Inactive Looks clean, but just to make sure...

Status
Not open for further replies.
Z

Zalemam

Posts: 43   +0
Internet has been running kinda slowly, although I have a high speed wired connection.

here are my logs:

MBAM

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.13.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
zooz :: ZOOZ-PC [administrator]

Protection: Enabled

2/13/2012 5:58:59 PM
mbam-log-2012-02-13 (17-58-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 190361
Time elapsed: 1 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


GMER


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-13 18:14:11
Windows 6.1.7601 Service Pack 1
Running: u3xnziqn.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026832bd4f5
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026832bd4f5@d0c1b12b852c 0xEE 0x9D 0x68 0xC0 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026832bd4f5 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026832bd4f5@d0c1b12b852c 0xEE 0x9D 0x68 0xC0 ...

---- EOF - GMER 1.0.15 ----

DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by zooz at 18:27:02 on 2012-02-13
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8167.5828 [GMT -5:00]
.
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
E:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\IProsetMonitor.exe
E:\Program Files\OO Software\Defrag\oodag.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
E:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
E:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
E:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\sppsvc.exe
e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Users\zooz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\zooz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\zooz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\zooz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\zooz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\zooz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\splwow64.exe
C:\Users\zooz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
mWinlogon: Userinit=userinit.exe
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - E:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - E:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - C:\Program Files (x86)\WOT\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - C:\Program Files (x86)\WOT\WOT.dll
uRun: [Google Update] "C:\Users\zooz\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RocketDock] "E:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [GrooveMonitor] "E:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Malwarebytes' Anti-Malware] "e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware] e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download all links with IDM - E:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - E:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - E:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - E:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - E:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - E:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{04803B5E-6FC4-49C0-A3FC-C1ED62B815E0} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{479436C2-7350-4400-AE8D-70A6F58AE6A9} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{762C29BC-843D-461A-819A-A96B8DCC6339} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{7C8C1308-8DD8-4665-B11D-949B0DA2B358} : DhcpNameServer = 209.18.47.61 209.18.47.62
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO-X64: IDM Helper - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - E:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun-x64: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
mRun-x64: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [GrooveMonitor] "E:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Malwarebytes' Anti-Malware] "e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Malwarebytes Anti-Malware] e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 74.208.10.249 gs.apple.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\zooz\AppData\Roaming\Mozilla\Firefox\Profiles\83380n4b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\zooz\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: E:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: E:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AiChargerPlus;ASUS Charger Plus Driver;C:\Windows\system32\DRIVERS\AiChargerPlus.sys --> C:\Windows\system32\DRIVERS\AiChargerPlus.sys [?]
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R0 mvs91xx;mvs91xx;C:\Windows\system32\DRIVERS\mvs91xx.sys --> C:\Windows\system32\DRIVERS\mvs91xx.sys [?]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AtherosSvc;AtherosSvc;E:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;E:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-6-24 810144]
R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-13 13592]
R2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 MBAMService;MBAMService;E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-13 652360]
R2 OODefragAgent;O&O Defrag;E:\Program Files\OO Software\Defrag\oodag.exe [2010-6-21 2532680]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-10-27 922240]
R3 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-1 915584]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys --> C:\Windows\system32\DRIVERS\ICCWDT.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]
S3 athrusb;Belkin Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrxusb.sys --> C:\Windows\system32\DRIVERS\athrxusb.sys [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 SaiH0BAC;SaiH0BAC;C:\Windows\system32\DRIVERS\SaiH0BAC.sys --> C:\Windows\system32\DRIVERS\SaiH0BAC.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-9-25 586880]
.
=============== Created Last 30 ================
.
2012-02-13 22:58:18 -------- d-----w- C:\Users\zooz\AppData\Roaming\Malwarebytes
2012-02-13 22:58:13 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-13 22:58:13 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-07 19:37:20 -------- d-----w- C:\Users\zooz\AppData\Local\Skyrim
2012-02-07 04:44:08 -------- d-----w- C:\Users\zooz\AppData\Local\Mumble
2012-02-07 02:07:42 -------- d-----w- C:\Users\zooz\AppData\Roaming\Mumble
2012-01-30 21:17:58 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-01-30 21:06:23 -------- d-----w- C:\AMD
2012-01-27 14:39:24 -------- d-----w- C:\Program Files\iTunes
2012-01-27 14:39:24 -------- d-----w- C:\Program Files\iPod
.
==================== Find3M ====================
.
2012-01-09 22:52:48 683801 ----a-w- C:\Windows\unins000.exe
2012-01-08 22:17:38 5187904 ----a-w- C:\Windows\PE_Rom.dll
2012-01-08 22:16:27 5253280 ----a-w- C:\Windows\PE_File.dll
2012-01-06 00:24:12 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-08 04:45:34 281656 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-12-08 04:45:34 281656 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-12-07 18:20:08 281656 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-12-07 18:16:24 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-12-06 03:45:40 10720256 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-12-06 03:18:38 25371136 ----a-w- C:\Windows\System32\atio6axx.dll
2011-12-06 03:17:50 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-12-06 03:17:36 778752 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-12-06 03:16:00 933888 ----a-w- C:\Windows\System32\aticfx64.dll
2011-12-06 03:12:52 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-12-06 03:12:36 494080 ----a-w- C:\Windows\System32\atieclxx.exe
2011-12-06 03:11:56 235520 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-12-06 03:10:38 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-12-06 03:10:20 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-12-06 03:10:12 360448 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-12-06 03:10:00 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-12-06 03:09:56 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-12-06 03:09:50 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-12-06 03:09:44 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-12-06 03:06:38 6159872 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-12-06 03:04:06 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll
2011-12-06 03:04:00 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2011-12-06 03:03:54 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-12-06 03:03:52 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-12-06 03:03:42 17580544 ----a-w- C:\Windows\System32\amdocl64.dll
2011-12-06 03:03:04 14499328 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-12-06 02:56:40 19125760 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-12-06 02:51:22 7520768 ----a-w- C:\Windows\System32\atidxx64.dll
2011-12-06 02:39:58 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-12-06 02:39:24 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-12-06 02:39:12 4072960 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-12-06 02:34:28 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-12-06 02:34:24 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-12-06 02:34:16 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-12-06 02:34:14 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-12-06 02:34:00 13738496 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-12-06 02:33:36 5919232 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-12-06 02:29:30 11484672 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-12-06 02:28:50 4206592 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-12-06 02:24:02 7511040 ----a-w- C:\Windows\System32\atiumd64.dll
2011-12-06 02:18:46 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-12-06 02:13:02 509952 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-12-06 02:12:52 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-12-06 02:12:38 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-12-06 02:12:34 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-12-06 02:12:34 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-12-06 02:12:30 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-12-06 02:12:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-12-06 02:12:14 327168 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-12-06 02:11:24 42496 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-12-06 02:11:16 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-12-06 02:11:10 39936 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-12-06 02:11:02 29696 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-12-06 02:10:48 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-12-06 02:10:48 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-12-06 02:10:42 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-12-06 02:10:42 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-12-06 02:10:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-11-29 21:39:02 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2011-11-29 21:38:18 90112 ----a-w- C:\Windows\MAMCityDownload.ocx
2011-11-29 21:38:18 325552 ----a-w- C:\Windows\MASetupCaller.dll
2011-11-29 21:38:18 30568 ----a-w- C:\Windows\MusiccityDownload.exe
2011-11-29 21:38:04 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-19 14:58:00 77312 ----a-w- C:\Windows\System32\packager.dll
2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:41:18 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:38:39 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 18:27:15.00 ===============

