combofix ran fine. it made me restart after installing and when the computer restarted my antivirus (nod32 ver 5.2.9.1) kicked back on but I turned it off within seconds of restart. not sure if this info helps or not. here is the log:
ComboFix 12-06-24.03 - logando 5/2012 Mon 14:09:57.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.949.82.1033.18.8175.6427 [GMT 9:00]
Running from: c:\users\logando\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\users\logando\AppData\Roaming\Roaming
c:\users\logando\AppData\Roaming\Roaming\2K Sports\Major League Baseball 2K12\Cache\BoxScoresTEMP.iff
c:\users\logando\AppData\Roaming\Roaming\2K Sports\Major League Baseball 2K12\Cache\seq00000.iff
c:\users\logando\AppData\Roaming\Roaming\2K Sports\Major League Baseball 2K12\Cache\seq00001.iff
c:\users\logando\AppData\Roaming\Roaming\2K Sports\Major League Baseball 2K12\Cache\seq00002.iff
c:\users\logando\AppData\Roaming\Roaming\2K Sports\Major League Baseball 2K12\Cache\seq00003.iff
c:\users\logando\AppData\Roaming\Roaming\2K Sports\Major League Baseball 2K12\Cache\seq00004.iff
c:\users\logando\AppData\Roaming\Roaming\2K Sports\Major League Baseball 2K12\Cache\seq00005.iff
c:\users\logando\AppData\Roaming\Roaming\2K Sports\Major League Baseball 2K12\Cache\StatSplitsTEMP.iff
c:\users\logando\AppData\Roaming\Roaming\2K Sports\Major League Baseball 2K12\Cache\TempTitlePageData
c:\users\logando\AppData\Roaming\Roaming\2K Sports\Major League Baseball 2K12\Cache\tr000000.iff
c:\users\logando\AppData\Roaming\Roaming\2K Sports\Major League Baseball 2K12\Cache\tr000001.iff
c:\users\logando\AppData\Roaming\Roaming\2K Sports\Major League Baseball 2K12\Cache\tr000002.iff
c:\users\logando\AppData\Roaming\Roaming\2K Sports\Major League Baseball 2K12\Cache\tr000003.iff
c:\users\logando\AppData\Roaming\Roaming\2K Sports\Major League Baseball 2K12\Cache\tr000004.iff
c:\users\logando\AppData\Roaming\Roaming\2K Sports\Major League Baseball 2K12\Cache\tr000005.iff
c:\users\logando\AppData\Roaming\Roaming\2K Sports\Major League Baseball 2K12\Cache\tr000006.iff
c:\users\logando\AppData\Roaming\Roaming\2K Sports\Major League Baseball 2K12\Cache\ts000000.iff
c:\users\logando\AppData\Roaming\Roaming\2K Sports\Major League Baseball 2K12\Cache\ts000001.iff
c:\users\logando\AppData\Roaming\Roaming\2K Sports\Major League Baseball 2K12\Cache\ts000002.iff
c:\users\logando\AppData\Roaming\Roaming\2K Sports\Major League Baseball 2K12\Saves\Career1.CMG
c:\users\logando\AppData\Roaming\Roaming\2K Sports\Major League Baseball 2K12\Saves\Config.cfg
c:\users\logando\AppData\Roaming\Roaming\2K Sports\Major League Baseball 2K12\Saves\Difficulty Sliders.SLD
c:\users\logando\AppData\Roaming\Roaming\2K Sports\Major League Baseball 2K12\Saves\Game Records.REC
c:\users\logando\AppData\Roaming\Roaming\2K Sports\Major League Baseball 2K12\Saves\Living Season.LSF
c:\users\logando\AppData\Roaming\Roaming\2K Sports\Major League Baseball 2K12\Saves\Logando.USR
c:\users\logando\AppData\Roaming\Roaming\2K Sports\Major League Baseball 2K12\Saves\Player Progression.PPF
c:\users\logando\AppData\Roaming\Roaming\2K Sports\Major League Baseball 2K12\Saves\Roster.ROS
c:\users\logando\AppData\Roaming\Roaming\2K Sports\Major League Baseball 2K12\Saves\Settings.STG
c:\windows\7Loader.TAG
c:\windows\system32\CKAgent.dat
c:\windows\SysWow64\npkpdb.dll
c:\windows\SysWow64\SET6525.tmp
c:\windows\SysWow64\tmp1583.tmp
c:\windows\SysWow64\tmp15A3.tmp
c:\windows\SysWow64\tmp4221.tmp
c:\windows\SysWow64\tmp4231.tmp
c:\windows\SysWow64\tmp9913.tmp
c:\windows\SysWow64\tmp9914.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-25 to 2012-06-25 )))))))))))))))))))))))))))))))
.
