I think I have a Trojan Virus!

[Starblue]

I think I have a trojan virus, I keep getting the Death of the Blue Screen - saying windows 7 is unable to start. I took the computer to someone to make the computer work because I couldn't get passed the window won't start error screen.  But now  I still have the same problem,   I really want need help with this problem

 

I have a Hijackthis log

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:41:50 AM, on 8/19/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16496)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\AOL Desktop 9.6a\waol.exe
C:\Program Files (x86)\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files (x86)\AOL Desktop 9.6a\shellmon.exe
C:\Program Files (x86)\Common Files\aol\1291691248\ee\aolsoftware.exe
C:\Program Files (x86)\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files (x86)\AOL Desktop 9.6a\AOLBrowser\aolbrowser.exe
C:\Program Files (x86)\Common Files\aol\1291691248\ee\aolupdates.exe
C:\Users\Jen\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_2&ent=hp&u=85C0E9511DC82D8B533EAC51F9CEC8D6
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1291691248\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [search Protection] C:\ProgramData\Search Protection\SearchProtection.exe
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files (x86)\AOL Desktop 9.6a\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex (User 'Default user')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MapsGalaxyService (MapsGalaxy_39Service) - COMPANYVERS_NAME - C:\PROGRA~2\MAPSGA~2\bar\1.bin\39barsvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7932 bytes

[CatByte]

Hello and welcome to Malwarebytes Forum,

Please run the following:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

[Starblue]

ok here are the 2 logs, thanks

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-08-2013 03

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.6a\waol.exe
(AOL LLC) C:\Program Files (x86)\Common Files\AOL\ACS\AOLacsd.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.6a\shellmon.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\aol\1291691248\ee\aolsoftware.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.6a\AOLBrowser\aolbrowser.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
(AOL Inc.) C:\Program Files (x86)\Common Files\aol\1291691248\ee\aolupdates.exe
(Farbar) C:\Users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10DE6E20\FRST64[1].exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16333856 2009-07-29] (NVIDIA Corporation)
HKLM\...\Run: [smartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()
HKCU\...\Run: [AOL Fast Start] - C:\Program Files (x86)\AOL Desktop 9.6a\AOL.EXE [42320 2011-04-25] (AOL Inc.)
HKLM-x32\...\Run: [HostManager] - C:\Program Files (x86)\Common Files\AOL\1291691248\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft)
HKLM-x32\...\Run: [search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe [943016 2013-07-16] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [x]
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [x]

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_2&ent=hp&u=85C0E9511DC82D8B533EAC51F9CEC8D6
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {3C174079-C04A-491C-8883-E19FFF34D324} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {ADB441EA-547C-401A-9B96-E2608E95E3A3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - DefaultScope {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={SearchTerms}&invocationType=tb50TB50CL-chromesbox-en-us
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={SearchTerms}&invocationType=tb50TB50CL-chromesbox-en-us
SearchScopes: HKLM-x32 - {ADB441EA-547C-401A-9B96-E2608E95E3A3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=UXxdm002YYus&ptnrS=UXxdm002YYus&ptb=B62329B3-1499-4D09-A5E1-5FE59C8B5EE6&ind=2011092302&n=77ded54e&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_2&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_2&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL =
SearchScopes: HKCU - {ADB441EA-547C-401A-9B96-E2608E95E3A3} URL =
SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL =
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {364EA597-E728-4CE4-BB4A-ED846EF47970} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 06 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 06 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 10 mswsock.dll File Not found (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 167.206.254.1 167.206.254.2

==================== Services (Whitelisted) =================

R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
S2 MapsGalaxy_39Service; C:\PROGRA~2\MAPSGA~2\bar\1.bin\39barsvc.exe [42504 2011-09-16] (COMPANYVERS_NAME)
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)

