Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21

Thread: Slow-PC Fighter Infection

  1. #11
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,300

    Default

    Hi again,


    Open notepad and copy/paste the text in the quotebox below into it:

    Code:
    Folder::
    c:\users\Mike\AppData\Local\ArcadeParlor
    C:\Users\Mike\AppData\Roaming\InstallX Search Protect for Yahoo
    C:\Users\Mike\AppData\Roaming\Fighters
    C:\ProgramData\Fighters
    C:\Program Files\Fighters
    C:\Program Files (x86)\Fighters
    C:\Program Files (x86)\Yahoo!
    File::
    c:\windows\Tasks\ArcadeParlor.job
    c:\windows\Tasks\SLOW-PCfighter64-Mike-Notification.job
    c:\windows\Tasks\SLOW-PCfighter64-Mike-Startup.job
    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{39AD0726-986D-40F9-972B-E3BFA24B7745}]

    Save this as
    CFScript

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



    Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
    Then post the resultant log.

    Run also DDS again and post back its log.
    Microsoft Windows Insider MVP 2016-2018
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  2. #12
    Member
    Join Date
    Jul 2013
    Posts
    60

    Default

    Hello, here you go.

    ComboFix 14-03-19.01 - Mike 03/20/2014 16:11:11.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8080.6421 [GMT -4:00]
    Running from: c:\users\Mike\Desktop\ComboFix.exe
    Command switches used :: c:\users\Mike\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    FILE ::
    "c:\windows\Tasks\ArcadeParlor.job"
    "c:\windows\Tasks\SLOW-PCfighter64-Mike-Notification.job"
    "c:\windows\Tasks\SLOW-PCfighter64-Mike-Startup.job"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Fighters
    c:\program files (x86)\Fighters\Tray\FightersTray.exe
    c:\program files (x86)\Fighters\Tray\HTML\checking_for_updates.html
    c:\program files (x86)\Fighters\Tray\HTML\done_lightbox.html
    c:\program files (x86)\Fighters\Tray\HTML\error_lightbox.html
    c:\program files (x86)\Fighters\Tray\HTML\gfx\bg_stretch.png
    c:\program files (x86)\Fighters\Tray\HTML\gfx\done_btn.png
    c:\program files (x86)\Fighters\Tray\HTML\gfx\done_btn_down.png
    c:\program files (x86)\Fighters\Tray\HTML\gfx\icon_complete.png
    c:\program files (x86)\Fighters\Tray\HTML\gfx\Icon_done.png
    c:\program files (x86)\Fighters\Tray\HTML\gfx\icon_error.png
    c:\program files (x86)\Fighters\Tray\HTML\gfx\Icon_fdf.png
    c:\program files (x86)\Fighters\Tray\HTML\gfx\icon_info.png
    c:\program files (x86)\Fighters\Tray\HTML\gfx\icon_info_active.png
    c:\program files (x86)\Fighters\Tray\HTML\gfx\icon_productname.png
    c:\program files (x86)\Fighters\Tray\HTML\gfx\icon_shield.png
    c:\program files (x86)\Fighters\Tray\HTML\gfx\Icon_slow.png
    c:\program files (x86)\Fighters\Tray\HTML\gfx\Icon_spam.png
    c:\program files (x86)\Fighters\Tray\HTML\gfx\Icon_spy.png
    c:\program files (x86)\Fighters\Tray\HTML\gfx\icon_support.png
    c:\program files (x86)\Fighters\Tray\HTML\gfx\icon_support_active.png
    c:\program files (x86)\Fighters\Tray\HTML\gfx\Icon_TKTRAY-UPD-RCPRO.png
    c:\program files (x86)\Fighters\Tray\HTML\gfx\Icon_TKTRAYAPP.png
    c:\program files (x86)\Fighters\Tray\HTML\gfx\Icon_virus.png
    c:\program files (x86)\Fighters\Tray\HTML\gfx\scrollbar\sb-v-scroll-next.png
    c:\program files (x86)\Fighters\Tray\HTML\gfx\scrollbar\sb-v-scroll-prev.png
    c:\program files (x86)\Fighters\Tray\HTML\gfx\spinner.gif
    c:\program files (x86)\Fighters\Tray\HTML\gfx\unipb.gif
    c:\program files (x86)\Fighters\Tray\HTML\gfx\unipb_install.gif
    c:\program files (x86)\Fighters\Tray\HTML\popup.css
    c:\program files (x86)\Fighters\Tray\HTML\popup.html
    c:\program files (x86)\Fighters\Tray\HTML\restart_lightbox.html
    c:\program files (x86)\Fighters\Tray\HTML\update_manager.css
    c:\program files (x86)\Fighters\Tray\HTML\Update_Manager.html
    c:\program files (x86)\Fighters\Tray\HTML\uptodate_lightbox.html
    c:\program files (x86)\Fighters\Tray\HTML\whitelabel.css
    c:\program files (x86)\Fighters\Tray\MsgSys.exe
    c:\program files (x86)\Fighters\Tray\notification\gfx\icon_close.png
    c:\program files (x86)\Fighters\Tray\notification\gfx\icon_productname.png
    c:\program files (x86)\Fighters\Tray\notification\gfx\popup_bubble.png
    c:\program files (x86)\Fighters\Tray\notification\popup.css
    c:\program files (x86)\Fighters\Tray\notification\popup.html
    c:\program files (x86)\Fighters\Tray\sfhtml.dll
    c:\program files (x86)\Fighters\Tray\SuiteClient.dll
