Sign in with
Sign up | Sign in
Your question

Malware issue

Last response: in Windows 7
Share
January 19, 2013 6:40:42 PM

I'm running 64-bit windows 7, and whenever I run a speed test from speedtest.net. It comes back saying I have a ping of 520+. I know that it should not be anywhere near that amount, and that the it's not a problem with my ISP. If i use the speedtest.net app on my phone connected through wi-fi it's about 130, and if I do the speed test under safe mode the ping is like 21. I have tried running malware bytes, combofix, S&D, virus scan (eset nod32), and ccleaner all under safe mode, and still not able to get my computer cleaned up. Here is the log from HJT I ran it under a normal boot. So I hope that doesn't affect what it brings up.

Quote:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:30:45 PM, on 1/19/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe
C:\Users\Trent\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe
C:\Program Files (x86)\n52te\n52teHid.exe
C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\n52te\n52teTra.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Users\Trent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Trent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Trent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Trent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Trent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Trent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Trent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Trent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Lycosa] "C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe"
O4 - HKLM\..\Run: [Jomantha] C:\Program Files (x86)\n52te\n52teHid.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun
O4 - HKLM\..\Run: [AODAssist.exe] C:\Program Files (x86)\AMD\AMD OverDrive\AODAssist.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [Grid] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe"
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Trent\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [HP Photosmart 6510 series (NET)] "C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN18U4110005QB:NW" -scfn "HP Photosmart 6510 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - (no file)
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E7DA7F8D-27AB-4EE9-8FC0-3FEC9ECFE758} (DynamicWebTwain Class) - https://www.okdhslive.org/Utilities/DynamicWebTWAIN.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Active File Monitor V11 (AdobeActiveFileMonitor11.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD RAIDXpert (AMDRAIDXpert) - Unknown owner - C:\Program Files (x86)\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: pcCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
O23 - Service: pcCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcCMService.exe
O23 - Service: pcServiceHost - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12970 bytes


