how to remove Trojan Horse TDSS.BZ

i saved the adw files to my desktop

# AdwCleaner v2.306 - Logfile created 08/05/2013 at 20:14:10
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Max - MAXGAMING
# Boot Mode : Safe mode with networking
# Running from : D:\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko
Deleted on reboot : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdeikhckcedpnofpmfaakfhppidegbcp
Deleted on reboot : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Deleted on reboot : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjddgeceaihfihcecdgfdiepikfbflpn
Folder Deleted : C:\Program Files\PC Optimizer Pro
Folder Deleted : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem
Folder Deleted : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko
Folder Deleted : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdeikhckcedpnofpmfaakfhppidegbcp
Folder Deleted : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Folder Deleted : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjddgeceaihfihcecdgfdiepikfbflpn
Folder Deleted : C:\Users\Max\AppData\Local\Zoom_Downloader

***** [Registry] *****

Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~2\Datamngr\x64\mgrldr.dll
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko
Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdeikhckcedpnofpmfaakfhppidegbcp
Key Deleted : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pjddgeceaihfihcecdgfdiepikfbflpn
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{463B0ED4-8AFA-404B-90E7-4063A0708050}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{463B0ED4-8AFA-404B-90E7-4063A0708050}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\5355d98de16de417
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\5355d98de16de417
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{463B0ED4-8AFA-404B-90E7-4063A0708050}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bcjagnifjocnddgeknajocbkkhlgibem
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fdeikhckcedpnofpmfaakfhppidegbcp
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pjddgeceaihfihcecdgfdiepikfbflpn
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{463B0ED4-8AFA-404B-90E7-4063A0708050}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.72

File : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [8071 octets] - [05/08/2013 20:14:10]

########## EOF - C:\AdwCleaner[S1].txt - [8131 octets] ##########

Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

I'm unable to disable AVG free 2013 for some reason. I'm currently running in safe mode because for some reason, the options that the website you linked gives, aren't available. There is no AVG icon on the system tray, and when i open up AVG there is nothing that says "tools". I don't know what to do

ok, so I ran windows in normal mode to disable it from the system tray there, and when i did and ran combo fix, it still alerted me that avg was still running. I don't know what to do, but regardless, here's the log from combo fix.