Attachment.txt


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/25/2011 8:07:48 PM
System Uptime: 2/13/2012 4:57:29 PM (2 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P8Z68-V PRO
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz | LGA1155 | 3301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 56 GiB total, 28.27 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 734.435 GiB free.
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 0 GiB total, 0.07 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
ACARS
Acrobat.com
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.6
AI Suite II
Android SDK Tools
Apple Application Support
Apple Software Update
Application Profiles
Asmedia ASM104x USB 3.0 Host Controller Driver
Bandisoft MPEG-1 Decoder
Belkin Wireless USB Utility
Blur
Borderlands
Browser Configuration Utility
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Counter-Strike: Source
CRJ 700 V1.2
D3DX10
DC Universe Online
Dev-C++ 5 beta 9 release (4.9.9.2)
Dolby Axon - 1.4.0.1
FeelThere ERJ v.2 SP2
FileZilla Client 3.5.1
FitDay PC version 2.0
Fraps (remove only)
FS Recorder 2.1 beta 3 for FSX
FSFDT FSCopilot
FSFDT FSInn
FSX Scenery ISTANBUL ATATURK AIRPORT (LTBA)
GameRanger
Garry's Mod
Google Chrome
Ground Environment X USA-Canada
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel® Watchdog Timer Driver (Intel® WDT)
Internet Download Manager
Java Auto Updater
Java(TM) 6 Update 29
JMicron JMB36X Driver
Junk Mail filter update
Level-D 767-300 for FSX
LIMBO
Malwarebytes Anti-Malware version 1.60.1.1000
marvell 91xx driver
Metro 2033
Microsoft File Transfer Manager
Microsoft Flight
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Flight Simulator X Service Pack 2
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Tool Web Package : EXCTRLST.EXE
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 4.0
Mozilla Firefox 9.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Mumble 1.2.3
MyFreeCodec
MyITLab ActiveX Installer 2, 9, 8, 65535
Napoleon: Total War
NVIDIA PhysX
Pando Media Booster
Plan-G
PMDG 737 8900 NGX
PMDG 747-400/400F for FSX
Portal
Portal 2
PSUCalc
PunkBuster Services
QuickTime
Real Environment Xtreme
Real Environment Xtreme - Overdrive
Realtek High Definition Audio Driver
RocketDock 1.3.5
Samsung Kies
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Skype™ 5.5
Star Wars: The Old Republic
Steam
Team Fortress 2
TeamSpeak 3 Client
Terraria
The Elder Scrolls V: Skyrim
Trine 2
Trine 2 Beta
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
UVA FSX Bombardier CRJ-700
vasFMC 1.10
VAT-Spy
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
2/13/2012 5:02:11 PM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
2/13/2012 4:54:59 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.110. The computer with the IP address 192.168.1.104 did not allow the name to be claimed by this computer.
.
==== End Of File ===========================



Thank You
 
Welcome to TechSpot!
You are probably aware that there a many reasons for 'slow'. You have a lot of processes running!

Questions:
1. Is this legal? > Hosts: 74.208.10.249 gs.apple.com
Bypassing Apple's Signature Server (iPhone/iPod/iTunes?)

2. No restore point in system?.> Dangerous way to travel.

3. You might want to read up on this: >C:\Windows\splwow64.exe
http://social.technet.microsoft.com...v/thread/35b5561b-3de8-4e38-99bc-de1b22254a54
====================================
There is a suspicious entry that we need to look into further:
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Expect these- they are normal:
1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
2. Before you run the Combofix scan, please disable any security software you have running.
3. Combofix may need to reboot your computer more than once to do its job this is normal.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe
    cf-icon.jpg
    & follow the prompts.
  • If prompted for Recovery Console, please allow.
  • Once installed, you should see a blue screen prompt that says:
    • The Recovery Console was successfully installed.[/b]
    • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
    • Note: No query will be made if the Recovery Console is already on the system.
  • .Close/disable all anti virus and anti malware programs
    (If you need help with this, please see HERE)
  • .Close any open browsers.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
=====================================
You're going to need to disable Nod32 on your system to run the online scan:
To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
=========================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't follow directions given to someone else
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.

If I haven't replied back to you within 48 hours, you can send a PM with your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
Threads are closed after 5 days if there is no reply.

Please leave the 2 logs in your next reply.
 
Questions:
1. Is this legal? > Hosts: 74.208.10.249 gs.apple.com
Bypassing Apple's Signature Server (iPhone/iPod/iTunes?)

2. No restore point in system?.> Dangerous way to travel.

3. You might want to read up on this: >C:\Windows\splwow64.exe
http://social.technet.microsoft.com/...c-de1b22254a54
Click to expand...

1. Used to fix a problem with restoring an old iphone
2. How do I fix that?
3. I have no clue what that is, and how it serves me.

-----------

Eset Online Scanner did not detect anything, so no log was compiled.

Combo fix log:


ComboFix 12-02-13.01 - zooz 02/13/2012 22:04:27.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8167.6247 [GMT -5:00]
Running from: c:\users\zooz\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\system32
c:\windows\SysWow64\system32\3DAudio.ax
c:\windows\SysWow64\system32\avrt.dll
c:\windows\SysWow64\system32\cis-2.4.dll
c:\windows\SysWow64\system32\issacapi_bs-2.3.dll
c:\windows\SysWow64\system32\issacapi_pe-2.3.dll
c:\windows\SysWow64\system32\issacapi_se-2.3.dll
c:\windows\SysWow64\system32\MACXMLProto.dll
c:\windows\SysWow64\system32\MaDRM.dll
c:\windows\SysWow64\system32\MaJGUILib.dll
c:\windows\SysWow64\system32\MAMACExtract.dll
c:\windows\SysWow64\system32\MASetupCleaner.exe
c:\windows\SysWow64\system32\MaXMLProto.dll
c:\windows\SysWow64\system32\mfplat.dll
c:\windows\SysWow64\system32\MK_Lyric.dll
c:\windows\SysWow64\system32\MSCLib.dll
c:\windows\SysWow64\system32\MSFLib.dll
c:\windows\SysWow64\system32\MSLUR71.dll
c:\windows\SysWow64\system32\msvcp60.dll
c:\windows\SysWow64\system32\MTTELECHIP.dll
c:\windows\SysWow64\system32\MTXSYNCICON.dll
c:\windows\SysWow64\system32\muzaf1.dll
c:\windows\SysWow64\system32\muzapp.dll
c:\windows\SysWow64\system32\muzapp.exe
c:\windows\SysWow64\system32\muzdecode.ax
c:\windows\SysWow64\system32\muzeffect.ax
c:\windows\SysWow64\system32\muzmp4sp.ax
c:\windows\SysWow64\system32\muzmpgsp.ax
c:\windows\SysWow64\system32\muzoggsp.ax
c:\windows\SysWow64\system32\muzwmts.dll
c:\windows\SysWow64\system32\psapi.dll
E:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-14 to 2012-02-14 )))))))))))))))))))))))))))))))
.
.
2012-02-13 22:58 . 2012-02-13 22:58 -------- d-----w- c:\users\zooz\AppData\Roaming\Malwarebytes
2012-02-13 22:58 . 2012-02-13 22:58 -------- d-----w- c:\programdata\Malwarebytes
2012-02-13 22:58 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-07 19:37 . 2012-02-08 00:21 -------- d-----w- c:\users\zooz\AppData\Local\Skyrim
2012-02-07 04:44 . 2012-02-07 04:44 -------- d-----w- c:\users\zooz\AppData\Local\Mumble
2012-02-07 02:07 . 2012-02-13 00:13 -------- d-----w- c:\users\zooz\AppData\Roaming\Mumble
2012-01-30 21:18 . 2012-01-30 21:18 -------- d-----w- c:\programdata\ATI
2012-01-30 21:17 . 2012-01-30 21:17 -------- d-----w- c:\program files (x86)\AMD APP
2012-01-30 21:06 . 2012-01-30 21:06 -------- d-----w- C:\AMD
2012-01-27 14:39 . 2012-01-27 14:40 -------- d-----w- c:\program files\iTunes
2012-01-27 14:39 . 2012-01-27 14:39 -------- d-----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-10 01:08 . 2012-01-10 01:08 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-09 22:52 . 2012-01-09 22:52 683801 ----a-w- c:\windows\unins000.exe
2012-01-08 22:17 . 2011-09-26 01:48 5187904 ----a-w- c:\windows\PE_Rom.dll
2012-01-08 22:16 . 2011-09-26 01:49 5253280 ----a-w- c:\windows\PE_File.dll
2012-01-06 00:24 . 2011-09-26 03:22 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-08 04:45 . 2011-12-07 18:20 281656 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-12-08 04:45 . 2011-12-07 18:16 281656 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-12-07 18:20 . 2011-12-07 18:16 281656 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-12-07 18:16 . 2011-12-07 18:16 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-12-06 03:45 . 2011-12-06 03:45 10720256 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-12-06 03:18 . 2011-12-06 03:18 25371136 ----a-w- c:\windows\system32\atio6axx.dll
2011-12-06 03:17 . 2011-12-06 03:17 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-12-06 03:17 . 2011-07-28 21:40 778752 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-12-06 03:16 . 2011-07-28 21:39 933888 ----a-w- c:\windows\system32\aticfx64.dll
2011-12-06 03:12 . 2011-12-06 03:12 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-12-06 03:12 . 2011-12-06 03:12 494080 ----a-w- c:\windows\system32\atieclxx.exe
2011-12-06 03:11 . 2011-12-06 03:11 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2011-12-06 03:10 . 2011-12-06 03:10 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-12-06 03:10 . 2011-12-06 03:10 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-12-06 03:10 . 2011-12-06 03:10 360448 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-12-06 03:10 . 2011-12-06 03:10 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-12-06 03:09 . 2011-12-06 03:09 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-12-06 03:09 . 2011-12-06 03:09 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-12-06 03:09 . 2011-12-06 03:09 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-12-06 03:06 . 2011-12-06 03:06 6159872 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-12-06 03:04 . 2011-12-06 03:04 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2011-12-06 03:04 . 2011-12-06 03:04 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-12-06 03:03 . 2011-12-06 03:03 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-12-06 03:03 . 2011-12-06 03:03 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-12-06 03:03 . 2011-12-06 03:03 17580544 ----a-w- c:\windows\system32\amdocl64.dll
2011-12-06 03:03 . 2011-12-06 03:03 14499328 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-12-06 02:56 . 2011-12-06 02:56 19125760 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-12-06 02:51 . 2009-07-13 21:59 7520768 ----a-w- c:\windows\system32\atidxx64.dll
2011-12-06 02:39 . 2011-12-06 02:39 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-12-06 02:39 . 2011-12-06 02:39 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-12-06 02:39 . 2011-12-06 02:39 4072960 ----a-w- c:\windows\system32\atiumd6a.dll
2011-12-06 02:34 . 2011-12-06 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-12-06 02:34 . 2011-12-06 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-12-06 02:34 . 2011-12-06 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-12-06 02:34 . 2011-12-06 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-12-06 02:34 . 2011-12-06 02:34 13738496 ----a-w- c:\windows\system32\aticaldd64.dll
2011-12-06 02:33 . 2011-07-28 21:09 5919232 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-12-06 02:29 . 2011-12-06 02:29 11484672 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-12-06 02:28 . 2011-07-28 21:03 4206592 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-12-06 02:24 . 2011-12-06 02:24 7511040 ----a-w- c:\windows\system32\atiumd64.dll
2011-12-06 02:18 . 2011-07-28 21:01 58880 ----a-w- c:\windows\system32\coinst.dll
2011-12-06 02:13 . 2011-12-06 02:13 509952 ----a-w- c:\windows\system32\atiadlxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-12-06 02:12 . 2011-12-06 02:12 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-12-06 02:12 . 2011-12-06 02:12 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 327168 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-12-06 02:11 . 2011-07-28 20:53 42496 ----a-w- c:\windows\system32\atiuxp64.dll
2011-12-06 02:11 . 2011-12-06 02:11 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-12-06 02:11 . 2011-12-06 02:11 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2011-12-06 02:11 . 2011-07-28 20:53 29696 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-12-06 02:10 . 2011-12-06 02:10 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-12-06 02:10 . 2011-12-06 02:10 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-12-06 02:10 . 2011-12-06 02:10 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-12-06 02:10 . 2011-12-06 02:10 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-12-06 02:10 . 2011-12-06 02:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-11-29 21:39 . 2011-10-24 01:02 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2011-11-29 21:38 . 2011-11-29 21:38 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2011-11-29 21:38 . 2011-11-29 21:38 325552 ----a-w- c:\windows\MASetupCaller.dll
2011-11-29 21:38 . 2011-11-29 21:38 30568 ----a-w- c:\windows\MusiccityDownload.exe
