TechSpot

Looks clean, but just to make sure...

By Zalemam
Feb 13, 2012
  1. Internet has been running kinda slowly, although I have a high speed wired connection.

    here are my logs:

    MBAM

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.13.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    zooz :: ZOOZ-PC [administrator]

    Protection: Enabled

    2/13/2012 5:58:59 PM
    mbam-log-2012-02-13 (17-58-59).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 190361
    Time elapsed: 1 minute(s), 17 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    GMER


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-02-13 18:14:11
    Windows 6.1.7601 Service Pack 1
    Running: u3xnziqn.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026832bd4f5
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026832bd4f5@d0c1b12b852c 0xEE 0x9D 0x68 0xC0 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026832bd4f5 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026832bd4f5@d0c1b12b852c 0xEE 0x9D 0x68 0xC0 ...

    ---- EOF - GMER 1.0.15 ----

    DDS.txt

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
    Run by zooz at 18:27:02 on 2012-02-13
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8167.5828 [GMT -5:00]
    .
    AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    E:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    E:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    C:\Windows\system32\IProsetMonitor.exe
    E:\Program Files\OO Software\Defrag\oodag.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    E:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    E:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
    E:\Program Files (x86)\RocketDock\RocketDock.exe
    C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
    C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
    C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
    C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
    C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe
    C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
    C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Windows\system32\sppsvc.exe
    e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Users\zooz\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\zooz\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\zooz\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\zooz\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\zooz\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\zooz\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\splwow64.exe
    C:\Users\zooz\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
    mWinlogon: Userinit=userinit.exe
    BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - E:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - E:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - C:\Program Files (x86)\WOT\WOT.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - C:\Program Files (x86)\WOT\WOT.dll
    uRun: [Google Update] "C:\Users\zooz\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [RocketDock] "E:\Program Files (x86)\RocketDock\RocketDock.exe"
    uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
    uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
    mRun: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
    mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [GrooveMonitor] "E:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    mRun: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Malwarebytes' Anti-Malware] "e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce: [Malwarebytes Anti-Malware] e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Download all links with IDM - E:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - E:\Program Files (x86)\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - E:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - E:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - E:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - E:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{04803B5E-6FC4-49C0-A3FC-C1ED62B815E0} : DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{479436C2-7350-4400-AE8D-70A6F58AE6A9} : DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{762C29BC-843D-461A-819A-A96B8DCC6339} : DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{7C8C1308-8DD8-4665-B11D-949B0DA2B358} : DhcpNameServer = 209.18.47.61 209.18.47.62
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
    BHO-X64: IDM Helper - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - E:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    BHO-X64: IESpeakDoc - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
    mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun-x64: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
    mRun-x64: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
    mRun-x64: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [GrooveMonitor] "E:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    mRun-x64: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [Malwarebytes' Anti-Malware] "e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce-x64: [Malwarebytes Anti-Malware] e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    Hosts: 74.208.10.249 gs.apple.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\zooz\AppData\Roaming\Mozilla\Firefox\Profiles\83380n4b.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Users\zooz\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - plugin: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    FF - plugin: E:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: E:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AiChargerPlus;ASUS Charger Plus Driver;C:\Windows\system32\DRIVERS\AiChargerPlus.sys --> C:\Windows\system32\DRIVERS\AiChargerPlus.sys [?]
    R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
    R0 mvs91xx;mvs91xx;C:\Windows\system32\DRIVERS\mvs91xx.sys --> C:\Windows\system32\DRIVERS\mvs91xx.sys [?]
    R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 AtherosSvc;AtherosSvc;E:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]
    R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
    R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
    R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
    R2 ekrn;ESET Service;E:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-6-24 810144]
    R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-13 13592]
    R2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
    R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
    R2 MBAMService;MBAMService;E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-13 652360]
    R2 OODefragAgent;O&O Defrag;E:\Program Files\OO Software\Defrag\oodag.exe [2010-6-21 2532680]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-10-27 922240]
    R3 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-1 915584]
    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
    R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
    R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
    R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
    R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
    R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys --> C:\Windows\system32\DRIVERS\ICCWDT.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]
    S3 athrusb;Belkin Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrxusb.sys --> C:\Windows\system32\DRIVERS\athrxusb.sys [?]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
    S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
    S3 SaiH0BAC;SaiH0BAC;C:\Windows\system32\DRIVERS\SaiH0BAC.sys --> C:\Windows\system32\DRIVERS\SaiH0BAC.sys [?]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-9-25 586880]
    .
    =============== Created Last 30 ================
    .
    2012-02-13 22:58:18 -------- d-----w- C:\Users\zooz\AppData\Roaming\Malwarebytes
    2012-02-13 22:58:13 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-02-13 22:58:13 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-02-07 19:37:20 -------- d-----w- C:\Users\zooz\AppData\Local\Skyrim
    2012-02-07 04:44:08 -------- d-----w- C:\Users\zooz\AppData\Local\Mumble
    2012-02-07 02:07:42 -------- d-----w- C:\Users\zooz\AppData\Roaming\Mumble
    2012-01-30 21:17:58 -------- d-----w- C:\Program Files (x86)\AMD APP
    2012-01-30 21:06:23 -------- d-----w- C:\AMD
    2012-01-27 14:39:24 -------- d-----w- C:\Program Files\iTunes
    2012-01-27 14:39:24 -------- d-----w- C:\Program Files\iPod
    .
    ==================== Find3M ====================
    .
    2012-01-09 22:52:48 683801 ----a-w- C:\Windows\unins000.exe
    2012-01-08 22:17:38 5187904 ----a-w- C:\Windows\PE_Rom.dll
    2012-01-08 22:16:27 5253280 ----a-w- C:\Windows\PE_File.dll
    2012-01-06 00:24:12 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-12-08 04:45:34 281656 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2011-12-08 04:45:34 281656 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2011-12-07 18:20:08 281656 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2011-12-07 18:16:24 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2011-12-06 03:45:40 10720256 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2011-12-06 03:18:38 25371136 ----a-w- C:\Windows\System32\atio6axx.dll
    2011-12-06 03:17:50 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
    2011-12-06 03:17:36 778752 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2011-12-06 03:16:00 933888 ----a-w- C:\Windows\System32\aticfx64.dll
    2011-12-06 03:12:52 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2011-12-06 03:12:36 494080 ----a-w- C:\Windows\System32\atieclxx.exe
    2011-12-06 03:11:56 235520 ----a-w- C:\Windows\System32\atiesrxx.exe
    2011-12-06 03:10:38 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2011-12-06 03:10:20 423424 ----a-w- C:\Windows\System32\atipdl64.dll
    2011-12-06 03:10:12 360448 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
    2011-12-06 03:10:00 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
    2011-12-06 03:09:56 21504 ----a-w- C:\Windows\System32\atimuixx.dll
    2011-12-06 03:09:50 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2011-12-06 03:09:44 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2011-12-06 03:06:38 6159872 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2011-12-06 03:04:06 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll
    2011-12-06 03:04:00 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
    2011-12-06 03:03:54 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
    2011-12-06 03:03:52 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2011-12-06 03:03:42 17580544 ----a-w- C:\Windows\System32\amdocl64.dll
    2011-12-06 03:03:04 14499328 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2011-12-06 02:56:40 19125760 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2011-12-06 02:51:22 7520768 ----a-w- C:\Windows\System32\atidxx64.dll
    2011-12-06 02:39:58 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
    2011-12-06 02:39:24 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
    2011-12-06 02:39:12 4072960 ----a-w- C:\Windows\System32\atiumd6a.dll
    2011-12-06 02:34:28 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2011-12-06 02:34:24 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2011-12-06 02:34:16 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2011-12-06 02:34:14 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2011-12-06 02:34:00 13738496 ----a-w- C:\Windows\System32\aticaldd64.dll
    2011-12-06 02:33:36 5919232 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2011-12-06 02:29:30 11484672 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2011-12-06 02:28:50 4206592 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2011-12-06 02:24:02 7511040 ----a-w- C:\Windows\System32\atiumd64.dll
    2011-12-06 02:18:46 58880 ----a-w- C:\Windows\System32\coinst.dll
    2011-12-06 02:13:02 509952 ----a-w- C:\Windows\System32\atiadlxx.dll
    2011-12-06 02:12:52 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2011-12-06 02:12:38 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
    2011-12-06 02:12:34 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2011-12-06 02:12:34 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
    2011-12-06 02:12:30 39936 ----a-w- C:\Windows\System32\atig6txx.dll
    2011-12-06 02:12:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2011-12-06 02:12:14 327168 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2011-12-06 02:11:24 42496 ----a-w- C:\Windows\System32\atiuxp64.dll
    2011-12-06 02:11:16 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2011-12-06 02:11:10 39936 ----a-w- C:\Windows\System32\atiu9p64.dll
    2011-12-06 02:11:02 29696 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2011-12-06 02:10:48 54784 ----a-w- C:\Windows\System32\atimpc64.dll
    2011-12-06 02:10:48 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
    2011-12-06 02:10:42 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2011-12-06 02:10:42 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2011-12-06 02:10:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2011-11-29 21:39:02 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
    2011-11-29 21:38:18 90112 ----a-w- C:\Windows\MAMCityDownload.ocx
    2011-11-29 21:38:18 325552 ----a-w- C:\Windows\MASetupCaller.dll
    2011-11-29 21:38:18 30568 ----a-w- C:\Windows\MusiccityDownload.exe
    2011-11-29 21:38:04 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll
    2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
    2011-11-19 14:58:00 77312 ----a-w- C:\Windows\System32\packager.dll
    2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
    2011-11-17 06:41:18 1731920 ----a-w- C:\Windows\System32\ntdll.dll
    2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
    2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
    2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
    2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
    2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
    2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
    2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
    2011-11-17 05:38:39 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
    2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
    2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    .
    ============= FINISH: 18:27:15.00 ===============

