Hey again Superdave! You helped me back in 2010. Thanks for all the time and help. Here are the logs from JRT and ComboFix:
JRT~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.1 (08.10.2013:1)
OS: Windows 7 Home Premium x64
Ran by Tyler on Sat 08/10/2013 at 18:09:19.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8F28E0F3-5E35-46FB-8681-1CDA5434C63E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A956D909-6947-427E-BA1B-A310E8C656A6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9090374E-E74F-4310-B227-600F3700693C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{A956D909-6947-427E-BA1B-A310E8C656A6}
~~~ Files
~~~ Folders
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/10/2013 at 18:16:20.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
COMBO FIXComboFix 13-08-09.02 - Tyler 08/10/2013 18:20:44.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4668 [GMT -5:00]
Running from: c:\users\Tyler\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-07-10 to 2013-08-10 )))))))))))))))))))))))))))))))
.
.
2013-08-10 23:29 . 2013-08-10 23:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-08-10 23:29 . 2013-08-10 23:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-10 23:09 . 2013-08-10 23:09 -------- d-----w- c:\windows\ERUNT
2013-08-10 21:47 . 2013-08-10 21:47 -------- d-----w- c:\users\Tyler\AppData\Local\PunkBuster
2013-08-10 14:36 . 2013-08-10 14:36 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3757B2CE-C64C-4C66-A2B1-A16F114A5222}\offreg.dll
2013-08-10 01:45 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3757B2CE-C64C-4C66-A2B1-A16F114A5222}\mpengine.dll
2013-08-08 04:21 . 2013-08-08 04:21 -------- d-----w- c:\programdata\vsosdk
2013-07-27 04:06 . 2013-07-27 04:06 -------- d-----w- c:\users\Tyler\AppData\Roaming\XRay Engine
2013-07-24 08:07 . 2013-07-24 08:09 -------- d-----w- c:\windows\system32\MRT
2013-07-18 01:32 . 2013-07-27 00:05 -------- d-----w- c:\users\Tyler\AppData\Local\dxhr
2013-07-18 01:31 . 2013-07-18 01:31 -------- d-----w- c:\users\Tyler\AppData\Local\28050
2013-07-17 20:40 . 2013-07-17 20:40 -------- d-----w- c:\programdata\SystemRequirementsLab
2013-07-17 20:40 . 2013-07-17 20:40 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2013-07-17 20:38 . 2013-07-17 20:38 -------- d-----w- c:\users\Tyler\AppData\Roaming\Oracle
2013-07-17 20:34 . 2013-07-17 20:34 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-07-17 20:34 . 2013-07-17 20:33 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-17 20:34 . 2013-07-17 20:33 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-17 20:33 . 2013-07-17 20:33 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-17 20:33 . 2013-07-17 20:33 -------- d-----w- c:\program files (x86)\Java
2013-07-17 20:32 . 2013-07-17 20:32 -------- d-----w- c:\programdata\McAfee
2013-07-15 19:48 . 2013-07-15 19:49 -------- d-----w- c:\users\Tyler\AppData\Local\Adobe
2013-07-13 06:52 . 2013-06-11 23:25 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-07-13 06:52 . 2013-06-11 23:25 19238912 ----a-w- c:\windows\system32\mshtml.dll
2013-07-13 06:21 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-13 06:21 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-13 06:21 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-13 06:21 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-13 06:21 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-13 06:21 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-13 06:21 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-13 06:20 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-13 06:20 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-13 06:20 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-13 06:20 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-13 06:20 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-13 06:20 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-13 06:20 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-13 06:20 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-13 06:20 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-13 06:20 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-13 06:20 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-13 06:20 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-10 21:47 . 2012-12-27 21:01 107832 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-07-15 19:49 . 2012-07-16 23:39 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-15 19:49 . 2012-07-16 23:39 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-28 19:42 . 2013-03-11 05:17 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-28 19:42 . 