Am I infected.. My PC is VERY VERY SLOOOOW!

[Northenlad60]

Hi,

My PC is running Windows 7 64bit and has 4gb Ram with an AMD Phenom(tm) II x4 955 processor 3.20 gb. When I first built the PC it would take roughly 15 seconds from pressing the power button to it being ready for me to type my password. After doing so would take another 15secs at the most to be at the desktop.

However, for a while now this has increased dramatically to the point that 2 minutes in it is still loading up the standard applications.

I know the PC is by no means the fastest of PC's but my work PC takes less time to boot now and it is running Win XP, with production of the PC stopping in 2004, making my PC embarrasingly slow.

I have run the likes of CCCleaner and have run "SUPERAntiSpyware" (log below) and will run "Malwarebytes' Anti-Malware (MBAM)" and post the log once finished.

Question is, have I got some kind of infections on the PC?

Many Thanks guys

Richard

[Northenlad60]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/05/2012 at 02:37 PM

Application Version : 5.0.1144

Core Rules Database Version : 8203
Trace Rules Database Version: 6015

Scan type       : Quick Scan
Total Scan Time : 00:24:10

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 551
Memory threats detected   : 0
Registry items scanned    : 57438
Registry threats detected : 0
File items scanned        : 10918
File threats detected     : 122

Adware.Tracking Cookie
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\A2DO0RO8.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\myrna@adinterax[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\U6P0CA6J.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\myrna@tradedoubler[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\331IZMUI.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt [ Cookie:[email protected]/ak/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\myrna@serving-sys[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\8SB7TY8K.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\L0YKSMMX.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\NIJ5EI1K.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@specificclick[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\T4Z8IM8P.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\LHNE2FIV.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\JN57JYAV.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\LYMLXVTQ.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\WWLQK3U7.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@dmtracker[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@intelligentelite[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@openstat[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0FXRX134.txt [ Cookie:[email protected]/touchplc/local/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\P29NGFST.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\T5W11T1X.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\4BC8YQ45.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@imrworldwide[2].txt [ Cookie:[email protected]/cgi-bin ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0J1B4OAT.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\U21PPBVO.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\XUD6ME1K.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\XT1T05LK.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\RMBRZGLD.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\9OR0EYMN.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\ISGTI423.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\MJQJ0TF2.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@legolas-media[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@yadro[2].txt [ *Blocked Russian URL*/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0JUQFMFV.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\3THP3NXC.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\SXZ49O02.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\4GTJF8WM.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/eurosport/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\VVEIYAR4.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0F0JDQRM.txt [ Cookie:[email protected]/accounts/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/cgi-bin ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\2I6BCUB6.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\UYF02KEZ.txt [ Cookie:[email protected]/ak/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\MDD579MH.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\C8TI010U.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\O91DA2PF.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\YKHA4RMM.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\3G1LZQ7E.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@virginmedia[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@kantarmedia[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\OH1B5BLP.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@adsonar[1].txt [ Cookie:[email protected]/adserving ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@clickbank[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@xiti[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\2S4YDNJP.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\B3JRTFYI.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\2NVQL3A2.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\6PFZ5Z1D.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\QCFPHJD9.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\YWNYJD39.txt [ Cookie:[email protected]/Venue-Finding/Christmas-Parties-2011/UK-Exclusive-Parties/Northamptonshire-Towcester-Racecourse-Midnight-in-Monte-Carlo/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/eurosport/yahoouk/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\L8R95HNW.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\RVOJYZGM.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\6MX0V6S6.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@dealtime[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\DHDY0TIW.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\KE6JTOC4.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\KCVH7WP0.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\F2UYD3M2.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\D6KF7C26.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@indieclick[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\EAJ0JJ9X.txt [ Cookie:[email protected]/servlet/ajrotator/track/pt145041 ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@adxpose[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\HOTD9229.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\6UU39QV3.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\CU9R8MG0.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\3KK8MYVV.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\7FPLLDOE.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@77tracking[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\OGKQBPIY.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\REBTB031.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z0R6XBEV.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\DRWOYFS2.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\LHOHGPNX.txt [ Cookie:[email protected]/media/177698/Autumn_Tree_3D_Screensaver/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@traveladvertising[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\18MF1H5R.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\Cookies\A2DO0RO8.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\Cookies\myrna@adinterax[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\Cookies\U6P0CA6J.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\Cookies\myrna@tradedoubler[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\Cookies\331IZMUI.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\Cookies\[email protected][3].txt [ Cookie:[email protected]/ak/ ]
   C:\USERS\MYRNA\Cookies\myrna@serving-sys[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\RICHARD\AppData\Roaming\Microsoft\Windows\Cookies\4R1FJFD8.txt [ Cookie:[email protected]/accounts/ ]
   C:\USERS\RICHARD\Cookies\4R1FJFD8.txt [ Cookie:[email protected]/accounts/ ]

[Northenlad60]

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.05.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Richard :: MYRNAS-PICS [administrator]