ComboFix 13-08-05.03 - Max 08/05/2013 21:10:16.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8140.6279 [GMT -5:00]
Running from: c:\users\Max\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Max\AppData\Roaming\technic-launcher.jar
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\WanPacket.dll
c:\windows\SysWow64\wpcap.dll
D:\install.exe
D:\update.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-07-06 to 2013-08-06 )))))))))))))))))))))))))))))))
.
.
2013-08-06 02:13 . 2013-08-06 02:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-06 02:09 . 2013-08-06 02:09 16712 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2013-08-06 02:02 . 2013-08-06 02:02 -------- d-----w- c:\users\Max\AppData\Roaming\AVG2013
2013-08-06 02:01 . 2013-08-06 02:02 -------- d-----w- c:\programdata\AVG2013
2013-08-06 02:01 . 2013-08-06 02:01 -------- d-----w- C:\$AVG
2013-08-06 02:01 . 2013-08-06 02:03 -------- d-----w- c:\users\Max\AppData\Local\Avg2013
2013-08-06 01:22 . 2013-08-06 01:22 -------- d-----w- c:\users\Max\AppData\Roaming\Malwarebytes
2013-08-06 01:22 . 2013-08-06 01:22 -------- d-----w- c:\programdata\Malwarebytes
2013-08-06 01:22 . 2013-08-06 01:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-06 01:22 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-06 01:14 . 2013-08-06 01:14 524 ----a-w- c:\windows\DeleteOnReboot.bat
2013-08-06 01:09 . 2013-08-06 01:09 -------- d-----w- c:\windows\ERUNT
2013-08-05 23:51 . 2013-08-05 23:51 -------- d-----w- c:\program files (x86)\AVG
2013-08-05 23:46 . 2013-08-06 02:03 -------- d-----w- c:\programdata\MFAData
2013-08-05 23:46 . 2013-08-05 23:46 -------- d-----w- c:\users\Max\AppData\Local\MFAData
2013-07-20 06:51 . 2013-07-20 06:51 311608 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-07-20 06:50 . 2013-07-20 06:50 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-07-20 06:50 . 2013-07-20 06:50 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-07-20 06:50 . 2013-07-20 06:50 206648 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-07-17 13:47 . 2013-07-17 13:47 -------- d-----w- c:\windows\SysWow64\searchplugins
2013-07-17 13:47 . 2013-07-17 13:47 -------- d-----w- c:\windows\SysWow64\Extensions
2013-07-10 14:55 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-10 06:32 . 2013-07-10 06:32 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-01 06:45 . 2013-07-01 06:45 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-06-14 16:51 . 2013-03-13 22:38 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-14 16:51 . 2013-03-13 22:38 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-14 16:51 . 2013-05-14 23:50 9089416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-20 22:57 . 2013-05-20 22:57 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-20 22:57 . 2013-05-20 22:57 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-20 22:57 . 2013-05-20 22:57 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-20 22:57 . 2013-05-20 22:57 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-20 22:57 . 2013-05-20 22:57 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-20 22:57 . 2013-05-20 22:57 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-20 22:57 . 2013-05-20 22:57 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-20 22:57 . 2013-05-20 22:57 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-20 22:57 . 2013-05-20 22:57 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-20 22:57 . 2013-05-20 22:57 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-20 22:57 . 2013-05-20 22:57 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-20 22:57 . 2013-05-20 22:57 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-20 22:57 . 2013-05-20 22:57 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-20 22:57 . 2013-05-20 22:57 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-20 22:57 . 2013-05-20 22:57 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-20 22:57 . 2013-05-20 22:57 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-20 22:57 . 2013-05-20 22:57 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-20 22:57 . 2013-05-20 22:57 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-20 22:57 . 2013-05-20 22:57 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-20 22:57 . 2013-05-20 22:57 441856 ----a-w- c:\windows\system32\html.iec
2013-05-20 22:57 . 2013-05-20 22:57 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-20 22:57 . 2013-05-20 22:57 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-20 22:57 . 2013-05-20 22:57 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-20 22:57 . 2013-05-20 22:57 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-20 22:57 . 2013-05-20 22:57 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-20 22:57 . 2013-05-20 22:57 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-20 22:57 . 2013-05-20 22:57 235008 ----a-w- c:\windows\system32\url.dll
2013-05-20 22:57 . 2013-05-20 22:57 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-20 22:57 . 2013-05-20 22:57 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-20 22:57 . 2013-05-20 22:57 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-20 22:57 . 2013-05-20 22:57 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-20 22:57 . 2013-05-20 22:57 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-20 22:57 . 2013-05-20 22:57 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-20 22:57 . 2013-05-20 22:57 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-20 22:57 . 2013-05-20 22:57 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-20 22:57 . 2013-05-20 22:57 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-20 22:57 . 2013-05-20 22:57 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-20 22:57 . 2013-05-20 22:57 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-20 22:57 . 2013-05-20 22:57 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-20 22:57 . 2013-05-20 22:57 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-20 22:57 . 2013-05-20 22:57 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-20 22:57 . 2013-05-20 22:57 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-20 22:57 . 2013-05-20 22:57 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-20 22:57 . 2013-05-20 22:57 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-20 22:57 . 2013-05-20 22:57 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-20 22:57 . 2013-05-20 22:57 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-20 22:57 . 2013-05-20 22:57 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-20 22:57 . 2013-05-20 22:57 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-20 22:57 . 2013-05-20 22:57 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-20 22:56 . 2013-05-20 22:56 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-20 22:56 . 2013-05-20 22:56 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-20 22:56 . 