and this log is from combofix

Quote:
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
----- File Replicators -----
.
c:\windows\Installer\{01496C89-6117-AD97-3CB3-98AF2026070C}\ARPPRODUCTICON.exe
c:\windows\Installer\{0486991B-63F4-5106-06CE-404D7BA55041}\ARPPRODUCTICON.exe
c:\windows\Installer\{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}\ARPPRODUCTICON.exe
c:\windows\Installer\{19D368B2-5601-007B-A296-535706E00D97}\ARPPRODUCTICON.exe
c:\windows\Installer\{1ACA6481-8138-634A-1AA7-F82C71135F8D}\ARPPRODUCTICON.exe
c:\windows\Installer\{25BB2DDF-280D-3D1F-F9FF-4D3E0D2AD982}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{25BB2DDF-280D-3D1F-F9FF-4D3E0D2AD982}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{25BB2DDF-280D-3D1F-F9FF-4D3E0D2AD982}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{25BB2DDF-280D-3D1F-F9FF-4D3E0D2AD982}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{278FA289-F502-D888-A3BA-5FA10308AAAD}\ARPPRODUCTICON.exe
c:\windows\Installer\{3987279A-3504-2916-D063-741B910F0747}\ARPPRODUCTICON.exe
c:\windows\Installer\{44F77218-4BBD-1B74-88B7-FC302868F2B3}\ARPPRODUCTICON.exe
c:\windows\Installer\{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}\ARPPRODUCTICON.exe
c:\windows\Installer\{4A85AE1B-9727-261D-9EAF-07C1AECCF977}\ARPPRODUCTICON.exe
c:\windows\Installer\{502699FF-F586-54B1-91E8-E85D9FAE0D6D}\ARPPRODUCTICON.exe
c:\windows\Installer\{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}\ARPPRODUCTICON.exe
c:\windows\Installer\{548A4EF3-BD97-0813-B469-E1E2FC9DE487}\ARPPRODUCTICON.exe
c:\windows\Installer\{55533224-CAD0-39B5-6297-E1B2D1D8F176}\ARPPRODUCTICON.exe
c:\windows\Installer\{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}\ARPPRODUCTICON.exe
c:\windows\Installer\{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}\ARPPRODUCTICON.exe
c:\windows\Installer\{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}\ARPPRODUCTICON.exe
c:\windows\Installer\{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}\ARPPRODUCTICON.exe
c:\windows\Installer\{70210CF8-CAB1-8FEB-D964-C33AFE18730B}\ARPPRODUCTICON.exe
c:\windows\Installer\{7C12BCBF-FC0D-9C63-0758-A217BC0CEADC}\ARPPRODUCTICON.exe
c:\windows\Installer\{81D00339-968D-15D1-3499-8431658E896F}\ARPPRODUCTICON.exe
c:\windows\Installer\{81D00339-968D-15D1-3499-8431658E896F}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{81D00339-968D-15D1-3499-8431658E896F}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{81D00339-968D-15D1-3499-8431658E896F}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{81D00339-968D-15D1-3499-8431658E896F}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}\ARPPRODUCTICON.exe
c:\windows\Installer\{8C5ACED4-34D3-23BB-F90E-2F90420321BC}\ARPPRODUCTICON.exe
c:\windows\Installer\{90CB2C55-426D-0752-968D-9B0F1110202A}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{90CB2C55-426D-0752-968D-9B0F1110202A}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{90CB2C55-426D-0752-968D-9B0F1110202A}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{90CB2C55-426D-0752-968D-9B0F1110202A}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}\ARPPRODUCTICON.exe
c:\windows\Installer\{B0B1A8A5-4711-BB6C-DD59-9794AD928368}\ARPPRODUCTICON.exe
c:\windows\Installer\{B33D2348-2938-1A03-0CD3-E6F7101244E0}\ARPPRODUCTICON.exe
c:\windows\Installer\{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}\ARPPRODUCTICON.exe
c:\windows\Installer\{DDCB737A-EEC8-3815-42DA-69011A55E3E5}\ARPPRODUCTICON.exe
c:\windows\Installer\{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}\ARPPRODUCTICON.exe
c:\windows\Installer\{E6F5D8BE-0B00-6DD9-18F9-D4045798FCBE}\ARPPRODUCTICON.exe
c:\windows\Installer\{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}\ARPPRODUCTICON.exe
c:\windows\Installer\{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-12-19 to 2013-01-19 )))))))))))))))))))))))))))))))
.
.
2013-01-19 19:57 . 2013-01-19 19:57 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-01-19 19:57 . 2013-01-19 19:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-19 18:37 . 2013-01-19 19:59 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-01-19 18:36 . 2009-01-25 18:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2013-01-19 18:36 . 2013-01-19 18:36 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-01-19 18:10 . 2013-01-19 18:10 388096 ----a-r- c:\users\Trent\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-01-19 18:10 . 2013-01-19 18:10 -------- d-----w- c:\program files (x86)\Trend Micro
2013-01-19 09:32 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{46111E50-8DD5-48EE-A5E1-1D8D1CE8C8A8}\mpengine.dll
2013-01-14 07:33 . 2013-01-12 09:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-12 02:47 . 2013-01-12 02:47 -------- d-----w- c:\users\Trent\AppData\Roaming\Motive
2013-01-12 02:47 . 2013-01-12 02:47 -------- d-----w- c:\program files\ATT-SST
2013-01-12 02:47 . 2013-01-12 02:47 -------- d-----w- c:\program files (x86)\ATT-SST
2013-01-12 02:45 . 2013-01-12 02:47 -------- d-----w- c:\program files (x86)\Common Files\Motive
2013-01-12 02:45 . 2013-01-12 02:47 -------- d-----w- c:\program files\Common Files\Motive
2013-01-12 02:45 . 2013-01-12 02:53 -------- d-----w- c:\programdata\Motive
2013-01-11 02:32 . 2013-01-11 02:32 -------- d-----w- c:\program files\iPod
2013-01-11 02:32 . 2013-01-11 02:32 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-11 02:32 . 2013-01-11 02:32 -------- d-----w- c:\program files\iTunes
2013-01-11 02:32 . 2013-01-11 02:32 -------- d-----w- c:\program files (x86)\iTunes
2013-01-09 08:54 . 2013-01-09 08:54 53248 ----a-r- c:\users\Trent\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-01-09 08:54 . 2013-01-09 08:54 -------- d-----w- c:\users\Trent\AppData\Local\Logishrd
2013-01-09 06:46 . 2013-01-09 06:46 -------- d-----w- c:\users\Trent\AppData\Local\Programs
2013-01-09 05:31 . 2012-08-21 19:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-01-08 22:31 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-08 22:30 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-03 07:47 . 2013-01-03 07:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-01-03 07:47 . 2013-01-03 07:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-01-03 07:47 . 2013-01-03 07:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-01-03 07:47 . 2013-01-03 07:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-01-03 07:47 . 2013-01-03 07:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-01-03 07:47 . 2013-01-03 07:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-01-03 07:47 . 2013-01-03 07:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-01-03 07:46 . 2013-01-03 07:47 -------- d-----w- c:\program files (x86)\QuickTime
2012-12-30 23:03 . 2012-08-10 09:01 56336 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2012-12-30 23:03 . 2012-04-24 09:01 11376 ------w- c:\windows\system32\drivers\cdralw2k.sys
2012-12-30 23:03 . 2012-04-24 09:01 10864 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2012-12-30 23:01 . 2012-12-30 23:25 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-12-30 23:00 . 2012-12-30 23:00 -------- d-----w- c:\program files\Adobe
2012-12-30 22:19 . 2012-12-30 22:19 -------- d-----w- c:\users\Trent\AppData\Roaming\No Company Name
2012-12-25 05:10 . 2012-12-25 05:10 -------- d-----w- c:\users\Trent\AppData\Local\Turtle_Beach