.
2012-06-25 05:12 . 2012-06-25 05:15--------d-----w-c:\users\logando\AppData\Local\temp
2012-06-25 05:12 . 2012-06-25 05:12--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
2012-06-25 01:48 . 2012-06-25 01:48--------d-----w-c:\users\logando\AppData\Roaming\Malwarebytes
2012-06-25 01:48 . 2012-06-25 01:48--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-25 01:48 . 2012-06-25 01:48--------d-----w-c:\programdata\Malwarebytes
2012-06-25 01:48 . 2012-04-04 06:5624904----a-w-c:\windows\system32\drivers\mbam.sys
2012-06-23 04:56 . 2012-05-31 04:049013136----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{82C528D1-1266-4F0A-915F-82A586B93AF4}\mpengine.dll
2012-06-22 12:35 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
2012-06-22 12:35 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
2012-06-22 12:35 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
2012-06-22 12:35 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
2012-06-22 12:34 . 2012-06-02 06:19186752----a-w-c:\windows\system32\wuwebv.dll
2012-06-22 12:34 . 2012-06-02 06:1536864----a-w-c:\windows\system32\wuapp.exe
2012-06-22 12:15 . 2012-06-24 01:57282696----a-w-c:\windows\SysWow64\PnkBstrB.xtr
2012-06-22 12:15 . 2012-06-22 12:15--------d-----w-c:\users\logando\AppData\Local\PunkBuster
2012-06-22 12:15 . 2012-06-22 12:50--------d-----w-c:\users\logando\AppData\Local\Ubisoft Game Launcher
2012-06-22 12:00 . 2012-06-22 12:00--------d-----w-c:\program files (x86)\Ubisoft
2012-06-22 11:56 . 2012-06-22 11:56--------d-----w-c:\users\logando\AppData\Roaming\Ubisoft
2012-06-22 10:30 . 2012-06-24 01:57282696----a-w-c:\windows\SysWow64\PnkBstrB.exe
2012-06-22 10:30 . 2012-06-23 06:13282696----a-w-c:\windows\SysWow64\PnkBstrB.ex0
2012-06-22 10:29 . 2012-06-22 12:0276888----a-w-c:\windows\SysWow64\PnkBstrA.exe
2012-06-21 08:37 . 2012-06-21 08:373166792------w-c:\windows\SysWow64\pbsvc.exe
2012-06-19 08:58 . 2012-06-19 08:58--------d-----w-C:\TDSSKiller_Quarantine
2012-06-19 08:50 . 2012-06-19 08:50--------d-----w-c:\program files (x86)\Trend Micro
2012-06-17 01:20 . 2012-06-17 01:20--------d-----w-c:\users\logando\AppData\Roaming\dvdcss
2012-06-16 10:07 . 2012-04-24 05:371462272----a-w-c:\windows\system32\crypt32.dll
2012-06-13 00:40 . 2011-11-01 02:11946560----a-w-c:\windows\SysWow64\NPKCX.ocx
2012-06-13 00:40 . 2011-11-01 02:06627008----a-w-c:\windows\SysWow64\npkcxext.ocx
2012-06-13 00:40 . 2011-10-07 08:37614720----a-w-c:\windows\SysWow64\npkcrypt.dll
2012-06-13 00:40 . 2011-10-04 09:35266560----a-w-c:\windows\SysWow64\npkagt.exe
2012-06-13 00:40 . 2011-09-15 07:0241024----a-w-c:\windows\SysWow64\npkakl.sys
2012-06-13 00:40 . 2011-07-07 06:12631104----a-w-c:\windows\SysWow64\npkSvcUpdate.exe
2012-06-13 00:40 . 2011-07-07 05:3449600----a-w-c:\windows\SysWow64\npkcusb.sys
2012-06-13 00:40 . 2011-07-04 11:0778144----a-w-c:\windows\SysWow64\npkuninst.exe
2012-06-13 00:40 . 2011-04-27 08:5855872----a-w-c:\windows\SysWow64\npkcrypt.sys
2012-06-13 00:40 . 2010-07-15 11:43412256----a-w-c:\windows\SysWow64\npkupd.exe
2012-06-13 00:40 . 2009-08-27 07:13133344----a-w-c:\windows\SysWow64\npkcnt4.sys