    c:\program files (x86)\Fighters\Tray\Translations\Language_AR.xml
    c:\program files (x86)\Fighters\Tray\Translations\Language_BG.xml
    c:\program files (x86)\Fighters\Tray\Translations\Language_CS.xml
    c:\program files (x86)\Fighters\Tray\Translations\Language_DA.xml
    c:\program files (x86)\Fighters\Tray\Translations\Language_DE.xml
    c:\program files (x86)\Fighters\Tray\Translations\Language_EL.xml
    c:\program files (x86)\Fighters\Tray\Translations\Language_EN.xml
    c:\program files (x86)\Fighters\Tray\Translations\Language_ES.xml
    c:\program files (x86)\Fighters\Tray\Translations\Language_FI.xml
    c:\program files (x86)\Fighters\Tray\Translations\Language_FR.xml
    c:\program files (x86)\Fighters\Tray\Translations\Language_HE.xml
    c:\program files (x86)\Fighters\Tray\Translations\Language_HR.xml
    c:\program files (x86)\Fighters\Tray\Translations\Language_HU.xml
    c:\program files (x86)\Fighters\Tray\Translations\Language_ID.xml
    c:\program files (x86)\Fighters\Tray\Translations\Language_IT.xml
    c:\program files (x86)\Fighters\Tray\Translations\Language_JA.xml
    c:\program files (x86)\Fighters\Tray\Translations\Language_KO.xml
    c:\program files (x86)\Fighters\Tray\Translations\Language_NL.xml
    c:\program files (x86)\Fighters\Tray\Translations\Language_NO.xml
    c:\program files (x86)\Fighters\Tray\Translations\Language_PL.xml
    c:\program files (x86)\Fighters\Tray\Translations\Language_PT.xml
    c:\program files (x86)\Fighters\Tray\Translations\Language_RO.xml
    c:\program files (x86)\Fighters\Tray\Translations\Language_RU.xml
    c:\program files (x86)\Fighters\Tray\Translations\Language_SV.xml
    c:\program files (x86)\Fighters\Tray\Translations\Language_TH.xml
    c:\program files (x86)\Fighters\Tray\Translations\Language_TR.xml
    c:\program files (x86)\Fighters\Tray\Translations\Language_TW.xml
    c:\program files (x86)\Fighters\Tray\Translations\Language_VI.xml
    c:\program files (x86)\Fighters\Tray\Translations\Language_ZH.xml
    c:\program files (x86)\Yahoo!
    c:\program files (x86)\Yahoo!\Common\unyt.exe
    c:\program files (x86)\Yahoo!\Common\unyt_wrap.exe
    c:\program files (x86)\Yahoo!\Companion\Data\apps.html
    c:\program files (x86)\Yahoo!\Companion\Data\cna.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_abt.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_act_ie_upg.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_act_srch1.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_act_srch2.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_anstip.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_anstipg.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_as.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_atb.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_auttip.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_auttipg.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_bootip.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_catb.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_clutip.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_clutipg.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_cnf.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_cotb.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_ctb.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_fantip.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_fantipg.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_fintip.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_fintipg.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_flktip.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_flktipg.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_grptip.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_grptipg.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_loctip.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_loctipg.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_logtip.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_mailatip.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_mailtip.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_map.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_mlbtip.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_mlbtipg.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_movtip.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_movtipg.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_msgratip.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_msgrtip.