q562

Ah okay, that's a relief. Thanks again! I really appreciate your help. I'm broke, but I'll donate what I can.

Thank you so much! If you don't mind me asking; How badly infected was my computer?

After the last scan I ran, a few programs stopped responding, including my task manager and Firefox. I don't know if this is coincidental, but I needed to restart my computer.

C:\Users\Quentin\AppData\Local\Updater21804\Updater21804.exe a variant of Win32/Toolbar.CrossRider.C application C:\Users\Quentin\Downloads\cbsidlm-tr1_11-Virtual_CloneDrive-SEO-173879.exe Win32/DownloadAdmin.G application

Malwarebytes didn't give me a log :< Everything is still going smoothly! ---- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:56:54 PM, on 3/22/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16470) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\puush\puush.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files (x86)\LOLReplay\LOLRecorder.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Windows\SysWOW64\ctfmon.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Quentin\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start O4 - HKCU\..\Run: [puush] C:\Program Files (x86)\puush\puush.exe O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Quentin\AppData\Local\Akamai\netsession_win.exe" O4 - Global Startup: LOLRecorder.lnk = C:\Program Files (x86)\LOLReplay\LOLRecorder.exe O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\Windows\system32\AppleOSSMgr.exe (file missing) O23 - Service: Apple Time Service (AppleTimeSrv) - Unknown owner - C:\Windows\system32\AppleTimeSrv.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit (mi-raysat_3dsmax2013_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Wacom Professional Service (WTabletServicePro) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe -- End of file - 8007 bytes

Everything still runningly smoothly it appears ---- ComboFix 13-03-21.02 - Quentin 03/22/2013 17:51:08.2.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4007.1890 [GMT -4:00] Running from: c:\users\Quentin\Desktop\ComboFix.exe Command switches used :: c:\users\Quentin\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-02-22 to 2013-03-22 ))))))))))))))))))))))))))))))) . . 2013-03-22 21:56 . 2013-03-22 21:56 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-22 12:00 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{22A42CFA-726F-41A3-B7F7-ED8F92AF6271}\mpengine.dll 2013-03-22 05:53 . 2013-03-06 22:33 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-03-22 05:53 . 2013-03-06 22:33 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-03-19 21:27 . 2013-03-19 21:27 -------- d-----w- c:\users\Quentin\AppData\Roaming\gtk-2.0 2013-03-19 19:23 . 2013-03-19 19:23 -------- d-----w- c:\users\Quentin\AppData\Local\Solid State Networks 2013-03-19 19:23 . 2013-03-19 19:23 -------- d-----w- c:\program files (x86)\MeteorEntertainment 2013-03-16 07:27 . 2013-03-16 07:27 -------- d-----w- c:\users\Quentin\AppData\Roaming\stetic 2013-03-16 07:27 . 2013-03-16 07:27 -------- d-----w- c:\users\Quentin\AppData\Roaming\MonoDevelop-Unity-2.8 2013-03-16 07:27 . 2013-03-16 07:27 -------- d-----w- c:\users\Quentin\AppData\Local\MonoDevelop-Unity-2.8 2013-03-15 05:25 . 2013-03-15 05:25 -------- d-----w- c:\users\Quentin\AppData\Roaming\Malwarebytes 2013-03-15 05:25 . 2013-03-15 05:25 -------- d-----w- c:\programdata\Malwarebytes 2013-03-15 05:25 . 2013-03-15 05:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-03-15 05:25 . 2012-12-14 20:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-13 23:20 . 2013-03-13 23:20 -------- d-----w- c:\windows\SysWow64\Adobe 2013-03-13 01:45 . 2013-03-13 02:11 -------- d-----w- c:\users\Quentin\AppData\Roaming\dvdcss 2013-03-10 07:03 . 2013-03-10 07:04 -------- d-----w- c:\users\Quentin\AppData\Roaming\Unity 2013-03-10 07:01 . 2013-03-10 07:01 -------- d-----w- c:\users\Quentin\AppData\Roaming\Apple Computer 2013-03-10 07:01 . 2013-03-10 07:01 -------- d-----w- c:\users\Quentin\AppData\Local\Apple Computer 2013-03-10 07:01 . 2013-03-21 04:20 -------- d-----w- c:\programdata\Unity 2013-03-10 06:54 . 2013-03-10 07:01 -------- d-----w- c:\users\Quentin\AppData\Local\Unity 2013-03-10 06:48 . 2013-03-10 06:54 -------- d-----w- c:\program files (x86)\Unity 2013-03-06 18:12 . 2013-03-13 02:19 -------- d-----w- c:\users\Quentin\AppData\Roaming\vlc 2013-03-06 18:12 . 2013-03-06 18:12 -------- d-----w- c:\program files (x86)\VideoLAN 2013-03-02 06:51 . 2013-03-22 21:56 -------- d-----w- c:\users\Quentin\AppData\Local\LogMeIn Hamachi 2013-03-02 06:50 . 2013-03-02 06:50 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2013-03-02 04:16 . 2013-03-02 04:17 -------- d-----w- c:\users\Quentin\AppData\Roaming\.minecraft 2013-03-02 04:10 . 2013-03-19 17:57 -------- d-----w- c:\users\Quentin\AppData\Local\Akamai 2013-03-02 04:10 . 2013-03-02 04:10 -------- d-----w- C:\AeriaGames 2013-03-01 20:57 . 2013-03-03 21:35 -------- d-----w- c:\program files (x86)\Common Files\Steam 2013-03-01 20:57 . 2013-03-22 21:02 -------- d-----w- c:\program files (x86)\Steam 2013-03-01 13:59 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-03-01 13:59 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-03-01 13:42 . 2013-03-01 13:42 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2013-02-26 20:27 . 2013-02-26 20:27 -------- d-----w- c:\program files (x86)\LOLReplay 2013-02-26 17:17 . 2013-02-26 17:17 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services 2013-02-26 17:17 . 2013-02-26 17:17 -------- d-----w- c:\program files\Microsoft Office 2013-02-26 17:16 . 2013-02-26 17:16 -------- d-----w- c:\users\Quentin\AppData\Local\Microsoft Help 2013-02-26 17:16 . 2013-03-15 07:04 -------- d-----w- c:\programdata\Microsoft Help 2013-02-26 17:16 . 2013-02-26 17:16 -------- d-----r- C:\MSOCache 2013-02-26 17:02 . 2013-02-26 17:02 -------- d-----w- c:\users\Quentin\AppData\Local\CRE 2013-02-26 17:00 . 2013-02-26 17:00 -------- d-----w- c:\program files (x86)\Elaborate Bytes 2013-02-26 17:00 . 2013-02-26 17:00 -------- d-----w- c:\users\Quentin\AppData\Local\Updater21804 2013-02-26 01:20 . 2013-02-26 01:20 -------- d-----w- C:\f9d60aa934e5ce49f647 2013-02-22 05:25 . 2013-03-11 01:07 -------- d-----w- c:\program files (x86)\MSECache 2013-02-21 02:58 . 2013-02-21 02:58 -------- d-----w- C:\838ae29d056775abedc5b951 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-22 08:47 . 2013-02-07 02:52 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-22 08:47 . 2013-02-07 02:52 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-06 22:33 . 2013-02-07 20:40 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-03-06 22:33 . 2013-02-07 20:40 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-03-06 22:33 . 2013-02-07 20:40 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-03-06 22:33 . 2013-02-07 20:40 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-03-06 22:33 . 2013-02-07 20:40 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-03-06 22:33 . 2013-02-07 20:40 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-03-06 22:32 . 2013-02-07 20:39 41664 ----a-w- c:\windows\avastSS.scr 2013-03-06 22:32 . 2013-02-07 03:21 287840 ----a-w- c:\windows\system32\aswBoot.exe 2013-02-12 05:45 . 2013-03-13 03:30 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-13 03:31 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-13 03:30 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-13 03:30 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-13 03:31 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-13 03:31 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-09 03:15 . 2013-02-08 02:26 84192 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2013-02-08 19:22 . 2013-02-17 09:05 1982264 ----a-w- c:\windows\system32\Wacom_Tablet.dll 2013-02-08 19:22 . 2013-02-17 09:05 1975096 ----a-w- c:\windows\system32\Wacom_Touch_Tablet.dll 2013-02-08 19:22 . 2013-02-17 09:05 1843512 ----a-w- c:\windows\system32\Wintab32.dll 2013-02-08 19:22 . 2013-02-17 09:05 1840440 ----a-w- c:\windows\system32\WacomMT.dll 2013-02-08 19:22 . 2013-02-17 09:05 1628984 ----a-w- c:\windows\SysWow64\Wacom_Tablet.dll 2013-02-08 19:22 . 2013-02-17 09:05 1622328 ----a-w- c:\windows\SysWow64\Wacom_Touch_Tablet.dll 2013-02-08 19:22 . 