    Attachment.txt


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/25/2011 8:07:48 PM
    System Uptime: 2/13/2012 4:57:29 PM (2 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P8Z68-V PRO
    Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz | LGA1155 | 3301/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 56 GiB total, 28.27 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 932 GiB total, 734.435 GiB free.
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is FIXED (NTFS) - 0 GiB total, 0.07 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    ACARS
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.2)
    Adobe Shockwave Player 11.6
    AI Suite II
    Android SDK Tools
    Apple Application Support
    Apple Software Update
    Application Profiles
    Asmedia ASM104x USB 3.0 Host Controller Driver
    Bandisoft MPEG-1 Decoder
    Belkin Wireless USB Utility
    Blur
    Borderlands
    Browser Configuration Utility
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Citrix online plug-in - web
    Citrix online plug-in (DV)
    Citrix online plug-in (HDX)
    Citrix online plug-in (USB)
    Citrix online plug-in (Web)
    Counter-Strike: Source
    CRJ 700 V1.2
    D3DX10
    DC Universe Online
    Dev-C++ 5 beta 9 release (4.9.9.2)
    Dolby Axon - 1.4.0.1
    FeelThere ERJ v.2 SP2
    FileZilla Client 3.5.1
    FitDay PC version 2.0
    Fraps (remove only)
    FS Recorder 2.1 beta 3 for FSX
    FSFDT FSCopilot
    FSFDT FSInn
    FSX Scenery ISTANBUL ATATURK AIRPORT (LTBA)
    GameRanger
    Garry's Mod
    Google Chrome
    Ground Environment X USA-Canada
    Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Intel® Watchdog Timer Driver (Intel® WDT)
    Internet Download Manager
    Java Auto Updater
    Java(TM) 6 Update 29
    JMicron JMB36X Driver
    Junk Mail filter update
    Level-D 767-300 for FSX
    LIMBO
    Malwarebytes Anti-Malware version 1.60.1.1000
    marvell 91xx driver
    Metro 2033
    Microsoft File Transfer Manager
    Microsoft Flight
    Microsoft Flight Simulator X
    Microsoft Flight Simulator X Service Pack 1
    Microsoft Flight Simulator X Service Pack 2
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server Compact 3.5 SP1 English
    Microsoft Tool Web Package : EXCTRLST.EXE
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft XNA Framework Redistributable 4.0
    Mozilla Firefox 9.0.1 (x86 en-US)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Mumble 1.2.3
    MyFreeCodec
    MyITLab ActiveX Installer 2, 9, 8, 65535
    Napoleon: Total War
    NVIDIA PhysX
    Pando Media Booster
    Plan-G
    PMDG 737 8900 NGX
    PMDG 747-400/400F for FSX
    Portal
    Portal 2
    PSUCalc
    PunkBuster Services
    QuickTime
    Real Environment Xtreme
    Real Environment Xtreme - Overdrive
    Realtek High Definition Audio Driver
    RocketDock 1.3.5
    Samsung Kies
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Skype™ 5.5
    Star Wars: The Old Republic
    Steam
    Team Fortress 2
    TeamSpeak 3 Client
    Terraria
    The Elder Scrolls V: Skyrim
    Trine 2
    Trine 2 Beta
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    UVA FSX Bombardier CRJ-700
    vasFMC 1.10
    VAT-Spy
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/13/2012 5:02:11 PM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    2/13/2012 4:54:59 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.110. The computer with the IP address 192.168.1.104 did not allow the name to be claimed by this computer.
    .
    ==== End Of File ===========================



    Thank You
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot!
    You are probably aware that there a many reasons for 'slow'. You have a lot of processes running!

    Questions:
    1. Is this legal? > Hosts: 74.208.10.249 gs.apple.com
    Bypassing Apple's Signature Server (iPhone/iPod/iTunes?)

    2. No restore point in system?.> Dangerous way to travel.

    3. You might want to read up on this: >C:\Windows\splwow64.exe
    http://social.technet.microsoft.com...v/thread/35b5561b-3de8-4e38-99bc-de1b22254a54
    ====================================
    There is a suspicious entry that we need to look into further:
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Expect these- they are normal:
    1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
    2. Before you run the Combofix scan, please disable any security software you have running.
    3. Combofix may need to reboot your computer more than once to do its job this is normal.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    =====================================
    You're going to need to disable Nod32 on your system to run the online scan:
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    =========================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.

    If I haven't replied back to you within 48 hours, you can send a PM with your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
    Threads are closed after 5 days if there is no reply.

    Please leave the 2 logs in your next reply.
     
  3. Zalemam

    Zalemam TS Rookie Topic Starter Posts: 43

    1. Used to fix a problem with restoring an old iphone
    2. How do I fix that?
    3. I have no clue what that is, and how it serves me.

    -----------

    Eset Online Scanner did not detect anything, so no log was compiled.