2012-12-21 07:14 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2012-12-21 07:14 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-12-21 07:14 . 2012-08-23 14:07 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2012-12-21 07:14 . 2012-08-23 13:41 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2012-12-21 07:14 . 2012-08-23 13:40 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2012-12-21 07:14 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2012-12-21 07:12 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-12-21 07:12 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-12-21 07:12 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-12-21 07:12 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-12-21 07:12 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-12-21 07:12 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-12-21 07:12 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-12-21 07:12 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-12-21 07:12 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 09:06 . 2012-04-07 01:02 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-08 22:45 . 2012-04-30 15:31 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-08 22:45 . 2012-04-30 15:31 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-10 00:15 . 2012-04-07 00:51 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2012-12-10 00:15 . 2012-04-07 00:51 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-12-10 00:15 . 2012-04-07 00:51 111616 ----a-w- c:\windows\system32\OpenAL32.dll
2012-12-10 00:15 . 2012-04-07 00:51 102400 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-12-10 00:14 . 2012-04-07 00:51 217088 ------w- c:\windows\SysWow64\HsSrv2.dll
2012-12-10 00:14 . 2012-04-07 00:51 143360 ------w- c:\windows\SysWow64\VmixP6.dll
2012-12-10 00:14 . 2012-04-07 00:51 121856 ------w- c:\windows\system\HsSrv642.dll
2012-12-10 00:14 . 2012-04-07 00:51 389120 ------w- c:\windows\system32\CMICNFG3.cpl
2012-12-10 00:14 . 2012-04-07 00:51 200704 ------w- c:\windows\SysWow64\CMPaOxy.dll
2012-12-10 00:14 . 2012-04-07 00:51 122880 ------w- c:\windows\SysWow64\Cm_Oal.dll
2012-12-10 00:14 . 2012-04-07 00:51 122880 ------w- c:\windows\system32\Cm_Oal.dll
2012-12-10 00:14 . 2012-04-07 00:51 8765440 ------w- c:\windows\SysWow64\CMICNFG3.dll
2012-12-10 00:14 . 2012-04-07 00:50 524768 ----a-w- c:\windows\difxapi.dll
2012-12-10 00:14 . 2012-04-07 00:51 359424 ------w- c:\windows\system32\CmiInstallResAll64.dll
2012-12-10 00:14 . 2012-04-07 00:51 805376 ------w- c:\windows\system32\Cmeaupci.exe
2012-11-30 04:45 . 2013-01-08 22:31 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-28 16:35 . 2012-06-26 00:31 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-28 16:35 . 2012-06-26 00:31 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-14 07:06 . 2012-12-13 09:01 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 09:01 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 09:01 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 09:01 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 09:01 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 09:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 09:01 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 09:01 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 09:01 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 09:01 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 09:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 09:01 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 09:01 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 09:01 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 09:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 09:01 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 09:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 09:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 09:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 09:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 09:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 09:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-13 05:03 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-13 05:03 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-13 05:02 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-13 05:02 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Grid"="c:\program files (x86)\ATI Technologies\HydraVision\HydraGrd.exe" [2011-10-26 409600]
"Spotify Web Helper"="c:\users\Trent\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-28 932528]
"HP Photosmart 6510 series (NET)"="c:\program files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"CAHeadless"="c:\program files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2012-09-17 840784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Lycosa"="c:\program files (x86)\Razer\Razer Lycosa\razerhid.exe" [2011-03-22 233984]
"Jomantha"="c:\program files (x86)\n52te\n52teHid.exe" [2008-06-13 159744]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\lgfw.exe" [2012-07-24 27760]
"AODAssist.exe"="c:\program files (x86)\AMD\AMD OverDrive\AODAssist.exe" [2007-10-11 42496]
"LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ATICDSDr;ATICDSDr;c:\users\Trent\AppData\Local\Temp\ATICDSDr.sys [x]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-07 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2012-08-10 56336]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-16 283200]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-11 136584]
S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-09-17 171600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]
S2 AMDRAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe [2003-09-29 110592]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-09-11 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-09-11 123200]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 pcCMService;pcCMService;c:\program files (x86)\Common Files\Motive\pcCMService.exe [2012-11-15 369152]
S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe [2012-11-15 460288]
S2 pcServiceHost;pcServiceHost;c:\program files (x86)\Common Files\Motive\pcServiceHost.exe [2012-11-15 342528]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 JmtFltr;n52te;c:\windows\system32\drivers\JmtFltr.sys [2007-09-29 46464]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2010-09-08 28928]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-10-01 13312]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 22:45]
.
2013-01-19 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-01-19 20:08]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052777195-3635355786-739658113-1000Core.job
- c:\users\Trent\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-07 01:10]
.
2013-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052777195-3635355786-739658113-1000UA.job
- c:\users\Trent\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-07 01:10]
.
2013-01-19 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2013-01-19 20:07]
.
2013-01-19 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2013-01-19 20:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CmPCIaudio"="c:\windows\Syswow64\CMICNFG3.dll" [2012-12-10 8765440]
"Cmaudio8768GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8768GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2716216]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-12-15 478984]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 2419512]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\pcTrayApp.exe" [2012-11-15 2790400]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: $talisma_url$
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.254
DPF: {E7DA7F8D-27AB-4EE9-8FC0-3FEC9ECFE758} - hxxps://www.okdhslive.org/Utilities/DynamicWebTWAIN.cab
FF - ProfilePath - c:\users\Trent\AppData\Roaming\Mozilla\Firefox\Profiles\6kixq9r3.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\AMD\RAIDXpert\_jvm\bin\java.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Motive\pcContextHookShim.exe
c:\program files (x86)\Razer\Razer Lycosa\razertra.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\lg_fwupdate\fwupdate.exe
c:\program files (x86)\n52te\n52teTra.exe
.
**************************************************************************
.
Completion time: 2013-01-19 14:04:40 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-19 20:04
ComboFix2.txt 2013-01-19 09:13
ComboFix3.txt 2013-01-19 05:03
ComboFix4.txt 2012-07-06 16:53
ComboFix5.txt 2013-01-19 19:51
.
Pre-Run: 176,765,870,080 bytes free
Post-Run: 176,416,575,488 bytes free
.
- - End Of File - - 9F68EBFEDC077F718996BF4F0255E839


