game Launcher

Unity Web Player

Universal Extractor 1.6.1

Unlocker 1.9.1

Unlocker 1.9.1-x64

ViewSonic Monitor Drivers x64

Virtual DJ Pro Full - Atomix Productions

VLC media player 2.0.5

Wajam

WampServer 2.2

Warcraft III

WebTablet FB Plugin 32 bit

WebTablet FB Plugin 64 bit

Winamp

Winamp Detector Plug-in

Windows Installer Clean Up

Windows Live ID Sign-in Assistant

WinPcap 4.1.2

WinRAR 4.20 (64-bit)

Wizard101

Worms Revolution

XLink Kai

XSplit

.

==== End Of File ===========================

Thanks

[MrCharlie]

Welcome to the forum.

Please uninstall these from your add/remove programs:

Audiogalaxy

Claro LTD toolbar

Wajam

Next:

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic:

Click on the

Follow This Topic Button

(at the top right of this page), make sure that the

Receive notification

box is checked and that it is set to

Instantly

Removing malware can be unpredictable

...things can go very wrong!

Backup

any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>Please stick with me until I give you the "all clear" and

Please don't waste my time by leaving before that

.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

[Drenferalis]

Here ya go:

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : Dren [Admin rights]

Mode : Scan -- Date : 05/28/2013 05:57:41

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤

[TASK][sUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\Dren\AppData\Local\Temp\IHU233F.tmp.exe [x] -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST2000DM001-1CH164 ATA Device +++++

--- User ---

[MBR] 45a22eecc7022c929bf83a8fcc1bc4e7

[bSP] a4e1d192deac48b1c8b817d3f17352bc : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1907628 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_05282013_02d0557.txt >>

RKreport[1]_S_05282013_02d0557.txt

[MrCharlie]

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
   
2. Now click on the Search tab.
   
3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

[Drenferalis]

And heres this one:

# AdwCleaner v2.301 - Logfile created 05/28/2013 at 06:14:18

# Updated 16/05/2013 by Xplode

# Operating system : Windows 7 Ultimate (64 bits)

# User : Dren - VIRUS

# Boot Mode : Normal

# Running from : C:\Users\Dren\Downloads\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\END

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

File Found : C:\user.js

Folder Found : C:\Program Files (x86)\AVG Secure Search

Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Found : C:\Program Files (x86)\InfoAtoms

Folder Found : C:\ProgramData\AVG Secure Search

Folder Found : C:\ProgramData\Babylon

Folder Found : C:\Users\Dren\AppData\Local\AVG Secure Search

Folder Found : C:\Users\Dren\AppData\Local\PackageAware

Folder Found : C:\Users\Dren\AppData\LocalLow\AVG Secure Search

Folder Found : C:\Users\Dren\AppData\LocalLow\Claro LTD

Folder Found : C:\Users\Dren\AppData\Roaming\Babylon

Folder Found : C:\Users\Dren\Save

***** [Registry] *****

Key Found : HKCU\Software\AVG Secure Search

Key Found : HKCU\Software\IGearSettings

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\Software\AVG Secure Search

Key Found : HKLM\Software\AVG Security Toolbar

Key Found : HKLM\Software\Babylon

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}

Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Found : HKLM\SOFTWARE\Classes\Prod.cap

Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Found : HKLM\SOFTWARE\Classes\S

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Found : HKLM\Software\Freeze.com

Key Found : HKLM\Software\InfoAtoms

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InfoAtoms

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F}

Key Found : HKLM\SOFTWARE\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54}

Key Found : HKLM\SOFTWARE\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4}

Key Found : HKLM\SOFTWARE\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38}

Key Found : HKLM\SOFTWARE\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C}

Key Found : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

Key Found : HKLM\SOFTWARE\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD}

Key Found : HKLM\SOFTWARE\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2}

Key Found : HKLM\SOFTWARE\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKU\S-1-5-21-473418988-2063491909-1134391171-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKU\S-1-5-21-473418988-2063491909-1134391171-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [infoatoms@infoatoms.com]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={4DA75312-B72A-4E3A-8D72-F9836268232E}&mid=98c18df4cae947d099a481ac0fbf2ddd-10006b474ed346a36e59a740082962451f7bb100〈=en&ds=pp016&pr=sa&d=2012-07-23 08:23:34&v=12.2.5.32&sap=hp

-\\ Mozilla Firefox v14.0.1 (en-US)

File : C:\Users\Dren\AppData\Roaming\Mozilla\Firefox\Profiles\z3mcfpay.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "Claro Search");

Found : user_pref("browser.search.order.1", "Claro Search");

Found : user_pref("browser.search.selectedEngine", "Claro Search");

Found : user_pref("browser.startup.homepage", "hxxp://www.claro-search.com/?affID=116198&tt=4212_1&babsrc=HP[...]