    Combo fix log:


    ComboFix 12-02-13.01 - zooz 02/13/2012 22:04:27.1.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8167.6247 [GMT -5:00]
    Running from: c:\users\zooz\Desktop\ComboFix.exe
    AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\SysWow64\muzapp.exe
    c:\windows\SysWow64\system32
    c:\windows\SysWow64\system32\3DAudio.ax
    c:\windows\SysWow64\system32\avrt.dll
    c:\windows\SysWow64\system32\cis-2.4.dll
    c:\windows\SysWow64\system32\issacapi_bs-2.3.dll
    c:\windows\SysWow64\system32\issacapi_pe-2.3.dll
    c:\windows\SysWow64\system32\issacapi_se-2.3.dll
    c:\windows\SysWow64\system32\MACXMLProto.dll
    c:\windows\SysWow64\system32\MaDRM.dll
    c:\windows\SysWow64\system32\MaJGUILib.dll
    c:\windows\SysWow64\system32\MAMACExtract.dll
    c:\windows\SysWow64\system32\MASetupCleaner.exe
    c:\windows\SysWow64\system32\MaXMLProto.dll
    c:\windows\SysWow64\system32\mfplat.dll
    c:\windows\SysWow64\system32\MK_Lyric.dll
    c:\windows\SysWow64\system32\MSCLib.dll
    c:\windows\SysWow64\system32\MSFLib.dll
    c:\windows\SysWow64\system32\MSLUR71.dll
    c:\windows\SysWow64\system32\msvcp60.dll
    c:\windows\SysWow64\system32\MTTELECHIP.dll
    c:\windows\SysWow64\system32\MTXSYNCICON.dll
    c:\windows\SysWow64\system32\muzaf1.dll
    c:\windows\SysWow64\system32\muzapp.dll
    c:\windows\SysWow64\system32\muzapp.exe
    c:\windows\SysWow64\system32\muzdecode.ax
    c:\windows\SysWow64\system32\muzeffect.ax
    c:\windows\SysWow64\system32\muzmp4sp.ax
    c:\windows\SysWow64\system32\muzmpgsp.ax
    c:\windows\SysWow64\system32\muzoggsp.ax
    c:\windows\SysWow64\system32\muzwmts.dll
    c:\windows\SysWow64\system32\psapi.dll
    E:\install.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-14 to 2012-02-14 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-13 22:58 . 2012-02-13 22:58 -------- d-----w- c:\users\zooz\AppData\Roaming\Malwarebytes
    2012-02-13 22:58 . 2012-02-13 22:58 -------- d-----w- c:\programdata\Malwarebytes
    2012-02-13 22:58 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-07 19:37 . 2012-02-08 00:21 -------- d-----w- c:\users\zooz\AppData\Local\Skyrim
    2012-02-07 04:44 . 2012-02-07 04:44 -------- d-----w- c:\users\zooz\AppData\Local\Mumble
    2012-02-07 02:07 . 2012-02-13 00:13 -------- d-----w- c:\users\zooz\AppData\Roaming\Mumble
    2012-01-30 21:18 . 2012-01-30 21:18 -------- d-----w- c:\programdata\ATI
    2012-01-30 21:17 . 2012-01-30 21:17 -------- d-----w- c:\program files (x86)\AMD APP
    2012-01-30 21:06 . 2012-01-30 21:06 -------- d-----w- C:\AMD
    2012-01-27 14:39 . 2012-01-27 14:40 -------- d-----w- c:\program files\iTunes
    2012-01-27 14:39 . 2012-01-27 14:39 -------- d-----w- c:\program files\iPod
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-10 01:08 . 2012-01-10 01:08 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-01-09 22:52 . 2012-01-09 22:52 683801 ----a-w- c:\windows\unins000.exe
    2012-01-08 22:17 . 2011-09-26 01:48 5187904 ----a-w- c:\windows\PE_Rom.dll
    2012-01-08 22:16 . 2011-09-26 01:49 5253280 ----a-w- c:\windows\PE_File.dll
    2012-01-06 00:24 . 2011-09-26 03:22 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-12-08 04:45 . 2011-12-07 18:20 281656 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2011-12-08 04:45 . 2011-12-07 18:16 281656 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2011-12-07 18:20 . 2011-12-07 18:16 281656 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2011-12-07 18:16 . 2011-12-07 18:16 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2011-12-06 03:45 . 2011-12-06 03:45 10720256 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2011-12-06 03:18 . 2011-12-06 03:18 25371136 ----a-w- c:\windows\system32\atio6axx.dll
    2011-12-06 03:17 . 2011-12-06 03:17 159744 ----a-w- c:\windows\system32\atiapfxx.exe
    2011-12-06 03:17 . 2011-07-28 21:40 778752 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2011-12-06 03:16 . 2011-07-28 21:39 933888 ----a-w- c:\windows\system32\aticfx64.dll
    2011-12-06 03:12 . 2011-12-06 03:12 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2011-12-06 03:12 . 2011-12-06 03:12 494080 ----a-w- c:\windows\system32\atieclxx.exe
    2011-12-06 03:11 . 2011-12-06 03:11 235520 ----a-w- c:\windows\system32\atiesrxx.exe
    2011-12-06 03:10 . 2011-12-06 03:10 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2011-12-06 03:10 . 2011-12-06 03:10 423424 ----a-w- c:\windows\system32\atipdl64.dll
    2011-12-06 03:10 . 2011-12-06 03:10 360448 ----a-w- c:\windows\SysWow64\atipdlxx.dll
    2011-12-06 03:10 . 2011-12-06 03:10 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
    2011-12-06 03:09 . 2011-12-06 03:09 21504 ----a-w- c:\windows\system32\atimuixx.dll
    2011-12-06 03:09 . 2011-12-06 03:09 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2011-12-06 03:09 . 2011-12-06 03:09 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2011-12-06 03:06 . 2011-12-06 03:06 6159872 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2011-12-06 03:04 . 2011-12-06 03:04 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
    2011-12-06 03:04 . 2011-12-06 03:04 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
    2011-12-06 03:03 . 2011-12-06 03:03 61952 ----a-w- c:\windows\system32\OVDecode64.dll
    2011-12-06 03:03 . 2011-12-06 03:03 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2011-12-06 03:03 . 2011-12-06 03:03 17580544 ----a-w- c:\windows\system32\amdocl64.dll
    2011-12-06 03:03 . 2011-12-06 03:03 14499328 ----a-w- c:\windows\SysWow64\amdocl.dll
    2011-12-06 02:56 . 2011-12-06 02:56 19125760 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2011-12-06 02:51 . 2009-07-13 21:59 7520768 ----a-w- c:\windows\system32\atidxx64.dll
    2011-12-06 02:39 . 2011-12-06 02:39 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
    2011-12-06 02:39 . 2011-12-06 02:39 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
    2011-12-06 02:39 . 2011-12-06 02:39 4072960 ----a-w- c:\windows\system32\atiumd6a.dll
    2011-12-06 02:34 . 2011-12-06 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2011-12-06 02:34 . 2011-12-06 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2011-12-06 02:34 . 2011-12-06 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2011-12-06 02:34 . 2011-12-06 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2011-12-06 02:34 . 2011-12-06 02:34 13738496 ----a-w- c:\windows\system32\aticaldd64.dll
    2011-12-06 02:33 . 2011-07-28 21:09 5919232 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2011-12-06 02:29 . 2011-12-06 02:29 11484672 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2011-12-06 02:28 . 2011-07-28 21:03 4206592 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2011-12-06 02:24 . 2011-12-06 02:24 7511040 ----a-w- c:\windows\system32\atiumd64.dll
    2011-12-06 02:18 . 2011-07-28 21:01 58880 ----a-w- c:\windows\system32\coinst.dll
    2011-12-06 02:13 . 2011-12-06 02:13 509952 ----a-w- c:\windows\system32\atiadlxx.dll
    2011-12-06 02:12 . 2011-12-06 02:12 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2011-12-06 02:12 . 2011-12-06 02:12 17408 ----a-w- c:\windows\system32\atig6pxx.dll
    2011-12-06 02:12 . 2011-12-06 02:12 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2011-12-06 02:12 . 2011-12-06 02:12 14336 ----a-w- c:\windows\system32\atiglpxx.dll
    2011-12-06 02:12 . 2011-12-06 02:12 39936 ----a-w- c:\windows\system32\atig6txx.dll
    2011-12-06 02:12 . 2011-12-06 02:12 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2011-12-06 02:12 . 2011-12-06 02:12 327168 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2011-12-06 02:11 . 2011-07-28 20:53 42496 ----a-w- c:\windows\system32\atiuxp64.dll
    2011-12-06 02:11 . 2011-12-06 02:11 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2011-12-06 02:11 . 2011-12-06 02:11 39936 ----a-w- c:\windows\system32\atiu9p64.dll
    2011-12-06 02:11 . 2011-07-28 20:53 29696 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2011-12-06 02:10 . 2011-12-06 02:10 54784 ----a-w- c:\windows\system32\atimpc64.dll
    2011-12-06 02:10 . 2011-12-06 02:10 54784 ----a-w- c:\windows\system32\amdpcom64.dll
    2011-12-06 02:10 . 2011-12-06 02:10 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2011-12-06 02:10 . 2011-12-06 02:10 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    2011-12-06 02:10 . 2011-12-06 02:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2011-11-29 21:39 . 2011-10-24 01:02 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
    2011-11-29 21:38 . 2011-11-29 21:38 90112 ----a-w- c:\windows\MAMCityDownload.ocx
    2011-11-29 21:38 . 2011-11-29 21:38 325552 ----a-w- c:\windows\MASetupCaller.dll
    2011-11-29 21:38 . 2011-11-29 21:38 30568 ----a-w- c:\windows\MusiccityDownload.exe
    2011-11-29 21:38 . 2012-01-02 06:13 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
    2011-11-24 04:52 . 2011-12-13 18:43 3145216 ----a-w- c:\windows\system32\win32k.sys
    2011-11-19 14:58 . 2012-01-11 06:12 77312 ----a-w- c:\windows\system32\packager.dll
    2011-11-19 14:01 . 2012-01-11 06:12 67072 ----a-w- c:\windows\SysWow64\packager.dll
    2011-11-17 06:41 . 2012-01-11 06:12 1731920 ----a-w- c:\windows\system32\ntdll.dll