As you can see there's an ARPPRODUCTION.EXE and some newshortcut# files being replicated on my computer. That was actually from the second scan that I have ran. The first was last night, and second this morning. Both of them returned the same replicated files.

Any help with this would be much appreciated. I would really prefer not to have to spend a weekend reloading everything.

More about : malware issue

a b $ Windows 7
January 19, 2013 7:54:18 PM

On another computer download and burn a CD of Kaspersky Rescue Disk 10, which is freeware, and boot from the disk and let it fully scan and clean the system.
m
0
l
January 19, 2013 8:25:23 PM

Hi Jetski,
Just while I think of it, Spybot S&D has a little-known feature I use all the time and find very helpful.
You must first select Advanced Mode to run in.
Then select Tools, then System Startup.
Simply untick anything you don't wish to load at startup everytime you freshly reboot your PC, ie. for gaming or whatever.
There's so much automatic junk, bloatware and assorted crap running everytime most PCs start up, it's unreal...
Even if they're not technically infected!
Might not solve your overall problem(s) but I hope this may be useful to some.
Regards
m
0
l
Related resources
January 20, 2013 12:59:35 AM

Hmm, So the Kaspersky Rescue Disk didn't find anything either. I've been slowly turning off the startup programs/service to see if any of those are causing the issue. Just haven't found anything so far.
m
0
l
a b $ Windows 7
January 20, 2013 1:19:56 AM

jetskier369 said:
Hmm, So the Kaspersky Rescue Disk didn't find anything either. I've been slowly turning off the startup programs/service to see if any of those are causing the issue. Just haven't found anything so far.


I would recommend using Autoruns.

Not sure what all those things are? Go to HERE for help with identifying those pesky startup items. This site is the bomb when identification is needed of those things because it will let you know if it's required for the system to run correctly or not.