Found : user_pref("extensions.BabylonToolbar_i.newTab", true);

Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "about:home");

Found : user_pref("extensions.claro.admin", false);

Found : user_pref("extensions.claro.aflt", "babsst");

Found : user_pref("extensions.claro.dfltLng", "en");

Found : user_pref("extensions.claro.excTlbr", false);

Found : user_pref("extensions.claro.id", "129be6e700000000000000fffda253d2");

Found : user_pref("extensions.claro.instlDay", "15629");

Found : user_pref("extensions.claro.instlRef", "sst");

Found : user_pref("extensions.claro.prdct", "claro");

Found : user_pref("extensions.claro.prtnrId", "claro");

Found : user_pref("extensions.claro.tlbrId", "claro");

Found : user_pref("extensions.claro.vrsn", "1.6.4.1");

Found : user_pref("extensions.claro.vrsni", "1.6.4.1");

Found : user_pref("extensions.claro_i.smplGrp", "none");

Found : user_pref("extensions.claro_i.vrsnTs", "1.6.4.117:27:22");

Found : user_pref("keyword.URL", "hxxp://www.claro-search.com/?affID=116198&tt=4212_1&babsrc=KW_ss&mntrId=12[...]

-\\ Google Chrome v27.0.1453.94

File : C:\Users\Dren\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [10784 octets] - [28/05/2013 06:14:18]

########## EOF - C:\AdwCleaner[R1].txt - [10845 octets] ##########

Im okay with removing all of that.

[MrCharlie]

Lots of adware found....lets clear it out.....

1. Please re-run AdwCleaner
   
2. Click on Delete button.
   
3. Confirm each time with OK if asked.
   
4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
   

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Then......

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
  
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  
• The tool will open and start scanning your system.
  
• Please be patient as this can take a while to complete depending on your system's specifications.
  
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  
• Post the contents of JRT.txt into your next message.
  

MrC

[Drenferalis]

Lost my keyboard on adw cleaner. using on screen keyboard.

adw:

# AdwCleaner v2.301 - Logfile created 05/28/2013 at 06:21:08

# Updated 16/05/2013 by Xplode

# Operating system : Windows 7 Ultimate (64 bits)

# User : Dren - VIRUS

# Boot Mode : Normal

# Running from : C:\Users\Dren\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\AVG Secure Search

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search

Deleted on reboot : C:\Program Files (x86)\InfoAtoms

Deleted on reboot : C:\ProgramData\AVG Secure Search

Deleted on reboot : C:\ProgramData\Babylon

Deleted on reboot : C:\Users\Dren\AppData\Local\AVG Secure Search

Deleted on reboot : C:\Users\Dren\AppData\Local\PackageAware

Deleted on reboot : C:\Users\Dren\AppData\LocalLow\AVG Secure Search

Deleted on reboot : C:\Users\Dren\AppData\LocalLow\Claro LTD

Deleted on reboot : C:\Users\Dren\AppData\Roaming\Babylon

Deleted on reboot : C:\Users\Dren\Save

File Deleted : C:\END

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

File Deleted : C:\user.js

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search

Key Deleted : HKCU\Software\IGearSettings

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Deleted : HKLM\Software\Freeze.com

Key Deleted : HKLM\Software\InfoAtoms

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InfoAtoms

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [infoatoms@infoatoms.com]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={4DA75312-B72A-4E3A-8D72-F9836268232E}&mid=98c18df4cae947d099a481ac0fbf2ddd-10006b474ed346a36e59a740082962451f7bb100〈=en&ds=pp016&pr=sa&d=2012-07-23 08:23:34&v=12.2.5.32&sap=hp --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (en-US)

File : C:\Users\Dren\AppData\Roaming\Mozilla\Firefox\Profiles\z3mcfpay.default\prefs.js

C:\Users\Dren\AppData\Roaming\Mozilla\Firefox\Profiles\z3mcfpay.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "Claro Search");

Deleted : user_pref("browser.search.order.1", "Claro Search");

Deleted : user_pref("browser.search.selectedEngine", "Claro Search");

Deleted : user_pref("browser.startup.homepage", "hxxp://www.claro-search.com/?affID=116198&tt=4212_1&babsrc=HP[...]

Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);

Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "about:home");

Deleted : user_pref("extensions.claro.admin", false);

Deleted : user_pref("extensions.claro.aflt", "babsst");

Deleted : user_pref("extensions.claro.dfltLng", "en");

Deleted : user_pref("extensions.claro.excTlbr", false);

Deleted : user_pref("extensions.claro.id", "129be6e700000000000000fffda253d2");

Deleted : user_pref("extensions.claro.instlDay", "15629");

Deleted : user_pref("extensions.claro.instlRef", "sst");

Deleted : user_pref("extensions.claro.prdct", "claro");

Deleted : user_pref("extensions.claro.prtnrId", "claro");

Deleted : user_pref("extensions.claro.tlbrId", "claro");

Deleted : user_pref("extensions.claro.vrsn", "1.6.4.1");

Deleted : user_pref("extensions.claro.vrsni", "1.6.4.1");

Deleted : user_pref("extensions.claro_i.smplGrp", "none");

Deleted : user_pref("extensions.claro_i.vrsnTs", "1.6.4.117:27:22");

Deleted : user_pref("keyword.URL", "hxxp://www.claro-search.com/?affID=116198&tt=4212_1&babsrc=KW_ss&mntrId=12[...]

-\\ Google Chrome v27.0.1453.94

File : C:\Users\Dren\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [10873 octets] - [28/05/2013 06:14:18]

AdwCleaner[s1].txt - [10814 octets] - [28/05/2013 06:21:08]

########## EOF - C:\AdwCleaner[s1].txt - [10875 octets] ##########

jrt:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows 7 Ultimate x64

Ran by Dren on Tue 05/28/2013 at 6:32:52.63

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ai_recyclebin"