    2011-11-17 05:38 . 2012-01-11 06:12 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBit0.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
    2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\BitTorrentBar\prxtbBit0.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBit0.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RocketDock"="e:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-11-09 3077528]
    "KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-12-27 937360]
    "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-27 21392]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
    "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
    "ASUS ShellProcess Execute"="c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2010-11-25 252544]
    "ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "GrooveMonitor"="e:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-12-27 3508624]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
    "iTunesHelper"="e:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-06 343168]
    "Malwarebytes' Anti-Malware"="e:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "Malwarebytes Anti-Malware"="e:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
    R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
    R3 athrusb;Belkin Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [x]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
    R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 SaiH0BAC;SaiH0BAC;c:\windows\system32\DRIVERS\SaiH0BAC.sys [x]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
    S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [x]
    S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
    S0 mvs91xx;mvs91xx;c:\windows\system32\DRIVERS\mvs91xx.sys [x]
    S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AtherosSvc;AtherosSvc;e:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
    S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
    S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
    S2 ekrn;ESET Service;e:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-06-24 810144]
    S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
    S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
    S2 MBAMService;MBAMService;e:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
    S2 OODefragAgent;O&O Defrag;e:\program files\OO Software\Defrag\oodag.exe [2010-06-22 2532680]
    S3 ALSysIO;ALSysIO;c:\users\zooz\AppData\Local\Temp\ALSysIO64.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-10-07 922240]
    S3 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
    S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
    S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
    S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
    S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ALSYSIO
    *NewlyCreated* - MBAMPROTECTOR
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3029502787-3877204180-1929427419-1000Core.job
    - c:\users\zooz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-26 01:06]
    .
    2012-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3029502787-3877204180-1929427419-1000UA.job
    - c:\users\zooz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-26 01:06]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2011-05-30 16:50 22408 ----a-w- e:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
    "egui"="e:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-06-24 2903688]
    "AtherosBtStack"="e:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
    "AthBtTray"="e:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Download all links with IDM - e:\program files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - e:\program files (x86)\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - e:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    FF - ProfilePath - c:\users\zooz\AppData\Roaming\Mozilla\Firefox\Profiles\83380n4b.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-PunkBusterSvc - e:\program files (x86)\Steam\steamapps\common\apb reloaded\Binaries\pbsvc_apb.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3029502787-3877204180-1929427419-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "scansk"=hex(0):8c,bb,25,7d,ef,5a,71,5f,31,cd,cc,fb,1f,e8,5c,bc,4f,a2,1e,64,cc,
    7d,5d,ee,97,c0,71,cf,75,3b,58,4b,0a,68,eb,4d,77,a5,84,f1,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-3029502787-3877204180-1929427419-1000_Classes\Wow6432Node\CLSID\{ee97be37-b5ee-4124-9f0f-ec7f2a6e6098}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:00000008
    "Therad"=dword:0000001b
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG15.00.00.01PROFESSIONAL"="2B5E34A308E38BAEE17364E754034A22496641A34C380F0BD5B4C5989B238C858A371DFD6609DD07B50896BB899537C53022167BE8F0ABF1B66AA80C4EA1FC3D5270179056C57EB24C1692006E1088E134F1F376E726F9D3F8937CD6103C4AD68D8CB937E50FAE15204DEC275125C7FC6050023BF5E56BFBD69A207212FC6E8348833F5FE88E8EE230D2D433C6BA61F2C5B18D810B75550AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6A0AC4980AC7933A6A0AC4980AC7933A6171C11EC38DE3DF66C8D114B10DFE99F8EC4C96BAA9943B1016BD5B723A4B650093A0F250BF0FEB9A18BEF96BB6D64D2EC1A65EDA88CB7366ECDEC2501559663170F070126888A6E253775CFF5CEEBC84D8ACD36D2FE1C18B73F588C94F0919DCC9B4250B65A282BD31F9E21DAC8D1A859BA33CFA49F0BAE75201C7B582BA327CE983C41CE45D989FAF07BFA3F823D1EAEF2DB0DCE7D6DD5B170D2C377209F2DB2DF82C6BA8BF5A961023110290AA9DADBA0A000B390046FE7572C7A52CE28E383EF38957657A42EBEC8F556534FE48F68546E01EAAF63DF0D9EE8777E97377D41EC17A835B3663EBCE297892AA61275CB42482D419AF2110634E0D943C398B55D1C68BDDA8D0A81FD8F77A9544929C7F34641E3B4F0ED6C2C287C819D7A6ECA41E98CD7013AB7AA153208F924D17347405A04C9F839E3654EB2BA14BECCAC7DC5E3F5BB7570E7E90B53D080A6C18F36099F4D4776DC3A702E2DAE798A2C1D12BA3E2CF43ACB6875DA9EF00999FC71DC14DB6F874829A68482157EDF196EDAD463CEC950844CDB8975E316226F4DDE0620F74E7BBDCD36A0738C63B937CE569176120061BD5437E4BD9606204F5D74035D0163D6DA62C7C322D82CB9666BD61B9FA410FD042BC4C80DCF981A92BE9EA5F0273C92D5DF90F29DE53BDA5A467346FCCBD13F287E22FCAE4A3A69C8E42047F4407A6A1D2317366D3F87D8FBC51AEBA1EBB184305B414C63666B2FB42912C1F44353DD4CEE371C0B979936E7350A6C9592ADEE5535E684DD29BE4DCBC6DD76F2CF8FB03A66A1B264C511B76D42D827D26C59E585E42FF7C6385FEB39DFC1C8E3258CECEC14D991DCC121E5917F6E02C8CDDC1361A405FDBBE187F4DBF7D11F30A7BCDD1F6536CDC8AB8D8D8EE389675B2DF1E2BF942CF1C9938719C5F673E63562A313C22C6508F243B141CEC839C4DFA5E88A28B7B831F6E3C3C9BCA9E28DC3005B61791DE3DD9970FCD573EDE20B22F5A4FDDAF4961FBB8836BF3CC02D09A1D290611B5287F46E3BEFE3D1733F3061801C78C698022202DD6875F2CF3750074F06EDB348F776175323C8F1E2DBAFD0CC5CF693D10E25AB64FC2AC250B5DD220E8F278261AF8EAE0ABEA68F2398"
    "OODEFRAG12.00.00.01PROFESSIONAL"="65C9022A09C0D408FD21BCD59C55EE544BFA5929933C671B4B6CF640C860A1BF06B5B8E991FE954C2AFCAE0D836C8A9D710EF72783DDB0ACDA37C6D6284C055CB4AE27F462DC055C7104203F0A66322055AC1D92247A6859E8172BB788060394C654873AD0814ED02FC8785598ABCF3A76FA7CEE11D9D5EAB9DFC61FDCD7613BE3CC88FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6A0AC4980AC7933A6A0AC4980AC7933A6171C11EC38DE3D44FB56B5B7C73C8052343370DB89DD77B06099B283BC505D220A02D9554465CCB75362D30AD5495A62DF0F09467F6A630779A68C7485F02DAE1A13A33F8144CBBAB7961A0DE3A1E035E56CE396B9C2A8A5C5F1960AC194D88348EC27B8587D4827BC53866030346DDCB1AB7E78D8242DF7267F6A1618E8748309D33C5E9350A3790C3BCC0BC7EFCF8E41F207F9D0D0CC8B8C1455D0032106B6E4CD6AAF537F325363B655F5904AC8A5A7ABE38C6B0D559300BAD9D54EF30C49F5A7F2130953BDF793F33BED413B8F1F0981AC8845238AE69DC1AC259E1B748AEF6E484EFA17815182604DA36540CC1DA1672F27CEE0A202143A37A067D6A5EE14F60F8EC41BB06C2832902EDC591E66BF906A07CD184A0225F91810F2E7748DBB5823665532707A92E0BA865C0C9663C4F7932AD81E9EA9A91E20A0DF16AFA3D3EC14C76F35D7CE63A7B90A6AE0BC22A7599277DECCB3628C01D3601FAB97115B53A10B2AFDF3E4CF082AFAE3E389D4F2B685B89F0111B4CCC7EEC1F5F7DDD76871C46E6E6FC8D72146E17CF7266BD243D43B1EB09D314FFC565D9D804D2C21A16AA791FDE847E7B3696719AA3BC493CB3D3AB77A078207C6D8C02FA9811D3AC3AD27F669D4DB7B793EF5BE533DEA37D33DB7FCB828E851633C6F95356FC2109FE6570A979E621BF8547EBE9E48A77DB465A3C8FDEE3A4822327153B7F69F39198A7E95C335AAF3480123CD8BFCBACEDB0B9D58AD4BC3AD673286D11B7A2C6CA750974A7D8C7BD518DA3B06ED805433CD47F74F8133C1E129761EDA9E5FD384D833CFBC261D0DB6A83F54E3ED7A1BD79E773EB28522E9EC747B5F9F529178834D718AE4F4610DAECDCD2C4A06182A11F93C2C6E9A136179E605A2B09C7FEC8CB60EDD1F75D89A7BF1EB367C090A8D539DFBB0CF768A44D734197587371BF7E66052952D0608CC7D92BF1BA6978548395CDEF10A208C9F7724009AFEAFDAD7FEA5C6AEB1D976ACB9C036B554AAC1507F1B52C733F52279F111CA8657E8BA3B6475BC5C35F5AF36D9A08015F68E7C108955873FC5A85A4781EB496332173947CB55468526B643DAA86E117D6462F565DB19F2989F3B46738536138D9745D7120C5D3A44D1CA45FE1974A166569973A22109CE4883"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-02-13 22:14:20
    ComboFix-quarantined-files.txt 2012-02-14 03:14
    .
    Pre-Run: 30,830,972,928 bytes free
    Post-Run: 32,287,256,576 bytes free
    .
    - - End Of File - - 9B45CC5B0FD74C898CE9DF6BE2560D7B
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please go to virustotal (http://www.virustotal.com/) and upload the following files for analysis, and post the results:

    c:\windows\PE_File.dll
    c:\windows\PE_Rom.dll

    ====================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    Folder::
    c:\windows\unins000.exe
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"=-
    [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"=- 
    [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
    RegLock::
    [HKEY_USERS\S-1-5-21-3029502787-3877204180-1929427419-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    [HKEY_USERS\S-1-5-21-3029502787-3877204180-1929427419-1000_Classes\Wow6432Node\CLSID\{ee97be37-b5ee-4124-9f0f-ec7f2a6e6098}]
    DDS::
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    
    Clearjavacache::
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    A suggestion: Consider removing O&O Defrag. It includes the registry, sorts the files in an enormous registry entry. Most of us do not recommend a registry cleaner- you can still defrag- just not the registry.
    ====================
    Be sure both of these are current:
    Please update the following:
    Note: Check each download screen for any pre-checked Toolbars or BHOs. Uncheck them before the download.
    Adobe Reader > Current is vX(10.xx)> Adobe Reader Update
    Java(TM) 6 > Current is v6u30> Java Updates .
    Uninstall any earlier versions in of both as they are vulnerabilities for the system.
     
  5. Zalemam

    Zalemam TS Rookie Topic Starter Posts: 43

    Virus Total Results:

    SHA256: 932bfb44ac3afcc774ad3790639b123461a9af3bf1db341c54fe35befaeed409
    SHA1: 4e4a065d0259c1777b355df08f6f48819f763afa
    MD5: 9fcff1a3f1123845b41c690a53b6ce4d
    File size: 5.0 MB ( 5253280 bytes )
    File name: PE_File.dll
    File type: Win32 DLL
    Detection ratio: 0 / 43
    Analysis date: 2012-02-16 21:19:24 UTC ( 1 minute ago )


    SHA256: c0edba1f87d5c471d4ad3bfdff06659f365f8b0085b7ba006edbbd85ab631649
    SHA1: 83fac8f81a67f2e4903e6a4ce05a08fa8856e24a
    MD5: 03fac6365c0bed1e5d0987cab99cab7b
    File size: 4.9 MB ( 5187904 bytes )
    File name: PE_Rom.dll
    File type: Win32 DLL
    Detection ratio: 0 / 43
    Analysis date: 2012-02-16 21:39:59 UTC ( 1 minute ago )

    combofix log:


    ComboFix 12-02-16.02 - zooz 02/16/2012 16:48:10.2.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8167.6652 [GMT -5:00]
    Running from: c:\users\zooz\Desktop\ComboFix.exe
    Command switches used :: c:\users\zooz\Desktop\CFScript.txt
    AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\zooz\AppData\Local\Temp\bad4021e-8b96-4726-a482-7caebf5bc001\CliSecureRT.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-16 21:51 . 2012-02-16 21:51 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-02-15 04:00 . 2012-02-15 05:19 -------- d-----w- e:\program files (x86)\TSS Airbus IAE-V2500 New Gen sound
    2012-02-14 22:43 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
    2012-02-14 22:43 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
    2012-02-14 22:43 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
    2012-02-14 22:43 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
    2012-02-14 22:43 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
    2012-02-14 22:42 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-02-14 22:41 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
    2012-02-14 22:41 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
    2012-02-14 22:36 . 2012-01-17 09:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4AD943F6-F41D-4A25-909A-FADFC5E480EE}\mpengine.dll
    2012-02-14 21:26 . 2012-02-14 21:26 -------- d-----w- c:\users\zooz\AppData\Local\libimobiledevice
    2012-02-14 01:07 . 2011-04-03 02:00 184572 ----a-w- e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Uninstal_Airbus1Dlx_evo_FSX_wilco.exe
    2012-02-14 01:06 . 2010-10-22 21:26 122880 ----a-w- e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Modules\AirbusNewHUD.dll
    2012-02-14 01:05 . 2010-10-08 04:52 867328 ----a-w- e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\FeelThere\Airbus\rxpWxSim.dll
    2012-02-14 01:05 . 2010-10-07 16:31 331776 ----a-w- e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\FeelThere\Airbus\RegisterHUD.exe
    2012-02-14 01:05 . 2010-10-06 19:21 3305472 ----a-w- e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\FeelThere\Airbus\Airbus1_Config.exe
    2012-02-14 01:05 . 2010-11-15 02:04 315392 ----a-w- e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Gauges\ISIS.dll
    2012-02-14 01:05 . 2010-10-22 20:59 7946240 ----a-w- e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Gauges\A318_Night.dll
    2012-02-14 01:05 . 2010-10-22 20:54 7950336 ----a-w- e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Gauges\A320NightPanel_feelThere.dll
    2012-02-14 01:05 . 2010-10-07 16:26 61440 ----a-w- e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Gauges\HUDControl.dll
    2012-02-14 01:04 . 2010-11-15 02:04 19623936 ----a-w- e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\feelThere PIC A321IAE\panel\A321IAE_FeelThere.dll
    2012-02-14 01:04 . 2010-11-15 02:04 19623936 ----a-w- e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\feelThere PIC A321\panel\A321CFM_FeelThere.dll
    2012-02-14 01:04 . 2010-11-15 02:05 19619840 ----a-w- e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\feelThere PIC A320IAE\panel\A320IAE_FeelThere.dll
    2012-02-14 01:04 . 2010-11-14 23:01 19619840 ----a-w- e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\feelThere PIC A320\panel\A320CFM_FeelThere.dll
    2012-02-14 01:04 . 2010-11-15 02:06 19619840 ----a-w- e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\feelThere PIC A319IAE\panel\A319IAE_FeelThere.dll
    2012-02-14 01:04 . 2010-11-15 02:06 19619840 ----a-w- e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\feelThere PIC A319CJ\panel\A319IAE_FeelThere.dll
    2012-02-14 01:04 . 2010-11-15 02:07 19619840 ----a-w- e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\feelThere PIC A319\panel\A319CFM_FeelThere.dll
    2012-02-14 01:04 . 2010-11-15 02:07 19230720 ----a-w- e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\feelThere PIC A318\panel\A318CFM_FeelThere.dll
    2012-02-14 01:04 . 2010-11-15 02:04 315392 ----a-w- e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\feelThere PIC A318\panel\ISIS.dll
    2012-02-13 22:58 . 2012-02-13 22:58 -------- d-----w- c:\users\zooz\AppData\Roaming\Malwarebytes
    2012-02-13 22:58 . 2012-02-13 22:58 -------- d-----w- c:\programdata\Malwarebytes
    2012-02-13 22:58 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-13 22:58 . 2012-02-13 22:58 -------- d-----w- e:\program files (x86)\Malwarebytes' Anti-Malware
    2012-02-07 19:37 . 2012-02-08 00:21 -------- d-----w- c:\users\zooz\AppData\Local\Skyrim
    2012-02-07 04:44 . 2012-02-07 04:44 -------- d-----w- c:\users\zooz\AppData\Local\Mumble
    2012-02-07 02:07 . 2012-02-15 23:41 -------- d-----w- c:\users\zooz\AppData\Roaming\Mumble
    2012-02-07 02:07 . 2012-02-07 02:07 -------- d-----w- e:\program files (x86)\Mumble
    2012-01-30 21:18 . 2012-01-30 21:18 -------- d-----w- c:\programdata\ATI
    2012-01-30 21:06 . 2012-01-30 21:06 -------- d-----w- C:\AMD
    2012-01-27 14:39 . 2012-01-27 14:40 -------- d-----w- c:\program files\iTunes
    2012-01-27 14:39 . 2012-01-27 14:39 -------- d-----w- e:\program files (x86)\iTunes
    2012-01-27 14:39 . 2012-01-27 14:39 -------- d-----w- c:\program files\iPod
    2012-01-25 21:21 . 2011-12-21 07:24 43992 ----a-w- e:\program files (x86)\Mozilla Firefox\mozutils.dll
    2012-01-25 21:21 . 2011-12-21 04:30 626688 ----a-w- e:\program files (x86)\Mozilla Firefox\msvcr80.dll
    2012-01-25 21:21 . 2011-12-21 04:30 548864 ----a-w- e:\program files (x86)\Mozilla Firefox\msvcp80.dll
    2012-01-25 21:21 . 2011-12-21 04:30 479232 ----a-w- e:\program files (x86)\Mozilla Firefox\msvcm80.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-15 21:45 . 2011-09-26 03:22 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-01-29 10:10 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-10 01:08 . 2012-01-10 01:08 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-01-09 22:52 . 2012-01-09 22:52 683801 ----a-w- c:\windows\unins000.exe
    2012-01-08 22:17 . 2011-09-26 01:48 5187904 ----a-w- c:\windows\PE_Rom.dll
    2012-01-08 22:16 . 2011-09-26 01:49 5253280 ----a-w- c:\windows\PE_File.dll
    2011-12-08 04:45 . 2011-12-07 18:20 281656 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2011-12-08 04:45 . 2011-12-07 18:16 281656 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2011-12-07 18:20 . 2011-12-07 18:16 281656 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2011-12-07 18:16 . 2011-12-07 18:16 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2011-12-06 03:45 . 2011-12-06 03:45 10720256 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2011-12-06 03:18 . 2011-12-06 03:18 25371136 ----a-w- c:\windows\system32\atio6axx.dll
    2011-12-06 03:17 . 2011-12-06 03:17 159744 ----a-w- c:\windows\system32\atiapfxx.exe
    2011-12-06 03:17 . 2011-07-28 21:40 778752 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2011-12-06 03:16 . 2011-07-28 21:39 933888 ----a-w- c:\windows\system32\aticfx64.dll
    2011-12-06 03:12 . 2011-12-06 03:12 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2011-12-06 03:12 . 2011-12-06 03:12 494080 ----a-w- c:\windows\system32\atieclxx.exe
    2011-12-06 03:11 . 2011-12-06 03:11 235520 ----a-w- c:\windows\system32\atiesrxx.exe
    2011-12-06 03:10 . 2011-12-06 03:10 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2011-12-06 03:10 . 2011-12-06 03:10 423424 ----a-w- c:\windows\system32\atipdl64.dll
    2011-12-06 03:10 . 2011-12-06 03:10 360448 ----a-w- c:\windows\SysWow64\atipdlxx.dll
    2011-12-06 03:10 . 2011-12-06 03:10 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
    2011-12-06 03:09 . 2011-12-06 03:09 21504 ----a-w- c:\windows\system32\atimuixx.dll
    2011-12-06 03:09 . 2011-12-06 03:09 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2011-12-06 03:09 . 2011-12-06 03:09 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2011-12-06 03:06 . 2011-12-06 03:06 6159872 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2011-12-06 03:04 . 2011-12-06 03:04 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
    2011-12-06 03:04 . 2011-12-06 03:04 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
    2011-12-06 03:03 . 2011-12-06 03:03 61952 ----a-w- c:\windows\system32\OVDecode64.dll
    2011-12-06 03:03 . 2011-12-06 03:03 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2011-12-06 03:03 . 2011-12-06 03:03 17580544 ----a-w- c:\windows\system32\amdocl64.dll
    2011-12-06 03:03 . 2011-12-06 03:03 14499328 ----a-w- c:\windows\SysWow64\amdocl.dll
    2011-12-06 02:56 . 2011-12-06 02:56 19125760 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2011-12-06 02:51 . 2009-07-13 21:59 7520768 ----a-w- c:\windows\system32\atidxx64.dll
    2011-12-06 02:39 . 2011-12-06 02:39 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
    2011-12-06 02:39 . 2011-12-06 02:39 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
    2011-12-06 02:39 . 2011-12-06 02:39 4072960 ----a-w- c:\windows\system32\atiumd6a.dll
    2011-12-06 02:34 . 2011-12-06 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2011-12-06 02:34 . 2011-12-06 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2011-12-06 02:34 . 2011-12-06 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2011-12-06 02:34 . 2011-12-06 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2011-12-06 02:34 . 2011-12-06 02:34 13738496 ----a-w- c:\windows\system32\aticaldd64.dll
    2011-12-06 02:33 . 2011-07-28 21:09 5919232 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2011-12-06 02:29 . 2011-12-06 02:29 11484672 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2011-12-06 02:28 . 2011-07-28 21:03 4206592 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2011-12-06 02:24 . 2011-12-06 02:24 7511040 ----a-w- c:\windows\system32\atiumd64.dll
    2011-12-06 02:18 . 2011-07-28 21:01 58880 ----a-w- c:\windows\system32\coinst.dll
    2011-12-06 02:13 . 2011-12-06 02:13 509952 ----a-w- c:\windows\system32\atiadlxx.dll
    2011-12-06 02:12 . 2011-12-06 02:12 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2011-12-06 02:12 . 2011-12-06 02:12 17408 ----a-w- c:\windows\system32\atig6pxx.dll