2013-02-17 09:05 1509176 ----a-w- c:\windows\SysWow64\Wintab32.dll 2013-02-08 19:22 . 2013-02-17 09:05 1505592 ----a-w- c:\windows\SysWow64\WacomMT.dll 2013-02-08 08:10 . 2013-02-08 08:10 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-02-08 08:10 . 2013-02-08 08:10 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-02-08 08:10 . 2013-02-08 08:10 89088 ----a-w- c:\windows\system32\ie4uinit.exe 2013-02-08 08:10 . 2013-02-08 08:10 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-02-08 08:10 . 2013-02-08 08:10 85504 ----a-w- c:\windows\system32\iesetup.dll 2013-02-08 08:10 . 2013-02-08 08:10 82432 ----a-w- c:\windows\system32\icardie.dll 2013-02-08 08:10 . 2013-02-08 08:10 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-02-08 08:10 . 2013-02-08 08:10 76800 ----a-w- c:\windows\system32\tdc.ocx 2013-02-08 08:10 . 2013-02-08 08:10 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-02-08 08:10 . 2013-02-08 08:10 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2013-02-08 08:10 . 2013-02-08 08:10 65024 ----a-w- c:\windows\system32\pngfilt.dll 2013-02-08 08:10 . 2013-02-08 08:10 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-02-08 08:10 . 2013-02-08 08:10 55296 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-02-08 08:10 . 2013-02-08 08:10 534528 ----a-w- c:\windows\system32\ieapfltr.dll 2013-02-08 08:10 . 2013-02-08 08:10 49664 ----a-w- c:\windows\system32\imgutil.dll 2013-02-08 08:10 . 2013-02-08 08:10 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-02-08 08:10 . 2013-02-08 08:10 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-02-08 08:10 . 2013-02-08 08:10 452608 ----a-w- c:\windows\system32\dxtmsft.dll 2013-02-08 08:10 . 2013-02-08 08:10 448512 ----a-w- c:\windows\system32\html.iec 2013-02-08 08:10 . 2013-02-08 08:10 403248 ----a-w- c:\windows\system32\iedkcs32.dll 2013-02-08 08:10 . 2013-02-08 08:10 39936 ----a-w- c:\windows\system32\iernonce.dll 2013-02-08 08:10 . 2013-02-08 08:10 3695416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-02-08 08:10 . 2013-02-08 08:10 367104 ----a-w- c:\windows\SysWow64\html.iec 2013-02-08 08:10 . 2013-02-08 08:10 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-02-08 08:10 . 2013-02-08 08:10 30720 ----a-w- c:\windows\system32\licmgr10.dll 2013-02-08 08:10 . 2013-02-08 08:10 282112 ----a-w- c:\windows\system32\dxtrans.dll 2013-02-08 08:10 . 2013-02-08 08:10 267776 ----a-w- c:\windows\system32\ieaksie.dll 2013-02-08 08:10 . 2013-02-08 08:10 249344 ----a-w- c:\windows\system32\webcheck.dll 2013-02-08 08:10 . 2013-02-08 08:10 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-02-08 08:10 . 2013-02-08 08:10 222208 ----a-w- c:\windows\system32\msls31.dll 2013-02-08 08:10 . 2013-02-08 08:10 197120 ----a-w- c:\windows\system32\msrating.dll 2013-02-08 08:10 . 2013-02-08 08:10 165888 ----a-w- c:\windows\system32\iexpress.exe 2013-02-08 08:10 . 2013-02-08 08:10 163840 ----a-w- c:\windows\system32\ieakui.dll 2013-02-08 08:10 . 2013-02-08 08:10 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2013-02-08 08:10 . 2013-02-08 08:10 160256 ----a-w- c:\windows\system32\wextract.exe 2013-02-08 08:10 . 2013-02-08 08:10 160256 ----a-w- c:\windows\system32\ieakeng.dll 2013-02-08 08:10 . 2013-02-08 08:10 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2013-02-08 08:10 . 2013-02-08 08:10 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-02-08 08:10 . 2013-02-08 08:10 149504 ----a-w- c:\windows\system32\occache.dll 2013-02-08 08:10 . 2013-02-08 08:10 145920 ----a-w- c:\windows\system32\iepeers.dll 2013-02-08 08:10 . 2013-02-08 08:10 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-02-08 08:10 . 2013-02-08 08:10 12288 ----a-w- c:\windows\system32\mshta.exe 2013-02-08 08:10 . 2013-02-08 08:10 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2013-02-08 08:10 . 2013-02-08 08:10 114176 ----a-w- c:\windows\system32\admparse.dll 2013-02-08 08:10 . 2013-02-08 08:10 111616 ----a-w- c:\windows\system32\iesysprep.dll 2013-02-08 08:10 . 2013-02-08 08:10 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-02-08 08:10 . 2013-02-08 08:10 10752 ----a-w- c:\windows\system32\msfeedssync.exe 2013-02-08 08:10 . 2013-02-08 08:10 103936 ----a-w- c:\windows\system32\inseng.dll 2013-02-08 08:10 . 2013-02-08 08:10 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2013-02-07 02:57 . 2013-02-07 02:57 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-07 02:57 . 2013-02-07 02:57 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-02-07 02:57 . 2013-02-07 02:57 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-01-17 05:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-05 05:53 . 2013-02-20 05:19 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-05 05:00 . 2013-02-20 05:19 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-01-05 05:00 . 2013-02-20 05:19 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-01-04 05:46 . 2013-02-20 05:11 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-01-04 04:51 . 2013-02-20 05:11 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-01-04 04:43 . 2013-02-20 05:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-01-04 03:26 . 2013-02-20 05:19 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-01-04 02:47 . 2013-02-20 05:11 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-01-04 02:47 . 2013-02-20 05:11 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-01-04 02:47 . 2013-02-20 05:11 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-01-04 02:47 . 2013-02-20 05:11 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-01-03 06:00 . 2013-02-20 05:11 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-01-03 06:00 . 2013-02-20 05:11 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay] @="{80E008A4-EAE7-4867-AEB0-1A245F070F25}" [HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}] 2013-01-22 22:42 1954880 ----a-w- c:\program files\Perforce\p4exp.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay] @="{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}" [HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}] 2013-01-22 22:42 1954880 ----a-w- c:\program files\Perforce\p4exp.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay] @="{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}" [HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}] 2013-01-22 22:42 1954880 ----a-w- c:\program files\Perforce\p4exp.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "puush"="c:\program files (x86)\puush\puush.exe" [2013-02-07 565480] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-02-25 1602984] "Akamai NetSession Interface"="c:\users\Quentin\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-14 2255360] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2013-2-14 523264] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;c:\program files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011-09-15 86016] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-02-08 1432400] R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys [2012-12-19 14320] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys [2012-12-19 82416] R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [2012-12-20 15344] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-02-08 1255736] S0 AppleHFS;AppleHFS; [x] S0 AppleMNT;AppleMNT; [x] S0 aswRvrt;aswRvrt; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-13 203776] S2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2011-06-29 224640] S2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [2011-06-29 111488] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-14 2466304] S2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [2011-06-29 17752] S2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [2011-06-29 22872] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-06-13 2655768] S2 WTabletServicePro;Wacom Professional Service;c:\program files\Tablet\Wacom\WTabletServicePro.exe [2013-02-08 613688] S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-14 9728] S3 AppleBtBc;Apple Broadcom Built-in Bluetooth;c:\windows\system32\DRIVERS\AppleBtBc.sys [2011-03-25 18944] S3 applemtm;Apple Multitouch Mouse;c:\windows\system32\DRIVERS\applemtm.sys [2011-03-25 12288] S3 applemtp;Apple Multitouch;c:\windows\system32\DRIVERS\applemtp.sys [2011-03-25 38912] S3 aswVmm;aswVmm; [x] S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [2011-06-13 85544] S3 CirrusFilter;CS420xLowerFilter;c:\windows\system32\DRIVERS\CS420x64.sys [2011-06-13 18432] S3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys [2011-03-25 18432] S3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys [2011-05-27 32256] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ASWRVRT *NewlyCreated* - ASWVMM . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-03-13 04:39 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-07 03:21] . 2013-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-07 03:21] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-03-06 22:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2012-12-18 00:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2012-12-18 00:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2012-12-18 00:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2012-12-18 00:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay] @="{80E008A4-EAE7-4867-AEB0-1A245F070F25}" [HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}] 2013-01-22 22:43 2395200 ----a-w- c:\program files\Perforce\p4exp64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay] @="{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}" [HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}] 2013-01-22 22:43 2395200 ----a-w- c:\program files\Perforce\p4exp64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay] @="{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}" [HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}] 2013-01-22 22:43 2395200 ----a-w- c:\program files\Perforce\p4exp64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apple_KbdMgr"="c:\program files\Boot Camp\Bootcamp.exe" [2011-06-29 741760] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Quentin\AppData\Roaming\Mozilla\Firefox\Profiles\wkvwyuea.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/ FF - ExtSQL: 2013-02-07 02:07; {4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}; c:\users\Quentin\AppData\Roaming\Mozilla\Firefox\Profiles\wkvwyuea.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi FF - ExtSQL: 2013-02-07 15:26; {E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}; c:\users\Quentin\AppData\Roaming\Mozilla\Firefox\Profiles\wkvwyuea.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} FF - ExtSQL: 2013-02-07 15:39; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF . - - - - ORPHANS REMOVED - - - - . AddRemove-Coupon Companion Plugin - c:\program files (x86)\Coupon Companion Plugin\Uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-03-22 17:58:46 ComboFix-quarantined-files.txt 2013-03-22 21:58 ComboFix2.txt 2013-03-22 09:15 . Pre-Run: 299,410,903,040 bytes free Post-Run: 300,544,757,760 bytes free . - - End Of File - - 5540AFAFFFF85A914D4D02162B5467FA

The computer is running well at the moment, but I have yet to attempt replicating the initial issue. I'll try another full scan and let you know the results. Thanks so much! ---- ComboFix 13-03-21.02 - Quentin 03/22/2013 5:05.1.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4007.2597 [GMT -4:00] Running from: c:\users\Quentin\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2013-02-22 to 2013-03-22 ))))))))))))))))))))))))))))))) . . 2013-03-22 09:11 . 2013-03-22 09:11 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-22 05:53 . 2013-03-06 22:33 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-03-22 05:53 . 2013-03-06 22:33 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-03-19 21:27 . 2013-03-19 21:27 -------- d-----w- c:\users\Quentin\AppData\Roaming\gtk-2.0 2013-03-19 20:43 . 2013-03-19 20:43 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1CDF571A-C131-4E2A-98C3-86BCB4E71B9B}\offreg.dll 2013-03-19 19:23 . 2013-03-19 19:23 -------- d-----w- c:\users\Quentin\AppData\Local\Solid State Networks 2013-03-19 19:23 . 2013-03-19 19:23 -------- d-----w- c:\program files (x86)\MeteorEntertainment 2013-03-19 17:25 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1CDF571A-C131-4E2A-98C3-86BCB4E71B9B}\mpengine.dll 2013-03-16 07:27 . 2013-03-16 07:27 -------- d-----w- c:\users\Quentin\AppData\Roaming\stetic 2013-03-16 07:27 . 2013-03-16 07:27 -------- d-----w- c:\users\Quentin\AppData\Roaming\MonoDevelop-Unity-2.8 2013-03-16 07:27 . 2013-03-16 07:27 -------- d-----w- c:\users\Quentin\AppData\Local\MonoDevelop-Unity-2.8 2013-03-15 05:25 . 2013-03-15 05:25 -------- d-----w- c:\users\Quentin\AppData\Roaming\Malwarebytes 2013-03-15 05:25 . 2013-03-15 05:25 -------- d-----w- c:\programdata\Malwarebytes 2013-03-15 05:25 . 2013-03-15 05:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-03-15 05:25 . 2012-12-14 20:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-13 23:20 . 2013-03-13 23:20 -------- d-----w- c:\windows\SysWow64\Adobe 2013-03-13 01:45 . 2013-03-13 02:11 -------- d-----w- c:\users\Quentin\AppData\Roaming\dvdcss 2013-03-10 07:03 . 2013-03-10 07:04 -------- d-----w- c:\users\Quentin\AppData\Roaming\Unity 2013-03-10 07:01 . 2013-03-10 07:01 -------- d-----w- c:\users\Quentin\AppData\Roaming\Apple Computer 2013-03-10 07:01 . 2013-03-10 07:01 -------- d-----w- c:\users\Quentin\AppData\Local\Apple Computer 2013-03-10 07:01 . 2013-03-21 04:20 -------- d-----w- c:\programdata\Unity 2013-03-10 06:54 . 2013-03-10 07:01 -------- d-----w- c:\users\Quentin\AppData\Local\Unity 2013-03-10 06:48 . 2013-03-10 06:54 -------- d-----w- c:\program files (x86)\Unity 2013-03-06 18:12 . 2013-03-13 02:19 -------- d-----w- c:\users\Quentin\AppData\Roaming\vlc 2013-03-06 18:12 . 2013-03-06 18:12 -------- d-----w- c:\program files (x86)\VideoLAN 2013-03-02 06:51 . 2013-03-22 09:11 -------- d-----w- c:\users\Quentin\AppData\Local\LogMeIn Hamachi 2013-03-02 06:50 . 2013-03-02 06:50 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2013-03-02 04:16 . 2013-03-02 04:17 -------- d-----w- c:\users\Quentin\AppData\Roaming\.minecraft 2013-03-02 04:10 . 2013-03-19 17:57 -------- d-----w- c:\users\Quentin\AppData\Local\Akamai 2013-03-02 04:10 . 2013-03-02 04:10 -------- d-----w- C:\AeriaGames 2013-03-01 20:57 . 2013-03-03 21:35 -------- d-----w- c:\program files (x86)\Common Files\Steam 2013-03-01 20:57 . 2013-03-22 09:02 -------- d-----w- c:\program files (x86)\Steam 2013-03-01 13:59 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-03-01 13:59 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-03-01 13:42 . 2013-03-01 13:42 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2013-02-26 20:27 . 2013-02-26 20:27 -------- d-----w- c:\program files (x86)\LOLReplay 2013-02-26 17:17 . 2013-02-26 17:17 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services 2013-02-26 17:17 . 2013-02-26 17:17 -------- d-----w- c:\program files\Microsoft Office 2013-02-26 17:16 . 2013-02-26 17:16 -------- d-----w- c:\users\Quentin\AppData\Local\Microsoft Help 2013-02-26 17:16 . 2013-03-15 07:04 -------- d-----w- c:\programdata\Microsoft Help 2013-02-26 17:16 . 2013-02-26 17:16 -------- d-----r- C:\MSOCache 2013-02-26 17:02 . 2013-02-26 17:02 -------- d-----w- c:\users\Quentin\AppData\Local\CRE 2013-02-26 17:00 . 2013-02-26 17:00 -------- d-----w- c:\program files (x86)\Elaborate Bytes 2013-02-26 17:00 . 2013-02-26 17:00 -------- d-----w- c:\users\Quentin\AppData\Local\Updater21804 2013-02-26 01:20 . 2013-02-26 01:20 -------- d-----w- C:\f9d60aa934e5ce49f647 2013-02-22 05:25 . 2013-03-11 01:07 -------- d-----w- c:\program files (x86)\MSECache 2013-02-21 02:58 . 2013-02-21 02:58 -------- d-----w- C:\838ae29d056775abedc5b951 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-22 08:47 . 2013-02-07 02:52 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-22 08:47 . 2013-02-07 02:52 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-06 22:33 . 2013-02-07 20:40 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-03-06 22:33 . 2013-02-07 20:40 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-03-06 22:33 . 2013-02-07 20:40 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-03-06 22:33 . 2013-02-07 20:40 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-03-06 22:33 . 2013-02-07 20:40 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-03-06 22:33 . 2013-02-07 20:40 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-03-06 22:32 . 