2011-11-29 21:38 . 2012-01-02 06:13 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2011-11-24 04:52 . 2011-12-13 18:43 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 14:58 . 2012-01-11 06:12 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:01 . 2012-01-11 06:12 67072 ----a-w- c:\windows\SysWow64\packager.dll
2011-11-17 06:41 . 2012-01-11 06:12 1731920 ----a-w- c:\windows\system32\ntdll.dll
2011-11-17 05:38 . 2012-01-11 06:12 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBit0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\BitTorrentBar\prxtbBit0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBit0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="e:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-11-09 3077528]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-12-27 937360]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-27 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"ASUS ShellProcess Execute"="c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2010-11-25 252544]
"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"GrooveMonitor"="e:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-12-27 3508624]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
"iTunesHelper"="e:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-06 343168]
"Malwarebytes' Anti-Malware"="e:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="e:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 athrusb;Belkin Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 SaiH0BAC;SaiH0BAC;c:\windows\system32\DRIVERS\SaiH0BAC.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S0 mvs91xx;mvs91xx;c:\windows\system32\DRIVERS\mvs91xx.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AtherosSvc;AtherosSvc;e:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;e:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-06-24 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 MBAMService;MBAMService;e:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 OODefragAgent;O&O Defrag;e:\program files\OO Software\Defrag\oodag.exe [2010-06-22 2532680]
S3 ALSysIO;ALSysIO;c:\users\zooz\AppData\Local\Temp\ALSysIO64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-10-07 922240]
S3 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALSYSIO
*NewlyCreated* - MBAMPROTECTOR
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3029502787-3877204180-1929427419-1000Core.job
- c:\users\zooz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-26 01:06]
.
2012-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3029502787-3877204180-1929427419-1000UA.job
- c:\users\zooz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-26 01:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 22408 ----a-w- e:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"egui"="e:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-06-24 2903688]
"AtherosBtStack"="e:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="e:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - e:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - e:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - e:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\zooz\AppData\Roaming\Mozilla\Firefox\Profiles\83380n4b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - e:\program files (x86)\Steam\steamapps\common\apb reloaded\Binaries\pbsvc_apb.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3029502787-3877204180-1929427419-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):8c,bb,25,7d,ef,5a,71,5f,31,cd,cc,fb,1f,e8,5c,bc,4f,a2,1e,64,cc,
7d,5d,ee,97,c0,71,cf,75,3b,58,4b,0a,68,eb,4d,77,a5,84,f1,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3029502787-3877204180-1929427419-1000_Classes\Wow6432Node\CLSID\{ee97be37-b5ee-4124-9f0f-ec7f2a6e6098}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000008
"Therad"=dword:0000001b
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="2B5E34A308E38BAEE17364E754034A22496641A34C380F0BD5B4C5989B238C858A371DFD6609DD07B50896BB899537C53022167BE8F0ABF1B66AA80C4EA1FC3D5270179056C57EB24C1692006E1088E134F1F376E726F9D3F8937CD6103C4AD68D8CB937E50FAE15204DEC275125C7FC6050023BF5E56BFBD69A207212FC6E8348833F5FE88E8EE230D2D433C6BA61F2C5B18D810B75550AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6A0AC4980AC7933A6A0AC4980AC7933A6171C11EC38DE3DF66C8D114B10DFE99F8EC4C96BAA9943B1016BD5B723A4B650093A0F250BF0FEB9A18BEF96BB6D64D2EC1A65EDA88CB7366ECDEC2501559663170F070126888A6E253775CFF5CEEBC84D8ACD36D2FE1C18B73F588C94F0919DCC9B4250B65A282BD31F9E21DAC8D1A859BA33CFA49F0BAE75201C7B582BA327CE983C41CE45D989FAF07BFA3F823D1EAEF2DB0DCE7D6DD5B170D2C377209F2DB2DF82C6BA8BF5A961023110290AA9DADBA0A000B390046FE7572C7A52CE28E383EF38957657A42EBEC8F556534FE48F68546E01EAAF63DF0D9EE8777E97377D41EC17A835B3663EBCE297892AA61275CB42482D419AF2110634E0D943C398B55D1C68BDDA8D0A81FD8F77A9544929C7F34641E3B4F0ED6C2C287C819D7A6ECA41E98CD7013AB7AA153208F924D17347405A04C9F839E3654EB2BA14BECCAC7DC5E3F5BB7570E7E90B53D080A6C18F36099F4D4776DC3A702E2DAE798A2C1D12BA3E2CF43ACB6875DA9EF00999FC71DC14DB6F874829A68482157EDF196EDAD463CEC950844CDB8975E316226F4DDE0620F74E7BBDCD36A0738C63B937CE569176120061BD5437E4BD9606204F5D74035D0163D6DA62C7C322D82CB9666BD61B9FA410FD042BC4C80DCF981A92BE9EA5F0273C92D5DF90F29DE53BDA5A467346FCCBD13F287E22FCAE4A3A69C8E42047F4407A6A1D2317366D3F87D8FBC51AEBA1EBB184305B414C63666B2FB42912C1F44353DD4CEE371C0B979936E7350A6C9592ADEE5535E684DD29BE4DCBC6DD76F2CF8FB03A66A1B264C511B76D42D827D26C59E585E42FF7C6385FEB39DFC1C8E3258CECEC14D991DCC121E5917F6E02C8CDDC1361A405FDBBE187F4DBF7D11F30A7BCDD1F6536CDC8AB8D8D8EE389675B2DF1E2BF942CF1C9938719C5F673E63562A313C22C6508F243B141CEC839C4DFA5E88A28B7B831F6E3C3C9BCA9E28DC3005B61791DE3DD9970FCD573EDE20B22F5A4FDDAF4961FBB8836BF3CC02D09A1D290611B5287F46E3BEFE3D1733F3061801C78C698022202DD6875F2CF3750074F06EDB348F776175323C8F1E2DBAFD0CC5CF693D10E25AB64FC2AC250B5DD220E8F278261AF8EAE0ABEA68F2398"
"OODEFRAG12.00.00.01PROFESSIONAL"="65C9022A09C0D408FD21BCD59C55EE544BFA5929933C671B4B6CF640C860A1BF06B5B8E991FE954C2AFCAE0D836C8A9D710EF72783DDB0ACDA37C6D6284C055CB4AE27F462DC055C7104203F0A66322055AC1D92247A6859E8172BB788060394C654873AD0814ED02FC8785598ABCF3A76FA7CEE11D9D5EAB9DFC61FDCD7613BE3CC88FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6A0AC4980AC7933A6A0AC4980AC7933A6171C11EC38DE3D44FB56B5B7C73C8052343370DB89DD77B06099B283BC505D220A02D9554465CCB75362D30AD5495A62DF0F09467F6A630779A68C7485F02DAE1A13A33F8144CBBAB7961A0DE3A1E035E56CE396B9C2A8A5C5F1960AC194D88348EC27B8587D4827BC53866030346DDCB1AB7E78D8242DF7267F6A1618E8748309D33C5E9350A3790C3BCC0BC7EFCF8E41F207F9D0D0CC8B8C1455D0032106B6E4CD6AAF537F325363B655F5904AC8A5A7ABE38C6B0D559300BAD9D54EF30C49F5A7F2130953BDF793F33BED413B8F1F0981AC8845238AE69DC1AC259E1B748AEF6E484EFA17815182604DA36540CC1DA1672F27CEE0A202143A37A067D6A5EE14F60F8EC41BB06C2832902EDC591E66BF906A07CD184A0225F91810F2E7748DBB5823665532707A92E0BA865C0C9663C4F7932AD81E9EA9A91E20A0DF16AFA3D3EC14C76F35D7CE63A7B90A6AE0BC22A7599277DECCB3628C01D3601FAB97115B53A10B2AFDF3E4CF082AFAE3E389D4F2B685B89F0111B4CCC7EEC1F5F7DDD76871C46E6E6FC8D72146E17CF7266BD243D43B1EB09D314FFC565D9D804D2C21A16AA791FDE847E7B3696719AA3BC493CB3D3AB77A078207C6D8C02FA9811D3AC3AD27F669D4DB7B793EF5BE533DEA37D33DB7FCB828E851633C6F95356FC2109FE6570A979E621BF8547EBE9E48A77DB465A3C8FDEE3A4822327153B7F69F39198A7E95C335AAF3480123CD8BFCBACEDB0B9D58AD4BC3AD673286D11B7A2C6CA750974A7D8C7BD518DA3B06ED805433CD47F74F8133C1E129761EDA9E5FD384D833CFBC261D0DB6A83F54E3ED7A1BD79E773EB28522E9EC747B5F9F529178834D718AE4F4610DAECDCD2C4A06182A11F93C2C6E9A136179E605A2B09C7FEC8CB60EDD1F75D89A7BF1EB367C090A8D539DFBB0CF768A44D734197587371BF7E66052952D0608CC7D92BF1BA6978548395CDEF10A208C9F7724009AFEAFDAD7FEA5C6AEB1D976ACB9C036B554AAC1507F1B52C733F52279F111CA8657E8BA3B6475BC5C35F5AF36D9A08015F68E7C108955873FC5A85A4781EB496332173947CB55468526B643DAA86E117D6462F565DB19F2989F3B46738536138D9745D7120C5D3A44D1CA45FE1974A166569973A22109CE4883"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-13 22:14:20
ComboFix-quarantined-files.txt 2012-02-14 03:14
.
Pre-Run: 30,830,972,928 bytes free
Post-Run: 32,287,256,576 bytes free
.
- - End Of File - - 9B45CC5B0FD74C898CE9DF6BE2560D7B
 