==================== Drivers (Whitelisted) ====================

S3 ATWPKT2; C:\Windows\system32\drivers\ATWPKT264.SYS [33400 2009-08-31] (America Online)
S3 ATWPKT2; C:\Windows\system32\drivers\ATWPKT264.SYS [33400 2009-08-31] (America Online)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-31] (GFI Software)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-19 17:49 - 2013-08-19 17:49 - 00292456 _____ C:\Windows\Minidump\081913-29530-01.dmp
2013-08-19 01:03 - 2013-08-19 01:23 - 00096142 _____ C:\Users\Jen\Desktop\avgrep.txt
2013-08-19 00:32 - 2013-08-19 00:32 - 00292456 _____ C:\Windows\Minidump\081913-31481-01.dmp
2013-08-12 01:23 - 2013-08-12 01:23 - 00001190 _____ C:\Windows\SysWOW64\ServiceConfig.xml
2013-08-08 21:37 - 2013-08-08 21:37 - 00003332 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3217652057-2821476037-1169716605-1001
2013-08-06 23:32 - 2013-08-08 21:37 - 00003194 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3217652057-2821476037-1169716605-1001
2013-07-31 23:05 - 2013-07-31 23:05 - 00004314 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
2013-07-31 23:04 - 2013-07-31 23:04 - 00000000 ____D C:\Users\Jen\AppData\Roaming\LavasoftStatistics
2013-07-31 23:04 - 2013-07-31 23:04 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-07-31 23:00 - 2013-08-19 17:46 - 00001830 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-07-31 23:00 - 2013-08-19 04:17 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-07-31 23:00 - 2013-07-31 23:00 - 00000000 ____D C:\ProgramData\Lavasoft
2013-07-31 22:59 - 2013-08-19 04:17 - 00000000 ____D C:\ProgramData\Search Protection
2013-07-31 22:59 - 2013-08-19 04:17 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-07-31 22:59 - 2013-07-31 22:59 - 00000000 ____D C:\Users\Jen\AppData\Local\adawarebp
2013-07-31 22:59 - 2013-07-31 22:59 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-07-31 22:59 - 2013-07-31 22:59 - 00000000 ____D C:\ProgramData\blekko toolbars
2013-07-31 22:59 - 2013-07-31 22:59 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-07-31 22:58 - 2013-08-01 01:17 - 00000000 ____D C:\Users\Jen\AppData\Roaming\Ad-Aware Antivirus
2013-07-31 22:58 - 2013-07-31 22:58 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe
2013-07-31 22:58 - 2013-07-31 22:58 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-07-31 22:42 - 2013-07-31 22:42 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-07-31 22:42 - 2013-07-31 22:42 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-07-28 10:31 - 2013-07-28 10:31 - 00000000 ____D C:\Users\Jen\AppData\Roaming\AVG2013
2013-07-28 10:30 - 2013-07-31 22:42 - 00000927 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-28 10:30 - 2013-07-28 10:30 - 00000000 ____D C:\Users\Jen\AppData\Roaming\TuneUp Software
2013-07-28 10:28 - 2013-07-28 10:30 - 00000000 ____D C:\ProgramData\AVG2013
2013-07-28 10:28 - 2013-07-28 10:28 - 00000000 ___HD C:\$AVG
2013-07-28 10:28 - 2013-07-28 10:28 - 00000000 ____D C:\Program Files (x86)\AVG
2013-07-28 10:26 - 2013-08-19 01:03 - 00000000 ____D C:\Users\Jen\AppData\Local\Avg2013
2013-07-28 10:26 - 2013-07-28 10:26 - 00000000 ____D C:\Users\Jen\AppData\Local\MFAData
2013-07-28 10:25 - 2013-07-28 10:25 - 04463512 _____ (AVG Technologies) C:\Users\Jen\Downloads\avg_free_stb_all_2013_3349_cnet.exe
2013-07-20 01:51 - 2013-07-20 01:51 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys

==================== One Month Modified Files and Folders =======

2013-08-19 17:58 - 2013-08-19 17:58 - 00000000 ____D C:\FRST
2013-08-19 17:49 - 2013-08-19 17:49 - 00292456 _____ C:\Windows\Minidump\081913-29530-01.dmp
2013-08-19 17:49 - 2012-07-20 23:38 - 414150379 _____ C:\Windows\MEMORY.DMP
2013-08-19 17:49 - 2012-07-20 23:38 - 00000000 ____D C:\Windows\Minidump
2013-08-19 17:46 - 2013-07-31 23:00 - 00001830 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-08-19 17:46 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-19 17:45 - 2009-07-14 00:51 - 00148492 _____ C:\Windows\setupact.log
2013-08-19 04:17 - 2013-07-31 23:00 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-08-19 04:17 - 2013-07-31 22:59 - 00000000 ____D C:\ProgramData\Search Protection
2013-08-19 04:17 - 2013-07-31 22:59 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-08-19 04:17 - 2013-03-23 16:22 - 00000000 ____D C:\Program Files (x86)\AOL Desktop 9.6a
2013-08-19 04:17 - 2011-08-12 12:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-08-19 04:17 - 2010-12-10 20:39 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-08-19 04:17 - 2010-12-06 23:31 - 00000000 ____D C:\ProgramData\MFAData
2013-08-19 04:17 - 2010-01-21 05:32 - 00000000 ____D C:\backups
2013-08-19 04:17 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
2013-08-19 04:16 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2013-08-19 04:15 - 2011-10-08 21:24 - 00000000 ____D C:\ProgramData\Real
2013-08-19 01:23 - 2013-08-19 01:03 - 00096142 _____ C:\Users\Jen\Desktop\avgrep.txt
2013-08-19 01:22 - 2012-11-21 21:04 - 00007933 _____ C:\Users\Jen\Downloads\hijackthis.log
2013-08-19 01:03 - 2013-07-28 10:26 - 00000000 ____D C:\Users\Jen\AppData\Local\Avg2013
2013-08-19 00:53 - 2009-07-14 01:13 - 00727136 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-19 00:32 - 2013-08-19 00:32 - 00292456 _____ C:\Windows\Minidump\081913-31481-01.dmp
2013-08-19 00:32 - 2010-12-06 22:44 - 00000000 ____D C:\Users\Jen
2013-08-17 19:43 - 2011-01-02 22:05 - 00000000 ____D C:\Users\Jen\Documents\JenSolarReturn
2013-08-12 17:14 - 2009-07-14 00:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-12 17:14 - 2009-07-14 00:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-12 01:23 - 2013-08-12 01:23 - 00001190 _____ C:\Windows\SysWOW64\ServiceConfig.xml
2013-08-08 21:37 - 2013-08-08 21:37 - 00003332 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3217652057-2821476037-1169716605-1001
2013-08-08 21:37 - 2013-08-06 23:32 - 00003194 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3217652057-2821476037-1169716605-1001
2013-08-04 22:02 - 2010-08-05 20:31 - 01196759 _____ C:\Windows\WindowsUpdate.log
2013-08-02 18:52 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-08-01 01:17 - 2013-07-31 22:58 - 00000000 ____D C:\Users\Jen\AppData\Roaming\Ad-Aware Antivirus
2013-07-31 23:05 - 2013-07-31 23:05 - 00004314 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
2013-07-31 23:04 - 2013-07-31 23:04 - 00000000 ____D C:\Users\Jen\AppData\Roaming\LavasoftStatistics
2013-07-31 23:04 - 2013-07-31 23:04 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-07-31 23:00 - 2013-07-31 23:00 - 00000000 ____D C:\ProgramData\Lavasoft
2013-07-31 22:59 - 2013-07-31 22:59 - 00000000 ____D C:\Users\Jen\AppData\Local\adawarebp
2013-07-31 22:59 - 2013-07-31 22:59 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-07-31 22:59 - 2013-07-31 22:59 - 00000000 ____D C:\ProgramData\blekko toolbars
2013-07-31 22:59 - 2013-07-31 22:59 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-07-31 22:59 - 2011-01-14 01:23 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-07-31 22:58 - 2013-07-31 22:58 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe
2013-07-31 22:58 - 2013-07-31 22:58 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-07-31 22:45 - 2011-08-12 12:52 - 00000000 ____D C:\Users\Jen\AppData\Roaming\SoftGrid Client
2013-07-31 22:45 - 2010-07-31 04:31 - 00219768 _____ C:\Windows\PFRO.log
2013-07-31 22:42 - 2013-07-31 22:42 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-07-31 22:42 - 2013-07-31 22:42 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-07-31 22:42 - 2013-07-28 10:30 - 00000927 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-31 22:37 - 2011-08-12 12:51 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-07-28 10:31 - 2013-07-28 10:31 - 00000000 ____D C:\Users\Jen\AppData\Roaming\AVG2013
2013-07-28 10:30 - 2013-07-28 10:30 - 00000000 ____D C:\Users\Jen\AppData\Roaming\TuneUp Software
2013-07-28 10:30 - 2013-07-28 10:28 - 00000000 ____D C:\ProgramData\AVG2013
2013-07-28 10:28 - 2013-07-28 10:28 - 00000000 ___HD C:\$AVG
2013-07-28 10:28 - 2013-07-28 10:28 - 00000000 ____D C:\Program Files (x86)\AVG
2013-07-28 10:26 - 2013-07-28 10:26 - 00000000 ____D C:\Users\Jen\AppData\Local\MFAData
2013-07-28 10:25 - 2013-07-28 10:25 - 04463512 _____ (AVG Technologies) C:\Users\Jen\Downloads\avg_free_stb_all_2013_3349_cnet.exe
2013-07-20 01:51 - 2013-07-20 01:51 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys

ZeroAccess:
C:\Windows\Installer\{47ad6d15-b214-984f-6b2f-1fa76e001fd4}
C:\Windows\Installer\{47ad6d15-b214-984f-6b2f-1fa76e001fd4}\L\00000004.@
C:\Windows\Installer\{47ad6d15-b214-984f-6b2f-1fa76e001fd4}\L\201d3dde
C:\Windows\Installer\{47ad6d15-b214-984f-6b2f-1fa76e001fd4}\L\4cce1f70
C:\Windows\Installer\{47ad6d15-b214-984f-6b2f-1fa76e001fd4}\L\6715e287
C:\Windows\Installer\{47ad6d15-b214-984f-6b2f-1fa76e001fd4}\L\76603ac3

ZeroAccess:
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{47ad6d15-b214-984f-6b2f-1fa76e001fd4}
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{47ad6d15-b214-984f-6b2f-1fa76e001fd4}\@

Files to move or delete:
====================
C:\Windows\svchost.exe
ATTENTION ====> Check for partition/boot infection.

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-08-12 21:04

==================== End Of Log ============================

 

 

 

txt.txt

[CatByte]

Please run the following

Download attached fixlist.txt file and save it to the Desktop.