2013-02-07 20:39 41664 ----a-w- c:\windows\avastSS.scr 2013-03-06 22:32 . 2013-02-07 03:21 287840 ----a-w- c:\windows\system32\aswBoot.exe 2013-02-12 05:45 . 2013-03-13 03:30 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-13 03:31 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-13 03:30 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-13 03:30 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-13 03:31 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-13 03:31 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-09 03:15 . 2013-02-08 02:26 84192 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2013-02-08 19:22 . 2013-02-17 09:05 1982264 ----a-w- c:\windows\system32\Wacom_Tablet.dll 2013-02-08 19:22 . 2013-02-17 09:05 1975096 ----a-w- c:\windows\system32\Wacom_Touch_Tablet.dll 2013-02-08 19:22 . 2013-02-17 09:05 1843512 ----a-w- c:\windows\system32\Wintab32.dll 2013-02-08 19:22 . 2013-02-17 09:05 1840440 ----a-w- c:\windows\system32\WacomMT.dll 2013-02-08 19:22 . 2013-02-17 09:05 1628984 ----a-w- c:\windows\SysWow64\Wacom_Tablet.dll 2013-02-08 19:22 . 2013-02-17 09:05 1622328 ----a-w- c:\windows\SysWow64\Wacom_Touch_Tablet.dll 2013-02-08 19:22 . 2013-02-17 09:05 1509176 ----a-w- c:\windows\SysWow64\Wintab32.dll 2013-02-08 19:22 . 2013-02-17 09:05 1505592 ----a-w- c:\windows\SysWow64\WacomMT.dll 2013-02-08 08:10 . 2013-02-08 08:10 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-02-08 08:10 . 2013-02-08 08:10 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-02-08 08:10 . 2013-02-08 08:10 89088 ----a-w- c:\windows\system32\ie4uinit.exe 2013-02-08 08:10 . 2013-02-08 08:10 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-02-08 08:10 . 2013-02-08 08:10 85504 ----a-w- c:\windows\system32\iesetup.dll 2013-02-08 08:10 . 2013-02-08 08:10 82432 ----a-w- c:\windows\system32\icardie.dll 2013-02-08 08:10 . 2013-02-08 08:10 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-02-08 08:10 . 2013-02-08 08:10 76800 ----a-w- c:\windows\system32\tdc.ocx 2013-02-08 08:10 . 2013-02-08 08:10 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-02-08 08:10 . 2013-02-08 08:10 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2013-02-08 08:10 . 2013-02-08 08:10 65024 ----a-w- c:\windows\system32\pngfilt.dll 2013-02-08 08:10 . 2013-02-08 08:10 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-02-08 08:10 . 2013-02-08 08:10 55296 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-02-08 08:10 . 2013-02-08 08:10 534528 ----a-w- c:\windows\system32\ieapfltr.dll 2013-02-08 08:10 . 2013-02-08 08:10 49664 ----a-w- c:\windows\system32\imgutil.dll 2013-02-08 08:10 . 2013-02-08 08:10 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-02-08 08:10 . 2013-02-08 08:10 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-02-08 08:10 . 2013-02-08 08:10 452608 ----a-w- c:\windows\system32\dxtmsft.dll 2013-02-08 08:10 . 2013-02-08 08:10 448512 ----a-w- c:\windows\system32\html.iec 2013-02-08 08:10 . 2013-02-08 08:10 403248 ----a-w- c:\windows\system32\iedkcs32.dll 2013-02-08 08:10 . 2013-02-08 08:10 39936 ----a-w- c:\windows\system32\iernonce.dll 2013-02-08 08:10 . 2013-02-08 08:10 3695416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-02-08 08:10 . 2013-02-08 08:10 367104 ----a-w- c:\windows\SysWow64\html.iec 2013-02-08 08:10 . 2013-02-08 08:10 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-02-08 08:10 . 2013-02-08 08:10 30720 ----a-w- c:\windows\system32\licmgr10.dll 2013-02-08 08:10 . 2013-02-08 08:10 282112 ----a-w- c:\windows\system32\dxtrans.dll 2013-02-08 08:10 . 2013-02-08 08:10 267776 ----a-w- c:\windows\system32\ieaksie.dll 2013-02-08 08:10 . 2013-02-08 08:10 249344 ----a-w- c:\windows\system32\webcheck.dll 2013-02-08 08:10 . 2013-02-08 08:10 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-02-08 08:10 . 2013-02-08 08:10 222208 ----a-w- c:\windows\system32\msls31.dll 2013-02-08 08:10 . 2013-02-08 08:10 197120 ----a-w- c:\windows\system32\msrating.dll 2013-02-08 08:10 . 2013-02-08 08:10 165888 ----a-w- c:\windows\system32\iexpress.exe 2013-02-08 08:10 . 2013-02-08 08:10 163840 ----a-w- c:\windows\system32\ieakui.dll 2013-02-08 08:10 . 2013-02-08 08:10 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2013-02-08 08:10 . 2013-02-08 08:10 160256 ----a-w- c:\windows\system32\wextract.exe 2013-02-08 08:10 . 2013-02-08 08:10 160256 ----a-w- c:\windows\system32\ieakeng.dll 2013-02-08 08:10 . 2013-02-08 08:10 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2013-02-08 08:10 . 2013-02-08 08:10 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-02-08 08:10 . 2013-02-08 08:10 149504 ----a-w- c:\windows\system32\occache.dll 2013-02-08 08:10 . 2013-02-08 08:10 145920 ----a-w- c:\windows\system32\iepeers.dll 2013-02-08 08:10 . 2013-02-08 08:10 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-02-08 08:10 . 2013-02-08 08:10 12288 ----a-w- c:\windows\system32\mshta.exe 2013-02-08 08:10 . 2013-02-08 08:10 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2013-02-08 08:10 . 2013-02-08 08:10 114176 ----a-w- c:\windows\system32\admparse.dll 2013-02-08 08:10 . 2013-02-08 08:10 111616 ----a-w- c:\windows\system32\iesysprep.dll 2013-02-08 08:10 . 2013-02-08 08:10 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-02-08 08:10 . 2013-02-08 08:10 10752 ----a-w- c:\windows\system32\msfeedssync.exe 2013-02-08 08:10 . 2013-02-08 08:10 103936 ----a-w- c:\windows\system32\inseng.dll 2013-02-08 08:10 . 2013-02-08 08:10 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2013-02-07 02:57 . 2013-02-07 02:57 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-07 02:57 . 2013-02-07 02:57 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-02-07 02:57 . 2013-02-07 02:57 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-01-17 06:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-05 05:53 . 2013-02-20 05:19 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-05 05:00 . 2013-02-20 05:19 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-01-05 05:00 . 2013-02-20 05:19 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-01-04 05:46 . 2013-02-20 05:11 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-01-04 04:51 . 2013-02-20 05:11 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-01-04 04:43 . 2013-02-20 05:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-01-04 03:26 . 2013-02-20 05:19 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-01-04 02:47 . 2013-02-20 05:11 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-01-04 02:47 . 2013-02-20 05:11 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-01-04 02:47 . 2013-02-20 05:11 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-01-04 02:47 . 2013-02-20 05:11 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-01-03 06:00 . 2013-02-20 05:11 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-01-03 06:00 . 2013-02-20 05:11 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay] @="{80E008A4-EAE7-4867-AEB0-1A245F070F25}" [HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}] 2013-01-22 22:42 1954880 ----a-w- c:\program files\Perforce\p4exp.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay] @="{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}" [HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}] 2013-01-22 22:42 1954880 ----a-w- c:\program files\Perforce\p4exp.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay] @="{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}" [HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}] 2013-01-22 22:42 1954880 ----a-w- c:\program files\Perforce\p4exp.