ComboFix 13-04-29.01 - Lolita 04/30/2013  15:17:11.3.1 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1916.1103 [GMT -4:00]
Running from: c:\users\Lolita\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lolita\AppData\Roaming\DefaultTab\DefaultTab
c:\users\Lolita\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-28 to 2013-04-30  )))))))))))))))))))))))))))))))
.
.
2013-04-30 19:24 . 2013-04-30 19:24	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-30 19:24 . 2013-04-30 19:24	--------	d-----w-	c:\users\Lolita Parker\AppData\Local\temp
2013-04-30 19:24 . 2013-04-30 19:24	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2013-04-25 22:29 . 2013-04-25 22:29	--------	d-----w-	c:\users\Lolita\AppData\Roaming\AVG2013
2013-04-25 22:28 . 2013-04-26 00:42	--------	d-----w-	c:\programdata\AVG2013
2013-04-25 22:24 . 2013-04-25 23:44	--------	d-----w-	c:\users\Lolita\AppData\Local\Avg2013
2013-04-25 19:48 . 2013-04-26 00:35	--------	d-----w-	c:\programdata\Yahoo!
2013-04-25 19:48 . 2013-04-26 00:35	--------	d-----w-	c:\program files (x86)\Yahoo!
2013-04-25 18:57 . 2013-04-25 18:57	--------	d-----w-	c:\programdata\Malwarebytes
2013-04-25 17:26 . 2013-04-25 17:26	163504	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-24 18:23 . 2013-04-24 18:23	--------	d-----w-	C:\_OTL
2013-04-23 17:28 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-23 03:08 . 2013-04-24 07:17	--------	d-----w-	c:\program files (x86)\Inbox Toolbar
2013-04-22 19:25 . 2013-04-22 19:34	--------	d-----w-	c:\users\Lolita\AppData\Roaming\player
2013-04-22 19:24 . 2013-04-30 19:24	--------	d-----w-	c:\users\Lolita\AppData\Roaming\DefaultTab
2013-04-21 01:00 . 2013-04-21 01:00	--------	d-----w-	c:\users\Lolita\AppData\Roaming\TuneUp Software
2013-04-21 00:55 . 2013-04-21 00:55	--------	d-----w-	c:\users\Lolita\AppData\Local\MFAData
2013-04-21 00:36 . 2013-04-21 00:36	--------	d-----w-	c:\programdata\Uniblue
2013-04-21 00:27 . 2013-04-21 00:39	--------	d-----w-	c:\users\Lolita\AppData\Local\SwvUpdater
2013-04-21 00:26 . 2013-04-21 00:41	--------	d-----w-	c:\programdata\Tarma Installer
2013-04-21 00:18 . 2013-04-17 10:31	9317456	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0056893F-1F19-4FF6-8057-C562328F106F}\mpengine.dll
2013-04-21 00:12 . 2013-04-21 00:12	--------	d-----w-	c:\users\Lolita\AppData\Roaming\SimplyTech
2013-04-21 00:12 . 2013-03-19 10:41	16896	----a-w-	c:\windows\Launcher.exe
2013-04-21 00:12 . 2013-04-21 00:40	--------	d-----w-	c:\program files (x86)\Protected Search
2013-04-19 23:54 . 2013-04-19 23:54	--------	d-sh--w-	c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-04-19 21:41 . 2013-04-24 18:23	--------	d-----w-	c:\programdata\PC Utility Kit
2013-04-19 20:56 . 2013-04-20 00:17	--------	d-----w-	c:\users\Lolita\SyncFolder
2013-04-19 02:50 . 2013-04-19 22:15	--------	d-----w-	c:\program files (x86)\MyPC Backup
2013-04-19 02:50 . 2013-04-19 22:13	--------	d-----w-	c:\users\Lolita\AppData\Roaming\Systweak
2013-04-19 02:50 . 2013-02-28 20:27	20312	----a-w-	c:\windows\system32\roboot64.exe
2013-04-19 02:01 . 2013-04-19 02:01	--------	d-----w-	c:\users\Lolita\.smplayer
2013-04-19 01:30 . 2013-04-19 01:53	--------	d-----w-	c:\program files (x86)\AOL Toolbar
2013-04-19 01:29 . 2013-04-19 01:29	--------	d-----w-	c:\users\Lolita\AppData\Roaming\RealNetworks
2013-04-19 01:28 . 2013-04-19 01:28	--------	d-----w-	c:\programdata\RealNetworks
2013-04-15 01:47 . 2013-04-15 01:47	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-04-15 01:46 . 2013-04-15 01:46	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-15 01:39 . 2013-02-12 04:12	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-04-11 23:40 . 2013-03-01 03:36	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-04-11 23:39 . 2013-01-24 06:01	223752	----a-w-	c:\windows\system32\drivers\fvevol.sys
2013-04-11 23:39 . 2013-03-19 06:04	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-11 23:39 . 2013-03-19 05:04	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-04-11 23:39 . 2013-03-19 05:04	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-04-11 23:39 . 2013-03-19 05:46	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-04-11 23:39 . 2013-03-19 04:47	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-04-11 23:39 . 2013-03-19 03:06	112640	----a-w-	c:\windows\system32\smss.exe