2012-06-13 00:40 . 2009-04-06 08:16596512----a-w-c:\windows\SysWow64\INICRYPTOSDK.dll
2012-06-13 00:40 . 2006-11-30 09:0127368----a-w-c:\windows\SysWow64\npkcrypt.vxd
2012-06-13 00:33 . 2012-06-13 00:33971042----a-w-c:\windows\SysWow64\npstarterctrl.dll
2012-06-13 00:33 . 2012-06-13 00:33448032----a-w-c:\windows\SysWow64\npstarter.ocx
2012-06-13 00:33 . 2012-06-13 00:33250145----a-w-c:\windows\SysWow64\npstartersvc.exe
2012-06-13 00:33 . 2012-06-13 00:33213279----a-w-c:\windows\SysWow64\npnj5Agent.exe
2012-06-13 00:33 . 2012-06-13 00:33189984----a-w-c:\windows\SysWow64\npnj5Launcher.exe
2012-06-13 00:33 . 2012-06-13 00:33--------d-----w-c:\program files (x86)\Wizvera
2012-06-12 12:23 . 2012-06-12 12:23137128----a-r-c:\windows\system32\CKAgent.exe
2012-06-11 10:30 . 2012-06-11 10:30--------d-----w-C:\update
2012-06-07 11:15 . 2012-06-07 11:15--------d-----w-c:\program files (x86)\Xilisoft
2012-06-07 06:28 . 2012-06-07 06:28--------d-----w-c:\users\logando\AppData\Roaming\NCH Swift Sound
2012-06-07 06:28 . 2012-06-07 06:28--------d-----w-c:\programdata\NCH Swift Sound
2012-06-07 06:28 . 2012-06-07 06:28--------d-----w-c:\program files (x86)\NCH Swift Sound
2012-06-06 07:22 . 2012-06-06 13:32--------d-----w-c:\users\logando\AppData\Roaming\Hnc
2012-06-06 07:20 . 2012-06-06 07:21--------d-----w-c:\program files (x86)\Common Files\Hnc
2012-06-06 07:20 . 2012-06-06 07:21--------d-----w-C:\HNC
2012-06-06 07:20 . 2012-06-06 07:20--------d-----w-c:\program files (x86)\eps
2012-06-02 07:21 . 2012-06-02 07:21--------d-----w-c:\users\logando\AppData\Local\CrashRpt
2012-06-02 07:20 . 2012-06-02 07:20--------d-----w-c:\programdata\RELOADED
2012-06-01 13:05 . 2012-06-01 13:05137128----a-r-c:\windows\SysWow64\CKAgent.exe
2012-06-01 13:04 . 2012-06-01 13:09702865----a-w-c:\windows\unins000.exe
2012-06-01 13:04 . 2011-02-23 00:581299944----a-w-c:\windows\SysWow64\BankPayEFT.ocx
2012-06-01 13:04 . 2011-01-24 06:55278528----a-w-c:\windows\SysWow64\CKAppEx_KFTC.dll
2012-06-01 13:04 . 2011-01-19 16:08385024----a-w-c:\windows\SysWow64\y7wrapper.dll
2012-06-01 13:04 . 2011-01-19 16:0828672----a-w-c:\windows\SysWow64\y7shim.dll
2012-06-01 13:04 . 2011-01-19 15:49663552----a-w-c:\windows\SysWow64\y7csel.dll
2012-06-01 13:04 . 2010-09-06 05:5475136----a-w-c:\windows\SysWow64\y5writeCOM.dll
2012-05-31 05:02 . 2012-05-31 05:05--------d-----w-C:\NIA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 01:32 . 2012-05-01 07:5970344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-21 01:32 . 2012-05-01 07:59426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-12 12:23 . 2012-05-17 10:2919016----a-w-c:\windows\system32\JRSUKD25.SYS
2012-06-12 12:23 . 2012-05-17 10:29141848----a-w-c:\windows\system32\kcrtx64.sys
2012-06-01 13:05 . 2012-05-17 10:29483240----a-w-c:\windows\SysWow64\CKSetup64.exe
2012-06-01 13:05 . 2012-05-17 10:291173624----a-w-c:\windows\SysWow64\CKSetup32.exe
2012-05-24 01:47 . 2012-05-01 07:4124448----a-w-c:\windows\system32\RegistryDefragBootTime.exe
2012-05-21 09:53 . 2012-04-30 10:46466456----a-w-c:\windows\system32\wrap_oal.dll
2012-05-21 09:53 . 2012-04-30 10:46444952----a-w-c:\windows\SysWow64\wrap_oal.dll