EDIT:

Bypass your router, and plug your ethernet cable for your internet connection directly into your computer if you can. After doing this, run another speed test and see if the Ping result is the same. Could be a variable within the path your computer takes to get to the net that's causing it.
m
0
l
January 20, 2013 2:44:25 AM

Well it's a router/modem combo. So I'm not able to bypass it. But I will check out autoruns.
m
0
l
a b $ Windows 7
January 20, 2013 2:28:17 PM

jetskier369 said:
I'm running 64-bit windows 7, and whenever I run a speed test from speedtest.net. It comes back saying I have a ping of 520+. I know that it should not be anywhere near that amount, and that the it's not a problem with my ISP. If i use the speedtest.net app on my phone connected through wi-fi it's about 130, and if I do the speed test under safe mode the ping is like 21. I have tried running malware bytes, combofix, S&D, virus scan (eset nod32), and ccleaner all under safe mode, and still not able to get my computer cleaned up. Here is the log from HJT I ran it under a normal boot. So I hope that doesn't affect what it brings up.

Quote:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:30:45 PM, on 1/19/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe
C:\Users\Trent\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe
C:\Program Files (x86)\n52te\n52teHid.exe
C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\n52te\n52teTra.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Users\Trent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Trent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Trent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Trent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Trent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Trent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Trent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Trent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Lycosa] "C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe"
O4 - HKLM\..\Run: [Jomantha] C:\Program Files (x86)\n52te\n52teHid.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun
O4 - HKLM\..\Run: [AODAssist.exe] C:\Program Files (x86)\AMD\AMD OverDrive\AODAssist.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [Grid] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe"
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Trent\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [HP Photosmart 6510 series (NET)] "C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN18U4110005QB:NW" -scfn "HP Photosmart 6510 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - (no file)
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E7DA7F8D-27AB-4EE9-8FC0-3FEC9ECFE758} (DynamicWebTwain Class) - https://www.okdhslive.org/Utilities/DynamicWebTWAIN.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Active File Monitor V11 (AdobeActiveFileMonitor11.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD RAIDXpert (AMDRAIDXpert) - Unknown owner - C:\Program Files (x86)\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: pcCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
O23 - Service: pcCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcCMService.exe
O23 - Service: pcServiceHost - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12970 bytes