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

~~~ FireFox

Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\infoatoms@infoatoms.com"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 05/28/2013 at 6:37:05.51

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Drenferalis]

Access was denied on one of the avg directories during reboot on adw.

[MrCharlie]

OK....Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[Drenferalis]

Log:

ComboFix 13-05-28.02 - Dren 05/28/2013 7:00.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3069.1084 [GMT -7:00]

Running from: c:\users\Dren\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Dren\2416.rar

c:\users\Dren\AppData\Local\Temp\7zS3D2C\HPSLPSVC64.DLL

c:\users\Dren\AppData\Roaming\Love

c:\users\Dren\AppData\Roaming\Love\mari0\options.txt

c:\users\Dren\glide3x.dll

c:\users\Dren\mupen64.exe

c:\windows\apppatch\AppLoc.exe

c:\windows\apppatch\AppLocA.exe

c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

c:\windows\apppatch\unins000.dat

c:\windows\apppatch\unins000.exe

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\wpcap.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_npf

-------\Service_pcCMService

-------\Service_HPSLPSVC

.

.

((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-28 )))))))))))))))))))))))))))))))

.

.

2013-05-28 13:32 . 2013-05-28 13:32 -------- d-----w- c:\windows\ERUNT

2013-05-28 13:32 . 2013-05-28 13:32 -------- d-----w- C:\JRT

2013-05-28 11:40 . 2013-05-28 11:40 -------- d-----w- c:\users\Dren\AppData\Local\Desura

2013-05-23 23:22 . 2013-05-24 00:20 -------- d-----w- c:\users\Dren\KAG-Beta

2013-05-15 22:55 . 2013-05-15 22:55 -------- d-----w- c:\users\Dren\AppData\Roaming\Carbon

2013-05-15 00:26 . 2013-05-15 00:26 -------- d-----w- c:\users\Dren\AppData\Local\Introversion

2013-05-15 00:19 . 2013-05-15 00:20 -------- d-----w- c:\users\Dren\.jxbattle

2013-05-13 01:16 . 2013-05-13 01:16 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP

2013-05-13 01:15 . 2013-05-13 01:15 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2013-05-09 22:45 . 2013-05-28 14:23 -------- d-----w- c:\users\Dren\AppData\Local\Spotify

2013-05-09 22:45 . 2013-05-28 14:24 -------- d-----w- c:\users\Dren\AppData\Roaming\Spotify

2013-05-07 16:49 . 2013-05-22 00:13 -------- d-----w- c:\program files (x86)\LOLReplay

2013-05-05 15:12 . 2013-05-05 15:12 -------- d-----w- c:\users\Dren\AppData\Roaming\Transformice

2013-05-05 15:11 . 2013-05-05 15:11 -------- d-----w- c:\program files (x86)\Transformice

2013-04-29 08:13 . 2013-04-29 08:13 -------- d-----w- c:\program files (x86)\ESET

2013-04-29 06:57 . 2013-04-29 06:57 -------- d-----w- c:\users\Dren\AppData\Roaming\PDAppFlex

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-21 12:28 . 2012-07-23 15:23 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2013-05-13 11:41 . 2013-01-09 13:30 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{17CAE1E4-5112-421F-8B30-77F3AE38E47E}\offreg.dll

2013-04-17 05:34 . 2013-04-01 19:57 466520 ----a-w- c:\windows\system32\wrap_oal.dll

2013-04-17 05:34 . 2013-04-01 19:57 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2013-04-17 05:34 . 2013-04-01 19:57 123480 ----a-w- c:\windows\system32\OpenAL32.dll

2013-04-17 05:34 . 2013-04-01 19:57 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2013-04-13 00:14 . 2012-07-11 07:07 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-13 00:14 . 2012-07-11 07:07 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-04-04 21:50 . 2012-07-11 07:18 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RockMelt Update"="c:\users\Dren\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2012-07-02 136336]

"puush"="c:\program files (x86)\puush\puush.exe" [2013-05-15 567368]

"NoIPDUCv4"="c:\program files (x86)\No-IP\DUC40.exe" [2013-01-09 270336]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-03-01 18642024]

"Desura"="c:\program files (x86)\Desura\desura.exe" [2013-04-17 2529096]

"Spotify"="c:\users\Dren\AppData\Roaming\Spotify\Spotify.exe" [2013-05-09 4573184]

"Spotify Web Helper"="c:\users\Dren\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-05-09 1105408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-06-01 506712]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-29 642728]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"FileZilla Server Interface"="c:\program files (x86)\FileZilla Server\FileZilla Server Interface.exe" [2012-02-26 1044992]

"RaidCall"="c:\program files (x86)\RaidCall\raidcall.exe" [2013-04-01 3423928]

"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]

.

c:\users\Dren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-7-31 576000]

Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe [2013-3-8 4142448]

WinLaunch.exe - Shortcut.lnk - c:\users\Dren\Documents\StarCraft II\Accounts\55366726\1-S2-1-1242182\Banks\WinLaunch\WinLaunch.exe [2013-3-5 1850880]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2013-5-21 526336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableInstallerDetection"= 0 (0x0)

"EnableLUA"= 0 (0x0)

"EnableSecureUIAPaths"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-01-11 8704]

R2 Icecast 2.3.2-kh31.2;Icecast 2.3.2-kh31.2 Streaming Media Server;c:\program files (x86)\Icecast KH\icecast.exe [2012-01-08 5208899]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-03-01 161384]

R3 ampa;ampa;c:\windows\system32\ampa.sys [2011-12-26 15288]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-05-25 36328]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]

R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe [2013-02-11 49152]

R3 dpclat_driver;dpclat_driver;c:\windows\system32\drivers\dpclat_driver.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-07-02 25640]