2013-04-10 21:41 . 2013-04-10 21:41	--------	d-----w-	c:\program files\Microsoft Silverlight
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-12 02:30 . 2012-06-04 15:21	691592	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-12 02:30 . 2011-06-02 00:49	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-11 23:47 . 2010-08-13 23:09	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-04-11 14:22 . 2011-06-11 05:58	770384	----a-w-	c:\windows\SysWow64\msvcr100.dll
2013-04-11 14:22 . 2011-06-11 05:58	421200	----a-w-	c:\windows\SysWow64\msvcp100.dll
2013-03-12 05:10 . 2010-08-13 21:29	282744	------w-	c:\windows\system32\MpSigStub.exe
2013-02-12 05:45 . 2013-04-10 21:40	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-04-10 21:40	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-04-10 21:40	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 05:45 . 2013-04-10 21:40	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 04:48 . 2013-04-10 21:40	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-04-10 21:40	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2011-08-14 23:40 . 2011-08-14 22:17	33001712	----a-w-	c:\program files (x86)\Nuance PDF Reader.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}]
c:\users\Lolita\AppData\Local\DownloadTerms\temp.dat [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2010-07-05 333088]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"Family Tree Builder Update"="c:\program files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe" [2011-12-21 229376]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-03-09 1849856]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-01 232992]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-19 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - NisDrv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 02:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{25393362-FCFF-4744-B3EC-D70782CC531F}"= "c:\users\Lolita\AppData\Local\TNT2\Profiles\10369\passport64.dll" [BU]
.
[HKEY_CLASSES_ROOT\CLSID\{25393362-FCFF-4744-B3EC-D70782CC531F}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-18 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-18 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-18 410648]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://yahoo.com/?ilc=10&fr=ydwnld-home
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Lolita\AppData\Roaming\Mozilla\Firefox\Profiles\j8v586mm.default-1361841784927\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Vafmusic2 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - ExtSQL: 2013-03-19 20:02; daxip@kjvdvbop.org; c:\program files (x86)\Mozilla Firefox\extensions\daxip@kjvdvbop.org
FF - ExtSQL: 2013-04-18 21:53; {650EED71-89E2-453B-8DCF-2AA1B4AE6EF3}; c:\program files (x86)\Mozilla Firefox\extensions\{650EED71-89E2-453B-8DCF-2AA1B4AE6EF3}
FF - ExtSQL: 2013-04-19 20:00; {c72c0c73-4eb0-4fb3-af0f-074e97326cfd}; c:\users\Lolita\AppData\Roaming\Mozilla\Firefox\Profiles\j8v586mm.default-1361841784927\extensions\{c72c0c73-4eb0-4fb3-af0f-074e97326cfd}.xpi
FF - ExtSQL: 2013-04-25 15:48; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; c:\users\Lolita\AppData\Roaming\Mozilla\Firefox\Profiles\j8v586mm.default-1361841784927\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - ExtSQL: 1969-12-31 19:00; {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}; c:\users\Lolita\AppData\Roaming\Mozilla\Firefox\Profiles\j8v586mm.default-1361841784927\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
FF - ExtSQL: !HIDDEN! 2011-08-14 14:23; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: extensions.autoDisableScopes - 0 
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{04eb382a-4b48-4de7-a570-b0307b9b13c7} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-OtShot - c:\program files (x86)\OtShot\otshot.exe
SafeBoot-83414374.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-30  15:27:14
ComboFix-quarantined-files.txt  2013-04-30 19:27
ComboFix2.txt  2013-04-21 02:35
ComboFix3.txt  2013-04-20 22:04
.
Pre-Run: 187,742,093,312 bytes free
Post-Run: 187,685,146,624 bytes free
.
- - End Of File - - 58C1A4DB7E0A5122F186DEC786B397DE