FixList.txt

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

[Starblue]

ok Here is the log

 

 

Boot Mode: Safe Mode (with Networking)
==============================================

Content of fixlist:
*****************
start
SearchScopes: HKLM - {ADB441EA-547C-401A-9B96-E2608E95E3A3} URL = http://search.mywebs...or={searchTerms}
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {364EA597-E728-4CE4-BB4A-ED846EF47970} -  No File
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 06 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 06 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
S2 MapsGalaxy_39Service; C:\PROGRA~2\MAPSGA~2\bar\1.bin\39barsvc.exe [42504 2011-09-16] (COMPANYVERS_NAME)
2013-08-19 04:17 - 2013-07-31 22:59 - 00000000 ____D C:\ProgramData\Search Protection
2013-07-31 22:59 - 2013-07-31 22:59 - 00000000 ____D C:\ProgramData\blekko toolbars
C:\Windows\Installer\{47ad6d15-b214-984f-6b2f-1fa76e001fd4}
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{47ad6d15-b214-984f-6b2f-1fa76e001fd4}
C:\Windows\svchost.exe
end
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ADB441EA-547C-401A-9B96-E2608E95E3A3} => Key deleted successfully.
HKCR\CLSID\{ADB441EA-547C-401A-9B96-E2608E95E3A3} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{ADB441EA-547C-401A-9B96-E2608E95E3A3} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{ADB441EA-547C-401A-9B96-E2608E95E3A3} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{b0441a0e-a49a-4e16-afc1-74ecced1921f} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Value deleted successfully.
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{364EA597-E728-4CE4-BB4A-ED846EF47970} => Value deleted successfully.
HKCR\CLSID\{364EA597-E728-4CE4-BB4A-ED846EF47970} => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000006\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000006\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
MapsGalaxy_39Service => Service deleted successfully.
C:\ProgramData\Search Protection => Moved successfully.
C:\ProgramData\blekko toolbars => Moved successfully.
C:\Windows\Installer\{47ad6d15-b214-984f-6b2f-1fa76e001fd4} => Moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{47ad6d15-b214-984f-6b2f-1fa76e001fd4} => Moved successfully.
C:\Windows\svchost.exe => Moved successfully.

==== End of Fixlog ====

[CatByte]

Please run the following:

Please download Malwarebytes Anti-Rootkit (MBAR) from here http://www.malwarebytes.org/products/mbar/ and save it to your desktop.

Direct link to the file: http://downloads.malwarebytes.org/file/mbar

• Be sure to print out and follow the instructions provided on that same page.
• Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
• Doubleclick on the MBAR file you downloaded.
• Approve the UAC prompt in Vista and newer operating systems.
• Click OK on the next screen, to allow the package to extract the contents of the file to it's own folder, mbar.
• By default, this will be on your desktop, though you can choose another location if you wish. We advise using the default location for simplicity.
• mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.
• After reading the Introduction, click 'Next' if you agree.
• On the Update Database screen, click on the 'Update' button.
• Once you see 'Success: Database was successfully updated' click on 'Next'.
• Click the 'Scan' button.
  • With some infections, you may see two messages boxes.
  • 1.'Could not load protection driver'. Click 'OK'.
  • 2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.

• If malware is found, press the Cleanup button when the scan completes. Click EXIT.

  Then, please send the following logs as attachments to your reply. These logs are located in the mbar folder on your desktop where the tool extracted itself to.

  mbar-log-2013-xx-xx(xx-xx-xx).txt (where xx-xx(xx-xx-xx) is the date and time of the scan)

  system-log.txt

[Starblue]

ok here are the 2 logs, thanks

mbar-log-2013-08-19 (21-34-46).txt

system-log.txt

[CatByte]

Please run the following

Refer to the ComboFix User's Guide

• Download ComboFix from the following location:

  Link

  * IMPORTANT !!! Place ComboFix.exe on your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

  You can get help on disabling your protection programs here

• Double click on ComboFix.exe & follow the prompts.
• Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
• When finished, it shall produce a log for you. Post that log in your next reply

  Note:

  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

  ---------------------------------------------------------------------------------------------

• Ensure your AntiVirus and AntiSpyware applications are re-enabled.

  ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

[Starblue]

ok here is the log

 

[Starblue]