    2011-12-06 02:12 . 2011-12-06 02:12 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2011-12-06 02:12 . 2011-12-06 02:12 14336 ----a-w- c:\windows\system32\atiglpxx.dll
    2011-12-06 02:12 . 2011-12-06 02:12 39936 ----a-w- c:\windows\system32\atig6txx.dll
    2011-12-06 02:12 . 2011-12-06 02:12 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2011-12-06 02:12 . 2011-12-06 02:12 327168 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2011-12-06 02:11 . 2011-07-28 20:53 42496 ----a-w- c:\windows\system32\atiuxp64.dll
    2011-12-06 02:11 . 2011-12-06 02:11 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2011-12-06 02:11 . 2011-12-06 02:11 39936 ----a-w- c:\windows\system32\atiu9p64.dll
    2011-12-06 02:11 . 2011-07-28 20:53 29696 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2011-12-06 02:10 . 2011-12-06 02:10 54784 ----a-w- c:\windows\system32\atimpc64.dll
    2011-12-06 02:10 . 2011-12-06 02:10 54784 ----a-w- c:\windows\system32\amdpcom64.dll
    2011-12-06 02:10 . 2011-12-06 02:10 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2011-12-06 02:10 . 2011-12-06 02:10 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    2011-12-06 02:10 . 2011-12-06 02:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2011-11-29 21:39 . 2011-10-24 01:02 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
    2011-11-29 21:38 . 2011-11-29 21:38 90112 ----a-w- c:\windows\MAMCityDownload.ocx
    2011-11-29 21:38 . 2011-11-29 21:38 325552 ----a-w- c:\windows\MASetupCaller.dll
    2011-11-29 21:38 . 2011-11-29 21:38 30568 ----a-w- c:\windows\MusiccityDownload.exe
    2011-11-29 21:38 . 2012-01-02 06:13 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
    2011-11-19 14:58 . 2012-01-11 06:12 77312 ----a-w- c:\windows\system32\packager.dll
    2011-11-19 14:01 . 2012-01-11 06:12 67072 ----a-w- c:\windows\SysWow64\packager.dll
    2011-10-06 18:46 . 2011-10-06 18:43 379286 ----a-w- e:\program files (x86)\UnGEXUSACAN.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RocketDock"="e:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-11-09 3077528]
    "KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-12-27 937360]
    "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-27 21392]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
    "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
    "ASUS ShellProcess Execute"="c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2010-11-25 252544]
    "ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "GrooveMonitor"="e:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-12-27 3508624]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
    "iTunesHelper"="e:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-06 343168]
    "Malwarebytes' Anti-Malware"="e:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 MBAMService;MBAMService;e:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
    R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
    R3 athrusb;Belkin Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [x]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
    R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    R3 SaiH0BAC;SaiH0BAC;c:\windows\system32\DRIVERS\SaiH0BAC.sys [x]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
    S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [x]
    S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
    S0 mvs91xx;mvs91xx;c:\windows\system32\DRIVERS\mvs91xx.sys [x]
    S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AtherosSvc;AtherosSvc;e:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
    S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
    S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
    S2 ekrn;ESET Service;e:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-06-24 810144]
    S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
    S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
    S2 OODefragAgent;O&O Defrag;e:\program files\OO Software\Defrag\oodag.exe [2010-06-22 2532680]
    S3 ALSysIO;ALSysIO;c:\users\zooz\AppData\Local\Temp\ALSysIO64.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-10-07 922240]
    S3 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
    S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
    S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
    S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
    S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3029502787-3877204180-1929427419-1000Core.job
    - c:\users\zooz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-26 01:06]
    .
    2012-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3029502787-3877204180-1929427419-1000UA.job
    - c:\users\zooz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-26 01:06]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2011-05-30 16:50 22408 ----a-w- e:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
    "egui"="e:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-06-24 2903688]
    "AtherosBtStack"="e:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
    "AthBtTray"="e:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Download all links with IDM - e:\program files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - e:\program files (x86)\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - e:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    FF - ProfilePath - c:\users\zooz\AppData\Roaming\Mozilla\Firefox\Profiles\83380n4b.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-PunkBusterSvc - e:\program files (x86)\Steam\steamapps\common\apb reloaded\Binaries\pbsvc_apb.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG15.00.00.01PROFESSIONAL"="2B5E34A308E38BAEE17364E754034A22496641A34C380F0BD5B4C5989B238C858A371DFD6609DD07B50896BB899537C53022167BE8F0ABF1B66AA80C4EA1FC3D5270179056C57EB24C1692006E1088E134F1F376E726F9D3F8937CD6103C4AD68D8CB937E50FAE15204DEC275125C7FC6050023BF5E56BFBD69A207212FC6E8348833F5FE88E8EE230D2D433C6BA61F2C5B18D810B75550AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6A0AC4980AC7933A6A0AC4980AC7933A6171C11EC38DE3DF66C8D114B10DFE99F8EC4C96BAA9943B1016BD5B723A4B650093A0F250BF0FEB9A18BEF96BB6D64D2EC1A65EDA88CB7366ECDEC2501559663170F070126888A6E253775CFF5CEEBC84D8ACD36D2FE1C18B73F588C94F0919DCC9B4250B65A282BD31F9E21DAC8D1A859BA33CFA49F0BAE75201C7B582BA327CE983C41CE45D989FAF07BFA3F823D1EAEF2DB0DCE7D6DD5B170D2C377209F2DB2DF82C6BA8BF5A961023110290AA9DADBA0A000B390046FE7572C7A52CE28E383EF38957657A42EBEC8F556534FE48F68546E01EAAF63DF0D9EE8777E97377D41EC17A835B3663EBCE297892AA61275CB42482D419AF2110634E0D943C398B55D1C68BDDA8D0A81FD8F77A9544929C7F34641E3B4F0ED6C2C287C819D7A6ECA41E98CD7013AB7AA153208F924D17347405A04C9F839E3654EB2BA14BECCAC7DC5E3F5BB7570E7E90B53D080A6C18F36099F4D4776DC3A702E2DAE798A2C1D12BA3E2CF43ACB6875DA9EF00999FC71DC14DB6F874829A68482157EDF196EDAD463CEC950844CDB8975E316226F4DDE0620F74E7BBDCD36A0738C63B937CE569176120061BD5437E4BD9606204F5D74035D0163D6DA62C7C322D82CB9666BD61B9FA410FD042BC4C80DCF981A92BE9EA5F0273C92D5DF90F29DE53BDA5A467346FCCBD13F287E22FCAE4A3A69C8E42047F4407A6A1D2317366D3F87D8FBC51AEBA1EBB184305B414C63666B2FB42912C1F44353DD4CEE371C0B979936E7350A6C9592ADEE5535E684DD29BE4DCBC6DD76F2CF8FB03A66A1B264C511B76D42D827D26C59E585E42FF7C6385FEB39DFC1C8E3258CECEC14D991DCC121E5917F6E02C8CDDC1361A405FDBBE187F4DBF7D11F30A7BCDD1F6536CDC8AB8D8D8EE389675B2DF1E2BF942CF1C9938719C5F673E63562A313C22C6508F243B141CEC839C4DFA5E88A28B7B831F6E3C3C9BCA9E28DC3005B61791DE3DD9970FCD573EDE20B22F5A4FDDAF4961FBB8836BF3CC02D09A1D290611B5287F46E3BEFE3D1733F3061801C78C698022202DD6875F2CF3750074F06EDB348F776175323C8F1E2DBAFD0CC5CF693D10E25AB64FC2AC250B5DD220E8F278261AF8EAE0ABEA68F2398"
    "OODEFRAG12.00.00.01PROFESSIONAL"="65C9022A09C0D408FD21BCD59C55EE544BFA5929933C671B4B6CF640C860A1BF06B5B8E991FE954C2AFCAE0D836C8A9D710EF72783DDB0ACDA37C6D6284C055CB4AE27F462DC055C7104203F0A66322055AC1D92247A6859E8172BB788060394C654873AD0814ED02FC8785598ABCF3A76FA7CEE11D9D5EAB9DFC61FDCD7613BE3CC88FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6A0AC4980AC7933A6A0AC4980AC7933A6171C11EC38DE3D44FB56B5B7C73C8052343370DB89DD77B06099B283BC505D220A02D9554465CCB75362D30AD5495A62DF0F09467F6A630779A68C7485F02DAE1A13A33F8144CBBAB7961A0DE3A1E035E56CE396B9C2A8A5C5F1960AC194D88348EC27B8587D4827BC53866030346DDCB1AB7E78D8242DF7267F6A1618E8748309D33C5E9350A3790C3BCC0BC7EFCF8E41F207F9D0D0CC8B8C1455D0032106B6E4CD6AAF537F325363B655F5904AC8A5A7ABE38C6B0D559300BAD9D54EF30C49F5A7F2130953BDF793F33BED413B8F1F0981AC8845238AE69DC1AC259E1B748AEF6E484EFA17815182604DA36540CC1DA1672F27CEE0A202143A37A067D6A5EE14F60F8EC41BB06C2832902EDC591E66BF906A07CD184A0225F91810F2E7748DBB5823665532707A92E0BA865C0C9663C4F7932AD81E9EA9A91E20A0DF16AFA3D3EC14C76F35D7CE63A7B90A6AE0BC22A7599277DECCB3628C01D3601FAB97115B53A10B2AFDF3E4CF082AFAE3E389D4F2B685B89F0111B4CCC7EEC1F5F7DDD76871C46E6E6FC8D72146E17CF7266BD243D43B1EB09D314FFC565D9D804D2C21A16AA791FDE847E7B3696719AA3BC493CB3D3AB77A078207C6D8C02FA9811D3AC3AD27F669D4DB7B793EF5BE533DEA37D33DB7FCB828E851633C6F95356FC2109FE6570A979E621BF8547EBE9E48A77DB465A3C8FDEE3A4822327153B7F69F39198A7E95C335AAF3480123CD8BFCBACEDB0B9D58AD4BC3AD673286D11B7A2C6CA750974A7D8C7BD518DA3B06ED805433CD47F74F8133C1E129761EDA9E5FD384D833CFBC261D0DB6A83F54E3ED7A1BD79E773EB28522E9EC747B5F9F529178834D718AE4F4610DAECDCD2C4A06182A11F93C2C6E9A136179E605A2B09C7FEC8CB60EDD1F75D89A7BF1EB367C090A8D539DFBB0CF768A44D734197587371BF7E66052952D0608CC7D92BF1BA6978548395CDEF10A208C9F7724009AFEAFDAD7FEA5C6AEB1D976ACB9C036B554AAC1507F1B52C733F52279F111CA8657E8BA3B6475BC5C35F5AF36D9A08015F68E7C108955873FC5A85A4781EB496332173947CB55468526B643DAA86E117D6462F565DB19F2989F3B46738536138D9745D7120C5D3A44D1CA45FE1974A166569973A22109CE4883"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
    c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
    c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe
    .
    **************************************************************************
    .
    Completion time: 2012-02-16 16:58:05 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-02-16 21:58
    ComboFix2.txt 2012-02-14 03:14
    .
    Pre-Run: 30,688,116,736 bytes free
    Post-Run: 30,651,375,616 bytes free
    .
    - - End Of File - - 2EEEC127B297EC575BA237778E41B29B