2012-05-21 09:53 . 2012-04-30 10:46122904----a-w-c:\windows\system32\OpenAL32.dll
2012-05-21 09:53 . 2012-04-30 10:46109080----a-w-c:\windows\SysWow64\OpenAL32.dll
2012-05-19 00:02 . 2009-08-18 03:49564632----a-w-c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-05-19 00:02 . 2009-08-18 02:2419736----a-w-c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-17 10:29 . 2012-05-17 10:29137728----a-w-c:\windows\SysWow64\Unzip323.dll
2012-05-17 10:29 . 2012-05-17 10:2972272----a-w-c:\windows\SysWow64\cosa.dll
2012-05-17 10:29 . 2012-05-17 10:2958600----a-w-c:\windows\SysWow64\I3Gescp.dll
2012-05-17 10:29 . 2012-05-17 10:29477312----a-w-c:\windows\SysWow64\I3GManager.dll
2012-05-17 10:29 . 2012-05-17 10:29211072----a-w-c:\windows\SysWow64\I3GEX.exe
2012-05-17 10:29 . 2012-05-17 10:2915512----a-w-c:\windows\SysWow64\IRTrace.dll
2012-05-17 10:29 . 2012-05-17 10:29575640----a-w-c:\windows\SysWow64\I3GManager.exe
2012-05-17 10:29 . 2012-05-17 10:29971036----a-w-c:\windows\SysWow64\NPDownx.exe
2012-05-17 10:29 . 2012-05-17 10:29450844----a-w-c:\windows\SysWow64\npcopyx.exe
2012-05-17 10:29 . 2012-05-17 10:29426270----a-w-c:\windows\SysWow64\npeutilex.dll
2012-05-17 10:29 . 2012-05-17 10:29221472----a-w-c:\windows\SysWow64\npcopycheck.exe
2012-05-17 10:29 . 2012-05-17 10:29182080----a-w-c:\windows\SysWow64\npn5uninst.exe
2012-05-17 10:29 . 2012-05-17 10:2970968----a-w-c:\windows\SysWow64\CKKeyProCert.dll
2012-05-17 10:29 . 2012-05-17 10:29191000----a-w-c:\windows\SysWow64\kcrypto.dll
2012-05-17 10:29 . 2012-05-17 10:29434428----a-w-c:\windows\SysWow64\CKCSP.dll
2012-05-17 10:29 . 2012-05-17 10:29394552----a-w-c:\windows\SysWow64\XecureCK.dll
2012-05-17 10:29 . 2012-05-17 10:29210232----a-w-c:\windows\SysWow64\npKeyPro.dll
2012-05-17 10:29 . 2012-05-17 10:29181560----a-w-c:\windows\SysWow64\CKApp.dll
2012-05-17 10:29 . 2012-05-17 10:29156984----a-w-c:\windows\SysWow64\JRSoftcp.dll
2012-05-04 10:29 . 2012-05-09 00:41772504----a-w-c:\windows\SysWow64\npDeployJava1.dll
2012-05-04 10:29 . 2012-05-01 08:03687504----a-w-c:\windows\SysWow64\deployJava1.dll
2012-05-01 09:39 . 2009-07-14 02:36175616----a-w-c:\windows\system32\msclmd.dll
2012-05-01 09:39 . 2009-07-14 02:36152576----a-w-c:\windows\SysWow64\msclmd.dll
2012-05-01 07:55 . 2012-05-01 07:5598816----a-w-c:\windows\system32\drivers\usbccgp.sys
2012-05-01 07:55 . 2012-05-01 07:557936----a-w-c:\windows\system32\drivers\usbd.sys
2012-05-01 07:55 . 2012-05-01 07:5552736----a-w-c:\windows\system32\drivers\usbehci.sys
2012-05-01 07:55 . 2012-05-01 07:55343040----a-w-c:\windows\system32\drivers\usbhub.sys
2012-05-01 07:55 . 2012-05-01 07:55325120----a-w-c:\windows\system32\drivers\usbport.sys
2012-05-01 07:55 . 2012-05-01 07:5530720----a-w-c:\windows\system32\drivers\usbuhci.sys
2012-05-01 07:55 . 2012-05-01 07:5525600----a-w-c:\windows\system32\drivers\usbohci.sys
2012-05-01 07:54 . 2012-05-01 07:54902656----a-w-c:\windows\system32\d2d1.dll
2012-05-01 07:54 . 2012-05-01 07:54739840----a-w-c:\windows\SysWow64\d2d1.dll
2012-05-01 07:54 . 2012-05-01 07:541139200----a-w-c:\windows\system32\FntCache.dll
2012-04-05 11:08 . 2012-05-01 06:4834624----a-w-c:\windows\system32\TURegOpt.exe