Please go to virustotal (http://www.virustotal.com/) and upload the following files for analysis, and post the results:

c:\windows\PE_File.dll
c:\windows\PE_Rom.dll

====================================
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code: 
File::
Folder::
c:\windows\unins000.exe
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"=-
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"=- 
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
RegLock::
[HKEY_USERS\S-1-5-21-3029502787-3877204180-1929427419-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
[HKEY_USERS\S-1-5-21-3029502787-3877204180-1929427419-1000_Classes\Wow6432Node\CLSID\{ee97be37-b5ee-4124-9f0f-ec7f2a6e6098}]
DDS::
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com

Clearjavacache::
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
A suggestion: Consider removing O&O Defrag. It includes the registry, sorts the files in an enormous registry entry. Most of us do not recommend a registry cleaner- you can still defrag- just not the registry.
====================
Be sure both of these are current:
Please update the following:
Note: Check each download screen for any pre-checked Toolbars or BHOs. Uncheck them before the download.
Adobe Reader > Current is vX(10.xx)> Adobe Reader Update
Java(TM) 6 > Current is v6u30> Java Updates .
Uninstall any earlier versions in of both as they are vulnerabilities for the system.
 
Virus Total Results:

SHA256: 932bfb44ac3afcc774ad3790639b123461a9af3bf1db341c54fe35befaeed409
SHA1: 4e4a065d0259c1777b355df08f6f48819f763afa
MD5: 9fcff1a3f1123845b41c690a53b6ce4d
File size: 5.0 MB ( 5253280 bytes )
File name: PE_File.dll
File type: Win32 DLL
Detection ratio: 0 / 43
Analysis date: 2012-02-16 21:19:24 UTC ( 1 minute ago )


SHA256: c0edba1f87d5c471d4ad3bfdff06659f365f8b0085b7ba006edbbd85ab631649
SHA1: 83fac8f81a67f2e4903e6a4ce05a08fa8856e24a
MD5: 03fac6365c0bed1e5d0987cab99cab7b
File size: 4.9 MB ( 5187904 bytes )
File name: PE_Rom.dll
File type: Win32 DLL
Detection ratio: 0 / 43
Analysis date: 2012-02-16 21:39:59 UTC ( 1 minute ago )

combofix log:


ComboFix 12-02-16.02 - zooz 02/16/2012 16:48:10.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8167.6652 [GMT -5:00]
Running from: c:\users\zooz\Desktop\ComboFix.exe
Command switches used :: c:\users\zooz\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\zooz\AppData\Local\Temp\bad4021e-8b96-4726-a482-7caebf5bc001\CliSecureRT.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 )))))))))))))))))))))))))))))))
.
.
2012-02-16 21:51 . 2012-02-16 21:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-15 04:00 . 2012-02-15 05:19 -------- d-----w- e:\program files (x86)\TSS Airbus IAE-V2500 New Gen sound
2012-02-14 22:43 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-14 22:43 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-14 22:43 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-14 22:43 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-14 22:43 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 22:42 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-14 22:41 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 22:41 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-14 22:36 . 2012-01-17 09:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4AD943F6-F41D-4A25-909A-FADFC5E480EE}\mpengine.dll
2012-02-14 21:26 . 2012-02-14 21:26 -------- d-----w- c:\users\zooz\AppData\Local\libimobiledevice
2012-02-14 01:07 . 2011-04-03 02:00 184572 ----a-w- e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Uninstal_Airbus1Dlx_evo_FSX_wilco.exe
2012-02-14 01:06 . 2010-10-22 21:26 122880 ----a-w- e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Modules\AirbusNewHUD.dll
2012-02-14 01:05 . 2010-10-08 04:52 867328 ----a-w- e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\FeelThere\Airbus\rxpWxSim.dll
2012-02-14 01:05 . 2010-10-07 16:31 331776 ----a-w- e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\FeelThere\Airbus\RegisterHUD.exe
2012-02-14 01:05 . 2010-10-06 19:21 3305472 ----a-w- e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\FeelThere\Airbus\Airbus1_Config.exe
2012-02-14 01:05 . 2010-11-15 02:04 315392 ----a-w- e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Gauges\ISIS.dll
2012-02-14 01:05 . 2010-10-22 20:59 7946240 ----a-w- e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Gauges\A318_Night.dll
2012-02-14 01:05 . 2010-10-22 20:54 7950336 ----a-w- e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Gauges\A320NightPanel_feelThere.dll
2012-02-14 01:05 . 2010-10-07 16:26 61440 ----a-w- e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Gauges\HUDControl.dll
2012-02-14 01:04 . 2010-11-15 02:04 19623936 ----a-w- e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\feelThere PIC A321IAE\panel\A321IAE_FeelThere.dll
2012-02-14 01:04 . 2010-11-15 02:04 19623936 ----a-w- e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\feelThere PIC A321\panel\A321CFM_FeelThere.dll
2012-02-14 01:04 . 2010-11-15 02:05 19619840 ----a-w- e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\feelThere PIC A320IAE\panel\A320IAE_FeelThere.dll
2012-02-14 01:04 . 2010-11-14 23:01 19619840 ----a-w- e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\feelThere PIC A320\panel\A320CFM_FeelThere.dll
2012-02-14 01:04 . 2010-11-15 02:06 19619840 ----a-w- e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\feelThere PIC A319IAE\panel\A319IAE_FeelThere.dll
2012-02-14 01:04 . 2010-11-15 02:06 19619840 ----a-w- e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\feelThere PIC A319CJ\panel\A319IAE_FeelThere.dll
2012-02-14 01:04 . 2010-11-15 02:07 19619840 ----a-w- e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\feelThere PIC A319\panel\A319CFM_FeelThere.dll
2012-02-14 01:04 . 2010-11-15 02:07 19230720 ----a-w- e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\feelThere PIC A318\panel\A318CFM_FeelThere.dll
2012-02-14 01:04 . 2010-11-15 02:04 315392 ----a-w- e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\feelThere PIC A318\panel\ISIS.dll
2012-02-13 22:58 . 2012-02-13 22:58 -------- d-----w- c:\users\zooz\AppData\Roaming\Malwarebytes
2012-02-13 22:58 . 2012-02-13 22:58 -------- d-----w- c:\programdata\Malwarebytes
2012-02-13 22:58 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-13 22:58 . 2012-02-13 22:58 -------- d-----w- e:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-07 19:37 . 2012-02-08 00:21 -------- d-----w- c:\users\zooz\AppData\Local\Skyrim
2012-02-07 04:44 . 2012-02-07 04:44 -------- d-----w- c:\users\zooz\AppData\Local\Mumble
2012-02-07 02:07 . 2012-02-15 23:41 -------- d-----w- c:\users\zooz\AppData\Roaming\Mumble
2012-02-07 02:07 . 2012-02-07 02:07 -------- d-----w- e:\program files (x86)\Mumble
2012-01-30 21:18 . 2012-01-30 21:18 -------- d-----w- c:\programdata\ATI
2012-01-30 21:06 . 2012-01-30 21:06 -------- d-----w- C:\AMD
2012-01-27 14:39 . 2012-01-27 14:40 -------- d-----w- c:\program files\iTunes
2012-01-27 14:39 . 2012-01-27 14:39 -------- d-----w- e:\program files (x86)\iTunes
2012-01-27 14:39 . 2012-01-27 14:39 -------- d-----w- c:\program files\iPod
2012-01-25 21:21 . 2011-12-21 07:24 43992 ----a-w- e:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-25 21:21 . 2011-12-21 04:30 626688 ----a-w- e:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-25 21:21 . 2011-12-21 04:30 548864 ----a-w- e:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-25 21:21 . 2011-12-21 04:30 479232 ----a-w- e:\program files (x86)\Mozilla Firefox\msvcm80.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-15 21:45 . 2011-09-26 03:22 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-29 10:10 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-10 01:08 . 2012-01-10 01:08 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-09 22:52 . 2012-01-09 22:52 683801 ----a-w- c:\windows\unins000.exe
2012-01-08 22:17 . 2011-09-26 01:48 5187904 ----a-w- c:\windows\PE_Rom.dll
2012-01-08 22:16 . 2011-09-26 01:49 5253280 ----a-w- c:\windows\PE_File.dll
2011-12-08 04:45 . 2011-12-07 18:20 281656 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-12-08 04:45 . 2011-12-07 18:16 281656 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-12-07 18:20 . 2011-12-07 18:16 281656 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-12-07 18:16 . 2011-12-07 18:16 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-12-06 03:45 . 2011-12-06 03:45 10720256 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-12-06 03:18 . 2011-12-06 03:18 25371136 ----a-w- c:\windows\system32\atio6axx.dll
2011-12-06 03:17 . 2011-12-06 03:17 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-12-06 03:17 . 2011-07-28 21:40 778752 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-12-06 03:16 . 2011-07-28 21:39 933888 ----a-w- c:\windows\system32\aticfx64.dll
2011-12-06 03:12 . 2011-12-06 03:12 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-12-06 03:12 . 2011-12-06 03:12 494080 ----a-w- c:\windows\system32\atieclxx.exe
2011-12-06 03:11 . 2011-12-06 03:11 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2011-12-06 03:10 . 2011-12-06 03:10 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-12-06 03:10 . 2011-12-06 03:10 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-12-06 03:10 . 2011-12-06 03:10 360448 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-12-06 03:10 . 2011-12-06 03:10 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-12-06 03:09 . 2011-12-06 03:09 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-12-06 03:09 . 2011-12-06 03:09 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-12-06 03:09 . 2011-12-06 03:09 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-12-06 03:06 . 2011-12-06 03:06 6159872 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-12-06 03:04 . 2011-12-06 03:04 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2011-12-06 03:04 . 2011-12-06 03:04 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-12-06 03:03 . 2011-12-06 03:03 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-12-06 03:03 . 2011-12-06 03:03 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-12-06 03:03 . 2011-12-06 03:03 17580544 ----a-w- c:\windows\system32\amdocl64.dll
2011-12-06 03:03 . 2011-12-06 03:03 14499328 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-12-06 02:56 . 2011-12-06 02:56 19125760 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-12-06 02:51 . 2009-07-13 21:59 7520768 ----a-w- c:\windows\system32\atidxx64.dll
2011-12-06 02:39 . 2011-12-06 02:39 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-12-06 02:39 . 2011-12-06 02:39 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-12-06 02:39 . 2011-12-06 02:39 4072960 ----a-w- c:\windows\system32\atiumd6a.dll
2011-12-06 02:34 . 2011-12-06 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-12-06 02:34 . 2011-12-06 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-12-06 02:34 . 2011-12-06 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-12-06 02:34 . 2011-12-06 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-12-06 02:34 . 2011-12-06 02:34 13738496 ----a-w- c:\windows\system32\aticaldd64.dll