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_mustip.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_mustipg.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_nbatip.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_nbatipg.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_newstip.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_newstipg.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_newtip.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_newtipg.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_nfltip.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_nfltipg.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_opt.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_pub.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_shotip.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_shotipg.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_srchtip.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_tratip.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_tratipg.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_upg.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_upg8tip.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_wctb.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_weatip.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_weatipg.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_wp.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_wp2.html
    c:\program files (x86)\Yahoo!\Companion\Data\dlg_yq.html
    c:\program files (x86)\Yahoo!\Companion\Data\loading.html
    c:\program files (x86)\Yahoo!\Companion\Data\settings.html
    c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\visic_coupon.dll
    c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\ytbb.exe
    c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\ytbn.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\Uninst_AutoUpdater.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files\Fighters
    c:\program files\Fighters\SLOW-PCfighter\CommonToolkitSuite.cts
    c:\program files\Fighters\SLOW-PCfighter\CommonToolkitSuiteLight_x64.dll
    c:\program files\Fighters\SLOW-PCfighter\Documents\LicenseEN.rtf
    c:\program files\Fighters\SLOW-PCfighter\Languages\language_BG.xml
    c:\program files\Fighters\SLOW-PCfighter\Languages\Language_CS.xml
    c:\program files\Fighters\SLOW-PCfighter\Languages\Language_DA.xml
    c:\program files\Fighters\SLOW-PCfighter\Languages\Language_DE.xml
    c:\program files\Fighters\SLOW-PCfighter\Languages\Language_EL.xml
    c:\program files\Fighters\SLOW-PCfighter\Languages\Language_EN-US.xml
    c:\program files\Fighters\SLOW-PCfighter\Languages\Language_EN.xml
    c:\program files\Fighters\SLOW-PCfighter\Languages\Language_ES.xml
    c:\program files\Fighters\SLOW-PCfighter\Languages\Language_FI.xml
    c:\program files\Fighters\SLOW-PCfighter\Languages\Language_FR.xml
    c:\program files\Fighters\SLOW-PCfighter\Languages\Language_HR.xml
    c:\program files\Fighters\SLOW-PCfighter\Languages\Language_HU.xml
    c:\program files\Fighters\SLOW-PCfighter\Languages\Language_ID.xml
    c:\program files\Fighters\SLOW-PCfighter\Languages\Language_IT.xml
    c:\program files\Fighters\SLOW-PCfighter\Languages\language_JA.xml
    c:\program files\Fighters\SLOW-PCfighter\Languages\Language_KO.xml
    c:\program files\Fighters\SLOW-PCfighter\Languages\Language_NL.xml
    c:\program files\Fighters\SLOW-PCfighter\Languages\Language_NO.xml
    c:\program files\Fighters\SLOW-PCfighter\Languages\Language_PL.xml
    c:\program files\Fighters\SLOW-PCfighter\Languages\Language_PT.xml
    c:\program files\Fighters\SLOW-PCfighter\Languages\Language_RO.xml
    c:\program files\Fighters\SLOW-PCfighter\Languages\Language_RU.xml
    c:\program files\Fighters\SLOW-PCfighter\Languages\Language_SV.xml
    c:\program files\Fighters\SLOW-PCfighter\Languages\Language_TH.xml
    c:\program files\Fighters\SLOW-PCfighter\Languages\language_TR.xml
    c:\program files\Fighters\SLOW-PCfighter\Languages\Language_TW.xml
    c:\program files\Fighters\SLOW-PCfighter\Languages\Language_ZH.xml
    c:\program files\Fighters\SLOW-PCfighter\LogFilesCollector.exe
    c:\program files\Fighters\SLOW-PCfighter\MachineId.exe
    c:\program files\Fighters\SLOW-PCfighter\MachineIdGatewayx64.dll
    c:\program files\Fighters\SLOW-PCfighter\MsgSys.exe
    c:\program files\Fighters\SLOW-PCfighter\sfhtml.dll
    c:\program files\Fighters\SLOW-PCfighter\SLOW-PCfighter64.exe
    c:\program files\Fighters\SLOW-PCfighter\Sync.exe
    c:\program files\Fighters\SLOW-PCfighter\Uninstall.exe