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "puush"="c:\program files (x86)\puush\puush.exe" [2013-02-07 565480] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-02-25 1602984] "Akamai NetSession Interface"="c:\users\Quentin\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-14 2255360] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2013-2-14 523264] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;c:\program files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011-09-15 86016] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-02-08 1432400] R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys [2012-12-19 14320] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys [2012-12-19 82416] R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [2012-12-20 15344] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-02-08 1255736] S0 AppleHFS;AppleHFS; [x] S0 AppleMNT;AppleMNT; [x] S0 aswRvrt;aswRvrt; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-13 203776] S2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2011-06-29 224640] S2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [2011-06-29 111488] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-14 2466304] S2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [2011-06-29 17752] S2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [2011-06-29 22872] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-06-13 2655768] S2 WTabletServicePro;Wacom Professional Service;c:\program files\Tablet\Wacom\WTabletServicePro.exe [2013-02-08 613688] S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-14 9728] S3 AppleBtBc;Apple Broadcom Built-in Bluetooth;c:\windows\system32\DRIVERS\AppleBtBc.sys [2011-03-25 18944] S3 applemtm;Apple Multitouch Mouse;c:\windows\system32\DRIVERS\applemtm.sys [2011-03-25 12288] S3 applemtp;Apple Multitouch;c:\windows\system32\DRIVERS\applemtp.sys [2011-03-25 38912] S3 aswVmm;aswVmm; [x] S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [2011-06-13 85544] S3 CirrusFilter;CS420xLowerFilter;c:\windows\system32\DRIVERS\CS420x64.sys [2011-06-13 18432] S3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys [2011-03-25 18432] S3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys [2011-05-27 32256] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ASWRVRT *NewlyCreated* - ASWVMM . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-03-13 04:39 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-07 03:21] . 2013-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-07 03:21] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-03-06 22:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2012-12-18 00:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2012-12-18 00:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2012-12-18 00:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2012-12-18 00:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay] @="{80E008A4-EAE7-4867-AEB0-1A245F070F25}" [HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}] 2013-01-22 22:43 2395200 ----a-w- c:\program files\Perforce\p4exp64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay] @="{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}" [HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}] 2013-01-22 22:43 2395200 ----a-w- c:\program files\Perforce\p4exp64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay] @="{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}" [HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}] 2013-01-22 22:43 2395200 ----a-w- c:\program files\Perforce\p4exp64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apple_KbdMgr"="c:\program files\Boot Camp\Bootcamp.exe" [2011-06-29 741760] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> FF - ProfilePath - c:\users\Quentin\AppData\Roaming\Mozilla\Firefox\Profiles\wkvwyuea.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/ FF - ExtSQL: 2013-02-07 02:07; {4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}; c:\users\Quentin\AppData\Roaming\Mozilla\Firefox\Profiles\wkvwyuea.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi FF - ExtSQL: 2013-02-07 15:26; {E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}; c:\users\Quentin\AppData\Roaming\Mozilla\Firefox\Profiles\wkvwyuea.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} FF - ExtSQL: 2013-02-07 15:39; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF . - - - - ORPHANS REMOVED - - - - . AddRemove-Coupon Companion Plugin - c:\program files (x86)\Coupon Companion Plugin\Uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-03-22 05:15:00 ComboFix-quarantined-files.txt 2013-03-22 09:15 . Pre-Run: 299,137,781,760 bytes free Post-Run: 300,053,143,552 bytes free . - - End Of File - - F9A7339DDD3FE6043022A884CB986F23

Thanks for such a quick response! As requested: -Security Check- Download Security Check by screen317 from here. Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document. -AdwCleaner- Please download AdwCleaner by Xplode onto your desktop. Close all open programs and internet browsers. Double click on AdwCleaner.exe to run the tool. Click on Delete. Confirm each time with Ok. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile with your next answer. You can find the logfile at C:\AdwCleaner[s1].txt as well. --RogueKiller-- Download & SAVE to your Desktop RogueKiller or from here Quit all programs that you may have started. Please disconnect any USB or external drives from the computer before you run this scan! For Vista or Windows 7, right-click and select "Run as Administrator to start" For Windows XP, double-click to start. Wait until Prescan has finished ... Then Click on "Scan" button Wait until the Status box shows "Scan Finished" click on "delete" Wait until the Status box shows "Deleting Finished" Click on "Report" and copy/paste the content of the Notepad into your next reply. The log should be found in RKreport[1].txt on your Desktop Exit/Close RogueKiller+ ---- Results of screen317's Security Check version 0.99.61 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Java 7 Update 13 Java version out of Date! Adobe Flash Player 11.5.502.146 Flash Player out of Date! Mozilla Firefox (19.0.2) Google Chrome 25.0.1364.152 Google Chrome 25.0.1364.172 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` ---- # AdwCleaner v2.115 - Logfile created 03/22/2013 at 04:32:40 # Updated 17/03/2013 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : Quentin - QUENTIN-PC # Boot Mode : Normal # Running from : C:\Users\Quentin\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** Stopped & Deleted : CltMngSvc Stopped & Deleted : SProtection ***** [Files / Folders] ***** File Deleted : C:\END File Deleted : C:\Program Files (x86)\Mozilla Firefox\defaults\pref\all-iminent.js File Deleted : C:\Users\Quentin\AppData\Roaming\Mozilla\Firefox\Profiles\wkvwyuea.default\searchplugins\Conduit.xml Folder Deleted : C:\Program Files (x86)\Common Files\Umbrella Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\Iminent Folder Deleted : C:\Program Files (x86)\SearchProtect Folder Deleted : C:\Program Files (x86)\WhiteSmoke_B Folder Deleted : C:\ProgramData\Iminent Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent Folder Deleted : C:\Users\Quentin\AppData\Local\Conduit Folder Deleted : C:\Users\Quentin\AppData\Local\Coupon Companion Plugin Folder Deleted : C:\Users\Quentin\AppData\Local\SwvUpdater Folder Deleted : C:\Users\Quentin\AppData\Local\Temp\Iminent Folder Deleted : C:\Users\Quentin\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Quentin\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Quentin\AppData\LocalLow\WhiteSmoke_B Folder Deleted : C:\Users\Quentin\AppData\Roaming\Iminent Folder Deleted : C:\Users\Quentin\AppData\Roaming\SearchProtect ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Software\WhiteSmoke_B Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Cr_Installer Key Deleted : HKCU\Software\Iminent Key Deleted : HKCU\Software\InstalledBrowserExtensions Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181104} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0E59437-6148-4A98-B0A6-60D557EF57F4} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181104} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97A5591D-4C09-4E06-9228-AC433B73650C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0E59437-6148-4A98-B0A6-60D557EF57F4} Key Deleted : HKCU\Software\SearchProtect Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11} Key Deleted : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO.1 Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox.1 Key Deleted : HKLM\SOFTWARE\Classes\Iminent Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1 Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1 Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1 Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3279141 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Iminent Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{97A5591D-4C09-4E06-9228-AC433B73650C} Key Deleted : HKLM\Software\SearchProtect