R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-07-02 30528]

R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys [2012-10-12 13728]

R3 libusb0;LibUsb-Win32 - Kernel Driver 08/27/2006, 0.1.12.0;c:\windows\system32\DRIVERS\libusb0.sys [2012-10-31 32768]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 121416]

R3 PsSdk41;PsSdk41;c:\windows\system32\Drivers\pssdk41.sys [2012-10-04 51776]

R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-04-09 19936]

R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-04-09 13280]

R3 RTCore64;RTCore64;c:\program files (x86)\RMClock\RTCore64.sys [2012-11-04 8192]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-05-25 125416]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-05-25 16872]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-05-25 159208]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2010-05-25 126952]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-10-03 743320]

R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys [2012-10-12 81312]

R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [2012-10-12 15776]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-11-14 14544]

R3 X6va001;X6va001;c:\users\Dren\AppData\Local\Temp\0012B46.tmp [x]

R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]

S0 amdide64;amdide64;c:\windows\system32\DRIVERS\amdide64.sys [2010-06-29 11832]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2006-10-18 52760]

S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-11-30 210016]

S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2012-11-30 141920]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-05-21 45856]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984]

S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]

S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [2010-09-17 98304]

S2 metasploitPostgreSQL;metasploitPostgreSQL;C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N metasploitPostgreSQL -D C:/METASP~1/POSTGR~1/data [x]

S2 metasploitProSvc;Metasploit Pro Service;c:\metasp~1\ruby\bin\ruby.exe [2012-04-16 70239]

S2 metasploitThin;Metasploit Thin Service;c:\metasp~1\ruby\bin\ruby.exe [2012-04-16 70239]

S2 NoIPDUCService4;NO-IP DUC v4;c:\program files (x86)\No-IP\ducservice.exe [2013-01-09 11264]

S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe [2012-12-10 460288]

S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2011-06-30 1191408]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-05-14 3289208]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-02-10 383264]

S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-12-14 3467768]

S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-05-21 1015984]

S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe [2012-11-14 619904]

S3 ALSysIO;ALSysIO;c:\users\Dren\AppData\Local\Temp\ALSysIO64.sys [x]

S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-03-17 87168]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-03-17 188544]

S3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2013-04-17 131912]

S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [2010-09-17 3735552]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]

S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992]

S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-15 47232]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - ALSYSIO

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-473418988-2063491909-1134391171-1000Core.job

- c:\users\Dren\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-09 23:37]

.

2013-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-473418988-2063491909-1134391171-1000UA.job

- c:\users\Dren\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-09 23:37]

.

2013-05-28 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-473418988-2063491909-1134391171-1000Core.job

- c:\users\Dren\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-07-02 03:58]

.

2013-05-28 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-473418988-2063491909-1134391171-1000UA.job

- c:\users\Dren\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-07-02 03:58]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]

"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-10-14 2278504]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll" [2010-03-24 633200]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>

IE: Assign &hot key - c:\program files (x86)\Hot Keyboard Pro\IEScript.htm

IE: Sothink Flash Downloader For IE - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: Interfaces\{6BC27F81-8C6D-40A6-9ED6-F3668D92C97A}: NameServer = 192.168.1.1,8.8.8.8

FF - ProfilePath - c:\users\Dren\AppData\Roaming\Mozilla\Firefox\Profiles\z3mcfpay.default\

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: !HIDDEN! 2012-10-15 17:28; infoatoms@infoatoms.com; c:\program files (x86)\Mozilla Firefox\extensions\infoatoms@infoatoms.com

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

AddRemove-InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996} - c:\program files (x86)\InstallShield Installation Information\{5442DAB8-7177-49E1-8B22-09A049EA5996}\Setup.exe

AddRemove-PunkBusterSvc - d:\steam\STEAMAPPS\COMMON\APB RELOADED\Binaries\pbsvc_apb.exe

AddRemove-SAM3 - c:\program files (x86)\SpacialAudio\SAMBC\uninstall.exe

AddRemove-Steam App 4000 - d:\steam\steam.exe

AddRemove-Terraria 1.1.2 - c:\program files (x86)\Terraria\Uninstall.exe

AddRemove-{32E4F0D2-C135-475E-A841-1D59A0D22989} - c:\program files (x86)\InstallShield Installation Information\{32E4F0D2-C135-475E-A841-1D59A0D22989}\setup.exe

AddRemove-{3E4B349F-10B5-4586-9D99-489A90A8B228} - c:\program files (x86)\InstallShield Installation Information\{3E4B349F-10B5-4586-9D99-489A90A8B228}\setup.exe