2011-12-06 02:33 . 2011-07-28 21:09 5919232 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-12-06 02:29 . 2011-12-06 02:29 11484672 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-12-06 02:28 . 2011-07-28 21:03 4206592 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-12-06 02:24 . 2011-12-06 02:24 7511040 ----a-w- c:\windows\system32\atiumd64.dll
2011-12-06 02:18 . 2011-07-28 21:01 58880 ----a-w- c:\windows\system32\coinst.dll
2011-12-06 02:13 . 2011-12-06 02:13 509952 ----a-w- c:\windows\system32\atiadlxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-12-06 02:12 . 2011-12-06 02:12 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-12-06 02:12 . 2011-12-06 02:12 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 327168 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-12-06 02:11 . 2011-07-28 20:53 42496 ----a-w- c:\windows\system32\atiuxp64.dll
2011-12-06 02:11 . 2011-12-06 02:11 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-12-06 02:11 . 2011-12-06 02:11 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2011-12-06 02:11 . 2011-07-28 20:53 29696 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-12-06 02:10 . 2011-12-06 02:10 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-12-06 02:10 . 2011-12-06 02:10 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-12-06 02:10 . 2011-12-06 02:10 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-12-06 02:10 . 2011-12-06 02:10 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-12-06 02:10 . 2011-12-06 02:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-11-29 21:39 . 2011-10-24 01:02 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2011-11-29 21:38 . 2011-11-29 21:38 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2011-11-29 21:38 . 2011-11-29 21:38 325552 ----a-w- c:\windows\MASetupCaller.dll
2011-11-29 21:38 . 2011-11-29 21:38 30568 ----a-w- c:\windows\MusiccityDownload.exe
2011-11-29 21:38 . 2012-01-02 06:13 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2011-11-19 14:58 . 2012-01-11 06:12 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:01 . 2012-01-11 06:12 67072 ----a-w- c:\windows\SysWow64\packager.dll
2011-10-06 18:46 . 2011-10-06 18:43 379286 ----a-w- e:\program files (x86)\UnGEXUSACAN.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="e:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-11-09 3077528]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-12-27 937360]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-27 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"ASUS ShellProcess Execute"="c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2010-11-25 252544]
"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"GrooveMonitor"="e:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-12-27 3508624]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
"iTunesHelper"="e:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-06 343168]
"Malwarebytes' Anti-Malware"="e:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;e:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 athrusb;Belkin Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 SaiH0BAC;SaiH0BAC;c:\windows\system32\DRIVERS\SaiH0BAC.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S0 mvs91xx;mvs91xx;c:\windows\system32\DRIVERS\mvs91xx.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AtherosSvc;AtherosSvc;e:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;e:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-06-24 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 OODefragAgent;O&O Defrag;e:\program files\OO Software\Defrag\oodag.exe [2010-06-22 2532680]
S3 ALSysIO;ALSysIO;c:\users\zooz\AppData\Local\Temp\ALSysIO64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-10-07 922240]
S3 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3029502787-3877204180-1929427419-1000Core.job
- c:\users\zooz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-26 01:06]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3029502787-3877204180-1929427419-1000UA.job
- c:\users\zooz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-26 01:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 22408 ----a-w- e:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"egui"="e:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-06-24 2903688]
"AtherosBtStack"="e:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="e:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - e:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - e:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - e:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\zooz\AppData\Roaming\Mozilla\Firefox\Profiles\83380n4b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - e:\program files (x86)\Steam\steamapps\common\apb reloaded\Binaries\pbsvc_apb.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="2B5E34A308E38BAEE17364E754034A22496641A34C380F0BD5B4C5989B238C858A371DFD6609DD07B50896BB899537C53022167BE8F0ABF1B66AA80C4EA1FC3D5270179056C57EB24C1692006E1088E134F1F376E726F9D3F8937CD6103C4AD68D8CB937E50FAE15204DEC275125C7FC6050023BF5E56BFBD69A207212FC6E8348833F5FE88E8EE230D2D433C6BA61F2C5B18D810B75550AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6A0AC4980AC7933A6A0AC4980AC7933A6171C11EC38DE3DF66C8D114B10DFE99F8EC4C96BAA9943B1016BD5B723A4B650093A0F250BF0FEB9A18BEF96BB6D64D2EC1A65EDA88CB7366ECDEC2501559663170F070126888A6E253775CFF5CEEBC84D8ACD36D2FE1C18B73F588C94F0919DCC9B4250B65A282BD31F9E21DAC8D1A859BA33CFA49F0BAE75201C7B582BA327CE983C41CE45D989FAF07BFA3F823D1EAEF2DB0DCE7D6DD5B170D2C377209F2DB2DF82C6BA8BF5A961023110290AA9DADBA0A000B390046FE7572C7A52CE28E383EF38957657A42EBEC8F556534FE48F68546E01EAAF63DF0D9EE8777E97377D41EC17A835B3663EBCE297892AA61275CB42482D419AF2110634E0D943C398B55D1C68BDDA8D0A81FD8F77A9544929C7F34641E3B4F0ED6C2C287C819D7A6ECA41E98CD7013AB7AA153208F924D17347405A04C9F839E3654EB2BA14BECCAC7DC5E3F5BB7570E7E90B53D080A6C18F36099F4D4776DC3A702E2DAE798A2C1D12BA3E2CF43ACB6875DA9EF00999FC71DC14DB6F874829A68482157EDF196EDAD463CEC950844CDB8975E316226F4DDE0620F74E7BBDCD36A0738C63B937CE569176120061BD5437E4BD9606204F5D74035D0163D6DA62C7C322D82CB9666BD61B9FA410FD042BC4C80DCF981A92BE9EA5F0273C92D5DF90F29DE53BDA5A467346FCCBD13F287E22FCAE4A3A69C8E42047F4407A6A1D2317366D3F87D8FBC51AEBA1EBB184305B414C63666B2FB42912C1F44353DD4CEE371C0B979936E7350A6C9592ADEE5535E684DD29BE4DCBC6DD76F2CF8FB03A66A1B264C511B76D42D827D26C59E585E42FF7C6385FEB39DFC1C8E3258CECEC14D991DCC121E5917F6E02C8CDDC1361A405FDBBE187F4DBF7D11F30A7BCDD1F6536CDC8AB8D8D8EE389675B2DF1E2BF942CF1C9938719C5F673E63562A313C22C6508F243B141CEC839C4DFA5E88A28B7B831F6E3C3C9BCA9E28DC3005B61791DE3DD9970FCD573EDE20B22F5A4FDDAF4961FBB8836BF3CC02D09A1D290611B5287F46E3BEFE3D1733F3061801C78C698022202DD6875F2CF3750074F06EDB348F776175323C8F1E2DBAFD0CC5CF693D10E25AB64FC2AC250B5DD220E8F278261AF8EAE0ABEA68F2398"
"OODEFRAG12.00.00.01PROFESSIONAL"="65C9022A09C0D408FD21BCD59C55EE544BFA5929933C671B4B6CF640C860A1BF06B5B8E991FE954C2AFCAE0D836C8A9D710EF72783DDB0ACDA37C6D6284C055CB4AE27F462DC055C7104203F0A66322055AC1D92247A6859E8172BB788060394C654873AD0814ED02FC8785598ABCF3A76FA7CEE11D9D5EAB9DFC61FDCD7613BE3CC88FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6A0AC4980AC7933A6A0AC4980AC7933A6171C11EC38DE3D44FB56B5B7C73C8052343370DB89DD77B06099B283BC505D220A02D9554465CCB75362D30AD5495A62DF0F09467F6A630779A68C7485F02DAE1A13A33F8144CBBAB7961A0DE3A1E035E56CE396B9C2A8A5C5F1960AC194D88348EC27B8587D4827BC53866030346DDCB1AB7E78D8242DF7267F6A1618E8748309D33C5E9350A3790C3BCC0BC7EFCF8E41F207F9D0D0CC8B8C1455D0032106B6E4CD6AAF537F325363B655F5904AC8A5A7ABE38C6B0D559300BAD9D54EF30C49F5A7F2130953BDF793F33BED413B8F1F0981AC8845238AE69DC1AC259E1B748AEF6E484EFA17815182604DA36540CC1DA1672F27CEE0A202143A37A067D6A5EE14F60F8EC41BB06C2832902EDC591E66BF906A07CD184A0225F91810F2E7748DBB5823665532707A92E0BA865C0C9663C4F7932AD81E9EA9A91E20A0DF16AFA3D3EC14C76F35D7CE63A7B90A6AE0BC22A7599277DECCB3628C01D3601FAB97115B53A10B2AFDF3E4CF082AFAE3E389D4F2B685B89F0111B4CCC7EEC1F5F7DDD76871C46E6E6FC8D72146E17CF7266BD243D43B1EB09D314FFC565D9D804D2C21A16AA791FDE847E7B3696719AA3BC493CB3D3AB77A078207C6D8C02FA9811D3AC3AD27F669D4DB7B793EF5BE533DEA37D33DB7FCB828E851633C6F95356FC2109FE6570A979E621BF8547EBE9E48A77DB465A3C8FDEE3A4822327153B7F69F39198A7E95C335AAF3480123CD8BFCBACEDB0B9D58AD4BC3AD673286D11B7A2C6CA750974A7D8C7BD518DA3B06ED805433CD47F74F8133C1E129761EDA9E5FD384D833CFBC261D0DB6A83F54E3ED7A1BD79E773EB28522E9EC747B5F9F529178834D718AE4F4610DAECDCD2C4A06182A11F93C2C6E9A136179E605A2B09C7FEC8CB60EDD1F75D89A7BF1EB367C090A8D539DFBB0CF768A44D734197587371BF7E66052952D0608CC7D92BF1BA6978548395CDEF10A208C9F7724009AFEAFDAD7FEA5C6AEB1D976ACB9C036B554AAC1507F1B52C733F52279F111CA8657E8BA3B6475BC5C35F5AF36D9A08015F68E7C108955873FC5A85A4781EB496332173947CB55468526B643DAA86E117D6462F565DB19F2989F3B46738536138D9745D7120C5D3A44D1CA45FE1974A166569973A22109CE4883"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe
.
**************************************************************************
.
Completion time: 2012-02-16 16:58:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-16 21:58
ComboFix2.txt 2012-02-14 03:14
.
Pre-Run: 30,688,116,736 bytes free
Post-Run: 30,651,375,616 bytes free
.
- - End Of File - - 2EEEC127B297EC575BA237778E41B29B