Key Deleted : HKLM\Software\Umbrella Key Deleted : HKLM\Software\WhiteSmoke_B Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110211181104} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97A5591D-4C09-4E06-9228-AC433B73650C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F0E59437-6148-4A98-B0A6-60D557EF57F4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181104} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4918E8A0-B3AA-47AC-B3CB-DB7E637DB781} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D3506FB4-6509-4E4D-A8E1-D053CF88C15D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181104} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0E59437-6148-4A98-B0A6-60D557EF57F4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{118D6CE9-5F18-42F9-958A-14676A629FDE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_B Toolbar Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F0E59437-6148-4A98-B0A6-60D557EF57F4}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F0E59437-6148-4A98-B0A6-60D557EF57F4}] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F0E59437-6148-4A98-B0A6-60D557EF57F4}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [iminent] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [iminentMessenger] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchProtectAll] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F0E59437-6148-4A98-B0A6-60D557EF57F4}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16470 [OK] Registry is clean. -\\ Mozilla Firefox v19.0.2 (en-US) File : C:\Users\Quentin\AppData\Roaming\Mozilla\Firefox\Profiles\wkvwyuea.default\prefs.js Deleted : user_pref("CT3279141_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...] Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3279141&octid=CT327914[...] Deleted : user_pref("Smartbar.ConduitSearchEngineList", "WhiteSmoke B Customized Web Search"); Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141[...] Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", ""); Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3279141"); Deleted : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke B Customized Web Search"); Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&Sea[...] Deleted : user_pref("browser.search.selectedEngine", "WhiteSmoke B Customized Web Search"); Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=2&CU[...] Deleted : user_pref("smartBar.searchInNewTabOwner", "CT3279141"); -\\ Google Chrome v25.0.1364.172 File : C:\Users\Quentin\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.29] : icon_url = "hxxp://search.conduit.com/fav.ico", Deleted [l.32] : keyword = "search.conduit.com", Deleted [l.35] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN75[...] Deleted [l.517] : homepage = "hxxp://search.conduit.com/?CUI=UN75348663318469244&ctid=CT3279141&SearchSource=48", ************************* AdwCleaner[s1].txt - [27221 octets] - [22/03/2013 04:32:40] ########## EOF - C:\AdwCleaner[s1].txt - [27282 octets] ########## ---- RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Quentin [Admin rights] Mode : Remove -- Date : 03/22/2013 04:41:05 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK7559GSXF ATA Device +++++ --- User --- [MBR] f040cbe4ad83c17bc6fbb2f81fb65218 [bSP] 1bf8132c8d0707cc2e9c4394c23c16fe : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 200 Mo 1 - [XXXXXX] UNKNOWN (0xaf) [VISIBLE] Offset (sectors): 409640 | Size: 320434 Mo 2 - [XXXXXX] MACOSX-BT (0xab) [VISIBLE] Offset (sectors): 656659624 | Size: 619 Mo 3 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 657930240 | Size: 394149 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_03222013_02d0441.txt >> RKreport[1]_S_03222013_02d0440.txt ; RKreport[2]_D_03222013_02d0441.txt ---- RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Quentin [Admin rights] Mode : Scan -- Date : 03/22/2013 04:40:04 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK7559GSXF ATA Device +++++ --- User --- [MBR] f040cbe4ad83c17bc6fbb2f81fb65218 [bSP] 1bf8132c8d0707cc2e9c4394c23c16fe : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 200 Mo 1 - [XXXXXX] UNKNOWN (0xaf) [VISIBLE] Offset (sectors): 409640 | Size: 320434 Mo 2 - [XXXXXX] MACOSX-BT (0xab) [VISIBLE] Offset (sectors): 656659624 | Size: 619 Mo 3 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 657930240 | Size: 394149 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_03222013_02d0440.txt >> RKreport[1]_S_03222013_02d0440.txt

Hi guys; I'm a bit worried. I happen to use Malwarebytes and Avast in cohesion, and one night, Avast randomly notified me that it blocked a dropper gen file from exececuting. Seeing this, I ran QUICK scans with both programs, and after having Malwarebytes trash a few PUPs, I thought that I'd be safe. Unfortunately, my computer has been acting oddly ever since (going to sleep randomly?). Just for extra precaution, I decided to run a Full Scan using Malwarebytes in Safe Mode, however, about 45minutes into the scan, my computer Blue Screened on me. I felt as though this was an obvious sign that something was wrong, so here I am for help :S Hopefully you guys can shed some light on the issue, and I appreciate any help you can offer. Thank you in advance! Just to clarify, I AM running a Macbook Pro with Bootcamp. I do not know if this is a factor. ------- DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.13.2 Run by Quentin at 2:02:14 on 2013-03-22 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4007.2200 [GMT -4:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Tablet\Wacom\WTabletServicePro.exe C:\Windows\system32\atieclxx.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\AppleOSSMgr.exe C:\Windows\system32\AppleTimeSrv.exe C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WerFault.exe C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe C:\Program Files\Tablet\Wacom\WacomHost.exe C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe C:\Program Files\Boot Camp\Bootcamp.exe C:\Program Files (x86)\puush\puush.exe C:\Users\Quentin\AppData\Roaming\SearchProtect\bin\cltmng.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Steam\steam.exe C:\Users\Quentin\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Users\Quentin\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\LOLReplay\LOLRecorder.exe C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files (x86)\Iminent\Iminent.exe C:\Program Files (x86)\Iminent\Iminent.Messengers.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uProxyOverride = <local> uURLSearchHooks: WhiteSmoke B Toolbar: {f0e59437-6148-4a98-b0a6-60d557ef57f4} - C:\Program Files (x86)\WhiteSmoke_B\prxtbWhit.dll mURLSearchHooks: WhiteSmoke B Toolbar: {f0e59437-6148-4a98-b0a6-60d557ef57f4} - C:\Program Files (x86)\WhiteSmoke_B\prxtbWhit.dll mWinlogon: Userinit = userinit.exe, BHO: Coupon Companion Plugin: {11111111-1111-1111-1111-110211181104} - BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: WhiteSmoke B Toolbar: {f0e59437-6148-4a98-b0a6-60d557ef57f4} - C:\Program Files (x86)\WhiteSmoke_B\prxtbWhit.dll TB: WhiteSmoke B Toolbar: {F0E59437-6148-4A98-B0A6-60D557EF57F4} - C:\Program Files (x86)\WhiteSmoke_B\prxtbWhit.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB: WhiteSmoke B Toolbar: {f0e59437-6148-4a98-b0a6-60d557ef57f4} - C:\Program Files (x86)\WhiteSmoke_B\prxtbWhit.dll uRun: [puush] C:\Program Files (x86)\puush\puush.exe uRun: [searchProtect] C:\Users\Quentin\AppData\Roaming\SearchProtect\bin\cltmng.exe uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [Akamai NetSession Interface] "C:\Users\Quentin\AppData\Local\Akamai\netsession_win.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [searchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s mRun: [iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C" mRun: [iminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start mRunOnce: [aswAhAScr.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\AhAScr.dll" mRunOnce: [aswasOutExt.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\asOutExt.dll" mRunOnce: [aswasOutExt64.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr64.exe" "C:\Program Files\AVAST Software\Avast\asOutExt64.dll" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 TCP: NameServer = 192.168.1.1 TCP: Interfaces\{0A22B64B-5D60-4C36-BB6A-2E11CFC00CB2} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{0A22B64B-5D60-4C36-BB6A-2E11CFC00CB2}\3327D63686 : DHCPNameServer = 10.0.0.1 TCP: Interfaces\{998A3BE1-FD15-468C-ADCC-E2D18FF1A578} : DHCPNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Quentin\AppData\Roaming\Mozilla\Firefox\Profiles\wkvwyuea.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=3&q={searchTerms}&CUI=UN26924101051243625 FF - prefs.js: browser.search.selectedEngine - WhiteSmoke B Customized Web Search FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=2&CUI=UN26924101051243625&UM=UM_ID&q= FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll FF - plugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll FF - plugin: C:\Users\Quentin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-02-07 02:07; {4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}; C:\Users\Quentin\AppData\Roaming\Mozilla\Firefox\Profiles\wkvwyuea.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi FF - ExtSQL: 2013-02-07 15:26; {E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}; C:\Users\Quentin\AppData\Roaming\Mozilla\Firefox\Profiles\wkvwyuea.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} FF - ExtSQL: 2013-02-07 15:39; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF FF - ExtSQL: 2013-02-26 12:02; webbooster@iminent.com; C:\Program Files (x86)\Iminent\webbooster@iminent.com . ============= SERVICES / DRIVERS =============== . R0 AppleHFS;AppleHFS;C:\Windows\System32\drivers\AppleHFS.sys [2011-6-29 72024] R0 AppleMNT;AppleMNT;C:\Windows\System32\drivers\AppleMNT.sys [2011-6-29 16216] R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-2-7 1025808] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-2-7 377920] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-2-7 203776] R2 AppleOSSMgr;Apple OS Switch Manager;C:\Windows\System32\AppleOSSMgr.exe [2011-6-29 224640] R2 AppleTimeSrv;Apple Time Service;C:\Windows\System32\AppleTimeSrv.exe [2011-6-29 111488] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-2-7 33400] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-2-7 80816] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-2-7 44808] R2 CltMngSvc;Search Protect by Conduit Updater;C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-2-20 93984] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-14 2466304] R2 KeyAgent;KeyAgent;C:\Windows\System32\drivers\KeyAgent.sys [2011-6-29 17752] R2 MacHALDriver;Mac HAL;C:\Windows\System32\drivers\MacHALDriver.sys [2011-6-29 22872] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-15 398184] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-15 682344] R2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011-9-15 86016] R2 SProtection;SProtection;C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe [2013-1-25 2663976] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-2-7 2655768] R2 WTabletServicePro;Wacom Professional Service;C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [2013-2-17 613688] R3 acpials;ALS Sensor Filter;C:\Windows\System32\drivers\acpials.sys [2011-4-12 9728] R3 AppleBtBc;Apple Broadcom Built-in Bluetooth;C:\Windows\System32\drivers\AppleBtBc.sys [2013-2-7 18944] R3 applemtm;Apple Multitouch Mouse;C:\Windows\System32\drivers\applemtm.sys [2013-2-7 12288] R3 applemtp;Apple Multitouch;C:\Windows\System32\drivers\applemtp.sys [2013-2-7 38912] R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2013-2-7 85544] R3 CirrusFilter;CS420xLowerFilter;C:\Windows\System32\drivers\CS420x64.sys [2013-2-7 18432] R3 IRRemoteFlt;IR Receiver Filter Driver;C:\Windows\System32\drivers\IRFilter.sys [2013-2-7 18432] R3 KeyMagic;USB Keyboard HID Filter;C:\Windows\System32\drivers\KeyMagic.sys [2013-2-7 32256] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-15 24176] S0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-22 65336] S0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-22 178624] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-2-8 1432400] S3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2013-2-17 14320] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2013-2-17 82416] S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2013-2-17 15344] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-8 1255736] . =============== Created Last 30 ================ . 2013-03-22 05:53:19 178624 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2013-03-22 05:53:18 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys 2013-03-19 20:43:53 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1CDF571A-C131-4E2A-98C3-86BCB4E71B9B}\offreg.dll 2013-03-19 19:23:24 -------- d-----w- C:\Users\Quentin\AppData\Local\Solid State Networks 2013-03-19 19:23:03 -------- d-----w- C:\Program Files (x86)\MeteorEntertainment 2013-03-19 17:25:06 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1CDF571A-C131-4E2A-98C3-86BCB4E71B9B}\mpengine.dll 2013-03-16 07:27:15 -------- d-----w- C:\Users\Quentin\AppData\Roaming\stetic 2013-03-16 07:27:10 -------- d-----w- C:\Users\Quentin\AppData\Roaming\MonoDevelop-Unity-2.8 2013-03-16 07:27:03 -------- d-----w- C:\Users\Quentin\AppData\Local\MonoDevelop-Unity-2.8 2013-03-15 05:25:18 -------- d-----w- C:\Users\Quentin\AppData\Roaming\Malwarebytes 2013-03-15 05:25:10 -------- d-----w- C:\ProgramData\Malwarebytes 2013-03-15 05:25:09 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-03-15 05:25:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-03-13 23:20:44 -------- d-----w- C:\Windows\SysWow64\Adobe 2013-03-10 07:03:25 -------- d-----w- C:\Users\Quentin\AppData\Roaming\Unity 2013-03-10 07:01:10 -------- d-----w- C:\Users\Quentin\AppData\Local\Apple Computer 2013-03-10 07:01:07 -------- d-----w- C:\ProgramData\Unity 2013-03-10 06:54:52 -------- d-----w- C:\Users\Quentin\AppData\Local\Unity 2013-03-10 06:48:21 -------- d-----w- C:\Program Files (x86)\Unity 2013-03-06 18:12:22 -------- d-----w- C:\Program Files (x86)\VideoLAN 2013-03-02 06:51:08 -------- d-----w- C:\Users\Quentin\AppData\Local\LogMeIn Hamachi 2013-03-02 06:50:04 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi 2013-03-02 04:16:01 -------- d-----w- C:\Users\Quentin\AppData\Roaming\.minecraft 2013-03-02 04:10:06 -------- d-----w- C:\Users\Quentin\AppData\Local\Akamai 2013-03-02 04:10:05 -------- d-----w- C:\AeriaGames 2013-03-01 20:57:53 -------- d-----w- C:\Program Files (x86)\Common Files\Steam 2013-03-01 20:57:50 -------- d-----w- C:\Program Files (x86)\Steam 2013-03-01 13:59:45 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-03-01 13:59:45 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-26 20:27:09 -------- d-----w- C:\Program Files (x86)\LOLReplay 2013-02-26 17:17:21 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services 2013-02-26 17:16:53 -------- d-----w- C:\Users\Quentin\AppData\Local\Microsoft Help 2013-02-26 17:02:53 -------- d-----w- C:\Users\Quentin\AppData\Local\SwvUpdater 2013-02-26 17:02:42 -------- d-----w- C:\Program Files (x86)\Conduit 2013-02-26 17:02:40 -------- d-----w- C:\Users\Quentin\AppData\Roaming\Iminent 2013-02-26 17:02:39 -------- d-----w- C:\ProgramData\Iminent 2013-02-26 17:02:30 -------- d-----w- C:\Users\Quentin\AppData\Local\Conduit 2013-02-26 17:02:28 -------- d-----w- C:\Program Files (x86)\WhiteSmoke_B 2013-02-26 17:02:24 -------- d-----w- C:\Program Files (x86)\Common Files\Umbrella 2013-02-26 17:02:22 -------- d-----w- C:\Program Files (x86)\Iminent 2013-02-26 17:02:15 -------- d-----w- C:\Users\Quentin\AppData\Local\CRE 2013-02-26 17:01:29 -------- d-----w- C:\Program Files (x86)\SearchProtect 2013-02-26 17:01:05 -------- d-----w- C:\Users\Quentin\AppData\Roaming\SearchProtect 2013-02-26 17:00:57 -------- d-----w- C:\Users\Quentin\AppData\Local\Coupon Companion Plugin 2013-02-26 17:00:47 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes 2013-02-26 17:00:38 -------- d-----w- C:\Users\Quentin\AppData\Local\Updater21804 2013-02-26 01:20:18 -------- d-----w- C:\f9d60aa934e5ce49f647 2013-02-22 05:25:12 -------- d-----w- C:\Program Files (x86)\MSECache 2013-02-21 02:58:38 -------- d-----w- C:\838ae29d056775abedc5b951 . ==================== Find3M ==================== . 