    c:\program files\Fighters\SLOW-PCfighter\UpDates.exe
    c:\programdata\Fighters
    c:\programdata\Fighters\SLOW-PCfighter64\LOGS\LOGS_03_17_2014_00_30_33_AM.log
    c:\programdata\Fighters\SLOW-PCfighter64\TipofDay_EN.xml
    c:\programdata\Fighters\SLOW-PCfighter64\wxfdata.wxf
    c:\programdata\Fighters\Tray\Configurations\RCPRO.xml
    c:\programdata\Fighters\Tray\Configurations\TKTRAY.xml
    c:\programdata\Fighters\Tray\Logs\CommonTrayInstaller.log.txt
    c:\programdata\Fighters\Tray\Menu\DVPRO.ico
    c:\programdata\Fighters\Tray\Menu\fdpro.ico
    c:\programdata\Fighters\Tray\Menu\products_list.xml
    c:\programdata\Fighters\Tray\Menu\pwpro.ico
    c:\programdata\Fighters\Tray\Menu\rcpro.ico
    c:\programdata\Fighters\Tray\Menu\sfpro.ico
    c:\programdata\Fighters\Tray\Menu\swpro.ico
    c:\programdata\Fighters\Tray\Menu\vfpro.ico
    c:\users\Mike\AppData\Local\ArcadeParlor
    c:\users\Mike\AppData\Local\ArcadeParlor\ap.config
    c:\users\Mike\AppData\Local\ArcadeParlor\Arcadeparlor.dll
    c:\users\Mike\AppData\Local\ArcadeParlor\broker.exe
    c:\users\Mike\AppData\Local\ArcadeParlor\removal.exe
    c:\users\Mike\AppData\Local\ArcadeParlor\versioncheck.exe
    c:\users\Mike\AppData\Roaming\Fighters
    c:\users\Mike\AppData\Roaming\Fighters\Suite\Logs\Client.log.txt
    c:\users\Mike\AppData\Roaming\Fighters\Suite\Logs\MachineId.log.txt
    c:\users\Mike\AppData\Roaming\Fighters\Tray\Logs\Tray.log.txt
    c:\users\Mike\AppData\Roaming\Fighters\Tray\Menu\dlpro.ico
    c:\users\Mike\AppData\Roaming\Fighters\Tray\Menu\dvpro.ico
    c:\users\Mike\AppData\Roaming\Fighters\Tray\Menu\fdpro.ico
    c:\users\Mike\AppData\Roaming\Fighters\Tray\Menu\products_list.xml
    c:\users\Mike\AppData\Roaming\Fighters\Tray\Menu\pwpro.ico
    c:\users\Mike\AppData\Roaming\Fighters\Tray\Menu\rcpro.ico
    c:\users\Mike\AppData\Roaming\Fighters\Tray\Menu\sfpro.ico
    c:\users\Mike\AppData\Roaming\Fighters\Tray\Menu\swpro.ico
    c:\users\Mike\AppData\Roaming\Fighters\Tray\Menu\vfpro.ico
    c:\users\Mike\AppData\Roaming\Fighters\Tray\Updates\TKTRAYINFO.list
    c:\users\Mike\AppData\Roaming\Fighters\Tray\Updates\TKTRAYINFO.list_new
    c:\users\Mike\AppData\Roaming\InstallX Search Protect for Yahoo
    c:\users\Mike\AppData\Roaming\InstallX Search Protect for Yahoo\config.xml
    c:\users\Mike\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe
    c:\users\Mike\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.zip
    c:\users\Mike\AppData\Roaming\InstallX Search Protect for Yahoo\SearchProtectorMonitor.log
    c:\windows\Tasks\ArcadeParlor.job
    c:\windows\Tasks\SLOW-PCfighter64-Mike-Notification.job
    c:\windows\Tasks\SLOW-PCfighter64-Mike-Startup.job
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_YahooAUService
    -------\Service_YahooAUService
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-02-20 to 2014-03-20 )))))))))))))))))))))))))))))))
    .
    .
    2014-03-20 20:14 . 2014-03-20 20:14 -------- d-----w- c:\users\hedev\AppData\Local\temp
    2014-03-20 20:14 . 2014-03-20 20:14 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-03-18 06:10 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{506DE174-866D-4001-9FFE-69D7B5909153}\mpengine.dll
    2014-03-17 17:16 . 2014-03-18 02:49 -------- d-----w- C:\AdwCleaner
    2014-03-17 04:59 . 2014-03-17 04:59 -------- d-----w- c:\program files (x86)\ERUNT
    2014-03-17 04:20 . 2014-03-17 04:20 -------- d-----w- c:\programdata\Yahoo! Companion
    2014-03-17 04:20 . 2014-03-17 04:20 -------- d-----w- c:\program files (x86)\7-Zip
    2014-03-17 04:20 . 2014-03-17 04:20 -------- d-----w- c:\programdata\Yahoo!
    2014-03-17 04:20 . 2014-03-17 04:20 -------- d-----w- c:\users\Mike\AppData\Roaming\Yahoo!
    2014-03-12 01:32 . 2014-03-12 01:32 -------- d-----w- c:\users\Mike\AppData\Local\Skype
    2014-03-12 01:32 . 2014-03-20 20:04 -------- d-----w- c:\users\Mike\AppData\Roaming\Skype
    2014-03-12 01:32 . 2014-03-12 01:32 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2014-03-12 01:32 . 2014-03-12 01:32 -------- d-----r- c:\program files (x86)\Skype
    2014-03-12 01:31 . 2014-03-12 01:32 -------- d-----w- c:\programdata\Skype
    2014-03-11 22:01 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
    2014-03-11 22:01 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2014-03-11 22:01 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
    2014-03-11 22:01 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
    2014-03-11 21:53 . 2014-03-11 21:53 -------- d-----w- c:\program files (x86)\AGEIA Technologies