2012-07-03 06:00 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-28 19:42 . 2012-07-03 06:00 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-24 05:57 . 2012-07-03 00:35 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-22 03:00 . 2013-06-22 03:00 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-06-22 03:00 . 2013-06-22 03:00 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-22 03:00 . 2013-06-22 03:00 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-06-22 03:00 . 2013-06-22 03:00 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-22 03:00 . 2013-06-22 03:00 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-22 03:00 . 2013-06-22 03:00 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-22 03:00 . 2013-06-22 03:00 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-06-22 03:00 . 2013-06-22 03:00 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-06-22 03:00 . 2013-06-22 03:00 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-06-22 03:00 . 2013-06-22 03:00 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-06-22 03:00 . 2013-06-22 03:00 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-06-22 03:00 . 2013-06-22 03:00 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-22 03:00 . 2013-06-22 03:00 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-22 03:00 . 2013-06-22 03:00 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-22 03:00 . 2013-06-22 03:00 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-22 03:00 . 2013-06-22 03:00 81408 ----a-w- c:\windows\system32\icardie.dll
2013-06-22 03:00 . 2013-06-22 03:00 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-06-22 03:00 . 2013-06-22 03:00 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-06-22 03:00 . 2013-06-22 03:00 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-22 03:00 . 2013-06-22 03:00 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-06-22 03:00 . 2013-06-22 03:00 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-06-22 03:00 . 2013-06-22 03:00 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-06-22 03:00 . 2013-06-22 03:00 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-06-22 03:00 . 2013-06-22 03:00 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-06-22 03:00 . 2013-06-22 03:00 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-06-22 03:00 . 2013-06-22 03:00 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-22 03:00 . 2013-06-22 03:00 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-06-22 03:00 . 2013-06-22 03:00 441856 ----a-w- c:\windows\system32\html.iec
2013-06-22 03:00 . 2013-06-22 03:00 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-06-22 03:00 . 2013-06-22 03:00 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-06-22 03:00 . 2013-06-22 03:00 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-22 03:00 . 2013-06-22 03:00 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-06-22 03:00 . 2013-06-22 03:00 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-06-22 03:00 . 2013-06-22 03:00 235008 ----a-w- c:\windows\system32\url.dll
2013-06-22 03:00 . 2013-06-22 03:00 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-06-22 03:00 . 2013-06-22 03:00 216064 ----a-w- c:\windows\system32\msls31.dll
2013-06-22 03:00 . 2013-06-22 03:00 197120 ----a-w- c:\windows\system32\msrating.dll
2013-06-22 03:00 . 2013-06-22 03:00 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-22 03:00 . 2013-06-22 03:00 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-06-22 03:00 . 2013-06-22 03:00 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-22 03:00 . 2013-06-22 03:00 149504 ----a-w- c:\windows\system32\occache.dll
2013-06-22 03:00 . 2013-06-22 03:00 144896 ----a-w- c:\windows\system32\wextract.exe
2013-06-22 03:00 . 2013-06-22 03:00 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-06-22 03:00 . 2013-06-22 03:00 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-06-22 03:00 . 2013-06-22 03:00 13824 ----a-w- c:\windows\system32\mshta.exe
2013-06-22 03:00 . 2013-06-22 03:00 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-06-22 03:00 . 2013-06-22 03:00 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-22 03:00 . 2013-06-22 03:00 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-06-22 03:00 . 2013-06-22 03:00 102912 ----a-w- c:\windows\system32\inseng.dll
2013-06-21 12:06 . 2013-07-02 02:53 7641832 ----a-w- c:\windows\system32\nvopencl.dll
2013-06-21 12:06 . 2013-07-02 02:53 6324360 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-06-21 12:06 . 2013-07-02 02:53 572704 ----a-w- c:\windows\system32\NvFBC64.dll
2013-06-21 12:06 . 2013-07-02 02:53 570656 ----a-w- c:\windows\system32\NvIFR64.dll