AddRemove-{8833FFB6-5B0C-4764-81AA-06DFEED9A476} - c:\program files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\Setup.Exe

AddRemove-{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1 - c:\windows\AppPatch\unins000.exe

AddRemove-{A9E27FF5-6294-46A8-B8FD-77B1DECA3021} - c:\program files (x86)\InstallShield Installation Information\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}\setup.exe

AddRemove-UnityWebPlayer - c:\users\Dren\AppData\Local\Unity\WebPlayer\Uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\metasploitPostgreSQL]

"ImagePath"="C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N \"metasploitPostgreSQL\" -D \"C:/METASP~1/POSTGR~1/data\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\metasploitPostgreSQL]

"ImagePath"="C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N \"metasploitPostgreSQL\" -D \"C:/METASP~1/POSTGR~1/data\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va001]

"ImagePath"="\??\c:\users\Dren\AppData\Local\Temp\0012B46.tmp"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va012]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-473418988-2063491909-1134391171-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8F25DD3A-D4AD-8782-9C6B-5F23F155A9CE}*]

"haacifpoboljloil"=hex:6a,61,67,6f,6a,69,62,64,70,6e,69,63,61,66,64,63,69,6b,

6a,6a,00,00

"iagaobdmlncnbaopba"=hex:63,61,66,6f,61,68,00,00

"iakbmpdpeccngiojeo"=hex:6a,61,62,6f,63,6c,6e,62,69,62,68,6b,64,67,66,6f,6f,69,

63,6e,00,00

"dbgofpnhjnbonbebdbehpglleahbndfljoaiagoo"=hex:68,61,6a,64,67,65,6d,70,70,70,

61,61,6b,66,68,66,00,00

"jbgofpnhjnbonbebdbehciibpcdcabgbpnjenhlhcahemgimfnpp"=hex:68,61,6a,64,67,65,

6d,70,70,70,61,61,6b,66,68,66,00,00

"dbgofpnhjnbonbebdbehehmnajjknjekhlclcjhm"=hex:62,61,61,61,00,00

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files\Tablet\Pen\WacomHost.exe

c:\program files (x86)\FileZilla Server\FileZilla Server.exe

c:\metasp~1\POSTGR~1\bin\pg_ctl.exe

c:\metasp~1\POSTGR~1\bin\postgres.exe

c:\metasp~1\POSTGR~1\bin\postgres.exe

c:\metasp~1\POSTGR~1\bin\postgres.exe

c:\metasp~1\POSTGR~1\bin\postgres.exe

c:\metasp~1\POSTGR~1\bin\postgres.exe

c:\metasp~1\POSTGR~1\bin\postgres.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

c:\metasp~1\POSTGR~1\bin\postgres.exe

c:\metasp~1\POSTGR~1\bin\postgres.exe

c:\metasp~1\POSTGR~1\bin\postgres.exe

c:\metasp~1\POSTGR~1\bin\postgres.exe

c:\users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe

.

**************************************************************************

.

Completion time: 2013-05-28 07:58:02 - machine was rebooted

ComboFix-quarantined-files.txt 2013-05-28 14:57

.

Pre-Run: 1,468,598,202,368 bytes free

Post-Run: 1,467,949,928,448 bytes free

.

- - End Of File - - 7819305F5FF7F476DF9ECF84D3E2E6D0

ComboFix 13-05-28.02 - Dren 05/28/2013 7:00.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3069.1084 [GMT -7:00]

Running from: c:\users\Dren\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Dren\2416.rar

c:\users\Dren\AppData\Local\Temp\7zS3D2C\HPSLPSVC64.DLL

c:\users\Dren\AppData\Roaming\Love

c:\users\Dren\AppData\Roaming\Love\mari0\options.txt

c:\users\Dren\glide3x.dll

c:\users\Dren\mupen64.exe

c:\windows\apppatch\AppLoc.exe

c:\windows\apppatch\AppLocA.exe

c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

c:\windows\apppatch\unins000.dat

c:\windows\apppatch\unins000.exe

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\wpcap.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_npf

-------\Service_pcCMService

-------\Service_HPSLPSVC

.

.

((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-28 )))))))))))))))))))))))))))))))

.

.

2013-05-28 13:32 . 2013-05-28 13:32 -------- d-----w- c:\windows\ERUNT

2013-05-28 13:32 . 2013-05-28 13:32 -------- d-----w- C:\JRT

2013-05-28 11:40 . 2013-05-28 11:40 -------- d-----w- c:\users\Dren\AppData\Local\Desura

2013-05-23 23:22 . 2013-05-24 00:20 -------- d-----w- c:\users\Dren\KAG-Beta

2013-05-15 22:55 . 2013-05-15 22:55 -------- d-----w- c:\users\Dren\AppData\Roaming\Carbon

2013-05-15 00:26 . 2013-05-15 00:26 -------- d-----w- c:\users\Dren\AppData\Local\Introversion

2013-05-15 00:19 . 2013-05-15 00:20 -------- d-----w- c:\users\Dren\.jxbattle

2013-05-13 01:16 . 2013-05-13 01:16 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP

2013-05-13 01:15 . 2013-05-13 01:15 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2013-05-09 22:45 . 2013-05-28 14:23 -------- d-----w- c:\users\Dren\AppData\Local\Spotify

2013-05-09 22:45 . 2013-05-28 14:24 -------- d-----w- c:\users\Dren\AppData\Roaming\Spotify

2013-05-07 16:49 . 2013-05-22 00:13 -------- d-----w- c:\program files (x86)\LOLReplay

2013-05-05 15:12 . 2013-05-05 15:12 -------- d-----w- c:\users\Dren\AppData\Roaming\Transformice

2013-05-05 15:11 . 2013-05-05 15:11 -------- d-----w- c:\program files (x86)\Transformice

2013-04-29 08:13 . 2013-04-29 08:13 -------- d-----w- c:\program files (x86)\ESET

2013-04-29 06:57 . 2013-04-29 06:57 -------- d-----w- c:\users\Dren\AppData\Roaming\PDAppFlex

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-21 12:28 . 2012-07-23 15:23 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2013-05-13 11:41 . 2013-01-09 13:30 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{17CAE1E4-5112-421F-8B30-77F3AE38E47E}\offreg.dll

2013-04-17 05:34 . 2013-04-01 19:57 466520 ----a-w- c:\windows\system32\wrap_oal.dll

2013-04-17 05:34 . 2013-04-01 19:57 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2013-04-17 05:34 . 2013-04-01 19:57 123480 ----a-w- c:\windows\system32\OpenAL32.dll

2013-04-17 05:34 . 2013-04-01 19:57 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2013-04-13 00:14 . 2012-07-11 07:07 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-13 00:14 . 2012-07-11 07:07 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-04-04 21:50 . 2012-07-11 07:18 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RockMelt Update"="c:\users\Dren\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2012-07-02 136336]

"puush"="c:\program files (x86)\puush\puush.exe" [2013-05-15 567368]

"NoIPDUCv4"="c:\program files (x86)\No-IP\DUC40.exe" [2013-01-09 270336]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-03-01 18642024]

"Desura"="c:\program files (x86)\Desura\desura.exe" [2013-04-17 2529096]

"Spotify"="c:\users\Dren\AppData\Roaming\Spotify\Spotify.exe" [2013-05-09 4573184]

"Spotify Web Helper"="c:\users\Dren\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-05-09 1105408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-06-01 506712]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-29 642728]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"FileZilla Server Interface"="c:\program files (x86)\FileZilla Server\FileZilla Server Interface.exe" [2012-02-26 1044992]

"RaidCall"="c:\program files (x86)\RaidCall\raidcall.exe" [2013-04-01 3423928]

"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]

.

c:\users\Dren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-7-31 576000]

Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe [2013-3-8 4142448]

WinLaunch.exe - Shortcut.lnk - c:\users\Dren\Documents\StarCraft II\Accounts\55366726\1-S2-1-1242182\Banks\WinLaunch\WinLaunch.exe [2013-3-5 1850880]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2013-5-21 526336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableInstallerDetection"= 0 (0x0)

"EnableLUA"= 0 (0x0)

"EnableSecureUIAPaths"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-01-11 8704]

R2 Icecast 2.3.2-kh31.2;Icecast 2.3.2-kh31.2 Streaming Media Server;c:\program files (x86)\Icecast KH\icecast.exe [2012-01-08 5208899]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-03-01 161384]

R3 ampa;ampa;c:\windows\system32\ampa.sys [2011-12-26 15288]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-05-25 36328]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]

R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe [2013-02-11 49152]

R3 dpclat_driver;dpclat_driver;c:\windows\system32\drivers\dpclat_driver.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-07-02 25640]

R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-07-02 30528]

R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys [2012-10-12 13728]

R3 libusb0;LibUsb-Win32 - Kernel Driver 08/27/2006, 0.1.12.0;c:\windows\system32\DRIVERS\libusb0.sys [2012-10-31 32768]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 121416]

R3 PsSdk41;PsSdk41;c:\windows\system32\Drivers\pssdk41.sys [2012-10-04 51776]

R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-04-09 19936]

R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-04-09 13280]

R3 RTCore64;RTCore64;c:\program files (x86)\RMClock\RTCore64.sys [2012-11-04 8192]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-05-25 125416]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-05-25 16872]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-05-25 159208]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2010-05-25 126952]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-10-03 743320]

R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys [2012-10-12 81312]

R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [2012-10-12 15776]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-11-14 14544]

R3 X6va001;X6va001;c:\users\Dren\AppData\Local\Temp\0012B46.tmp [x]

R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]

S0 amdide64;amdide64;c:\windows\system32\DRIVERS\amdide64.sys [2010-06-29 11832]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2006-10-18 52760]

S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-11-30 210016]

S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2012-11-30 141920]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-05-21 45856]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984]

S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]

S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [2010-09-17 98304]

S2 metasploitPostgreSQL;metasploitPostgreSQL;C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N metasploitPostgreSQL -D C:/METASP~1/POSTGR~1/data [x]

S2 metasploitProSvc;Metasploit Pro Service;c:\metasp~1\ruby\bin\ruby.exe [2012-04-16 70239]

S2 metasploitThin;Metasploit Thin Service;c:\metasp~1\ruby\bin\ruby.exe [2012-04-16 70239]

S2 NoIPDUCService4;NO-IP DUC v4;c:\program files (x86)\No-IP\ducservice.exe [2013-01-09 11264]

S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe [2012-12-10 460288]

S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2011-06-30 1191408]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-05-14 3289208]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-02-10 383264]

S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-12-14 3467768]

S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-05-21 1015984]

S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe [2012-11-14 619904]

S3 ALSysIO;ALSysIO;c:\users\Dren\AppData\Local\Temp\ALSysIO64.sys [x]

S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-03-17 87168]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-03-17 188544]

S3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2013-04-17 131912]

S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [2010-09-17 3735552]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]

S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992]

S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-15 47232]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - ALSYSIO

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-473418988-2063491909-1134391171-1000Core.job