ComboFix 13-08-19.02 -  08/20/2013  18:36:17.1.1 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2814.1641 [GMT -4:00]
Running from: c:\users\\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\config\systemprofile\8817879.exe
c:\windows\SysWow64\config\systemprofile\opera.exe
c:\windows\SysWow64\config\systemprofile\rundll32.exe
c:\windows\SysWow64\config\systemprofile\spoolsv.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-20 to 2013-08-20  )))))))))))))))))))))))))))))))
.
.
2013-08-20 22:47 . 2013-08-20 22:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-20 03:29 . 2013-07-25 03:35 10926080 ----a-w- c:\windows\system32\ieframe.dll
2013-08-20 02:44 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-08-20 02:44 . 2012-02-11 06:39 956928 ----a-w- c:\windows\system32\localspl.dll
2013-08-20 02:44 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2013-08-20 02:44 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2013-08-20 02:44 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-08-20 01:32 . 2013-08-20 01:32 -------- d-----w- c:\programdata\Malwarebytes
2013-08-19 21:58 . 2013-08-19 21:58 -------- d-----w- C:\FRST
2013-08-01 03:04 . 2013-08-01 03:04 -------- d-----w- c:\users\Jen\AppData\Roaming\LavasoftStatistics
2013-08-01 03:04 . 2013-08-01 03:04 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2013-08-01 03:00 . 2013-08-20 22:27 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2013-08-01 03:00 . 2013-08-01 03:00 -------- d-----w- c:\programdata\Lavasoft
2013-08-01 02:59 . 2013-08-01 02:59 -------- d-----w- c:\programdata\Downloaded Installations
2013-08-01 02:59 . 2013-08-01 02:59 -------- d-----w- c:\users\Jen\AppData\Local\adawarebp
2013-08-01 02:59 . 2013-08-19 08:17 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2013-08-01 02:59 . 2013-08-01 02:59 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2013-08-01 02:58 . 2013-08-01 02:58 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-08-01 02:58 . 2013-08-20 02:11 -------- d-----w- c:\users\Jen\AppData\Roaming\Ad-Aware Antivirus
2013-08-01 02:42 . 2013-08-01 02:42 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2013-07-28 14:31 . 2013-07-28 14:31 -------- d-----w- c:\users\Jen\AppData\Roaming\AVG2013
2013-07-28 14:30 . 2013-07-28 14:30 -------- d-----w- c:\users\Jen\AppData\Roaming\TuneUp Software
2013-07-28 14:28 . 2013-07-28 14:30 -------- d-----w- c:\programdata\AVG2013
2013-07-28 14:28 . 2013-07-28 14:28 -------- d-----w- C:\$AVG
2013-07-28 14:28 . 2013-07-28 14:28 -------- d-----w- c:\program files (x86)\AVG
2013-07-28 14:26 . 2013-08-19 05:03 -------- d-----w- c:\users\Jen\AppData\Local\Avg2013
2013-07-28 14:26 . 2013-07-28 14:26 -------- d-----w- c:\users\Jen\AppData\Local\MFAData
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-20 02:03 . 2010-12-14 04:26 62134624 ----a-w- c:\windows\system32\MRT.exe
2013-07-20 05:51 . 2013-07-20 05:51 311608 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-07-20 05:50 . 2013-07-20 05:50 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-07-20 05:50 . 2013-07-20 05:50 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-07-20 05:50 . 2013-07-20 05:50 206648 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-07-10 05:32 . 2013-07-10 05:32 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-07-01 05:45 . 2013-07-01 05:45 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-06-27 16:14 . 2010-01-21 09:27 2237968 ----a-w- C:\tdsskiller.exe
2013-06-12 03:51 . 2012-08-18 18:02 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 03:51 . 2012-08-18 18:02 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2013-07-29 06:52 87440 ----a-w- c:\program files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll" [2013-07-29 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files (x86)\AOL Desktop 9.6a\AOL.EXE" [2011-04-25 42320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files (x86)\Common Files\AOL\1291691248\ee\AOLSoftware.exe" [2010-03-08 41800]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-07-01 4411440]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-07-15 554384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-29 16333856]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-14 610360]
.
------- Supplementary Scan -------
.

uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-Search Protection - c:\programdata\Search Protection\SearchProtection.exe
Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
SafeBoot-17290921.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-20  18:58:05
ComboFix-quarantined-files.txt  2013-08-20 22:58
.
Pre-Run: 230,445,355,008 bytes free
Post-Run: 245,943,717,888 bytes free
.
- - End Of File - - BD3038D0D260800E125927355AE2D7A9
6A3BB38EF08BCB99A37E0133C3888935

[CatByte]

Please run the following:

Please download Junkware Removal Tool to your desktop.

• Shutdown your antivirus to avoid any conflicts.
• Right-mouse click JRT.exe and select Run as administrator
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message

NEXT

Download AdwCleaner from here and save it to your desktop.

• Run AdwCleaner and select Clean
• Once done it will ask to reboot, allow the reboot
• On reboot a log will be produced, please attach the content of the log to your next reply

NEXT

• Please open your MalwareBytes AntiMalware Program
• Click the Update Tab and search for updates
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected. <-- very important
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Go here to run an online scanner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activeX control to install
• Click Start
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
• Wait for the scan to finish
• When the scan completes, press the LIST OF THREATS FOUND button
• Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
• Include the contents of this report in your next reply.
• Press the BACK button.
• Press Finish

[Starblue]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.1 (08.19.2013:1)
OS: Windows 7 Home Premium x64
Ran by  on Tue 08/20/2013 at 19:23:54.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3217652057-2821476037-1169716605-1001\Software\Microsoft\Internet Explorer\Main\\Start Page