2013-05-20 22:56 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-05-20 22:56 . 2013-05-20 22:56 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-05-20 22:56 . 2013-05-20 22:56 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-20 22:56 . 2013-05-20 22:56 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-20 22:56 . 2013-05-20 22:56 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-20 22:56 . 2013-05-20 22:56 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-20 22:56 . 2013-05-20 22:56 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-05-20 22:56 . 2013-05-20 22:56 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-05-20 22:56 . 2013-05-20 22:56 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-05-20 22:56 . 2013-05-20 22:56 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-20 22:56 . 2013-05-20 22:56 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-20 22:56 . 2013-05-20 22:56 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-05-20 22:56 . 2013-05-20 22:56 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-05-20 22:56 . 2013-05-20 22:56 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-05-20 22:56 . 2013-05-20 22:56 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-20 22:56 . 2013-05-20 22:56 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-20 22:56 . 2013-05-20 22:56 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-05-20 22:56 . 2013-05-20 22:56 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-05-20 22:56 . 2013-05-20 22:56 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-20 22:56 . 2013-05-20 22:56 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-20 22:56 . 2013-05-20 22:56 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-20 22:56 . 2013-05-20 22:56 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-20 22:56 . 2013-05-20 22:56 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-05-20 22:56 . 2013-05-20 22:56 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-05-20 22:56 . 2013-05-20 22:56 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-05-20 22:56 . 2013-05-20 22:56 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-05-20 22:56 . 2013-05-20 22:56 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-20 22:56 . 2013-05-20 22:56 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-20 22:56 . 2013-05-20 22:56 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-05-20 22:56 . 2013-05-20 22:56 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-05-20 22:56 . 2013-05-20 22:56 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-05-20 22:56 . 2013-05-20 22:56 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-05-20 22:56 . 2013-05-20 22:56 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-05-20 22:56 . 2013-05-20 22:56 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-05-20 22:56 . 2013-05-20 22:56 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-05-20 22:56 . 2013-05-20 22:56 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-05-20 22:56 . 2013-05-20 22:56 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-05-20 22:56 . 2013-05-20 22:56 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-05-20 22:56 . 2013-05-20 22:56 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-05-20 22:56 . 2013-05-20 22:56 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-05-20 22:56 . 2013-05-20 22:56 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-05-20 22:56 . 2013-05-20 22:56 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-05-20 22:56 . 2013-05-20 22:56 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-05-20 22:56 . 2013-05-20 22:56 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-20 22:56 . 2013-05-20 22:56 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EADM"="d:\programs\Origin\Origin.exe" [2013-08-06 3549528]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-03-29 1631144]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-07-01 4411440]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe -minimize [2013-7-17 526336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2011-02-24 20:33 79368 ----a-w- c:\windows\System32\UmxWNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 59330186;59330186; [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE2500w764.sys;c:\windows\SYSNATIVE\DRIVERS\AE2500w764.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 XFDriver64;XFDriver64;c:\program files\Xfire2\XFDriver64.sys;c:\program files\Xfire2\XFDriver64.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 KmxAMRT;KmxAMRT;c:\windows\system32\DRIVERS\KmxAMRT.sys;c:\windows\SYSNATIVE\DRIVERS\KmxAMRT.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys;c:\windows\SYSNATIVE\DRIVERS\kmxagent.sys [x]
S1 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys;c:\windows\SYSNATIVE\DRIVERS\kmxcfg.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 CAAMSvc;CAAMSvc;c:\program files\Total Defense\Internet Security Suite\Anti-Virus Plus\caamsvc.exe;c:\program files\Total Defense\Internet Security Suite\Anti-Virus Plus\caamsvc.exe [x]
S2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\Total Defense\Internet Security Suite\ccschedulersvc.exe;c:\program files\Total Defense\Internet Security Suite\ccschedulersvc.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S2 UmxEngine;TM Engine;c:\program files\CA\SharedComponents\TMEngine\UmxEngine.exe;c:\program files\CA\SharedComponents\TMEngine\UmxEngine.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AVGIDSDRIVER
*NewlyCreated* - AVGIDSHA
*NewlyCreated* - AVGLDX64
*NewlyCreated* - AVGLOGA
*NewlyCreated* - AVGMFX64
*NewlyCreated* - AVGRKX64
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-15 00:41 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-13 16:51]
.
2013-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-16 18:51]
.
2013-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-16 18:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-06-11 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-06-11 2413128]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-06-11 4725320]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"cctray"="c:\program files\Total Defense\Internet Security Suite\casc.exe" [2013-01-15 2711120]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://proxy.allsearchapp.com/app/start/
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.1 68.238.96.12
TCP: Interfaces\{F856075B-94D1-4C86-B106-DFC0039701B0}: NameServer = 192.168.1.1,68.238.96.12
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKU-Default-Run-SearchProtect - \SearchProtect\bin\cltmng.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-05 21:15:27
ComboFix-quarantined-files.txt 2013-08-06 02:15
.
Pre-Run: 21,274,050,560 bytes free
Post-Run: 23,515,033,600 bytes free
.
- - End Of File - - 7C840965A7F1EED2E743B34F7CAFA979
A36C5E4F47E84449FF07ED3517B43A31