2012-04-05 11:08 . 2012-05-01 06:5035648----a-w-c:\windows\system32\uxtuneup.dll
2012-04-05 11:08 . 2012-05-01 06:5028992----a-w-c:\windows\SysWow64\uxtuneup.dll
2012-04-05 11:08 . 2012-05-01 06:4825920----a-w-c:\windows\system32\authuitu.dll
2012-04-05 11:08 . 2012-05-01 06:4821312----a-w-c:\windows\SysWow64\authuitu.dll
2012-03-30 11:35 . 2012-05-09 13:071918320----a-w-c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-04 241789]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"HncUpdate"="c:\program files (x86)\Common Files\Hnc\HncUtils\HncUpdate.exe" [2006-07-16 475136]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"UpdReg"=c:\windows\UpdReg.EXE
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"CTSyncService"=c:\program files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe /StartRunKey
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 257224]
R3 CdmDrvNt;CdmDrvNt;c:\windows\system32\Drivers\CdmDrvNt.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-04-30 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-04-30 79360]
R3 JRSKD24;JRSKD24; [x]
R3 kcrtx64;kcrtx64;c:\windows\system32\kcrtx64.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
R3 MfFWEnt;MfFWEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys [2010-06-28 126072]
R3 MfIPSEnt;MfIPSEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys [2010-06-28 155256]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2012-04-30 79360]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 AMonTDLH;AMonTDLH;c:\windows\system32\Drivers\AMonTDLH.sys [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-04-05 2143552]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 JRSUKD25;JRSUKD25;c:\windows\system32\JRSUKD25.SYS [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-01 11856]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 01:32]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4198537568-3718071329-2121928370-1000Core.job
- c:\users\logando\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-30 11:35]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4198537568-3718071329-2121928370-1000UA.job
- c:\users\logando\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-30 11:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 168.126.63.1 168.126.63.2
DPF: {2022EE84-1E1F-45B0-8D35-FF9DA75366BC} - hxxp://download.softforum.co.kr/Published/XecureExpressI/v2.4.0.5/xei_install2.cab
DPF: {7C65E65F-5ACA-409E-9D44-79AD833919F8} - hxxp://download.softforum.co.kr/Published/XecureExpressI/v2.6.0.6/xei_install.cab
DPF: {AC2CE4A7-75CE-4B11-B245-CE697861C3C1} - hxxp://
www.citibank.co.kr/mailplugin/INISAFEMailv4.cab
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-XecureCK - c:\windows\system32\CKSetup32.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,65,c7,ee,78,fe,61,a8,4f,91,77,01,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,65,c7,ee,78,fe,61,a8,4f,91,77,01,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-06-25 14:18:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-25 05:18
.
Pre-Run: 221,693,440,000 bytes free
Post-Run: 222,277,754,880 bytes free
.
- - End Of File - - C2218634F8535DD5A8C5761DEC2ED6F9