    2014-03-11 21:52 . 2014-03-04 11:32 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2014-02-26 18:31 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
    2014-02-26 18:31 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
    2014-02-25 12:20 . 2014-03-20 12:22 -------- d-----w- c:\program files (x86)\WarThunder - Copy
    2014-02-19 16:32 . 2014-02-19 16:31 80184 ----a-w- c:\windows\system32\drivers\aswStm.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-03-11 22:22 . 2012-08-14 15:56 90015360 ----a-w- c:\windows\system32\MRT.exe
    2014-03-11 20:29 . 2012-08-13 21:21 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-03-11 20:29 . 2012-08-13 21:21 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-03-04 14:35 . 2014-02-06 22:40 17755424 ----a-w- c:\windows\system32\nvd3dumx.dll
    2014-03-04 14:35 . 2013-02-19 16:05 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2014-03-04 14:35 . 2012-08-27 22:02 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll
    2014-03-04 14:35 . 2012-08-06 23:29 947808 ----a-w- c:\windows\system32\nvumdshimx.dll
    2014-03-04 14:35 . 2012-08-06 23:29 3093280 ----a-w- c:\windows\system32\nvapi64.dll
    2014-03-04 14:35 . 2012-08-06 23:29 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2014-03-04 13:06 . 2012-08-06 23:29 6714312 ----a-w- c:\windows\system32\nvcpl.dll
    2014-03-04 13:06 . 2012-08-06 23:29 3497816 ----a-w- c:\windows\system32\nvsvc64.dll
    2014-03-04 13:05 . 2012-08-06 23:29 922968 ----a-w- c:\windows\system32\nvvsvc.exe
    2014-03-04 13:05 . 2012-08-06 23:29 64968 ----a-w- c:\windows\system32\nvshext.dll
    2014-03-04 13:05 . 2012-08-06 23:29 386336 ----a-w- c:\windows\system32\nvmctray.dll
    2014-03-04 13:05 . 2012-08-06 23:29 3649185 ----a-w- c:\windows\system32\nvcoproc.bin
    2014-02-19 16:31 . 2013-04-20 21:30 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2014-02-19 16:31 . 2012-08-14 11:35 421704 ----a-w- c:\windows\system32\drivers\aswsp.sys
    2014-02-19 16:31 . 2012-08-14 11:35 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2014-02-19 16:31 . 2012-08-14 11:35 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-02-19 16:31 . 2012-08-14 11:35 334136 ----a-w- c:\windows\system32\aswBoot.exe
    2014-02-19 16:31 . 2012-08-14 11:35 43152 ----a-w- c:\windows\avastSS.scr
    2013-12-24 23:09 . 2014-02-13 21:00 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
    2013-12-24 22:48 . 2014-02-13 21:00 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
    2013-12-21 09:53 . 2014-02-14 00:41 548864 ----a-w- c:\windows\system32\vbscript.dll
    2013-12-21 08:56 . 2014-02-14 00:41 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
    "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-19 3767096]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
    S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
    S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
    S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
    S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-03-15 17:27 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-03-20 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-13 20:29]
    .
    2014-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-06 23:10]
    .
    2014-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-06 23:10]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-02-19 16:31 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-12 7560296]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
    "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
    "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 1028384]
    "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = https://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{39AD0726-986D-40F9-972B-E3BFA24B7745} - c:\users\Mike\AppData\Local\ArcadeParlor\Arcadeparlor.dll
    Toolbar-Locked - (no file)
    AddRemove-Yahoo! Companion - c:\users\Mike\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe
    AddRemove-Yahoo! Toolbar - c:\progra~2\Yahoo!\Common\UNYT_W~1.EXE
    AddRemove-{B74443DB-5A88-4583-860A-F0D06EF399E3} - c:\users\Mike\AppData\Local\ArcadeParlor\removal.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.12"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2014-03-20 16:17:43 - machine was rebooted
    ComboFix-quarantined-files.txt 2014-03-20 20:17
    ComboFix2.txt 2014-03-19 21:39
    .
    Pre-Run: 818,845,560,832 bytes free
    Post-Run: 818,458,382,336 bytes free
    .
    - - End Of File - - 8950DF8704DA43848B5C99282595CCCE