- c:\users\Dren\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-09 23:37]

.

2013-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-473418988-2063491909-1134391171-1000UA.job

- c:\users\Dren\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-09 23:37]

.

2013-05-28 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-473418988-2063491909-1134391171-1000Core.job

- c:\users\Dren\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-07-02 03:58]

.

2013-05-28 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-473418988-2063491909-1134391171-1000UA.job

- c:\users\Dren\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-07-02 03:58]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]

"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-10-14 2278504]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll" [2010-03-24 633200]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>

IE: Assign &hot key - c:\program files (x86)\Hot Keyboard Pro\IEScript.htm

IE: Sothink Flash Downloader For IE - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: Interfaces\{6BC27F81-8C6D-40A6-9ED6-F3668D92C97A}: NameServer = 192.168.1.1,8.8.8.8

FF - ProfilePath - c:\users\Dren\AppData\Roaming\Mozilla\Firefox\Profiles\z3mcfpay.default\

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: !HIDDEN! 2012-10-15 17:28; infoatoms@infoatoms.com; c:\program files (x86)\Mozilla Firefox\extensions\infoatoms@infoatoms.com

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

AddRemove-InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996} - c:\program files (x86)\InstallShield Installation Information\{5442DAB8-7177-49E1-8B22-09A049EA5996}\Setup.exe

AddRemove-PunkBusterSvc - d:\steam\STEAMAPPS\COMMON\APB RELOADED\Binaries\pbsvc_apb.exe

AddRemove-SAM3 - c:\program files (x86)\SpacialAudio\SAMBC\uninstall.exe

AddRemove-Steam App 4000 - d:\steam\steam.exe

AddRemove-Terraria 1.1.2 - c:\program files (x86)\Terraria\Uninstall.exe

AddRemove-{32E4F0D2-C135-475E-A841-1D59A0D22989} - c:\program files (x86)\InstallShield Installation Information\{32E4F0D2-C135-475E-A841-1D59A0D22989}\setup.exe

AddRemove-{3E4B349F-10B5-4586-9D99-489A90A8B228} - c:\program files (x86)\InstallShield Installation Information\{3E4B349F-10B5-4586-9D99-489A90A8B228}\setup.exe

AddRemove-{8833FFB6-5B0C-4764-81AA-06DFEED9A476} - c:\program files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\Setup.Exe

AddRemove-{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1 - c:\windows\AppPatch\unins000.exe

AddRemove-{A9E27FF5-6294-46A8-B8FD-77B1DECA3021} - c:\program files (x86)\InstallShield Installation Information\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}\setup.exe

AddRemove-UnityWebPlayer - c:\users\Dren\AppData\Local\Unity\WebPlayer\Uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\metasploitPostgreSQL]

"ImagePath"="C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N \"metasploitPostgreSQL\" -D \"C:/METASP~1/POSTGR~1/data\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\metasploitPostgreSQL]

"ImagePath"="C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N \"metasploitPostgreSQL\" -D \"C:/METASP~1/POSTGR~1/data\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va001]

"ImagePath"="\??\c:\users\Dren\AppData\Local\Temp\0012B46.tmp"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va012]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-473418988-2063491909-1134391171-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8F25DD3A-D4AD-8782-9C6B-5F23F155A9CE}*]

"haacifpoboljloil"=hex:6a,61,67,6f,6a,69,62,64,70,6e,69,63,61,66,64,63,69,6b,

6a,6a,00,00

"iagaobdmlncnbaopba"=hex:63,61,66,6f,61,68,00,00

"iakbmpdpeccngiojeo"=hex:6a,61,62,6f,63,6c,6e,62,69,62,68,6b,64,67,66,6f,6f,69,

63,6e,00,00

"dbgofpnhjnbonbebdbehpglleahbndfljoaiagoo"=hex:68,61,6a,64,67,65,6d,70,70,70,

61,61,6b,66,68,66,00,00

"jbgofpnhjnbonbebdbehciibpcdcabgbpnjenhlhcahemgimfnpp"=hex:68,61,6a,64,67,65,

6d,70,70,70,61,61,6b,66,68,66,00,00

"dbgofpnhjnbonbebdbehehmnajjknjekhlclcjhm"=hex:62,61,61,61,00,00

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files\Tablet\Pen\WacomHost.exe

c:\program files (x86)\FileZilla Server\FileZilla Server.exe

c:\metasp~1\POSTGR~1\bin\pg_ctl.exe

c:\metasp~1\POSTGR~1\bin\postgres.exe

c:\metasp~1\POSTGR~1\bin\postgres.exe

c:\metasp~1\POSTGR~1\bin\postgres.exe

c:\metasp~1\POSTGR~1\bin\postgres.exe

c:\metasp~1\POSTGR~1\bin\postgres.exe

c:\metasp~1\POSTGR~1\bin\postgres.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

c:\metasp~1\POSTGR~1\bin\postgres.exe

c:\metasp~1\POSTGR~1\bin\postgres.exe

c:\metasp~1\POSTGR~1\bin\postgres.exe

c:\metasp~1\POSTGR~1\bin\postgres.exe

c:\users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Dren\AppData\Local\Google\Chrome\Application\chrome.exe

.

**************************************************************************

.

Completion time: 2013-05-28 07:58:02 - machine was rebooted

ComboFix-quarantined-files.txt 2013-05-28 14:57

.

Pre-Run: 1,468,598,202,368 bytes free

Post-Run: 1,467,949,928,448 bytes free

.

- - End Of File - - 7819305F5FF7F476DF9ECF84D3E2E6D0

Computer is much faster now.

[MrCharlie]

Looks Good.....

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[Drenferalis]

Im sorry but I am not removing metasploit. I had said that in the first post. Close this thread.

[MrCharlie]

Im sorry but I am not removing metasploit. I had said that in the first post. Close this thread.

No one asked you to???????

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

MrC

[Drenferalis]

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Metasploit has multiple PUP's that are used for network security testing.

So yes, you just did.

[MrCharlie]

Thanks for wasting my time! MrC