and this log is from combofix

Quote:
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
----- File Replicators -----
.
c:\windows\Installer\{01496C89-6117-AD97-3CB3-98AF2026070C}\ARPPRODUCTICON.exe
c:\windows\Installer\{0486991B-63F4-5106-06CE-404D7BA55041}\ARPPRODUCTICON.exe
c:\windows\Installer\{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}\ARPPRODUCTICON.exe
c:\windows\Installer\{19D368B2-5601-007B-A296-535706E00D97}\ARPPRODUCTICON.exe
c:\windows\Installer\{1ACA6481-8138-634A-1AA7-F82C71135F8D}\ARPPRODUCTICON.exe
c:\windows\Installer\{25BB2DDF-280D-3D1F-F9FF-4D3E0D2AD982}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{25BB2DDF-280D-3D1F-F9FF-4D3E0D2AD982}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{25BB2DDF-280D-3D1F-F9FF-4D3E0D2AD982}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{25BB2DDF-280D-3D1F-F9FF-4D3E0D2AD982}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{278FA289-F502-D888-A3BA-5FA10308AAAD}\ARPPRODUCTICON.exe
c:\windows\Installer\{3987279A-3504-2916-D063-741B910F0747}\ARPPRODUCTICON.exe
c:\windows\Installer\{44F77218-4BBD-1B74-88B7-FC302868F2B3}\ARPPRODUCTICON.exe
c:\windows\Installer\{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}\ARPPRODUCTICON.exe
c:\windows\Installer\{4A85AE1B-9727-261D-9EAF-07C1AECCF977}\ARPPRODUCTICON.exe
c:\windows\Installer\{502699FF-F586-54B1-91E8-E85D9FAE0D6D}\ARPPRODUCTICON.exe
c:\windows\Installer\{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}\ARPPRODUCTICON.exe
c:\windows\Installer\{548A4EF3-BD97-0813-B469-E1E2FC9DE487}\ARPPRODUCTICON.exe
c:\windows\Installer\{55533224-CAD0-39B5-6297-E1B2D1D8F176}\ARPPRODUCTICON.exe
c:\windows\Installer\{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}\ARPPRODUCTICON.exe
c:\windows\Installer\{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}\ARPPRODUCTICON.exe
c:\windows\Installer\{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}\ARPPRODUCTICON.exe
c:\windows\Installer\{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}\ARPPRODUCTICON.exe
c:\windows\Installer\{70210CF8-CAB1-8FEB-D964-C33AFE18730B}\ARPPRODUCTICON.exe
c:\windows\Installer\{7C12BCBF-FC0D-9C63-0758-A217BC0CEADC}\ARPPRODUCTICON.exe
c:\windows\Installer\{81D00339-968D-15D1-3499-8431658E896F}\ARPPRODUCTICON.exe
c:\windows\Installer\{81D00339-968D-15D1-3499-8431658E896F}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{81D00339-968D-15D1-3499-8431658E896F}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{81D00339-968D-15D1-3499-8431658E896F}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{81D00339-968D-15D1-3499-8431658E896F}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}\ARPPRODUCTICON.exe
c:\windows\Installer\{8C5ACED4-34D3-23BB-F90E-2F90420321BC}\ARPPRODUCTICON.exe
c:\windows\Installer\{90CB2C55-426D-0752-968D-9B0F1110202A}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{90CB2C55-426D-0752-968D-9B0F1110202A}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{90CB2C55-426D-0752-968D-9B0F1110202A}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{90CB2C55-426D-0752-968D-9B0F1110202A}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}\ARPPRODUCTICON.exe
c:\windows\Installer\{B0B1A8A5-4711-BB6C-DD59-9794AD928368}\ARPPRODUCTICON.exe
c:\windows\Installer\{B33D2348-2938-1A03-0CD3-E6F7101244E0}\ARPPRODUCTICON.exe
c:\windows\Installer\{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}\ARPPRODUCTICON.exe
c:\windows\Installer\{DDCB737A-EEC8-3815-42DA-69011A55E3E5}\ARPPRODUCTICON.exe
c:\windows\Installer\{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}\ARPPRODUCTICON.exe
c:\windows\Installer\{E6F5D8BE-0B00-6DD9-18F9-D4045798FCBE}\ARPPRODUCTICON.exe
c:\windows\Installer\{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}\ARPPRODUCTICON.exe
c:\windows\Installer\{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-12-19 to 2013-01-19 )))))))))))))))))))))))))))))))
.
.
2013-01-19 19:57 . 2013-01-19 19:57 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-01-19 19:57 . 2013-01-19 19:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-19 18:37 . 2013-01-19 19:59 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-01-19 18:36 . 2009-01-25 18:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2013-01-19 18:36 . 2013-01-19 18:36 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-01-19 18:10 . 2013-01-19 18:10 388096 ----a-r- c:\users\Trent\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-01-19 18:10 . 2013-01-19 18:10 -------- d-----w- c:\program files (x86)\Trend Micro
2013-01-19 09:32 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{46111E50-8DD5-48EE-A5E1-1D8D1CE8C8A8}\mpengine.dll
2013-01-14 07:33 . 2013-01-12 09:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-12 02:47 . 2013-01-12 02:47 -------- d-----w- c:\users\Trent\AppData\Roaming\Motive
2013-01-12 02:47 . 2013-01-12 02:47 -------- d-----w- c:\program files\ATT-SST
2013-01-12 02:47 . 2013-01-12 02:47 -------- d-----w- c:\program files (x86)\ATT-SST
2013-01-12 02:45 . 2013-01-12 02:47 -------- d-----w- c:\program files (x86)\Common Files\Motive
2013-01-12 02:45 . 2013-01-12 02:47 -------- d-----w- c:\program files\Common Files\Motive
2013-01-12 02:45 . 2013-01-12 02:53 -------- d-----w- c:\programdata\Motive
2013-01-11 02:32 . 2013-01-11 02:32 -------- d-----w- c:\program files\iPod
2013-01-11 02:32 . 2013-01-11 02:32 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-11 02:32 . 2013-01-11 02:32 -------- d-----w- c:\program files\iTunes
2013-01-11 02:32 . 2013-01-11 02:32 -------- d-----w- c:\program files (x86)\iTunes
2013-01-09 08:54 . 2013-01-09 08:54 53248 ----a-r- c:\users\Trent\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-01-09 08:54 . 2013-01-09 08:54 -------- d-----w- c:\users\Trent\AppData\Local\Logishrd
2013-01-09 06:46 . 2013-01-09 06:46 -------- d-----w- c:\users\Trent\AppData\Local\Programs
2013-01-09 05:31 . 2012-08-21 19:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-01-08 22:31 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-08 22:30 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-03 07:47 . 2013-01-03 07:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-01-03 07:47 . 2013-01-03 07:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-01-03 07:47 . 2013-01-03 07:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-01-03 07:47 . 2013-01-03 07:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-01-03 07:47 . 2013-01-03 07:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-01-03 07:47 . 2013-01-03 07:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-01-03 07:47 . 2013-01-03 07:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-01-03 07:46 . 2013-01-03 07:47 -------- d-----w- c:\program files (x86)\QuickTime
2012-12-30 23:03 . 2012-08-10 09:01 56336 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2012-12-30 23:03 . 2012-04-24 09:01 11376 ------w- c:\windows\system32\drivers\cdralw2k.sys
2012-12-30 23:03 . 2012-04-24 09:01 10864 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2012-12-30 23:01 . 2012-12-30 23:25 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-12-30 23:00 . 2012-12-30 23:00 -------- d-----w- c:\program files\Adobe
2012-12-30 22:19 . 2012-12-30 22:19 -------- d-----w- c:\users\Trent\AppData\Roaming\No Company Name
2012-12-25 05:10 . 2012-12-25 05:10 -------- d-----w- c:\users\Trent\AppData\Local\Turtle_Beach