    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16521
    Run by Mike at 16:19:17 on 2014-03-20
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8080.6648 [GMT -4:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\atieclxx.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\taskhost.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\Dwm.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.com/
    BHO: ArcadeParlor Games: {39AD0726-986D-40F9-972B-E3BFA24B7745} -
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
    TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{0725DADC-CAD9-4867-8745-00681411B8DC} : DHCPNameServer = 192.168.1.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
    x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
    x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
    x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-20 65776]
    R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-4-20 207904]
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-8-6 16152]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-8-14 1038072]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2012-8-14 421704]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-8-14 78648]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-2-19 50344]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-6 13592]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-8-6 161560]
    R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-2 1494304]
    R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-7-30 15129376]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-3-11 411936]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-8-6 363800]
    R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-17 26136]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-8-6 355096]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-8-6 786200]
    R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-2-6 39200]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-8-6 646248]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
    S3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-2-19 80184]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-11 111616]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-29 19456]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-17 56832]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-11-29 30208]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-1 1255736]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    .
    =============== Created Last 30 ================
    .
    2014-03-20 20:15:36 -------- d-sh--w- C:\$RECYCLE.BIN
    2014-03-19 21:35:35 98816 ----a-w- C:\Windows\sed.exe
    2014-03-19 21:35:35 256000 ----a-w- C:\Windows\PEV.exe
    2014-03-19 21:35:35 208896 ----a-w- C:\Windows\MBR.exe
    2014-03-18 06:10:35 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{506DE174-866D-4001-9FFE-69D7B5909153}\mpengine.dll
    2014-03-17 17:16:31 -------- d-----w- C:\AdwCleaner
    2014-03-12 01:32:13 -------- d-----w- C:\Users\Mike\AppData\Local\Skype
    2014-03-12 01:32:01 -------- d-----r- C:\Program Files (x86)\Skype
    2014-03-11 22:01:48 624128 ----a-w- C:\Windows\System32\qedit.dll
    2014-03-11 22:01:47 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
    2014-03-11 22:01:47 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2014-03-11 22:01:47 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2014-03-11 21:52:58 599840 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2014-02-26 18:31:34 6574592 ----a-w- C:\Windows\System32\mstscax.dll
    2014-02-26 18:31:34 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2014-02-25 12:20:42 -------- d-----w- C:\Program Files (x86)\WarThunder - Copy
    2014-02-19 16:32:00 80184 ----a-w- C:\Windows\System32\drivers\aswStm.sys
    .
    ==================== Find3M ====================
    .
    2014-03-11 20:29:06 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-03-11 20:29:06 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-03-04 13:06:00 6714312 ----a-w- C:\Windows\System32\nvcpl.dll
    2014-03-04 13:06:00 3497816 ----a-w- C:\Windows\System32\nvsvc64.dll
    2014-03-04 13:05:58 922968 ----a-w- C:\Windows\System32\nvvsvc.exe
    2014-03-04 13:05:58 64968 ----a-w- C:\Windows\System32\nvshext.dll
    2014-03-04 13:05:57 386336 ----a-w- C:\Windows\System32\nvmctray.dll
    2014-03-04 13:05:53 3649185 ----a-w- C:\Windows\System32\nvcoproc.bin
    2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
    2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
    2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-02-19 16:31:59 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2014-02-19 16:31:59 43152 ----a-w- C:\Windows\avastSS.scr
    2014-02-19 16:31:59 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
    2014-02-19 16:31:59 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
    2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
    2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
    2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll
    2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
    2013-12-21 09:53:45 548864 ----a-w- C:\Windows\System32\vbscript.dll
    2013-12-21 08:56:47 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
    .
    ============= FINISH: 16:19:22.59 ===============