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}

 

~~~ Files

Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\viewpoint"
Successfully deleted: [Folder] "C:\Users\Jen\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Users\Jen\appdata\locallow\adawaretb"
Successfully deleted: [Folder] "C:\Users\Jen\appdata\locallow\mapsgalaxy_39"
Successfully deleted: [Folder] "C:\Program Files (x86)\mapsgalaxy_39"
Failed to delete: [Folder] "C:\Program Files (x86)\viewpoint"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/20/2013 at 19:28:28.49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Starblue]

# AdwCleaner v3.000 - Report created 20/08/2013 at 22:15:19
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username :
# Running from : C:\Users\J\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\MapsGalaxy_39EI
Folder Deleted : C:\Program Files (x86)\Viewpoint
Folder Deleted : C:\Users\\AppData\LocalLow\MapsGalaxy_39EI

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [39ffxtbr@MapsGalaxy_39.com]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@MapsGalaxy_39.com/Plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Key Deleted : HKCU\Software\AppDataLow\Software\adawaretb
Key Deleted : HKCU\Software\AppDataLow\Software\MapsGalaxy_39
Key Deleted : HKCU\Software\AppDataLow\Software\MapsGalaxy_39EI
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\Software\MapsGalaxy_39
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16502

*************************

AdwCleaner[R0].txt - [2675 octets] - [20/08/2013 22:00:43]
AdwCleaner[R1].txt - [2735 octets] - [20/08/2013 22:14:57]
AdwCleaner[s0].txt - [2599 octets] - [20/08/2013 22:15:19]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2659 octets] ##########

 

 

 

I hope this is the correct log, I kinda got confused in that section

 

Malwarebytes Anti-Rootkit BETA 1.06.1.1005
www.malwarebytes.org

Database version: v2013.08.20.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421

8/20/2013 10:22:46 PM
mbar-log-2013-08-20 (22-22-46).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 243016
Time elapsed: 10 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

 

and the

[Starblue]

I got half of log for the the ESET last log , sorry, it takes a really long time to scan

I'll try again, after work tomorrow

[CatByte]

ok, no problem

also let me know how the computer is running and if there are any outstanding issues

[Starblue]

ok here is the ESET log after 2 hours....that's long, lol

 

My computer is out of safe mode and working well, no problems with boot ups so far and the screen hasn't show up. I'm runnung regular mode

 

 

C:\AdwCleaner\Quarantine\C\Users\Jen\AppData\LocalLow\MapsGalaxy_39EI\Installr\Cache\018D03BF.exe.vir a variant of Win32/Toolbar.MyWebSearch.O application
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp1.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp2.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp3.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp4.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp5.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp6.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgp1.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgp2.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgp3.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgp4.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgp5.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgp6.zip Win32/Bagle.gen.zip worm
C:\Users\Jen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\7ff8dfd3-2477ab6b a variant of Java/JShrink.A application
C:\Users\Jen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\42cc9baf-3a0ba303 multiple threats
C:\Users\Jen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\61588735-342c1d98 a variant of Java/Exploit.Blacole.AK trojan
C:\Users\Jen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\521270fa-38f467be multiple threats
C:\Users\Jen\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\stubinst_pkg_en-us.cab Win32/OpenCandy application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2M7SGM9W\menshealthbase_passback_300x250[1].htm JS/Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\13eef480-38d6e61b multiple threats
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\ef13c94-2658c2a2 Java/Exploit.Agent.NGS trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\518b4dda-533d44d5 a variant of Java/Exploit.Agent.NJV trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\76a20060-4d4f5f54 multiple threats
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\2e74f128-1074dc0b multiple threats
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\646a4eb2-7934118c multiple threats
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2M7SGM9W\menshealthbase_passback_300x250[1].htm JS/Agent.NJV trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\13eef480-38d6e61b multiple threats
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\ef13c94-2658c2a2 Java/Exploit.Agent.NGS trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\518b4dda-533d44d5 a variant of Java/Exploit.Agent.NJV trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\76a20060-4d4f5f54 multiple threats
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\2e74f128-1074dc0b multiple threats
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\646a4eb2-7934118c multiple threats

[CatByte]

Please do the following:

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
• They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:

Press the WinKey + R to open a run box, type Notepad > click OK.

This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::C:\Users\Jen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\7ff8dfd3-2477ab6b C:\Users\Jen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\42cc9baf-3a0ba303 C:\Users\Jen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\61588735-342c1d98 C:\Users\Jen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\521270fa-38f467be C:\Users\Jen\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\stubinst_pkg_en-us.cab C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2M7SGM9W\menshealthbase_passback_300x250[1].htm C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\13eef480-38d6e61b C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\ef13c94-2658c2a2 C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\518b4dda-533d44d5 C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\76a20060-4d4f5f54C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\2e74f128-1074dc0b C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\646a4eb2-7934118c C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2M7SGM9W\menshealthbase_passback_300x250[1].htm C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\13eef480-38d6e61bC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\ef13c94-2658c2a2 C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\518b4dda-533d44d5 C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\76a20060-4d4f5f54C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\2e74f128-1074dc0bC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\646a4eb2-7934118cClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix may request an update; please allow it.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you.
• Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

[Starblue]

 ok here is the log

 

ComboFix 13-08-21.01 - Jen 08/22/2013   1:03.3.1 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2814.1199 [GMT -4:00]
Running from: c:\users\J\Desktop\ComboFix.exe
Command switches used :: c:\users\J\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Jen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\7ff8dfd3-2477ab6b"
"c:\users\Jen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\42cc9baf-3a0ba303"
"c:\users\Jen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\61588735-342c1d98"
"c:\users\Jen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\521270fa-38f467be"
"c:\users\Jen\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\stubinst_pkg_en-us.cab"
"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2M7SGM9W\menshealthbase_passback_300x250[1].htm"
"c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\13eef480-38d6e61b"
"c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\ef13c94-2658c2a2"
"c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\518b4dda-533d44d5"
"c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\76a20060-4d4f5f54"
"c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\2e74f128-1074dc0b"
"c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\646a4eb2-7934118c"
"c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2M7SGM9W\menshealthbase_passback_300x250[1].htm"
"c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\13eef480-38d6e61b"
"c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\ef13c94-2658c2a2"
"c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\518b4dda-533d44d5"
"c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\76a20060-4d4f5f54"
"c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\2e74f128-1074dc0b"
"c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\646a4eb2-7934118c"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jen\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\stubinst_pkg_en-us.cab
c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2M7SGM9W\menshealthbase_passback_300x250[1].htm
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-22 to 2013-08-22  )))))))))))))))))))))))))))))))
.
.
2013-08-22 05:12 . 2013-08-22 05:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-21 05:55 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-08-21 05:55 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-08-21 05:55 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-08-21 05:55 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-08-21 05:48 . 2013-08-21 05:48 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-21 05:33 . 2013-08-21 05:35 -------- d-----w- c:\windows\system32\MRT
2013-08-21 05:21 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-08-21 05:21 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-08-21 05:21 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-08-21 05:21 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-08-21 05:19 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-08-21 05:19 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-08-21 05:19 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-08-21 05:19 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-08-21 05:19 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-08-21 05:19 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-08-21 05:19 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-08-21 02:41 . 2013-08-21 02:41 -------- d-----w- c:\program files (x86)\ESET
2013-08-21 02:22 . 2013-08-21 03:00 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-08-21 02:16 . 2013-08-21 02:16 -------- d-----w- c:\users\Jen\AppData\Local\adawarebp
2013-08-21 02:00 . 2013-08-21 02:15 -------- d-----w- C:\AdwCleaner
2013-08-20 23:23 . 2013-08-20 23:23 -------- d-----w- c:\windows\ERUNT
2013-08-20 02:58 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-08-20 02:58 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-08-20 02:58 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-08-20 02:57 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2013-08-20 02:57 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2013-08-20 02:57 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2013-08-20 02:57 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2013-08-20 02:57 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-20 02:57 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-20 02:57 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-20 02:57 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-20 02:57 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-20 02:57 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-20 02:57 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-20 02:57 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-08-20 02:56 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-08-20 02:56 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-08-20 02:56 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-08-20 02:56 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-08-20 02:56 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-08-20 02:56 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-08-20 02:54 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2013-08-20 02:52 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2013-08-20 02:52 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2013-08-20 02:52 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-08-20 02:52 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-08-20 02:52 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-08-20 02:52 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-08-20 02:52 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-08-20 02:52 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-20 02:52 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-20 02:52 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-20 02:52 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-20 02:52 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-20 02:52 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-08-20 02:49 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2013-08-20 02:47 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2013-08-20 02:47 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2013-08-20 02:47 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-08-20 02:47 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-08-20 02:47 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-08-20 02:47 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-08-20 02:47 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-08-20 02:47 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-08-20 02:44 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-20 02:44 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-20 02:44 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-08-20 02:44 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-20 02:44 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-08-20 02:44 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-08-20 02:44 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-08-20 02:44 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-08-20 02:44 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2013-08-20 02:44 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2013-08-20 02:20 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2013-08-20 01:32 . 2013-08-20 01:32 -------- d-----w- c:\programdata\Malwarebytes