It's ok that I'm doing all of this in safe-mode with networking, right?

RogueKiller V8.6.5 [Aug 5 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Max [Admin rights]
Mode : Scan -- Date : 08/06/2013 18:15:00
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[DNS] HKLM\[...]\CCSet\[...]\{F856075B-94D1-4C86-B106-DFC0039701B0} : NameServer (192.168.1.1,68.238.96.12) -> FOUND
[DNS] HKLM\[...]\CS001\[...]\{F856075B-94D1-4C86-B106-DFC0039701B0} : NameServer (192.168.1.1,68.238.96.12) -> FOUND
[DNS] HKLM\[...]\CS002\[...]\{F856075B-94D1-4C86-B106-DFC0039701B0} : NameServer (192.168.1.1,68.238.96.12) -> FOUND
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SSD 830 Series ATA Device +++++
--- User ---
[MBR] aa0c419abef263b3bc7a6166d1d2c199
[BSP] 73effaae82a2c8976fc576362239f84d : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 122102 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG SSD 830 Series ATA Device +++++
--- User ---
[MBR] 01956ae54042fe5e39928904d787d299
[BSP] 05d1d65258ebdd25fe0d7b64d83e3820 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476837 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_08062013_181500.txt >>


Sorry it took me so long, i was a bit busy. Reports from "Rouge Killer". Also, should i delete the things that it found?

It's ok that I'm doing all of this in safe-mode with networking, right?.

Why can't you run them in Normal Mode?
Please run RogueKiller again and delete those items.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.

• Leave the check mark next to Remove found threats.
  

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

When I run my computer in normal mode, everything stops responding and I have to reboot.

To Run the SFC /SCANNOW Command in Windows 7
1. Open an elevated command prompt.

2. To Scan and Repair System Files
NOTE: Scans the integrity of all protected system files and repairs the system files if needed.
A) In the elevated command prompt, type sfc /scannow and press Enter. (see screenshot below)
NOTE: This may take some time to finish.



B) Go to step 4.

3. To Only Verify if the System Files are Corrupted
NOTE: Scans and only verifies the integrity of all proteced system files only.
A) In the elevated command prompt, type sfc /verifyonly and press Enter.

4. When the scan is complete, hopefully you will see all is ok like the screenshot below.
NOTE: If not, then you can attempt to run a System Restore using a restore point dated before the bad file occured to fix it. You may need to repeat doing a System Restore until you find a older restore point that may work.



5. When done, close the elevated command prompt.

Is this to make it so I can run these things in normal mode without crashing? ^

D3cimating Taco wrote:

Is this to make it so I can run these things in normal mode without crashing? ^

This is to check if there are any corrupted files in your OS.

here's the second scan of rogue killer, nothing opened, so I clicked report to get the report.