  3. #13
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,300

    Default

    Hi,

    Open notepad and copy/paste the text in the quotebox below into it:

    Code:
    DDS::
    BHO: ArcadeParlor Games: {39AD0726-986D-40F9-972B-E3BFA24B7745} -

    Save this as
    CFScript

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



    Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
    Then post the resultant log.

    Run also DDS again and post back its log.

    Is the problem still present?
    Microsoft Windows Insider MVP 2016-2018
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  4. #14
    Member
    Join Date
    Jul 2013
    Posts
    60

    Default

    Here's the latest...

    ComboFix 14-03-19.01 - Mike 03/21/2014 10:37:35.3.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8080.6446 [GMT -4:00]
    Running from: c:\users\Mike\Desktop\ComboFix.exe
    Command switches used :: c:\users\Mike\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-02-21 to 2014-03-21 )))))))))))))))))))))))))))))))
    .
    .
    2014-03-21 14:40 . 2014-03-21 14:40 -------- d-----w- c:\users\hedev\AppData\Local\temp
    2014-03-21 14:40 . 2014-03-21 14:40 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-03-17 17:16 . 2014-03-18 02:49 -------- d-----w- C:\AdwCleaner
    2014-03-17 04:59 . 2014-03-17 04:59 -------- d-----w- c:\program files (x86)\ERUNT
    2014-03-17 04:20 . 2014-03-17 04:20 -------- d-----w- c:\programdata\Yahoo! Companion
    2014-03-17 04:20 . 2014-03-17 04:20 -------- d-----w- c:\program files (x86)\7-Zip
    2014-03-17 04:20 . 2014-03-17 04:20 -------- d-----w- c:\programdata\Yahoo!
    2014-03-17 04:20 . 2014-03-17 04:20 -------- d-----w- c:\users\Mike\AppData\Roaming\Yahoo!
    2014-03-12 01:32 . 2014-03-12 01:32 -------- d-----w- c:\users\Mike\AppData\Local\Skype
    2014-03-12 01:32 . 2014-03-21 04:14 -------- d-----w- c:\users\Mike\AppData\Roaming\Skype
    2014-03-12 01:32 . 2014-03-12 01:32 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2014-03-12 01:32 . 2014-03-12 01:32 -------- d-----r- c:\program files (x86)\Skype
    2014-03-12 01:31 . 2014-03-12 01:32 -------- d-----w- c:\programdata\Skype
    2014-03-11 22:01 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
    2014-03-11 22:01 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2014-03-11 22:01 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
    2014-03-11 22:01 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
    2014-03-11 21:53 . 2014-03-11 21:53 -------- d-----w- c:\program files (x86)\AGEIA Technologies
    2014-03-11 21:52 . 2014-03-04 11:32 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2014-02-26 18:31 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
    2014-02-26 18:31 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
    2014-02-25 12:20 . 2014-03-20 23:53 -------- d-----w- c:\program files (x86)\WarThunder - Copy
    2014-02-19 16:32 . 2014-02-19 16:31 80184 ----a-w- c:\windows\system32\drivers\aswStm.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-03-11 22:22 . 2012-08-14 15:56 90015360 ----a-w- c:\windows\system32\MRT.exe
    2014-03-11 20:29 . 2012-08-13 21:21 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-03-11 20:29 . 2012-08-13 21:21 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-03-04 14:35 . 2014-02-06 22:40 17755424 ----a-w- c:\windows\system32\nvd3dumx.dll
    2014-03-04 14:35 . 2013-02-19 16:05 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2014-03-04 14:35 . 2012-08-27 22:02 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll
    2014-03-04 14:35 . 2012-08-06 23:29 947808 ----a-w- c:\windows\system32\nvumdshimx.dll
    2014-03-04 14:35 . 2012-08-06 23:29 3093280 ----a-w- c:\windows\system32\nvapi64.dll
    2014-03-04 14:35 . 2012-08-06 23:29 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2014-03-04 13:06 . 2012-08-06 23:29 6714312 ----a-w- c:\windows\system32\nvcpl.dll
    2014-03-04 13:06 . 2012-08-06 23:29 3497816 ----a-w- c:\windows\system32\nvsvc64.dll
    2014-03-04 13:05 . 2012-08-06 23:29 922968 ----a-w- c:\windows\system32\nvvsvc.exe
    2014-03-04 13:05 . 2012-08-06 23:29 64968 ----a-w- c:\windows\system32\nvshext.dll
    2014-03-04 13:05 . 2012-08-06 23:29 386336 ----a-w- c:\windows\system32\nvmctray.dll
    2014-03-04 13:05 . 2012-08-06 23:29 3649185 ----a-w- c:\windows\system32\nvcoproc.bin
    2014-02-19 16:31 . 2013-04-20 21:30 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2014-02-19 16:31 . 2012-08-14 11:35 421704 ----a-w- c:\windows\system32\drivers\aswsp.sys
    2014-02-19 16:31 . 2012-08-14 11:35 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2014-02-19 16:31 . 2012-08-14 11:35 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-02-19 16:31 . 2012-08-14 11:35 334136 ----a-w- c:\windows\system32\aswBoot.exe
    2014-02-19 16:31 . 2012-08-14 11:35 43152 ----a-w- c:\windows\avastSS.scr
    2013-12-24 23:09 . 2014-02-13 21:00 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
    2013-12-24 22:48 . 2014-02-13 21:00 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{39AD0726-986D-40F9-972B-E3BFA24B7745}]
    c:\users\Mike\AppData\Local\ArcadeParlor\Arcadeparlor.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
    "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-19 3767096]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
    S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
    S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
    S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-03-15 17:27 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-03-21 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-13 20:29]
    .
    2014-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-06 23:10]
    .
    2014-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-06 23:10]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-02-19 16:31 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-12 7560296]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
    "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
    "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 1028384]
    "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = https://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    AddRemove-Yahoo! Companion - c:\users\Mike\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe
    AddRemove-Yahoo! Toolbar - c:\progra~2\Yahoo!\Common\UNYT_W~1.EXE
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.12"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-03-21 10:41:10
    ComboFix-quarantined-files.txt 2014-03-21 14:41
    ComboFix2.txt 2014-03-20 20:17
    ComboFix3.txt 2014-03-19 21:39
    .
    Pre-Run: 824,197,967,872 bytes free
    Post-Run: 823,993,561,088 bytes free
    .
    - - End Of File - - 9F431CEFC7157CBA901D0D0E85738406