2012-12-21 07:14 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2012-12-21 07:14 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-12-21 07:14 . 2012-08-23 14:07 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2012-12-21 07:14 . 2012-08-23 13:41 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2012-12-21 07:14 . 2012-08-23 13:40 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2012-12-21 07:14 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2012-12-21 07:12 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-12-21 07:12 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-12-21 07:12 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-12-21 07:12 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-12-21 07:12 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-12-21 07:12 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-12-21 07:12 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-12-21 07:12 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-12-21 07:12 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 09:06 . 2012-04-07 01:02 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-08 22:45 . 2012-04-30 15:31 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-08 22:45 . 2012-04-30 15:31 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-10 00:15 . 2012-04-07 00:51 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2012-12-10 00:15 . 2012-04-07 00:51 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-12-10 00:15 . 2012-04-07 00:51 111616 ----a-w- c:\windows\system32\OpenAL32.dll
2012-12-10 00:15 . 2012-04-07 00:51 102400 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-12-10 00:14 . 2012-04-07 00:51 217088 ------w- c:\windows\SysWow64\HsSrv2.dll
2012-12-10 00:14 . 2012-04-07 00:51 143360 ------w- c:\windows\SysWow64\VmixP6.dll
2012-12-10 00:14 . 2012-04-07 00:51 121856 ------w- c:\windows\system\HsSrv642.dll
2012-12-10 00:14 . 2012-04-07 00:51 389120 ------w- c:\windows\system32\CMICNFG3.cpl
2012-12-10 00:14 . 2012-04-07 00:51 200704 ------w- c:\windows\SysWow64\CMPaOxy.dll
2012-12-10 00:14 . 2012-04-07 00:51 122880 ------w- c:\windows\SysWow64\Cm_Oal.dll
2012-12-10 00:14 . 2012-04-07 00:51 122880 ------w- c:\windows\system32\Cm_Oal.dll
2012-12-10 00:14 . 2012-04-07 00:51 8765440 ------w- c:\windows\SysWow64\CMICNFG3.dll
2012-12-10 00:14 . 2012-04-07 00:50 524768 ----a-w- c:\windows\difxapi.dll
2012-12-10 00:14 . 2012-04-07 00:51 359424 ------w- c:\windows\system32\CmiInstallResAll64.dll
2012-12-10 00:14 . 2012-04-07 00:51 805376 ------w- c:\windows\system32\Cmeaupci.exe
2012-11-30 04:45 . 2013-01-08 22:31 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-28 16:35 . 2012-06-26 00:31 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-28 16:35 . 2012-06-26 00:31 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-14 07:06 . 2012-12-13 09:01 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 09:01 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 09:01 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 09:01 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 09:01 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 09:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 09:01 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 09:01 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 09:01 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 09:01 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 09:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 09:01 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 09:01 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 09:01 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 09:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 09:01 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 09:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 09:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 09:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 09:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 09:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 09:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-13 05:03 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-13 05:03 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-13 05:02 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-13 05:02 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Grid"="c:\program files (x86)\ATI Technologies\HydraVision\HydraGrd.exe" [2011-10-26 409600]
"Spotify Web Helper"="c:\users\Trent\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-28 932528]
"HP Photosmart 6510 series (NET)"="c:\program files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"CAHeadless"="c:\program files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2012-09-17 840784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Lycosa"="c:\program files (x86)\Razer\Razer Lycosa\razerhid.exe" [2011-03-22 233984]
"Jomantha"="c:\program files (x86)\n52te\n52teHid.exe" [2008-06-13 159744]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\lgfw.exe" [2012-07-24 27760]
"AODAssist.exe"="c:\program files (x86)\AMD\AMD OverDrive\AODAssist.exe" [2007-10-11 42496]
"LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ATICDSDr;ATICDSDr;c:\users\Trent\AppData\Local\Temp\ATICDSDr.sys [x]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-07 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2012-08-10 56336]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-16 283200]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-11 136584]
S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-09-17 171600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]
S2 AMDRAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe [2003-09-29 110592]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-09-11 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-09-11 123200]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 pcCMService;pcCMService;c:\program files (x86)\Common Files\Motive\pcCMService.exe [2012-11-15 369152]
S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe [2012-11-15 460288]
S2 pcServiceHost;pcServiceHost;c:\program files (x86)\Common Files\Motive\pcServiceHost.exe [2012-11-15 342528]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 JmtFltr;n52te;c:\windows\system32\drivers\JmtFltr.sys [2007-09-29 46464]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2010-09-08 28928]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-10-01 13312]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 22:45]
.
2013-01-19 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-01-19 20:08]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052777195-3635355786-739658113-1000Core.job
- c:\users\Trent\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-07 01:10]
.
2013-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052777195-3635355786-739658113-1000UA.job
- c:\users\Trent\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-07 01:10]
.
2013-01-19 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2013-01-19 20:07]
.
2013-01-19 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2013-01-19 20:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CmPCIaudio"="c:\windows\Syswow64\CMICNFG3.dll" [2012-12-10 8765440]
"Cmaudio8768GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8768GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2716216]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-12-15 478984]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 2419512]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\pcTrayApp.exe" [2012-11-15 2790400]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: $talisma_url$
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.254
DPF: {E7DA7F8D-27AB-4EE9-8FC0-3FEC9ECFE758} - hxxps://www.okdhslive.org/Utilities/DynamicWebTWAIN.cab
FF - ProfilePath - c:\users\Trent\AppData\Roaming\Mozilla\Firefox\Profiles\6kixq9r3.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\AMD\RAIDXpert\_jvm\bin\java.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Motive\pcContextHookShim.exe
c:\program files (x86)\Razer\Razer Lycosa\razertra.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\lg_fwupdate\fwupdate.exe
c:\program files (x86)\n52te\n52teTra.exe
.
**************************************************************************
.
Completion time: 2013-01-19 14:04:40 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-19 20:04
ComboFix2.txt 2013-01-19 09:13
ComboFix3.txt 2013-01-19 05:03
ComboFix4.txt 2012-07-06 16:53
ComboFix5.txt 2013-01-19 19:51
.
Pre-Run: 176,765,870,080 bytes free
Post-Run: 176,416,575,488 bytes free
.
- - End Of File - - 9F68EBFEDC077F718996BF4F0255E839