RogueKiller V8.6.5 [Aug 5 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Max [Admin rights]
Mode : Remove -- Date : 08/15/2013 17:00:39
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SSD 830 Series ATA Device +++++
--- User ---
[MBR] aa0c419abef263b3bc7a6166d1d2c199
[BSP] 73effaae82a2c8976fc576362239f84d : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 122102 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG SSD 830 Series ATA Device +++++
--- User ---
[MBR] 01956ae54042fe5e39928904d787d299
[BSP] 05d1d65258ebdd25fe0d7b64d83e3820 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476837 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_08152013_170039.txt >>
RKreport[0]_D_08062013_182938.txt;RKreport[0]_S_08062013_181500.txt;RKreport[0]_S_08152013_170024.txt

Here's the eset scan, I had to retrieve it manually from the c drive. This is the only thing titled "log" in the eset folder.

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a5bf78d43dbe574cb93344f8be7e586a
# engine=14788
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-15 10:11:35
# local_time=2013-08-15 05:11:35 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1043 16777214 100 76 0 34475195 0 0
# compatibility_mode=5893 16776574 100 94 2210926 128148145 0 0
# scanned=38226
# found=0
# cleaned=0
# scan_time=348
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a5bf78d43dbe574cb93344f8be7e586a
# engine=14788
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-15 10:26:49
# local_time=2013-08-15 05:26:49 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1043 16777214 100 76 0 34476109 0 0
# compatibility_mode=5893 16776574 100 94 2211840 128149059 0 0
# scanned=125116
# found=0
# cleaned=0
# scan_time=857

How's your computer running now? Any other issues before we clean up?

Hey, sorry that I'm on a different account, I'm the friend of d3cimating taco who's been posting for him on his account if that makes sense. Anyway, after 10-15 minutes of being on, windows stops responding.

NinjaSliced wrote:

Hey, sorry that I'm on a different account, I'm the friend of d3cimating taco who's been posting for him on his account if that makes sense. Anyway, after 10-15 minutes of being on, windows stops responding.

What does it do? Does it give any warning messages? Does it shut down your computer?

The computer used to say the program is unresponsive (microsoft windows) would u like to terminate process? And then it didnt let me click either option. But now it just becomes unresponsive without a warning and your mouse is the little circle that symbols it is loading, then eventually it just stops and is a faded part of my desktop background, so then i just have to press the power button. It's gotten to the point where i just want to restpre windows at a shop now.

It's gotten to the point where i just want to restpre windows at a shop now..

That could be your best option. It could be any number of things causing this problem; bad hard drive, bad RAM, overheating etc.Save your important data to DVD's or an external drive. Since you have Windows 7 you can try doing a repair from the Recovery Console. If that doesn't help, you can restore it back to the factory defaults.
Or you could try this:

That could be a problem with bad RAM. Please run this check just to eliminate that possibility.
Test your RAM here.
******************************************************
Run hard drive diagnostics: tacktech.com
Make sure, you select tool, which is appropriate for the brand of your hard drive.
Depending on the program, it'll create bootable floppy, or bootable CD.
If downloaded file is of .iso type, use ImgBurn: imgburn to burn .iso file to a CD (select "Write image file to disc" option), and make the CD bootable.
For Toshiba hard drives, see here:

Note : If you do not know how to set your computer to boot from CD follow the steps here
********************************************
To check if it's overheating you can download and install a program like SpeedFan.

Download Windows Repair (all in one) from this site
Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:



Go to Step 4 and under "System Restore" click on Create button:



Go to Start Repairs tab and click Start button.



Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):



Click on box next to the Restart System when Finished. Then click on Start.

I reinstalled windows 7 and it works perfectly now. Just out of curiosity, do you know what the problem might've been?

It looks like it may have been a corrupted file in the OS.

Weird, but back when we ran that test in cmd, I don't think it found anything. Anyway thanks a lot dave