Protection: Disabled

05/02/2012 15:04:54
mbam-log-2012-02-05 (15-04-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP
Scan options disabled: PUM | P2P
Objects scanned: 239979
Time elapsed: 6 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[Northenlad60]

DDS Log is below:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 1.6.0_30
Run by Richard at 15:18:47 on 2012-02-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4094.2390 [GMT 0:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\QuickTime\QTTask.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
mWinlogon: Userinit=userinit.exe,
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [EPSON Stylus Photo R360 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBOE.EXE /FU "C:\Users\Richard\AppData\Local\Temp\E_S1D82.tmp" /EF "HKCU"
uRun: [AdobeBridge] "C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe" -stealth
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [NWEReboot]
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBER~1.LNK - C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{9C68076B-4412-4DE7-8A92-44541465B4F0} : DhcpNameServer = 194.168.4.100 194.168.8.100
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO-X64:     IEVkbdBHO - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64:     SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
BHO-X64:     link filter bho - No File
mRun-x64: [NWEReboot]
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\l3gn77qv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\Program Files (x86)\Mozilla *Blocked Russian URL*\components\abhelperxpcom.dll
FF - component: C:\Program Files (x86)\Mozilla *Blocked Russian URL*\components\kavlinkfilter.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -r [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-12-6 2255464]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-11 136176]
S3 AODDriver;AODDriver;C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [2009-2-23 14904]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-1-9 25640]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-11 136176]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-1-9 30528]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VSPerfDrv90;Performance Tools Driver 9.0;C:\Program Files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys [2007-9-4 71024]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2011-1-9 219360]
S4 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2011-1-9 68136]
.
=============== Created Last 30 ================
.
2012-02-05 15:18:16   476904   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-02-05 15:18:16   472808   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2012-02-05 15:03:48   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-05 14:12:01   --------   d-----w-   C:\Users\Richard\AppData\Roaming\SUPERAntiSpyware.com
2012-02-05 14:10:38   --------   d-----w-   C:\ProgramData\SUPERAntiSpyware.com
2012-02-05 14:10:38   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
2012-02-05 09:05:55   8602168   ------w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{401AFE46-EF17-454F-A080-802F24FB945D}\mpengine.dll
2012-02-02 20:39:02   --------   d-----w-   C:\Program Files (x86)\Trend Micro
2012-01-27 20:27:04   626688   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-27 20:27:04   548864   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-27 20:27:04   479232   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-27 20:27:04   43992   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-11 19:20:43   514560   ----a-w-   C:\Windows\SysWow64\qdvd.dll
2012-01-11 19:20:43   366592   ----a-w-   C:\Windows\System32\qdvd.dll
2012-01-11 19:20:43   1572864   ----a-w-   C:\Windows\System32\quartz.dll
2012-01-11 19:20:43   1328128   ----a-w-   C:\Windows\SysWow64\quartz.dll
2012-01-11 19:20:39   1731920   ----a-w-   C:\Windows\System32\ntdll.dll
2012-01-11 19:20:39   1292080   ----a-w-   C:\Windows\SysWow64\ntdll.dll
2012-01-11 19:20:37   77312   ----a-w-   C:\Windows\System32\packager.dll
2012-01-11 19:20:37   67072   ----a-w-   C:\Windows\SysWow64\packager.dll
.
==================== Find3M  ====================
.
2012-01-27 00:52:58   279656   ------w-   C:\Windows\System32\MpSigStub.exe
2011-12-11 11:02:39   414368   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 15:24:08   23152   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2011-11-24 04:52:09   3145216   ----a-w-   C:\Windows\System32\win32k.sys
2011-11-17 06:49:14   95600   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14   152432   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43   459232   ----a-w-   C:\Windows\System32\drivers\cng.sys
2011-11-17 06:35:28   395776   ----a-w-   C:\Windows\System32\webio.dll
2011-11-17 06:35:26   29184   ----a-w-   C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26   136192   ----a-w-   C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25   340992   ----a-w-   C:\Windows\System32\schannel.dll
2011-11-17 06:35:25   28160   ----a-w-   C:\Windows\System32\secur32.dll
2011-11-17 06:35:19   1447936   ----a-w-   C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55   31232   ----a-w-   C:\Windows\System32\lsass.exe
2011-11-17 05:35:02   314880   ----a-w-   C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52   224768   ----a-w-   C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 15:19:42.40 ===============

[Northenlad60]

ATTACH.TXT from DDS application is below.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 09/01/2011 10:01:18
System Uptime: 05/02/2012 14:39:19 (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | GA-MA770T-UD3
Processor: AMD Phenom(tm) II X4 955 Processor | Socket M2 | 800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 112.413 GiB free.
D: is FIXED (NTFS) - 186 GiB total, 186.138 GiB free.
E: is FIXED (NTFS) - 19 GiB total, 13.746 GiB free.
F: is CDROM ()
G: is FIXED (NTFS) - 0 GiB total, 0.028 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP194: 15/01/2012 17:34:45 - Windows Update
RP195: 18/01/2012 03:00:32 - Windows Update
RP196: 24/01/2012 16:04:08 - Windows Update
RP197: 01/02/2012 18:26:30 - Windows Update
RP198: 05/02/2012 09:04:23 - Windows Update
RP199: 05/02/2012 15:17:14 - Installed Java(TM) 6 Update 30
.
==== Installed Programs ======================
.
@BIOS Ver.2.07
Adobe AIR
Adobe Community Help
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 7.0
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support
Apple Software Update
ArcSoft PhotoStudio 5.5
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Brochures & Flyers
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Funhouse II
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Photo Prints
ArcSoft Print Creations - Poster Creator
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArcSoft TotalMedia HDCam
Browser Configuration Utility
Canon Camera Access Library
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon CanoScan Toolbox 5.0
Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities ZoomBrowser EX
Compatibility Pack for the 2007 Office system
CrimeCraft GangWars
Crystal Reports Basic for Visual Studio 2008
Easy Tune 6 B10.0104.1
EasySaver B9.1214.1
GDC 1308TFT CAMERA
Google Chrome
Google Earth Plug-in
Google Update Helper
HijackThis 2.0.2
Hollywood FX 5.5 Additional Effects
Hotfix for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB971091)
Hotfix for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB973674)
Java Auto Updater
Java(TM) 6 Update 30
Just Cause 2
Kaspersky Internet Security 2012
Knoll Light Factory EZ Studio 15
LightScribe Applications
LightScribe System Software
Magic Bullet Looks Studio 15
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft Document Explorer 2008
Microsoft MSDN 2005 Express Edition - ENU
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Basic Edition 2003
Microsoft Office File Validation Add-In
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Setup Support Files (English)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio Team System 2008 Development Edition - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Visual Web Developer 2005 Express Edition - ENU
Microsoft Visual Web Developer 2005 Express Edition - ENU Service Pack 1 (KB926751)
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 9.0.1 (x86 en-GB)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nokia Connectivity Cable Driver
Nokia NSeries Application Installer
Nokia NSeries Content Copier
Nokia NSeries Multimedia Player
Nokia NSeries One Touch Access
Nokia NSeries System Utilities
Nokia Software Launcher
Notepad++
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
PC Connectivity Solution
PDF Settings CS5
Pinnacle Hollywood FX
Pinnacle Studio 15
Pinnacle Studio 15 Ultimate Collection Plugins
Pinnacle Studio Bonus Content
QuickTime
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek High Definition Audio Driver
Red Giant ToonIt Studio 15
Safari
ScanSoft OmniPage SE 4.0
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Visual Web Developer 2005 Express Edition - ENU (KB2251481)
Skype Toolbars
Skype™ 5.3
SmartSound Quicktracks Plugin
Steam
Studio 9
Studio 9 Content CD/DVD
Studio 9.4 Patch
SureThing Express Labeler
Transcender Test Engine
Transcender:  Exam Cert-SY0-201
Trapcode 3DStroke Studio 15
Trapcode Particular Studio
Trapcode Shine Studio 15
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB972221)
Update for Microsoft Visual Web Developer 2005 Express Edition - ENU (KB932232)
VC Runtimes MSI
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Vtune 7.13
Vuze
Wheel Mouse Software 4.0
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
WinRAR 4.00 (32-bit)
World of Tanks closed Beta v.0.6.2.8
World of Warcraft
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
05/02/2012 14:40:57, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
05/02/2012 14:40:57, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
05/02/2012 14:40:07, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  PCLEPCI
05/02/2012 14:39:32, Error: Application Popup [1060]  - \??\C:\Windows\SysWow64\drivers\ACRUSBTM.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
05/02/2012 14:39:28, Error: Application Popup [1060]  - \SystemRoot\SysWow64\drivers\ASAPIW2k.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
05/02/2012 14:39:27, Error: Application Popup [1060]  - \??\C:\Windows\SysWow64\drivers\pclepci.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
05/02/2012 11:48:20, Error: Service Control Manager [7034]  - The Canon Camera Access Library 8 service terminated unexpectedly.  It has done this 1 time(s).
05/02/2012 09:06:28, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.119.1249.0).
04/02/2012 12:44:56, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVP service.
04/02/2012 12:32:44, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
04/02/2012 12:22:04, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Akamai service.
02/02/2012 19:59:57, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
02/02/2012 19:56:56, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
01/02/2012 18:32:29, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.119.978.0).
01/02/2012 18:13:16, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
StartupLite

Download StartupLite by MalwareBytes to your Desktop.
Doubleclick StartupLite.exe to launch the program.
Ensure the Disable box is checked.
Click Continue.
A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
Re-start your computer.
*****************************************************
Download OTL to your desktop.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL

BHO-X64:     IEVkbdBHO - No File
BHO-X64:     SkypeIEPluginBHO - No File
BHO-X64:     link filter bho - No File

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
**************************************************************
Download Combofix from any of the links below, and save it to your desktop. 

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

[Northenlad60]

Thanks. I'm at work now; so will do this when I return home.

Thanks for the speedy reply.

[Northenlad60]

Tried to run the OTL, but got a message "Cannot create file C:\Windows\system32\drivers\etc\hosts".
I clicked on "OK".

Message at the bottom of OTL says "Resetting HOSTS file DO NOT INTERRUPT...". Once this has completed the following is displayed in Notepad:


Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

No prompt to reboot, but will do this now, after which I will disable the Kaspersky software and run the ComboFix...

Be posting back shortly..

[Northenlad60]

Hi, When Combofix completed, it opened a log file in notepad, the contents are below:

ComboFix 12-02-06.02 - Richard 06/02/2012  19:00:48.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4094.2714 [GMT 0:00]
Running from: c:\users\Richard\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\html
c:\windows\SysWow64\html\calendar.html
c:\windows\SysWow64\html\calendarbottom.html
c:\windows\SysWow64\html\calendartop.html
c:\windows\SysWow64\html\crystalexportdialog.htm
c:\windows\SysWow64\html\crystalprinthost.html
c:\windows\SysWow64\images
c:\windows\SysWow64\images\toolbar\calendar.gif
c:\windows\SysWow64\images\toolbar\crlogo.gif
c:\windows\SysWow64\images\toolbar\export.gif
c:\windows\SysWow64\images\toolbar\export_over.gif
c:\windows\SysWow64\images\toolbar\exportd.gif
c:\windows\SysWow64\images\toolbar\First.gif
c:\windows\SysWow64\images\toolbar\first_over.gif
c:\windows\SysWow64\images\toolbar\Firstd.gif
c:\windows\SysWow64\images\toolbar\gotopage.gif
c:\windows\SysWow64\images\toolbar\gotopage_over.gif
c:\windows\SysWow64\images\toolbar\gotopaged.gif
c:\windows\SysWow64\images\toolbar\grouptree.gif
c:\windows\SysWow64\images\toolbar\grouptree_over.gif
c:\windows\SysWow64\images\toolbar\grouptreed.gif
c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
c:\windows\SysWow64\images\toolbar\Last.gif
c:\windows\SysWow64\images\toolbar\last_over.gif
c:\windows\SysWow64\images\toolbar\Lastd.gif
c:\windows\SysWow64\images\toolbar\Next.gif
c:\windows\SysWow64\images\toolbar\next_over.gif
c:\windows\SysWow64\images\toolbar\Nextd.gif
c:\windows\SysWow64\images\toolbar\Prev.gif
c:\windows\SysWow64\images\toolbar\prev_over.gif
c:\windows\SysWow64\images\toolbar\Prevd.gif
c:\windows\SysWow64\images\toolbar\print.gif
c:\windows\SysWow64\images\toolbar\print_over.gif
c:\windows\SysWow64\images\toolbar\printd.gif
c:\windows\SysWow64\images\toolbar\Refresh.gif
c:\windows\SysWow64\images\toolbar\refresh_over.gif
c:\windows\SysWow64\images\toolbar\refreshd.gif
c:\windows\SysWow64\images\toolbar\Search.gif
c:\windows\SysWow64\images\toolbar\search_over.gif
c:\windows\SysWow64\images\toolbar\searchd.gif
c:\windows\SysWow64\images\toolbar\up.gif
c:\windows\SysWow64\images\toolbar\up_over.gif
c:\windows\SysWow64\images\toolbar\upd.gif
c:\windows\SysWow64\images\tree\begindots.gif
c:\windows\SysWow64\images\tree\beginminus.gif
c:\windows\SysWow64\images\tree\beginplus.gif
c:\windows\SysWow64\images\tree\blank.gif
c:\windows\SysWow64\images\tree\blankdots.gif
c:\windows\SysWow64\images\tree\dots.gif
c:\windows\SysWow64\images\tree\lastdots.gif
c:\windows\SysWow64\images\tree\lastminus.gif
c:\windows\SysWow64\images\tree\lastplus.gif
c:\windows\SysWow64\images\tree\Magnify.gif
c:\windows\SysWow64\images\tree\minus.gif
c:\windows\SysWow64\images\tree\minusbox.gif
c:\windows\SysWow64\images\tree\plus.gif
c:\windows\SysWow64\images\tree\plusbox.gif
c:\windows\SysWow64\images\tree\singleminus.gif
c:\windows\SysWow64\images\tree\singleplus.gif
.
.
(((((((((((((((((((((((((   Files Created from 2012-01-06 to 2012-02-06  )))))))))))))))))))))))))))))))
.
.
2012-02-06 18:56 . 2012-02-06 20:02   --------   d-----w-   C:\32788R22FWJFW
2012-02-06 18:39 . 2012-02-06 18:39   --------   d-----w-   C:\_OTL
2012-02-05 15:18 . 2012-02-05 15:18   --------   d-----w-   c:\program files (x86)\Common Files\Java
2012-02-05 15:18 . 2012-02-05 15:17   476904   ----a-w-   c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-02-05 15:18 . 2012-02-05 15:17   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2012-02-05 15:17 . 2012-02-05 15:17   --------   d-----w-   c:\program files (x86)\Java
2012-02-05 15:03 . 2012-02-05 15:03   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-05 14:12 . 2012-02-05 14:12   --------   d-----w-   c:\users\Richard\AppData\Roaming\SUPERAntiSpyware.com
2012-02-05 14:10 . 2012-02-05 14:11   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-02-05 14:10 . 2012-02-05 14:10   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2012-02-05 09:05 . 2012-01-06 05:15   8602168   ------w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{401AFE46-EF17-454F-A080-802F24FB945D}\mpengine.dll
2012-02-02 20:39 . 2012-02-02 20:39   --------   d-----w-   c:\program files (x86)\Trend Micro
2012-01-27 20:27 . 2012-01-27 20:27   626688   ----a-w-   c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-27 20:27 . 2012-01-27 20:27   548864   ----a-w-   c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-27 20:27 . 2012-01-27 20:27   479232   ----a-w-   c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-27 20:27 . 2012-01-27 20:27   43992   ----a-w-   c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-11 19:20 . 2011-10-26 05:25   1572864   ----a-w-   c:\windows\system32\quartz.dll
2012-01-11 19:20 . 2011-10-26 05:25   366592   ----a-w-   c:\windows\system32\qdvd.dll
2012-01-11 19:20 . 2011-10-26 04:32   514560   ----a-w-   c:\windows\SysWow64\qdvd.dll
2012-01-11 19:20 . 2011-10-26 04:32   1328128   ----a-w-   c:\windows\SysWow64\quartz.dll
2012-01-11 19:20 . 2011-11-17 06:41   1731920   ----a-w-   c:\windows\system32\ntdll.dll
2012-01-11 19:20 . 2011-11-17 05:38   1292080   ----a-w-   c:\windows\SysWow64\ntdll.dll
2012-01-11 19:20 . 2011-11-19 14:58   77312   ----a-w-   c:\windows\system32\packager.dll
2012-01-11 19:20 . 2011-11-19 14:01   67072   ----a-w-   c:\windows\SysWow64\packager.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 00:52 . 2011-01-09 10:22   279656   ------w-   c:\windows\system32\MpSigStub.exe
2011-12-11 11:02 . 2011-05-19 17:03   414368   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 15:24 . 2011-09-30 08:52   23152   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-11-24 04:52 . 2011-12-15 11:54   3145216   ----a-w-   c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-10-22 1242448]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"AdobeBridge"="c:\program files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe" [2011-06-09 12002664]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-06-20 2736128]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 5487488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 136176]
R3 AODDriver;AODDriver;c:\program files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [2009-02-23 14904]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-03-15 25640]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 136176]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-09-25 30528]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys

R3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys [2007-09-04 71024]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R4 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
R4 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai   REG_MULTI_SZ      Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 15:05   451872   ----a-w-   c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 09:47]
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 09:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-08 9642528]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\l3gn77qv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-NWEReboot - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_e286960.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,bb,71,30,5b,ba,
   ef,00,e0,e2,63,26,f1,3f,c8,ff,68,97,7e,60,80,be,1f,17,c5,e2,63,26,f1,3f,c8,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,3a,5d,21,dd,98,
   51,ed,e6,6a,9c,d6,61,af,45,84,18,ac,7a,6c,05,1e,69,86,17,6a,9c,d6,61,af,45,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,63,52,1e,4f,40,
   06,c6,71,ff,7c,85,e0,43,d4,0e,fe,c3,4b,2d,b0,2b,0a,bd,4b,ff,7c,85,e0,43,d4,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,b9,14,79,cf,8f,
   9c,26,04,86,8c,21,01,be,91,eb,e7,65,b2,9f,ec,23,18,7a,90,86,8c,21,01,be,91,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,31,07,39,dd,c6,
   82,48,ed,f5,1d,4d,73,a8,13,5c,05,30,cd,08,61,3d,aa,5b,2b,f5,1d,4d,73,a8,13,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,e8,be,86,44,ff,
   6d,b1,7f,df,20,58,62,78,6b,cf,c8,87,1e,cd,dd,51,d8,17,bc,df,20,58,62,78,6b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,e3,78,56,12,42,
   f7,47,00,fb,a7,78,e6,12,2f,9a,ea,df,ce,62,1e,91,ac,cb,1b,fb,a7,78,e6,12,2f,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,95,07,21,4d,38,
   db,bb,a0,01,3a,48,fc,e8,04,4a,f1,2f,e0,7a,d5,c3,61,9e,31,01,3a,48,fc,e8,04,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,6b,b2,a2,f4,02,
   ec,83,fa,f6,0f,4e,58,98,5b,89,c9,6f,6e,88,0d,2a,36,6b,2c,f6,0f,4e,58,98,5b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,4d,f1,d7,a7,d0,
   c9,c1,a8,3d,ce,ea,26,2d,45,aa,78,6f,65,54,4f,1d,9c,70,30,3d,ce,ea,26,2d,45,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,26,d2,31,2e,2c,
   97,30,3f,2a,b7,cc,b5,b9,7f,41,e7,a3,76,e2,db,b9,50,a2,4c,2a,b7,cc,b5,b9,7f,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,99,77,dc,2b,d4,
   e6,cd,c9,6c,43,2d,1e,aa,22,2f,9c,52,f8,ef,0c,8b,09,c5,79,6c,43,2d,1e,aa,22,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\00\1e\14\050?"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
.
**************************************************************************
.
Completion time: 2012-02-06  20:13:01 - machine was rebooted
ComboFix-quarantined-files.txt  2012-02-06 20:12
.
Pre-Run: 120,022,228,992 bytes free
Post-Run: 125,003,206,656 bytes free
.
- - End Of File - - 98E5FE05738BC089FBE922BC56442F6D

[Northenlad60]

ComboFix.txt file contents are also below:

ComboFix 12-02-06.02 - Richard 06/02/2012  19:00:48.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4094.2714 [GMT 0:00]
Running from: c:\users\Richard\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\html
c:\windows\SysWow64\html\calendar.html
c:\windows\SysWow64\html\calendarbottom.html
c:\windows\SysWow64\html\calendartop.html
c:\windows\SysWow64\html\crystalexportdialog.htm
c:\windows\SysWow64\html\crystalprinthost.html
c:\windows\SysWow64\images
c:\windows\SysWow64\images\toolbar\calendar.gif
c:\windows\SysWow64\images\toolbar\crlogo.gif
c:\windows\SysWow64\images\toolbar\export.gif
c:\windows\SysWow64\images\toolbar\export_over.gif
c:\windows\SysWow64\images\toolbar\exportd.gif
c:\windows\SysWow64\images\toolbar\First.gif
c:\windows\SysWow64\images\toolbar\first_over.gif
c:\windows\SysWow64\images\toolbar\Firstd.gif
c:\windows\SysWow64\images\toolbar\gotopage.gif
c:\windows\SysWow64\images\toolbar\gotopage_over.gif
c:\windows\SysWow64\images\toolbar\gotopaged.gif
c:\windows\SysWow64\images\toolbar\grouptree.gif
c:\windows\SysWow64\images\toolbar\grouptree_over.gif
c:\windows\SysWow64\images\toolbar\grouptreed.gif
c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
c:\windows\SysWow64\images\toolbar\Last.gif
c:\windows\SysWow64\images\toolbar\last_over.gif
c:\windows\SysWow64\images\toolbar\Lastd.gif
c:\windows\SysWow64\images\toolbar\Next.gif
c:\windows\SysWow64\images\toolbar\next_over.gif
c:\windows\SysWow64\images\toolbar\Nextd.gif
c:\windows\SysWow64\images\toolbar\Prev.gif
c:\windows\SysWow64\images\toolbar\prev_over.gif
c:\windows\SysWow64\images\toolbar\Prevd.gif
c:\windows\SysWow64\images\toolbar\print.gif
c:\windows\SysWow64\images\toolbar\print_over.gif
c:\windows\SysWow64\images\toolbar\printd.gif
c:\windows\SysWow64\images\toolbar\Refresh.gif
c:\windows\SysWow64\images\toolbar\refresh_over.gif
c:\windows\SysWow64\images\toolbar\refreshd.gif
c:\windows\SysWow64\images\toolbar\Search.gif
c:\windows\SysWow64\images\toolbar\search_over.gif
c:\windows\SysWow64\images\toolbar\searchd.gif
c:\windows\SysWow64\images\toolbar\up.gif
c:\windows\SysWow64\images\toolbar\up_over.gif
c:\windows\SysWow64\images\toolbar\upd.gif
c:\windows\SysWow64\images\tree\begindots.gif
c:\windows\SysWow64\images\tree\beginminus.gif
c:\windows\SysWow64\images\tree\beginplus.gif
c:\windows\SysWow64\images\tree\blank.gif
c:\windows\SysWow64\images\tree\blankdots.gif
c:\windows\SysWow64\images\tree\dots.gif
c:\windows\SysWow64\images\tree\lastdots.gif
c:\windows\SysWow64\images\tree\lastminus.gif
c:\windows\SysWow64\images\tree\lastplus.gif
c:\windows\SysWow64\images\tree\Magnify.gif
c:\windows\SysWow64\images\tree\minus.gif
c:\windows\SysWow64\images\tree\minusbox.gif
c:\windows\SysWow64\images\tree\plus.gif
c:\windows\SysWow64\images\tree\plusbox.gif
c:\windows\SysWow64\images\tree\singleminus.gif
c:\windows\SysWow64\images\tree\singleplus.gif
.
.
(((((((((((((((((((((((((   Files Created from 2012-01-06 to 2012-02-06  )))))))))))))))))))))))))))))))
.
.
2012-02-06 18:56 . 2012-02-06 20:02   --------   d-----w-   C:\32788R22FWJFW
2012-02-06 18:39 . 2012-02-06 18:39   --------   d-----w-   C:\_OTL
2012-02-05 15:18 . 2012-02-05 15:18   --------   d-----w-   c:\program files (x86)\Common Files\Java
2012-02-05 15:18 . 2012-02-05 15:17   476904   ----a-w-   c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-02-05 15:18 . 2012-02-05 15:17   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2012-02-05 15:17 . 2012-02-05 15:17   --------   d-----w-   c:\program files (x86)\Java
2012-02-05 15:03 . 2012-02-05 15:03   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-05 14:12 . 2012-02-05 14:12   --------   d-----w-   c:\users\Richard\AppData\Roaming\SUPERAntiSpyware.com
2012-02-05 14:10 . 2012-02-05 14:11   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-02-05 14:10 . 2012-02-05 14:10   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2012-02-05 09:05 . 2012-01-06 05:15   8602168   ------w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{401AFE46-EF17-454F-A080-802F24FB945D}\mpengine.dll
2012-02-02 20:39 . 2012-02-02 20:39   --------   d-----w-   c:\program files (x86)\Trend Micro
2012-01-27 20:27 . 2012-01-27 20:27   626688   ----a-w-   c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-27 20:27 . 2012-01-27 20:27   548864   ----a-w-   c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-27 20:27 . 2012-01-27 20:27   479232   ----a-w-   c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-27 20:27 . 2012-01-27 20:27   43992   ----a-w-   c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-11 19:20 . 2011-10-26 05:25   1572864   ----a-w-   c:\windows\system32\quartz.dll
2012-01-11 19:20 . 2011-10-26 05:25   366592   ----a-w-   c:\windows\system32\qdvd.dll
2012-01-11 19:20 . 2011-10-26 04:32   514560   ----a-w-   c:\windows\SysWow64\qdvd.dll
2012-01-11 19:20 . 2011-10-26 04:32   1328128   ----a-w-   c:\windows\SysWow64\quartz.dll
2012-01-11 19:20 . 2011-11-17 06:41   1731920   ----a-w-   c:\windows\system32\ntdll.dll
2012-01-11 19:20 . 2011-11-17 05:38   1292080   ----a-w-   c:\windows\SysWow64\ntdll.dll
2012-01-11 19:20 . 2011-11-19 14:58   77312   ----a-w-   c:\windows\system32\packager.dll
2012-01-11 19:20 . 2011-11-19 14:01   67072   ----a-w-   c:\windows\SysWow64\packager.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 00:52 . 2011-01-09 10:22   279656   ------w-   c:\windows\system32\MpSigStub.exe
2011-12-11 11:02 . 2011-05-19 17:03   414368   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 15:24 . 2011-09-30 08:52   23152   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-11-24 04:52 . 2011-12-15 11:54   3145216   ----a-w-   c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-10-22 1242448]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"AdobeBridge"="c:\program files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe" [2011-06-09 12002664]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-06-20 2736128]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 5487488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 136176]
R3 AODDriver;AODDriver;c:\program files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [2009-02-23 14904]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-03-15 25640]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 136176]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-09-25 30528]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys

R3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys [2007-09-04 71024]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R4 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
R4 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai   REG_MULTI_SZ      Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 15:05   451872   ----a-w-   c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 09:47]
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 09:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-08 9642528]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\l3gn77qv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-NWEReboot - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_e286960.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,bb,71,30,5b,ba,
   ef,00,e0,e2,63,26,f1,3f,c8,ff,68,97,7e,60,80,be,1f,17,c5,e2,63,26,f1,3f,c8,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,3a,5d,21,dd,98,
   51,ed,e6,6a,9c,d6,61,af,45,84,18,ac,7a,6c,05,1e,69,86,17,6a,9c,d6,61,af,45,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,63,52,1e,4f,40,
   06,c6,71,ff,7c,85,e0,43,d4,0e,fe,c3,4b,2d,b0,2b,0a,bd,4b,ff,7c,85,e0,43,d4,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,b9,14,79,cf,8f,
   9c,26,04,86,8c,21,01,be,91,eb,e7,65,b2,9f,ec,23,18,7a,90,86,8c,21,01,be,91,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,31,07,39,dd,c6,
   82,48,ed,f5,1d,4d,73,a8,13,5c,05,30,cd,08,61,3d,aa,5b,2b,f5,1d,4d,73,a8,13,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,e8,be,86,44,ff,
   6d,b1,7f,df,20,58,62,78,6b,cf,c8,87,1e,cd,dd,51,d8,17,bc,df,20,58,62,78,6b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,e3,78,56,12,42,
   f7,47,00,fb,a7,78,e6,12,2f,9a,ea,df,ce,62,1e,91,ac,cb,1b,fb,a7,78,e6,12,2f,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,95,07,21,4d,38,
   db,bb,a0,01,3a,48,fc,e8,04,4a,f1,2f,e0,7a,d5,c3,61,9e,31,01,3a,48,fc,e8,04,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,6b,b2,a2,f4,02,
   ec,83,fa,f6,0f,4e,58,98,5b,89,c9,6f,6e,88,0d,2a,36,6b,2c,f6,0f,4e,58,98,5b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,4d,f1,d7,a7,d0,
   c9,c1,a8,3d,ce,ea,26,2d,45,aa,78,6f,65,54,4f,1d,9c,70,30,3d,ce,ea,26,2d,45,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,26,d2,31,2e,2c,
   97,30,3f,2a,b7,cc,b5,b9,7f,41,e7,a3,76,e2,db,b9,50,a2,4c,2a,b7,cc,b5,b9,7f,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,99,77,dc,2b,d4,
   e6,cd,c9,6c,43,2d,1e,aa,22,2f,9c,52,f8,ef,0c,8b,09,c5,79,6c,43,2d,1e,aa,22,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\00\1e\14\050?"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
.
**************************************************************************
.
Completion time: 2012-02-06  20:13:01 - machine was rebooted
ComboFix-quarantined-files.txt  2012-02-06 20:12
.
Pre-Run: 120,022,228,992 bytes free
Post-Run: 125,003,206,656 bytes free
.
- - End Of File - - 98E5FE05738BC089FBE922BC56442F6D

[SuperDave]

Re-running ComboFix to remove infections:

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the quotebox below into it:
  

  KillAll::
  
  Firefox::
  uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
  DDS::
  uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• I don't need to see the log from this script.
  

******************************************************
Please download Rooter and Save it to your desktop.

• Double click it to start the tool.Vista and Windows7 run as administrator.
• Click Scan.
  
• Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
  

[Northenlad60]

Rooter log is below:

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows 7 Home Edition (6.1.7601) Service Pack 1
[32_bits] - AMD64 Family 16 Model 4 Stepping 3, AuthenticAMD
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Disabled !
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 8.0.7601.17514
Mozilla Firefox 9.0.1 (en-GB)
.
C:\  [Fixed-NTFS] .. ( Total:465 Go - Free:117 Go )
D:\  [Fixed-NTFS] .. ( Total:186 Go - Free:186 Go )
E:\  [Fixed-NTFS] .. ( Total:19 Go - Free:13 Go )
F:\  [CD_Rom]
G:\  [Fixed-NTFS] .. ( Total:0 Go - Free:0 Go )
.
Scan : 20:35.56
Path : C:\Users\Richard\Desktop\Rooter.exe
User : Richard ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ ??? (376)
______ ??? (556)
______ ??? (616)
______ ??? (636)
______ ??? (688)
______ ??? (716)
______ ??? (724)
______ ??? (732)
______ ??? (840)
______ ??? (908)
______ C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (932)
______ ??? (976)
______ ??? (424)
______ ??? (560)
______ ??? (436)
______ ??? (1124)
______ ??? (1256)
______ ??? (1404)
______ ??? (1416)
______ ??? (1540)
______ ??? (1592)
______ ??? (1700)
______ C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (1720)
______ C:\Windows\SysWOW64\svchost.exe (1744)
______ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1768)
______ ??? (1984)
______ ??? (2028)
______ C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (1112)
______ ??? (1304)
______ C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (1180)
______ C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (1676)
______ C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (1852)
______ C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (2084)
______ ??? (2124)
______ ??? (2172)
______ C:\Program Files (x86)\Canon\CAL\CALMAIN.exe (2312)
______ ??? (1516)
______ ??? (2788)
______ ??? (3088)
______ ??? (3128)
______ ??? (3884)
______ ??? (204)
______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (4572)
______ C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (4112)
______ ??? (3672)
______ ??? (3248)
______ ??? (5024)
______ C:\Program Files (x86)\Internet Explorer\iexplore.exe (2972)
______ C:\Program Files (x86)\Internet Explorer\iexplore.exe (4932)
______ ??? (4996)
Locked audiodg.exe (2556)
______ ??? (3652)
______ C:\Users\Richard\Desktop\Rooter.exe (3880)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:200045388288)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 20:36.03
.
C:\Rooter$\Rooter_1.txt - (07/02/2012 | 20:36.03)

[Northenlad60]

The smileys in the log are (or should be) just 3 question marks ("?"), followed by 6 more..

Oh, and thanks for this help..

[SuperDave]

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[Northenlad60]

Hi,

The scan completed and did not detect anything, therefore no log was created.  Have I been infected, or is it just a bit of tweeking required? It would you recommend rebuilding again(reinstall Windows etc)?