As you can see there's an ARPPRODUCTION.EXE and some newshortcut# files being replicated on my computer. That was actually from the second scan that I have ran. The first was last night, and second this morning. Both of them returned the same replicated files.

Any help with this would be much appreciated. I would really prefer not to have to spend a weekend reloading everything.


The more stuff you install "free" from the internet (like cc cleaner), the more problems you will have.
Use professional applications only, not "free" "fix it" tools.
Don't be fooled into using "junk" downloads from the internet. These things are a SCAM.
Windows needs NOTHING to operate correctly, JUST windows.
If you will learn that, then you will make progress. Otherwise, suffer all you like.
m
0
l
January 20, 2013 6:08:52 PM

Well I removed almost all startup items, and services. Except for ones from the GPU, sound card, and and mouse, keyboard, and printer. That didn't change anything. But I've figured out that it is something to do with google chrome. The speed test on chrome has always been around 520 for latency, so I thought well I'll see what I'll get back from firefox. It brought back a 21. I'm not sure why didn't think about that sooner. But at least the issue is finally narrowed down.
m
0
l
January 20, 2013 6:45:14 PM

Well as strange as this is, since I've been using Eset Nod32, and chrome together for a long time. It seems like there is an incompatibility between the two. After disabling HTTP checking in Eset it scans fine. The last scan of combofix didn't return any file replications either.
m
0
l
!