    I have 6.29 installed as well as 7.1 for 64 bit and SE development kit 7.1...Should I uninstall these or just uninstall 6.29?
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Current Java is Javav6u31> http://www.java.com/en/download/manual.jsp
    Install any earlier versions.

    Yes, you're almost finished. Please consider that you have a great multitude of processes running. Going through each line of every logs is time consuming. I will try to finish you up today. It will be just a couple of hours.
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Last 2 scans:

    Download Security Check by screen317 and save to the desktop
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt please
    • Post the contents of that document.
    ===============================
    First, set up a Directory for HijackThis as follows:
    Right click Taskbar> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
    Exit Explorer
    You now have a folder C:\HijackThis
    -----------------------------------------
    Download HijackThis and save to your desktop.
    • Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
    • Extract it to the directory on your hard drive you created C:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
     
  8. Zalemam

    Zalemam TS Rookie Topic Starter Posts: 43

    Results of screen317's Security Check version 0.99.31
    Windows 7 x86 (UAC is disabled!)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    VAT-Spy
    Adobe Flash Player 11.1.102.55
    Adobe Reader X (10.1.2)
    Mozilla Firefox (9.0.1)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ``````````End of Log````````````


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:02:51 PM, on 2/19/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    E:\Program Files (x86)\RocketDock\RocketDock.exe
    C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
    C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
    C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
    C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe
    C:\Users\zooz\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\zooz\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\zooz\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\zooz\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\zooz\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\zooz\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\zooz\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\zooz\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\zooz\Desktop\SecurityCheck.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\SysWOW64\notepad.exe
    C:\HijackThis\HijackThis.exe
    C:\Users\zooz\AppData\Local\Google\Chrome\Application\chrome.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - E:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
    O4 - HKLM\..\Run: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
    O4 - HKLM\..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [RocketDock] "E:\Program Files (x86)\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
    O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    O8 - Extra context menu item: Download all links with IDM - E:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - E:\Program Files (x86)\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - E:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - E:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
    O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
    O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
    O23 - Service: AtherosSvc - Atheros Commnucations - E:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    --
    End of file - 13899 bytes
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    NO antivirus!
    NO firewall!
    NO antimalware!

    (VAT-Spy is a simple application that allows you to view current ATC staffing and traffic levels on VATSIM.)

    The only process I see that will aid in security is the WOT Site Advisor>> and that is not a security program!
    There is no sense in removing anything because without any security, you will get malware withing minutes of connecting to the internet.
     
  10. Zalemam

    Zalemam TS Rookie Topic Starter Posts: 43

    I have ESET anti virus / firewall installed, but maybe it didn't recognize it because its on my other hard drive, VAT-Spy is a tool I use for Flight sim, I also have malwarebytes installed on my other hard drive.
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    If the security is on your 'other drive', what's protecting this drive?
     
  12. Zalemam

    Zalemam TS Rookie Topic Starter Posts: 43

    It can protect both, I have an SSD that I install my OS on and have other files like flash and other plugins, and ESET is installed on my HDD, I'm sure it protects both.
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Can you run the Security Check on 'the other dive'?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...