2013-03-06 22:33:21 70992 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2013-03-06 22:33:21 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2013-03-06 22:33:20 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2013-03-06 22:32:51 41664 ----a-w- C:\Windows\avastSS.scr 2013-02-26 17:01:40 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-26 17:01:40 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-02-08 19:22:26 1982264 ----a-w- C:\Windows\System32\Wacom_Tablet.dll 2013-02-08 19:22:26 1975096 ----a-w- C:\Windows\System32\Wacom_Touch_Tablet.dll 2013-02-08 19:22:26 1843512 ----a-w- C:\Windows\System32\Wintab32.dll 2013-02-08 19:22:25 1840440 ----a-w- C:\Windows\System32\WacomMT.dll 2013-02-08 19:22:22 1628984 ----a-w- C:\Windows\SysWow64\Wacom_Tablet.dll 2013-02-08 19:22:22 1622328 ----a-w- C:\Windows\SysWow64\Wacom_Touch_Tablet.dll 2013-02-08 19:22:22 1509176 ----a-w- C:\Windows\SysWow64\Wintab32.dll 2013-02-08 19:22:22 1505592 ----a-w- C:\Windows\SysWow64\WacomMT.dll 2013-02-07 07:32:47 0 ----a-w- C:\Windows\ativpsrm.bin 2013-02-07 02:57:14 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-07 02:57:13 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-02-07 02:57:13 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-01-17 06:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe 2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS . ============= FINISH: 2:02:59.37 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume4 Install Date: 2/7/2013 2:14:15 AM System Uptime: 3/22/2013 1:49:33 AM (1 hours ago) . Motherboard: Apple Inc. | | Mac-94245A3940C91C80 Processor: Intel® Core i7-2760QM CPU @ 2.40GHz | U2E1 | 792/mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 385 GiB total, 278.607 GiB free. D: is CDROM () E: is FIXED (HFS) - 313 GiB total, 208.102 GiB free. F: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP41: 3/12/2013 2:40:35 PM - Windows Update RP42: 3/15/2013 3:00:18 AM - Windows Update RP43: 3/19/2013 1:24:29 PM - Windows Update RP44: 3/19/2013 4:44:13 PM - Installed DirectX . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Shockwave Player 12.0 Akamai NetSession Interface Apple Software Update Autodesk 3ds Max 2013 64-bit Autodesk Backburner 2013.0.0 Autodesk DirectConnect 2013 64-bit Autodesk Essential Skills Movies for 3ds Max 2013 64-bit Autodesk FBX Plug-in 2013.1 - 3ds Max 2013 64-bit Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit Autodesk Inventor Server Engine for 3ds Max 2013 64-bit Autodesk MatchMover 2013 64-bit Autodesk Material Library 2013 Autodesk Material Library Base Resolution Image Library 2013 Autodesk Material Library Medium Resolution Image Library 2013 Autodesk Maya 2013 64-bit Autodesk Mudbox 2013 64-bit Autodesk Revit Interoperability for 3ds Max and 3ds Max Design 2013 64-bit avast! Free Antivirus Boot Camp Services CCleaner Composite 2013 64-bit Coupon Companion Plugin Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition GIMP 2.8.4 Google Chrome Google Drive Google Update Helper Hawken Iminent Intel® Management Engine Components Java 7 Update 13 Java Auto Updater League of Legends LogMeIn Hamachi LOLReplay Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Application Error Reporting Microsoft Help Viewer 1.0 Microsoft Office 2010 Language Pack Service Pack 1 (SP1) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Office 64-bit Components 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Visio 2010 Microsoft Office Visio MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2008 R2 Management Objects Microsoft SQL Server System CLR Types Microsoft Visio 2010 Service Pack 1 (SP1) Microsoft Visio Professional 2010 Microsoft Visio Viewer 2010 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 Microsoft Visual Studio 2010 Shell (Integrated) - ENU Microsoft XNA Framework Redistributable 4.0 Mozilla Firefox 19.0.2 (x86 en-US) Mozilla Maintenance Service nFringe 1.2 (1.2.23.0) Pando Media Booster Perforce Visual Components puush Realtek High Definition Audio Driver Search Protect by conduit Secure Download Manager Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2760762) 32-Bit Edition Skype™ 6.1 Steam swMSM TERA Torchlight II Unity Unity Web Player Unreal Development Kit: 2012-10 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition VirtualCloneDrive VLC media player 2.0.5 Wacom Tablet WebTablet FB Plugin 32 bit WebTablet FB Plugin 64 bit WhiteSmoke B Toolbar Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.10.3.10) Windows Driver Package - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5) Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1) Windows Driver Package - Apple Inc. Apple Broadcom Bluetooth (10/05/2010 3.2.0.1) Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0) Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0) Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0) Windows Driver Package - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1) Windows Driver Package - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1) Windows Driver Package - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1) Windows Driver Package - Apple Inc. Apple ODD (05/17/2010 3.1.0.0) Windows Driver Package - Apple Inc. Apple System Device (04/05/2011 3.2.0.8) Windows Driver Package - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1) Windows Driver Package - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1) Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) Windows Driver Package - Apple Inc. Apple Wireless Trackpad (01/17/2011 3.2.0.0) Windows Driver Package - Atheros Communications Inc. (athr) Net (11/13/2010 9.2.0.113) Windows Driver Package - Broadcom (b57nd60a) Net (12/02/2010 14.4.2.2) Windows Driver Package - Broadcom (BCM43XX) Net (04/06/2011 5.100.198.22) Windows Driver Package - Broadcom Corporation (bScsiSDa) SDHost (01/18/2011 1.0.0.220) Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (12/03/2010 6.6001.1.30) Windows Driver Package - Intel (e1express) Net (03/26/2010 9.13.41.0) Windows Driver Package - Intel (e1kexpress) Net (04/12/2010 11.6.92.0) Windows Driver Package - Intel (e1qexpress) Net (12/04/2009 11.4.7.0) Windows Driver Package - Intel (e1rexpress) Net (01/07/2010 11.4.16.0) Windows Driver Package - Intel (e1yexpress) Net (04/07/2010 10.1.9.0) Windows Driver Package - Intel System (07/20/2007 1.2.76.0) Windows Driver Package - Marvell (yukonx64) Net (12/06/2007 10.51.1.3) WinRAR 4.20 (32-bit) . ==== Event Viewer Messages From Past Week ======== . 3/22/2013 12:55:01 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 3/22/2013 12:55:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 3/22/2013 12:55:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 3/22/2013 12:54:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 3/22/2013 12:54:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 3/22/2013 12:54:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 3/22/2013 12:54:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 3/22/2013 12:54:40 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi CSC DfsC discache ElbyCDIO NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf 3/22/2013 12:54:39 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 3/22/2013 12:54:39 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 3/22/2013 12:54:39 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 3/22/2013 12:54:39 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 3/22/2013 12:54:39 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 3/22/2013 12:54:39 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 3/22/2013 12:54:39 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 3/22/2013 12:54:39 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 3/22/2013 12:54:39 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 3/22/2013 12:54:39 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 3/22/2013 1:49:57 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff30008cbc010, 0x0000000000000001, 0xfffff80001e82f40, 0x0000000000000007). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032213-19968-01. 3/15/2013 3:07:40 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. 3/15/2013 2:40:07 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff3002265bab0, 0x0000000000000001, 0xfffff80002acdf40, 0x0000000000000007). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031513-20935-01. . ==== End Of File ===========================