2013-08-19 21:58 . 2013-08-19 21:58 -------- d-----w- C:\FRST
2013-08-01 03:04 . 2013-08-01 03:04 -------- d-----w- c:\users\Jen\AppData\Roaming\LavasoftStatistics
2013-08-01 03:04 . 2013-08-01 03:04 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2013-08-01 03:00 . 2013-08-20 22:27 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2013-08-01 03:00 . 2013-08-01 03:00 -------- d-----w- c:\programdata\Lavasoft
2013-08-01 02:59 . 2013-08-01 02:59 -------- d-----w- c:\programdata\Downloaded Installations
2013-08-01 02:59 . 2013-08-19 08:17 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2013-08-01 02:59 . 2013-08-01 02:59 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2013-08-01 02:58 . 2013-08-01 02:58 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-08-01 02:58 . 2013-08-20 02:11 -------- d-----w- c:\users\Jen\AppData\Roaming\Ad-Aware Antivirus
2013-08-01 02:42 . 2013-08-01 02:42 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2013-07-28 14:31 . 2013-07-28 14:31 -------- d-----w- c:\users\Jen\AppData\Roaming\AVG2013
2013-07-28 14:30 . 2013-07-28 14:30 -------- d-----w- c:\users\Jen\AppData\Roaming\TuneUp Software
2013-07-28 14:28 . 2013-07-28 14:30 -------- d-----w- c:\programdata\AVG2013
2013-07-28 14:28 . 2013-07-28 14:28 -------- d-----w- C:\$AVG
2013-07-28 14:28 . 2013-07-28 14:28 -------- d-----w- c:\program files (x86)\AVG
2013-07-28 14:26 . 2013-08-19 05:03 -------- d-----w- c:\users\Jen\AppData\Local\Avg2013
2013-07-28 14:26 . 2013-07-28 14:26 -------- d-----w- c:\users\Jen\AppData\Local\MFAData
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-05 20:14 . 2010-12-14 04:26 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-20 05:51 . 2013-07-20 05:51 311608 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-07-20 05:50 . 2013-07-20 05:50 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-07-20 05:50 . 2013-07-20 05:50 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-07-20 05:50 . 2013-07-20 05:50 206648 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-07-10 05:32 . 2013-07-10 05:32 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-07-01 05:45 . 2013-07-01 05:45 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-06-27 16:14 . 2010-01-21 09:27 2237968 ----a-w- C:\tdsskiller.exe
2013-06-12 03:51 . 2012-08-18 18:02 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 03:51 . 2012-08-18 18:02 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files (x86)\AOL Desktop 9.6a\AOL.EXE" [2011-04-25 42320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files (x86)\Common Files\AOL\1291691248\ee\AOLSoftware.exe" [2010-03-08 41800]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-07-01 4411440]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-07-15 554384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-29 16333856]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-14 610360]
.
------- Supplementary Scan -------
.

uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-22  01:23:07
ComboFix-quarantined-files.txt  2013-08-22 05:23
ComboFix2.txt  2013-08-22 04:54
ComboFix3.txt  2013-08-20 22:58
.
Pre-Run: 244,881,625,088 bytes free
Post-Run: 244,897,583,104 bytes free
.
- - End Of File - - D95CA0B884E99C2EC423A904EAB4502A
6A3BB38EF08BCB99A37E0133C3888935

[CatByte]

Please run the following:

Visit ADOBE and download the latest version of Acrobat Reader (version XI)

Having the latest updates ensures there are no security vulnerabilities in your system.

Decline any additional installs that may be offered.

NEXT

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

• Download the latest version of Java Runtime Environment (JRE) 7 and Save it to your Desktop.
• Scroll down to where it says Java SE 7u25
• Click the Download button under JRE to the right.
• Read the License Agreement then select Accept License Agreement
• Click on the link to download Windows x86 Offline and save the file to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java 6) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-7u25-windows-i586.exe to install the newest version.
• Decline any additional installs that may be offered.

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are three options in the window to clear the cache - Leave these two Checked

    • Trace and Log Files

      Cached Applications and Applets

    • Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

NEXT

Please advise how the computer is running now and if there are any outstanding issues

[Starblue]

ok I did everything in the post,

 

Computer is working like when I first got it, moves faster than before.  It very responsive and no more Death of a Blue Screen, in sight

[CatByte]

We just have some housekeeping to do now,

Please do the following:

You can delete the FRST, JRT and MBAR logs and programs from your desktop.

NEXT

Follow these steps to uninstall Combofix

• Make sure your security programs are totally disabled.
• Press the WinKey +R to open a run box
• Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

NEXT

• Double click on adwcleaner.exe to run the tool.
• Click on Uninstall.
• Confirm with yes.

If there are any logs/tools remaining on your desktop > right click and delete them.

NEXT

Below I have included a number of recommendations for how to protect your computer against malware infections.

• It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article

  Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

• Keep Windows updated by regularly checking their website at :

  http://windowsupdate.microsoft.com/

  This will ensure your computer has always the latest security updates available installed on your computer.

• Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
• Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
  It's normal after running TFC cleaner that the PC will be slower to boot the first time.
• WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
  WOT has an addon available for both Firefox and IE
• Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
• In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

  PC Safety and Security--What Do I Need?.

• Simple and easy ways to keep your computer safe and secure on the Internet

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

[Starblue]

Ok I did the tasks on the your list and thanks for the info, THANK YOU SO MUCH for your help

[CatByte]

you are welcome

stay safe

~CB

[CatByte]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.