2013-06-21 12:06 . 2013-07-02 02:53 467232 ----a-w- c:\windows\SysWow64\NvIFR.dll
2013-06-21 12:06 . 2013-07-02 02:53 465184 ----a-w- c:\windows\SysWow64\NvFBC.dll
2013-06-21 12:06 . 2013-07-02 02:53 27781920 ----a-w- c:\windows\system32\nvoglv64.dll
2013-06-21 12:06 . 2013-07-02 02:53 21102368 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-06-21 12:06 . 2013-07-02 02:53 15920536 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-06-21 12:06 . 2013-07-02 02:53 13411896 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-06-21 12:06 . 2013-07-02 02:53 11235104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-06-21 12:06 . 2013-07-02 02:53 9239344 ----a-w- c:\windows\system32\nvcuda.dll
2013-06-21 12:06 . 2013-07-02 02:53 7687592 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-06-21 12:06 . 2013-07-02 02:53 2953504 ----a-w- c:\windows\system32\nvcuvid.dll
2013-06-21 12:06 . 2013-07-02 02:53 2777888 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-06-21 12:06 . 2013-07-02 02:53 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-06-21 12:06 . 2013-07-02 02:53 2363680 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-06-21 12:06 . 2013-07-02 02:53 2002720 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-06-21 12:06 . 2013-07-02 02:53 1832224 ----a-w- c:\windows\system32\nvdispco6432049.dll
2013-06-21 12:06 . 2013-07-02 02:53 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-06-21 12:06 . 2013-07-02 02:53 15144928 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-06-21 12:06 . 2013-07-02 02:53 1511712 ----a-w- c:\windows\system32\nvdispgenco6432049.dll
2013-06-21 12:06 . 2013-02-26 05:32 2597856 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-06-21 12:06 . 2013-02-26 05:32 12427240 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-06-21 12:06 . 2013-02-26 05:32 2936208 ----a-w- c:\windows\system32\nvapi64.dll
2013-06-21 10:23 . 2012-07-04 02:47 3514656 ----a-w- c:\windows\system32\nvsvc64.dll
2013-06-21 10:23 . 2012-07-04 02:47 6496544 ----a-w- c:\windows\system32\nvcpl.dll
2013-06-21 10:23 . 2012-07-04 02:47 884512 ----a-w- c:\windows\system32\nvvsvc.exe
2013-06-21 10:23 . 2012-07-04 02:47 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-06-21 10:23 . 2012-07-04 02:47 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-06-21 10:16 . 2013-06-21 10:16 566048 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-06-01 13:45 . 2012-07-17 19:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-13 05:51 . 2013-06-12 12:28 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 12:28 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 12:28 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 12:28 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 12:28 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 12:28 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 12:28 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 12:28 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 12:28 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 12:28 43008 ----a-w- c:\windows\SysWow64\certenc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2009-2-9 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe
S0 aswRvrt;aswRvrt;
S0 aswVmm;aswVmm;
S1 aswSnx;aswSnx;
S1 aswSP;aswSP;
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE
S2 aswFsBlk;aswFsBlk;
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys
S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-01 06:58 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-16 19:49]
.
2013-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-03 06:00]
.
2013-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-03 06:00]
.
2013-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2756764288-1278937953-4141701874-1000Core.job
- c:\users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-10 21:43]
.
2013-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2756764288-1278937953-4141701874-1000UA.job
- c:\users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-10 21:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 172032]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-11 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-11 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-11 363544]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-03 1028896]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-HPADVISOR - c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-10 18:33:24
ComboFix-quarantined-files.txt 2013-08-10 23:33
.
Pre-Run: 121,367,785,472 bytes free
Post-Run: 120,983,789,568 bytes free
.
- - End Of File - - 68D81F78057CEE2D217ACE2EDB6947DD
A36C5E4F47E84449FF07ED3517B43A31