Computer running Slowish lately?

[Aaron.T]

Hello,
lately (probably the last month or so) I have noticed that my computer has been running on the slow side, so  last night I did a scan with Avast,  ran Malwarebytes and SpyBot-Search and Destroy. The virus scan found no threats (like it ever does...) but Malwarebytes found 2 malicious programs and Spybot found a Ton of problem 1 being a trojen. it seemed that the programs got rid of the bad stuff but I have not noticed any difference in the speed. I have attached the 2 logs for someone to look at. I hope I have included enough information, if not please let me know and I will add whatever else is needed
Hope to hear from you soon,
-Aaron

[year+ old attachment deleted by admin]

[Allan]

Please follow the instructions in the following link and post your logs:
http://www.computerhope.com/forum/index.php/topic,46313.0.html

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  
• Click on Search.
  
• A logfile will automatically open after the scan has finished.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

**********************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

[Aaron.T]

good afternoon Dave,
Thank you for the quick reply, I wasn't expecting a response so soon. As you requested here are the logs you wanted me to retrieve

ADWCleaner:
# AdwCleaner v2.003 - Logfile created 09/29/2012 at 15:30:47
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Aaron - AARON-PC
# Boot Mode : Normal
# Running from : C:\Users\Aaron\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Aaron\AppData\Local\Conduit
Folder Found : C:\Users\Aaron\AppData\LocalLow\Conduit
Folder Found : C:\Users\Aaron\AppData\LocalLow\PriceGong

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Found : HKCU\Software\Zugo
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2856449
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Tarma Installer
Key Found : HKU\S-1-5-21-1467129254-1898967771-576174720-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3220468

-\\ Google Chrome v22.0.1229.79

File : C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.15] : homepage = "hxxp://search.babylon.com/?babsrc=HP_def_cr&affID=109221",
Found [l.19] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?babsrc=HP_def_cr&affID=109221" ]
Found [l.1390] : homepage = "hxxp://search.babylon.com/?babsrc=HP_def_cr&affID=109221",
Found [l.2412] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?babsrc=HP_def_cr&affID=109221" ]

I hope that is everything, thanks again for helping me out. looking forward to hearing from you shortly.
-Aaron

*************************

AdwCleaner[R1].txt - [3196 octets] - [29/09/2012 15:30:47]

########## EOF - C:\AdwCleaner[R1].txt - [3256 octets] ##########


Security Check:
 Results of screen317's Security Check version 0.99.51 
 Windows 7 Service Pack 1 x64   
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````[/u]
 MVPS Hosts File 
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware version 1.65.0.1400 
 Java(TM) 6 Update 32 
 Java 7 Update 6 
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Reader X 10.1.1 Adobe Reader out of Date! 
 Google Chrome 21.0.1180.83 
 Google Chrome 21.0.1180.89 
 Google Chrome 22.0.1229.79 
````````Process Check: objlist.exe by Laurent````````[/u] 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]

[SuperDave]

Remove the Adware:

• Please close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with OK
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
  

***********************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
**********************************************
Update your Adobe Reader. get.adobe.com/reader.

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.
***************************************************************
Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply.

[Aaron.T]

Dave,
 sorry for the delay was visiting with my parents most of the evening but here are the logs  you requested

 adwcleaner log:

# AdwCleaner v2.003 - Logfile created 09/29/2012 at 23:48:34
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Aaron - AARON-PC
# Boot Mode : Normal
# Running from : C:\Users\Aaron\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Aaron\AppData\Local\Conduit
Folder Deleted : C:\Users\Aaron\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Aaron\AppData\LocalLow\PriceGong

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2856449
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-21-1467129254-1898967771-576174720-1004\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3220468 --> hxxp://www.google.com

-\\ Google Chrome v22.0.1229.79

File : C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.15] : homepage = "hxxp://search.babylon.com/?babsrc=HP_def_cr&affID=109221",
Deleted [l.19] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?babsrc=HP_def_cr&affID=109221" ]
Deleted [l.1390] : homepage = "hxxp://search.babylon.com/?babsrc=HP_def_cr&affID=109221",
Deleted [l.2418] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?babsrc=HP_def_cr&affID=109221" ]

*************************

AdwCleaner[R1].txt - [3321 octets] - [29/09/2012 15:30:47]
AdwCleaner[S1].txt - [3792 octets] - [29/09/2012 23:48:34]

########## EOF - C:\AdwCleaner[S1].txt - [3852 octets] ##########
 


and here is the aswMBR log:


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-30 00:06:17
-----------------------------
00:06:17.457    OS Version: Windows x64 6.1.7601 Service Pack 1
00:06:17.457    Number of processors: 4 586 0x1E05
00:06:17.458    ComputerName: AARON-PC  UserName: Aaron
00:06:22.887    Initialize success
00:06:23.074    AVAST engine defs: 12092901
00:06:42.876    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4
00:06:42.881    Disk 0 Vendor: WDC_WD15EADS-00R6B0 01.00A01 Size: 1430799MB BusType: 3
00:06:42.895    Disk 0 MBR read successfully
00:06:42.901    Disk 0 MBR scan
00:06:42.907    Disk 0 Windows 7 default MBR code
00:06:42.912    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
00:06:42.926    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS      1430697 MB offset 206848
00:06:42.946    Disk 0 scanning C:\Windows\system32\drivers
00:06:52.932    Service scanning
00:07:10.772    Modules scanning
00:07:10.786    Disk 0 trace - called modules:
00:07:10.878    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
00:07:10.887    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e62060]
00:07:10.897    3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa8007bb9520]
00:07:10.906    5 ACPI.sys[fffff88000f007a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0xfffffa8007bb5680]
00:07:14.018    AVAST engine scan C:\Windows
00:07:19.719    AVAST engine scan C:\Windows\system32
00:09:57.561    AVAST engine scan C:\Windows\system32\drivers
00:10:14.638    AVAST engine scan C:\Users\Aaron
00:24:33.198    AVAST engine scan C:\ProgramData
00:29:52.038    Scan finished successfully
00:30:37.045    Disk 0 MBR has been saved successfully to "C:\Users\Aaron\Desktop\MBR.dat"
00:30:37.045    The log file has been saved successfully to "C:\Users\Aaron\Desktop\aswMBR.txt"
 

Also I think this is noteworthy, when I restarted my computer after running Adwcleaner I launched my Google Chrome and when Is did i got a message saying that my preferences were corrupt and there was a toolbar added that wasn't there before. I also updated java and adobe like you suggested. Probably wont hear from you tonight but hope to hear from you tomorrow.
Thanks,
-Aaron

[SuperDave]

Also I think this is noteworthy, when I restarted my computer after running Adwcleaner I launched my Google Chrome and when Is did i got a message saying that my preferences were corrupt and there was a toolbar added that wasn't there before.

If Chrome gives you problems, you could try uninstalling and reinstalling the program.

Download Combofix from any of the links below, and save it to your DESKTOP. 

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

[Aaron.T]

hey dave, here is the log you wanted, its kindof long



ComboFix 12-09-30.01 - Aaron 09/30/2012  11:37:55.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8183.6489 [GMT -6:00]
Running from: c:\users\Aaron\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\alotappbar
c:\program files (x86)\alotappbar\alotUninst.exe
c:\program files (x86)\alotappbar\bin\alotappbar.dll
c:\program files (x86)\alotappbar\bin\alothelper.dll
c:\program files (x86)\alotappbar\bin\ALOTSettings.exe
c:\program files (x86)\alotappbar\bin\alotwidgets.exe
c:\program files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll
c:\program files (x86)\Common
c:\program files (x86)\Common\x86\DLBChcp.dll
c:\program files (x86)\Common\x86\DLBCinst.dll
c:\program files (x86)\Setup.exe
c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\update Microsoft .lnk
.
.
(((((((((((((((((((((((((   Files Created from 2012-08-28 to 2012-09-30  )))))))))))))))))))))))))))))))
.
.
2012-09-30 17:48 . 2012-09-30 17:48   --------   d-----w-   c:\users\UpdatusUser\AppData\Local\temp
2012-09-30 17:48 . 2012-09-30 17:48   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-09-30 06:01 . 2012-09-30 06:01   191472   ----a-w-   c:\windows\system32\javaws.exe
2012-09-30 06:01 . 2012-09-30 06:01   544240   ----a-w-   c:\windows\system32\npdeployJava1.dll
2012-09-30 06:01 . 2012-09-30 06:01   525808   ----a-w-   c:\windows\system32\deployJava1.dll
2012-09-30 06:01 . 2012-09-30 06:01   172528   ----a-w-   c:\windows\system32\javaw.exe
2012-09-30 06:01 . 2012-09-30 06:01   172528   ----a-w-   c:\windows\system32\java.exe
2012-09-30 06:01 . 2012-09-30 06:01   --------   d-----w-   c:\program files\Java
2012-09-30 05:57 . 2012-09-30 05:57   95208   ----a-w-   c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-28 21:21 . 2012-09-29 00:28   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
2012-09-28 21:21 . 2012-09-28 21:21   --------   d-----w-   c:\program files (x86)\Spybot - Search & Destroy
2012-09-28 21:10 . 2012-09-30 17:43   69000   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{9E4B6F92-C046-4D0B-9F08-F9DE7C5BF0AF}\offreg.dll
2012-09-28 21:04 . 2012-09-28 21:04   --------   d-----w-   c:\users\Aaron\AppData\Local\CRE
2012-09-28 21:03 . 2012-09-28 21:11   --------   d-----w-   c:\users\Aaron\AppData\Roaming\Nico Mak Computing
2012-09-28 21:03 . 2011-11-10 16:33   18760   ----a-w-   c:\windows\system32\roboot64.exe
2012-09-28 21:03 . 2012-09-28 21:11   --------   d-----w-   c:\program files (x86)\WinZip Registry Optimizer
2012-09-28 21:00 . 2012-09-28 21:09   --------   d-----w-   c:\program files (x86)\1ClickDownload
2012-09-28 19:24 . 2012-08-30 07:27   9308616   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{9E4B6F92-C046-4D0B-9F08-F9DE7C5BF0AF}\mpengine.dll
2012-09-26 05:32 . 2012-08-21 19:01   33240   ----a-w-   c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-26 05:32 . 2012-09-26 05:32   --------   d-----w-   c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-26 05:32 . 2012-09-26 05:32   --------   d-----w-   c:\program files\iTunes
2012-09-26 05:32 . 2012-09-26 05:32   --------   d-----w-   c:\program files (x86)\iTunes
2012-09-26 05:32 . 2012-09-26 05:32   --------   d-----w-   c:\program files\iPod
2012-09-25 19:30 . 2012-08-21 21:01   245760   ----a-w-   c:\windows\system32\OxpsConverter.exe
2012-09-20 03:15 . 2012-09-20 03:15   --------   d-----w-   c:\programdata\Firefly Studios
2012-09-20 03:08 . 2012-09-20 05:04   --------   d-----w-   c:\program files (x86)\Firefly Studios
2012-09-17 23:02 . 2012-09-17 23:02   --------   d-----w-   c:\users\Aaron\AppData\Roaming\VMware
2012-09-17 22:20 . 2012-09-17 22:20   --------   d-----w-   c:\programdata\VMware
2012-09-17 22:20 . 2012-04-10 17:05   52336   ----a-w-   c:\windows\system32\drivers\hcmon.sys
2012-09-17 22:19 . 2012-09-17 22:20   --------   d-----w-   c:\program files (x86)\Common Files\VMware
2012-09-17 22:19 . 2012-09-17 22:19   --------   d-----w-   c:\users\Aaron\AppData\Local\VMware
2012-09-17 22:19 . 2012-09-17 22:19   --------   d-----w-   c:\program files\VMware
2012-09-14 23:33 . 2012-09-14 23:33   --------   d-----w-   c:\users\Aaron\AppData\Roaming\MotioninJoy
2012-09-14 23:33 . 2011-12-08 01:42   328712   ----a-w-   c:\windows\system32\MijFrc.dll
2012-09-14 23:33 . 2012-09-14 23:33   --------   d-----w-   c:\program files\MotioninJoy
2012-09-12 17:22 . 2012-08-22 18:12   950128   ----a-w-   c:\windows\system32\drivers\ndis.sys
2012-09-12 17:22 . 2012-07-04 20:26   41472   ----a-w-   c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 17:22 . 2012-08-02 17:58   574464   ----a-w-   c:\windows\system32\d3d10level9.dll
2012-09-12 17:22 . 2012-08-02 16:57   490496   ----a-w-   c:\windows\SysWow64\d3d10level9.dll
2012-09-12 17:22 . 2012-08-22 18:12   1913200   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-09-12 17:22 . 2012-08-22 18:12   376688   ----a-w-   c:\windows\system32\drivers\netio.sys
2012-09-12 17:22 . 2012-08-22 18:12   288624   ----a-w-   c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-30 05:57 . 2012-05-29 04:16   821736   ----a-w-   c:\windows\SysWow64\npdeployJava1.dll
2012-09-30 05:57 . 2010-11-11 06:20   746984   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2012-09-13 01:23 . 2010-11-11 23:30   64462936   ----a-w-   c:\windows\system32\MRT.exe
2012-09-07 23:04 . 2010-12-23 14:45   25928   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-08-21 19:01 . 2010-11-15 23:55   125872   ----a-w-   c:\windows\system32\GEARAspi64.dll
2012-08-21 19:01 . 2010-11-15 23:55   106928   ----a-w-   c:\windows\SysWow64\GEARAspi.dll
2012-08-21 09:13 . 2012-05-11 07:39   359464   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-05-11 07:38   59728   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-05-11 07:38   969200   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-05-11 07:38   54072   ----a-w-   c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2012-05-11 07:38   71600   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2012-05-11 07:39   25232   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2012-05-11 07:38   41224   ----a-w-   c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-05-11 07:38   227648   ----a-w-   c:\windows\SysWow64\aswBoot.exe
2012-08-21 09:12 . 2012-05-11 07:38   285328   ----a-w-   c:\windows\system32\aswBoot.exe
2012-08-14 20:10 . 2012-08-14 20:10   270408   ----a-w-   c:\windows\SysWow64\PnkBstrB.xtr
2012-08-01 22:49 . 2012-08-01 22:49   2255512   ----a-w-   c:\windows\system32\wsauth.dll
2012-07-18 18:15 . 2012-08-15 21:01   3148800   ----a-w-   c:\windows\system32\win32k.sys
2012-07-09 19:42 . 2012-07-09 19:42   4547984   ----a-w-   c:\windows\system32\usbaaplrc.dll
2012-07-09 19:42 . 2012-07-09 19:42   52736   ----a-w-   c:\windows\system32\drivers\usbaapl64.sys
2012-07-06 20:07 . 2012-08-16 00:19   552960   ----a-w-   c:\windows\system32\drivers\bthport.sys
2012-07-04 22:16 . 2012-08-15 21:09   73216   ----a-w-   c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 21:09   59392   ----a-w-   c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 21:09   136704   ----a-w-   c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 21:09   41984   ----a-w-   c:\windows\SysWow64\browcli.dll
2012-07-03 16:21 . 2012-08-07 14:06   19600   ----a-w-   c:\windows\system32\drivers\aswKbd.sys
2011-01-10 03:40 . 2011-01-10 03:26   901115723   ----a-w-   c:\program files\mw2_setup_1.0.4.36.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c0326c12-9f06-4344-aa25-60267226bb7d}]
2011-06-23 17:54   81920   ----a-w-   c:\program files (x86)\gpotatotoolbar\vmntemplateX.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c0326c12-9f06-4344-aa25-60267226bb7d}"= "c:\program files (x86)\gpotatotoolbar\vmntemplateX.dll" [2011-06-23 81920]
.
[HKEY_CLASSES_ROOT\clsid\{c0326c12-9f06-4344-aa25-60267226bb7d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-05 1353080]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-06-27 3077528]
"Akamai NetSession Interface"="c:\users\Aaron\AppData\Local\Akamai\netsession_win.exe" [2012-08-11 4440896]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-03-31 2547048]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WG111v3\WG111v3.exe [2009-11-6 2469888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u wsauth
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-30 6144]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 DIRECTIO;DIRECTIO;c:\program files (x86)\PerformanceTest\DirectIo.sys

R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2010-11-10 21712]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\SealOnline Eternal Destiny\GameGuard\dump_wmimmc.sys

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys

R3 libusb0;LibUsb-Win32 - Kernel Driver 08/27/2006, 0.1.12.0;c:\windows\system32\DRIVERS\libusb0.sys [2008-02-19 31744]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2009-06-20 20992]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-30 9216]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2009-10-27 28160]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2009-10-27 30208]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2009-05-07 7168]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [2007-03-07 17920]
R3 PsSdk41;PsSdk41;c:\windows\system32\Drivers\pssdk41.sys [2011-01-10 51776]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2009-11-19 446976]
R3 SaiK8012;SaiK8012;c:\windows\system32\DRIVERS\SaiK8012.sys [2010-07-27 174600]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-11 1255736]
R3 X6va005;X6va005;c:\users\Aaron\AppData\Local\Temp\00534B8.tmp

S0 acs6nts;acs6nts;c:\windows\system32\DRIVERS\acs6nts.sys [2010-06-01 29744]
S1 aswKbd;aswKbd;

S1 aswSnx;aswSnx;

S1 aswSP;aswSP;

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 aswFsBlk;aswFsBlk;

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2009-11-25 91392]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-04-10 854640]
S2 vmware-view-usbd;VMware View USB;c:\program files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [2012-08-01 2370560]
S2 wsnm;VMware View Client;c:\program files\VMware\VMware View\Client\bin\wsnm.exe [2012-08-01 474264]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-29 52584]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai   REG_MULTI_SZ      Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1467129254-1898967771-576174720-1000Core.job
- c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-10 01:14]
.
2012-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1467129254-1898967771-576174720-1000UA.job
- c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-10 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11   133400   ----a-w-   c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SaiVolume"="c:\program files\Saitek\VolumeTracker\SaiVolume.exe" [2010-04-20 186880]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2010-04-20 378880]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2010-04-20 195072]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
DPF: {D89D97A9-12C5-45E3-9353-3540761FE15C} - hxxp://channel.dontblynk.com/Launcher/SealWebLaunch.CAB
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
BHO-{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - c:\program files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll
Toolbar-{A531D99C-5A22-449b-83DA-872725C6D0ED} - c:\program files (x86)\alotappbar\bin\ALOTHelper.dll
Wow6432Node-HKCU-Run-lime pro - c:\program files (x86)\Lime PRO\LimePro.exe
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
Wow6432Node-HKLM-Run-4StoryPrePatch - c:\program files (x86)\Zemi Interactive\4Story_US\PrePatch.exe
WebBrowser-{7846AE31-BEA2-438A-8F5E-2D899361656C} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-alotAppbar - c:\program files (x86)\alotappbar\alotUninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Aaron\AppData\Local\Temp\00534B8.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1467129254-1898967771-576174720-1000\Software\SecuROM\License information*]
"datasecu"=hex:36,72,da,55,a0,92,2b,05,7f,af,83,fe,82,84,bd,6e,b1,b1,b5,7e,9f,
   e8,d0,5a,b9,9b,2d,66,15,de,5c,71,56,cb,d9,a2,07,2f,15,70,8e,2a,71,4a,07,40,\
"rkeysecu"=hex:9b,9f,eb,eb,73,b4,15,76,f9,e7,6a,ee,67,5c,0d,41
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-30  11:53:24
ComboFix-quarantined-files.txt  2012-09-30 17:53
.
Pre-Run: 996,209,229,824 bytes free
Post-Run: 996,040,097,792 bytes free
.
- - End Of File - - 2D37A01DDD5C3F2B2CD628B806B0E779

[SuperDave]

Please download Rooter and Save it to your desktop.

• Double click it to start the tool.Vista and Windows7 run as administrator.
• Click Scan.
  
• Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
  

[Aaron.T]

Rooter.exe (v1.0.2) by Eric_71
.
The token does not have the SeDebugPrivilege privilege ! (error:1300)
Can not acquire SeDebugPrivilege !
Please run the tool as administrator ..
.
Windows 7 . (6.1.7601) Service Pack 1
[32_bits] - Intel64 Family 6 Model 30 Stepping 5, GenuineIntel
.
Error OpenService (wscsvc) : 6
Error OpenSCManager : 5
Error OpenService (MpsSvc) : 6
Windows Defender -> Enabled
.
Internet Explorer 9.0.8112.16421
.
C:\  [Fixed-NTFS] .. ( Total:1397 Go - Free:927 Go )
D:\  [CD_Rom]
.
Scan : 16:52.27
Path : C:\Users\Aaron\Downloads\Rooter.exe
User : Aaron ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
Locked smss.exe (332)
Locked csrss.exe (444)
Locked wininit.exe (504)
Locked csrss.exe (524)
Locked services.exe (564)
Locked lsass.exe (572)
Locked lsm.exe (580)
Locked winlogon.exe (672)
Locked svchost.exe (744)
Locked nvvsvc.exe (820)
Locked nvSCPAPISvr.exe (844)
Locked svchost.exe (888)
Locked svchost.exe (968)
Locked svchost.exe (1016)
Locked svchost.exe (368)
Locked audiodg.exe (872)
Locked svchost.exe (1072)
Locked NvXDSync.exe (1160)
Locked nvvsvc.exe (1172)
Locked svchost.exe (1344)
Locked AvastSvc.exe (1488)
Locked spoolsv.exe (1560)
Locked svchost.exe (1596)
Locked armsvc.exe (1708)
Locked AppleMobileDeviceService.exe (1748)
Locked mDNSResponder.exe (1792)
Locked mbamscheduler.exe (1864)
Locked MotoConnectService.exe (1116)
Locked svchost.exe (2104)
Locked wsnm.exe (2192)
Locked vmware-usbarbitrator64.exe (2312)
Locked vmware-view-usbd.exe (2580)
Locked svchost.exe (2908)
______ ? (624)
______ ? (1804)
______ ? (1124)
______ ? (3208)
______ ? (3328)
______ ? (3364)
______ ? (3380)
______ C:\Program Files (x86)\Steam\Steam.exe (3420)
______ ? (3508)
______ ? (3540)
______ C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (3948)
______ C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe (4040)
______ ? (3092)
Locked SearchIndexer.exe (3248)
______ C:\Program Files\AVAST Software\Avast\AvastUI.exe (2900)
______ C:\Program Files (x86)\iTunes\iTunesHelper.exe (3520)
______ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (3492)
Locked svchost.exe (1080)
Locked iPodService.exe (2188)
Locked wmpnetwk.exe (4388)
Locked SteamService.exe (4852)
Locked svchost.exe (5000)
Locked mbamservice.exe (4540)
______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (4632)
Locked daemonu.exe (5672)
Locked svchost.exe (5756)
Locked svchost.exe (4372)
______ C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe (3648)
Locked SearchProtocolHost.exe (4664)
Locked SearchFilterHost.exe (1880)
Locked svchost.exe (5964)
______ C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe (6088)
______ C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe (4184)
______ C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe (5244)
______ C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe (3652)
______ C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe (2372)
______ C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe (2720)
______ C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe (3904)
______ C:\Users\Aaron\Downloads\Rooter.exe (4740)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:104857600)
\Device\Harddisk0\Partition2 (Start_Offset:105906176 | Length:1500194537472)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1467129254-1898967771-576174720-1000Core.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1467129254-1898967771-576174720-1000UA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 16:52.30
.
C:\Rooter$\Rooter_1.txt - (30/09/2012 | 16:52.30)

[SuperDave]

How's your computer working now?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[Aaron.T]

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ae14b44bc7b27f4a80f0cb146161339a
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-01 11:15:31
# local_time=2012-10-01 05:15:31 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 100663029 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=519983
# found=0
# cleaned=0
# scan_time=13752

[SuperDave]

Ok, if there are no other issues, we can do some cleanup.

Download this program and run it Uninstall ComboFix .It will remove ComboFix for you.

******************************************************
To set a new Restore Point.

Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection.  If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode.
Click the Start button , click Control Panel, click System and Maintenance, and then click System.
In the left pane, click System Protection.  If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.
This will give you a new, clean Restore Point.
**********************************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)

Or

• Click Start.
  
• Click Control Panel.
  
• Click Administration Tools.
  
• Click Free up disk space.
  
• Click Ok.
  
• Click Delete Files.
  

*************************************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!