Java(TM) 6 > Current is v6u30> Java Updates .
Click to expand...

I have 6.29 installed as well as 7.1 for 64 bit and SE development kit 7.1...Should I uninstall these or just uninstall 6.29?
 
Last 2 scans:

Download Security Check by screen317 and save to the desktop
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt please
  • Post the contents of that document.
===============================
First, set up a Directory for HijackThis as follows:
Right click Taskbar> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
Exit Explorer
You now have a folder C:\HijackThis
-----------------------------------------
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.
  • Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
  • Extract it to the directory on your hard drive you created C:\HijackThis.
  • Then navigate to that directory and double-click on the hijackthis.exe file.
  • When started click on the Scan button and then the Save Log button to create a log of your information.
  • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
 
Results of screen317's Security Check version 0.99.31
Windows 7 x86 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
VAT-Spy
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.2)
Mozilla Firefox (9.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:02:51 PM, on 2/19/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
E:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe
C:\Users\zooz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\zooz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\zooz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\zooz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\zooz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\zooz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\zooz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\zooz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\zooz\Desktop\SecurityCheck.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\notepad.exe
C:\HijackThis\HijackThis.exe
C:\Users\zooz\AppData\Local\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - E:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
O4 - HKLM\..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [RocketDock] "E:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O8 - Extra context menu item: Download all links with IDM - E:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - E:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - E:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - E:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
O23 - Service: AtherosSvc - Atheros Commnucations - E:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 13899 bytes
 
Antivirus/Firewall Check:
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
VAT-Spy
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.2)
Mozilla Firefox (9.0.1)
Click to expand...

NO antivirus!
NO firewall!
NO antimalware!

(VAT-Spy is a simple application that allows you to view current ATC staffing and traffic levels on VATSIM.)

The only process I see that will aid in security is the WOT Site Advisor>> and that is not a security program!
There is no sense in removing anything because without any security, you will get malware withing minutes of connecting to the internet.
 
NO antivirus!
NO firewall!
NO antimalware!

(VAT-Spy is a simple application that allows you to view current ATC staffing and traffic levels on VATSIM.)

The only process I see that will aid in security is the WOT Site Advisor>> and that is not a security program!
There is no sense in removing anything because without any security, you will get malware withing minutes of connecting to the internet.
Click to expand...

I have ESET anti virus / firewall installed, but maybe it didn't recognize it because its on my other hard drive, VAT-Spy is a tool I use for Flight sim, I also have malwarebytes installed on my other hard drive.
 
Bobbye said:
If the security is on your 'other drive', what's protecting this drive?
Click to expand...

It can protect both, I have an SSD that I install my OS on and have other files like flash and other plugins, and ESET is installed on my HDD, I'm sure it protects both.
 
Status
Not open for further replies.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni

Latest posts

Back