    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16521
    Run by Mike at 10:41:38 on 2014-03-21
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8080.6343 [GMT -4:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\atieclxx.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\notepad.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\explorer.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.com/
    BHO: ArcadeParlor Games: {39AD0726-986D-40F9-972B-E3BFA24B7745} -
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
    TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{0725DADC-CAD9-4867-8745-00681411B8DC} : DHCPNameServer = 192.168.1.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
    x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
    x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
    x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-20 65776]
    R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-4-20 207904]
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-8-6 16152]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-8-14 1038072]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2012-8-14 421704]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-8-14 78648]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-2-19 50344]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-6 13592]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-8-6 161560]
    R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-2 1494304]
    R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-7-30 15129376]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-3-11 411936]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-8-6 363800]
    R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-17 26136]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-8-6 355096]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-8-6 786200]
    R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-2-6 39200]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-8-6 646248]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
    S3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-2-19 80184]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-11 111616]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-29 19456]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-17 56832]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-11-29 30208]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-1 1255736]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    .
    =============== Created Last 30 ================
    .
    2014-03-21 14:41:13 -------- d-sh--w- C:\$RECYCLE.BIN
    2014-03-21 13:25:33 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{72ACDFC1-25E8-455F-AE0A-A3128AEA2FCA}\offreg.dll
    2014-03-21 12:59:44 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{72ACDFC1-25E8-455F-AE0A-A3128AEA2FCA}\mpengine.dll
    2014-03-19 21:35:35 98816 ----a-w- C:\Windows\sed.exe
    2014-03-19 21:35:35 256000 ----a-w- C:\Windows\PEV.exe
    2014-03-19 21:35:35 208896 ----a-w- C:\Windows\MBR.exe
    2014-03-17 17:16:31 -------- d-----w- C:\AdwCleaner
    2014-03-12 01:32:13 -------- d-----w- C:\Users\Mike\AppData\Local\Skype
    2014-03-12 01:32:01 -------- d-----r- C:\Program Files (x86)\Skype
    2014-03-11 22:01:48 624128 ----a-w- C:\Windows\System32\qedit.dll
    2014-03-11 22:01:47 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
    2014-03-11 22:01:47 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2014-03-11 22:01:47 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2014-03-11 21:52:58 599840 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2014-02-26 18:31:34 6574592 ----a-w- C:\Windows\System32\mstscax.dll
    2014-02-26 18:31:34 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2014-02-25 12:20:42 -------- d-----w- C:\Program Files (x86)\WarThunder - Copy
    2014-02-19 16:32:00 80184 ----a-w- C:\Windows\System32\drivers\aswStm.sys
    .
    ==================== Find3M ====================
    .
    2014-03-11 20:29:06 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-03-11 20:29:06 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-03-04 13:06:00 6714312 ----a-w- C:\Windows\System32\nvcpl.dll
    2014-03-04 13:06:00 3497816 ----a-w- C:\Windows\System32\nvsvc64.dll
    2014-03-04 13:05:58 922968 ----a-w- C:\Windows\System32\nvvsvc.exe
    2014-03-04 13:05:58 64968 ----a-w- C:\Windows\System32\nvshext.dll
    2014-03-04 13:05:57 386336 ----a-w- C:\Windows\System32\nvmctray.dll
    2014-03-04 13:05:53 3649185 ----a-w- C:\Windows\System32\nvcoproc.bin
    2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
    2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
    2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-02-19 16:31:59 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2014-02-19 16:31:59 43152 ----a-w- C:\Windows\avastSS.scr
    2014-02-19 16:31:59 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
    2014-02-19 16:31:59 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
    2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
    2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
    2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll
    2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
    .
    ============= FINISH: 10:41:43.22 ===============


  5. #15
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,300

    Default

    Hi,

    Still any sign of Slow-PC Fighter?
    Microsoft Windows Insider MVP 2016-2018
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  6. #16
    Member
    Join Date
    Jul 2013
    Posts
    60

    Default

    I still have the following:

    Start>All Programs>Driver Genius>Driver Genius (broken icon), Driver Genius on the web, Uninstall, and User's Guide

    Desktop icon for Driver Genius
    Desktop Icon for Slow-PCFighter


    A suspicious 7-zip File Manager (not sure where it came from?)

    thanks

  7. #17
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,300

    Default

    Hi,

    Start>All Programs>Driver Genius>Driver Genius (broken icon), Driver Genius on the web, Uninstall, and User's Guide
    After clicking Start>All Programs right-click on Driver Genius and select Delete.

    Desktop icon for Driver Genius
    Desktop Icon for Slow-PCFighter
    You may delete those icons too.

    A suspicious 7-zip File Manager (not sure where it came from?)
    If it's 7-Zip here then it's legit program (used for archiving and extracting files).
    Microsoft Windows Insider MVP 2016-2018
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  8. #18
    Member
    Join Date
    Jul 2013
    Posts
    60

    Default

    Deleted, rebooted and nothing came back.

    Everything seems to be operating normally.

  9. #19
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,300

    Default

    Good. Let's see the final steps then


    THESE STEPS ARE VERY IMPORTANT

    Let's reset system restore
    Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

    A To disable the System Restore feature:

    1. Click on the Start button.
    2. Hover over the Computer option, right click on it and then click Properties.
    3. On the left hand side, click Advanced Settings.
    4. If asked to permit the action, click on Allow.
    5. Click on the System Protection tab.
    6. Select c: drive and click Configure...
    7. Select Turn off protection
    8. Press OK.
    Repeat steps 6-8 for each hard drive.

    B. Reboot.

    C Turn ON System Restore.
    Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.

    Let's uninstall adwCleaner:
    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.


    Next, let's uninstall ComboFix:
    • Click START then RUN
    • Now copy-paste Combofix /uninstall in the runbox and click OK


    UPDATING WINDOWS AND INTERNET EXPLORER

    IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.


    Just a final reminder for you. I am trying to stress these two points.
    UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
    Make sure all of your security programs are up to date.
    Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


    Once again, please post and tell me how things are going with your system... problems etc.

    Have a great day,
    Blade
    Microsoft Windows Insider MVP 2016-2018
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  10. #20
    Member
    Join Date
    Jul 2013
    Posts
    60

    Default

    Per your instructions:

    I reset the restore point.
    Uninstalled adwCleaner and Combofix.
    Also deleted all the files saved to my desktop during the course of the repair.

    I double-checked my MS Window's auto-updates were turned on and that they were up-to-date.

    Everything seems ship-shape.

    Big thanks!

    Also my laptop which is on the same home network is acting odd. It's less than a year old but has taken quite a performance hit but nothing obvious is showing up. Is this forum the place to check it out?

    Thanks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •