Boogs

WhiteSmoke Web Search removal

17 posts in this topic

I've gone ahead and removed the add-ons, went through my Program Files and deleted it all, but I still can't get rid of the WhiteSmoke Bar Customized Web Search in both my IE and Firefox. Help would be greatly appreciated!

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Alexis at 23:55:06 on 2011-12-30

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3561.1950 [GMT -8:00]

.

AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\FBAgent.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Trend Micro\Titanium\TiMiniService.exe

C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\conhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\AIM\aim.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\AsScrPro.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\notepad.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3007394

mStart Page = hxxp://asus.msn.com

BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll

BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - C:\ProgramData\Partner\Partner.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"

mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S

mRun: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun: [uSBChargerPlusTray] C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe

mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{9894F74A-14DC-47F5-8ED2-3287D63D87C6} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{9894F74A-14DC-47F5-8ED2-3287D63D87C6}\2375942554836343 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{F1582DF4-E8B1-4BB4-9A47-D5BDEEAC3644} : DhcpNameServer = 100.100.2.16

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll

BHO-X64: Trend Micro NSC BHO - No File

BHO-X64: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

BHO-X64: TmBpIeBHO - No File

BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

BHO-X64: Google Dictionary Compression sdch - No File

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

mRun-x64: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"

mRun-x64: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S

mRun-x64: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe

mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun-x64: [uSBChargerPlusTray] C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe

mRun-x64: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Alexis\AppData\Roaming\Mozilla\Firefox\Profiles\n89g5flp.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - WhiteSmoke Bar Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://www.basicscan.com/?tmp=nemo_results_removelink&prt=BscscnPB&keywords=

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Alexis\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Users\Alexis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Alexis\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]

R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]

R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-5-25 17536]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-27 361984]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-29 652872]

R2 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2010-10-26 241488]

R2 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]

R3 AiCharger;ASUS Charger Driver;C:\Windows\system32\DRIVERS\AiCharger.sys --> C:\Windows\system32\DRIVERS\AiCharger.sys [?]

R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\amdhub30.sys --> C:\Windows\system32\DRIVERS\amdhub30.sys [?]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\amdxhc.sys --> C:\Windows\system32\DRIVERS\amdxhc.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-1 135664]

S3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-4-1 267480]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-1 135664]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2011-4-1 332272]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2011-12-30 05:14:07 -------- d-----w- C:\Users\Alexis\AppData\Roaming\SUPERAntiSpyware.com

2011-12-30 05:13:54 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2011-12-30 05:13:54 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2011-12-30 04:26:21 -------- d-sh--w- C:\$RECYCLE.BIN

2011-12-30 03:50:52 98816 ----a-w- C:\Windows\sed.exe

2011-12-30 03:50:52 518144 ----a-w- C:\Windows\SWREG.exe

2011-12-30 03:50:52 256000 ----a-w- C:\Windows\PEV.exe

2011-12-30 03:50:52 208896 ----a-w- C:\Windows\MBR.exe

2011-12-30 02:16:40 -------- d-----w- C:\Users\Alexis\AppData\Roaming\Malwarebytes

2011-12-30 02:15:41 -------- d-----w- C:\ProgramData\Malwarebytes

2011-12-30 02:15:40 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-12-30 02:15:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-12-30 02:07:45 191760 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys

2011-12-30 01:57:30 -------- d-----w- C:\Users\Alexis\AppData\Local\VS Revo Group

2011-12-30 01:40:24 -------- d-----w- C:\Users\Alexis\AppData\Local\Conduit

2011-12-29 04:00:44 -------- d-----w- C:\Users\Alexis\riotsGamesLogs

2011-12-29 03:53:57 -------- d-----w- C:\Users\Alexis\AppData\Roaming\LolClient

2011-12-29 03:16:37 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll

2011-12-29 03:16:37 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll

2011-12-29 03:16:37 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll

2011-12-29 03:16:37 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll

2011-12-29 03:16:36 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll

2011-12-29 03:13:01 -------- d-----w- C:\Riot Games

2011-12-27 22:13:15 -------- d-----w- C:\Users\Alexis\AppData\Local\PMB Files

2011-12-27 22:13:13 -------- d-----w- C:\ProgramData\PMB Files

2011-12-27 22:13:00 -------- d-----w- C:\Program Files (x86)\Pando Networks

2011-12-26 16:55:06 196224 ----a-w- C:\Program Files\Windows Sidebar\Shared Gadgets\P4GUpdate.Gadget\P4GUpdate.dll

2011-12-26 16:55:05 -------- d-----w- C:\ProgramData\P4G

2011-12-26 13:14:04 -------- d-----w- C:\Program Files (x86)\AMD APP

2011-12-26 13:14:01 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

2011-12-26 13:14:01 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies

2011-12-26 13:12:48 -------- d-----w- C:\Program Files\ATI Technologies

2011-12-26 13:12:44 53376 ----a-w- C:\Windows\System32\drivers\usbfilter.sys

2011-12-26 13:11:35 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2011-12-26 13:11:28 96896 ----a-w- C:\Windows\System32\drivers\amdhub30.sys

2011-12-26 13:11:28 214144 ----a-w- C:\Windows\System32\drivers\amdxhc.sys

2011-12-26 13:04:52 -------- d-----w- C:\Users\Alexis\AppData\Local\ATI

2011-12-26 12:53:31 -------- d-----w- C:\Windows\SysWow64\Wat

2011-12-26 12:53:31 -------- d-----w- C:\Windows\System32\Wat

2011-12-25 16:59:23 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-25 08:33:58 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-12-24 09:44:24 -------- d-----w- C:\Users\Alexis\AppData\Local\AOL

2011-12-24 09:44:24 -------- d-----w- C:\Users\Alexis\AppData\Local\AIM

2011-12-24 09:40:56 -------- d-----w- C:\Users\Alexis\AppData\Roaming\ASUS WebStorage

2011-12-24 09:39:23 -------- d-----w- C:\ProgramData\ASUS

2011-12-24 09:39:20 -------- d-----w- C:\Users\Alexis\AppData\Local\ASUS

2011-12-24 09:37:01 -------- d-----w- C:\ProgramData\AIM

2011-12-24 09:36:57 -------- d-----w- C:\Program Files (x86)\AIM

2011-12-24 09:36:56 -------- d-----w- C:\Program Files (x86)\Common Files\Software Update Utility

2011-12-24 09:36:54 -------- d-----w- C:\Program Files (x86)\Common Files\AOL

2011-12-24 06:07:00 -------- d-----w- C:\Users\Alexis\AppData\Local\Google

2011-12-24 06:04:06 -------- d-----w- C:\Users\Alexis\AppData\Local\Power2Go

.

==================== Find3M ====================

.

2011-12-31 07:02:54 45056 ----a-w- C:\Windows\System32\acovcnt.exe

2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-10-26 05:21:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2011-10-15 06:31:56 723456 ----a-w- C:\Windows\System32\EncDec.dll

2011-10-15 05:38:59 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2011-10-04 20:14:12 768848 ----a-w- C:\Windows\SysWow64\msvcr100.dll

2011-10-04 20:14:12 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll

.

============= FINISH: 23:56:18.97 ===============

Attach.txt

Share this post


Link to post
Share on other sites

Welcome to the forum.

Please download Farbar Service Scanner and run it on the computer with the issue.


  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

Please download and run RogueKiller.

Choose 1 to scan the system

Post back the report.

MrC

Share this post


Link to post
Share on other sites

Thank you so much for replying!

Farbar Service Scanner

Ran by Alexis (administrator) on 01-01-2012 at 09:28:56

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

SDRSVC Service is not running. Checking service configuration:

The start type of SDRSVC service is OK.

The ImagePath of SDRSVC service is OK.

The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:

The start type of VSS service is OK.

The ImagePath of VSS service is OK.

System Restore Disabled Policy:

========================

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

RogueKiller V6.2.2 [12/31/2011] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Alexis [Admin rights]

Mode: Scan -- Date : 01/01/2012 09:30:57

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] 0d9ee0f5bd374532f655877b44e0843d

[bSP] ee92ccddf702530e27932213ecc73c2e : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] FAT32 [HIDDEN!] Offset (sectors): 2048 | Size: 26843 Mo

1 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 52430848 | Size: 215046 Mo

2 - [XXXXXX] UNKNW [VISIBLE] Offset (sectors): 472442880 | Size: 258217 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Share this post


Link to post
Share on other sites

09:54:45.0666 4552 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

09:54:46.0202 4552 ============================================================

09:54:46.0202 4552 Current date / time: 2012/01/01 09:54:46.0202

09:54:46.0202 4552 SystemInfo:

09:54:46.0202 4552

09:54:46.0203 4552 OS Version: 6.1.7601 ServicePack: 1.0

09:54:46.0203 4552 Product type: Workstation

09:54:46.0203 4552 ComputerName: BLANKYMUN

09:54:46.0203 4552 UserName: Alexis

09:54:46.0203 4552 Windows directory: C:\Windows

09:54:46.0203 4552 System windows directory: C:\Windows

09:54:46.0203 4552 Running under WOW64

09:54:46.0203 4552 Processor architecture: Intel x64

09:54:46.0203 4552 Number of processors: 2

09:54:46.0203 4552 Page size: 0x1000

09:54:46.0203 4552 Boot type: Normal boot

09:54:46.0203 4552 ============================================================

09:54:47.0166 4552 Initialize success

09:55:38.0772 2072 ============================================================

09:55:38.0772 2072 Scan started

09:55:38.0772 2072 Mode: Manual; SigCheck; TDLFS;

09:55:38.0772 2072 ============================================================

09:55:39.0050 2072 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

09:55:39.0179 2072 1394ohci - ok

09:55:39.0212 2072 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

09:55:39.0231 2072 ACPI - ok

09:55:39.0254 2072 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

09:55:39.0293 2072 AcpiPmi - ok

09:55:39.0333 2072 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

09:55:39.0357 2072 adp94xx - ok

09:55:39.0380 2072 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

09:55:39.0399 2072 adpahci - ok

09:55:39.0417 2072 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

09:55:39.0432 2072 adpu320 - ok

09:55:39.0494 2072 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

09:55:39.0537 2072 AFD - ok

09:55:39.0560 2072 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

09:55:39.0572 2072 agp440 - ok

09:55:39.0608 2072 AiCharger (14370049d8c9912eac7603809a77c378) C:\Windows\system32\DRIVERS\AiCharger.sys

09:55:39.0679 2072 AiCharger - ok

09:55:39.0728 2072 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

09:55:39.0739 2072 aliide - ok

09:55:39.0785 2072 amdhub30 (f1a84d67a03f7536ebda9db426ef0e00) C:\Windows\system32\DRIVERS\amdhub30.sys

09:55:39.0797 2072 amdhub30 - ok

09:55:39.0807 2072 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

09:55:39.0818 2072 amdide - ok

09:55:39.0845 2072 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys

09:55:39.0856 2072 amdiox64 - ok

09:55:39.0876 2072 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

09:55:39.0909 2072 AmdK8 - ok

09:55:40.0099 2072 amdkmdag (73b928832ddef61b21f64e88aac65e92) C:\Windows\system32\DRIVERS\atikmdag.sys

09:55:40.0415 2072 amdkmdag - ok

09:55:40.0453 2072 amdkmdap (bd6e1fed09fc69482e61a486968e5ddf) C:\Windows\system32\DRIVERS\atikmpag.sys

09:55:40.0485 2072 amdkmdap - ok

09:55:40.0519 2072 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

09:55:40.0545 2072 AmdPPM - ok

09:55:40.0587 2072 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

09:55:40.0599 2072 amdsata - ok

09:55:40.0634 2072 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

09:55:40.0649 2072 amdsbs - ok

09:55:40.0667 2072 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

09:55:40.0678 2072 amdxata - ok

09:55:40.0710 2072 amdxhc (d8c25ff90e2e8fc7cbe26e2203ec4757) C:\Windows\system32\DRIVERS\amdxhc.sys

09:55:40.0724 2072 amdxhc - ok

09:55:40.0749 2072 amd_sata (bb4fe7889db9cbbe61a308e99697f53c) C:\Windows\system32\DRIVERS\amd_sata.sys

09:55:40.0758 2072 amd_sata - ok

09:55:40.0769 2072 amd_xata (5631cba53f1cbea3f9e88348e6723391) C:\Windows\system32\DRIVERS\amd_xata.sys

09:55:40.0780 2072 amd_xata - ok

09:55:40.0846 2072 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

09:55:40.0979 2072 AppID - ok

09:55:41.0065 2072 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

09:55:41.0078 2072 arc - ok

09:55:41.0093 2072 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

09:55:41.0106 2072 arcsas - ok

09:55:41.0168 2072 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys

09:55:41.0177 2072 ASMMAP64 - ok

09:55:41.0208 2072 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

09:55:41.0279 2072 AsyncMac - ok

09:55:41.0306 2072 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

09:55:41.0317 2072 atapi - ok

09:55:41.0371 2072 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys

09:55:41.0439 2072 athr - ok

09:55:41.0496 2072 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys

09:55:41.0510 2072 AtiHDAudioService - ok

09:55:41.0577 2072 ATKWMIACPIIO (ac31727f9946e9009480708e4d1b9986) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys

09:55:41.0586 2072 ATKWMIACPIIO - ok

09:55:41.0646 2072 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

09:55:41.0686 2072 b06bdrv - ok

09:55:41.0709 2072 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

09:55:41.0737 2072 b57nd60a - ok

09:55:41.0761 2072 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

09:55:41.0814 2072 Beep - ok

09:55:41.0847 2072 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

09:55:41.0868 2072 blbdrive - ok

09:55:41.0892 2072 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

09:55:41.0918 2072 bowser - ok

09:55:41.0950 2072 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

09:55:42.0006 2072 BrFiltLo - ok

09:55:42.0014 2072 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

09:55:42.0033 2072 BrFiltUp - ok

09:55:42.0073 2072 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

09:55:42.0116 2072 Brserid - ok

09:55:42.0126 2072 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

09:55:42.0157 2072 BrSerWdm - ok

09:55:42.0177 2072 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

09:55:42.0206 2072 BrUsbMdm - ok

09:55:42.0215 2072 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

09:55:42.0238 2072 BrUsbSer - ok

09:55:42.0271 2072 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

09:55:42.0288 2072 BthEnum - ok

09:55:42.0323 2072 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

09:55:42.0351 2072 BTHMODEM - ok

09:55:42.0366 2072 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

09:55:42.0401 2072 BthPan - ok

09:55:42.0449 2072 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

09:55:42.0485 2072 BTHPORT - ok

09:55:42.0513 2072 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

09:55:42.0542 2072 BTHUSB - ok

09:55:42.0573 2072 catchme - ok

09:55:42.0609 2072 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

09:55:42.0661 2072 cdfs - ok

09:55:42.0695 2072 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

09:55:42.0727 2072 cdrom - ok

09:55:42.0760 2072 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

09:55:42.0786 2072 circlass - ok

09:55:42.0819 2072 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

09:55:42.0838 2072 CLFS - ok

09:55:42.0877 2072 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

09:55:42.0894 2072 CmBatt - ok

09:55:42.0908 2072 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

09:55:42.0920 2072 cmdide - ok

09:55:42.0941 2072 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

09:55:42.0984 2072 CNG - ok

09:55:43.0003 2072 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

09:55:43.0014 2072 Compbatt - ok

09:55:43.0035 2072 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

09:55:43.0066 2072 CompositeBus - ok

09:55:43.0086 2072 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

09:55:43.0097 2072 crcdisk - ok

09:55:43.0126 2072 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

09:55:43.0173 2072 DfsC - ok

09:55:43.0185 2072 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

09:55:43.0244 2072 discache - ok

09:55:43.0280 2072 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

09:55:43.0293 2072 Disk - ok

09:55:43.0326 2072 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

09:55:43.0360 2072 drmkaud - ok

09:55:43.0389 2072 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

09:55:43.0421 2072 DXGKrnl - ok

09:55:43.0538 2072 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

09:55:43.0632 2072 ebdrv - ok

09:55:43.0707 2072 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

09:55:43.0730 2072 elxstor - ok

09:55:43.0744 2072 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

09:55:43.0778 2072 ErrDev - ok

09:55:43.0834 2072 ETD (4c120d2b2ea269eae7a5744794eb6db1) C:\Windows\system32\DRIVERS\ETD.sys

09:55:43.0848 2072 ETD - ok

09:55:43.0877 2072 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

09:55:43.0933 2072 exfat - ok

09:55:43.0967 2072 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

09:55:44.0023 2072 fastfat - ok

09:55:44.0044 2072 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

09:55:44.0078 2072 fdc - ok

09:55:44.0115 2072 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

09:55:44.0127 2072 FileInfo - ok

09:55:44.0136 2072 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

09:55:44.0186 2072 Filetrace - ok

09:55:44.0211 2072 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

09:55:44.0226 2072 flpydisk - ok

09:55:44.0259 2072 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

09:55:44.0276 2072 FltMgr - ok

09:55:44.0293 2072 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

09:55:44.0305 2072 FsDepends - ok

09:55:44.0343 2072 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys

09:55:44.0354 2072 fssfltr - ok

09:55:44.0373 2072 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

09:55:44.0384 2072 Fs_Rec - ok

09:55:44.0409 2072 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

09:55:44.0427 2072 fvevol - ok

09:55:44.0457 2072 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

09:55:44.0469 2072 gagp30kx - ok

09:55:44.0516 2072 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

09:55:44.0552 2072 hcw85cir - ok

09:55:44.0584 2072 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

09:55:44.0618 2072 HdAudAddService - ok

09:55:44.0644 2072 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

09:55:44.0672 2072 HDAudBus - ok

09:55:44.0682 2072 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

09:55:44.0706 2072 HidBatt - ok

09:55:44.0716 2072 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

09:55:44.0749 2072 HidBth - ok

09:55:44.0769 2072 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

09:55:44.0797 2072 HidIr - ok

09:55:44.0833 2072 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

09:55:44.0855 2072 HidUsb - ok

09:55:44.0881 2072 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

09:55:44.0894 2072 HpSAMD - ok

09:55:44.0934 2072 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

09:55:45.0004 2072 HTTP - ok

09:55:45.0013 2072 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

09:55:45.0023 2072 hwpolicy - ok

09:55:45.0033 2072 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

09:55:45.0049 2072 i8042prt - ok

09:55:45.0085 2072 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

09:55:45.0104 2072 iaStorV - ok

09:55:45.0147 2072 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

09:55:45.0159 2072 iirsp - ok

09:55:45.0241 2072 IntcAzAudAddService (9f573c952961f444f400489e81eca381) C:\Windows\system32\drivers\RTKVHD64.sys

09:55:45.0332 2072 IntcAzAudAddService - ok

09:55:45.0371 2072 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

09:55:45.0382 2072 intelide - ok

09:55:45.0407 2072 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys

09:55:45.0431 2072 intelppm - ok

09:55:45.0444 2072 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

09:55:45.0486 2072 IpFilterDriver - ok

09:55:45.0507 2072 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

09:55:45.0543 2072 IPMIDRV - ok

09:55:45.0556 2072 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

09:55:45.0608 2072 IPNAT - ok

09:55:45.0637 2072 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

09:55:45.0666 2072 IRENUM - ok

09:55:45.0686 2072 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

09:55:45.0697 2072 isapnp - ok

09:55:45.0717 2072 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

09:55:45.0735 2072 iScsiPrt - ok

09:55:45.0758 2072 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

09:55:45.0769 2072 kbdclass - ok

09:55:45.0791 2072 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

09:55:45.0815 2072 kbdhid - ok

09:55:45.0834 2072 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys

09:55:45.0843 2072 kbfiltr - ok

09:55:45.0863 2072 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

09:55:45.0877 2072 KSecDD - ok

09:55:45.0887 2072 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

09:55:45.0901 2072 KSecPkg - ok

09:55:45.0937 2072 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

09:55:45.0991 2072 ksthunk - ok

09:55:46.0032 2072 L1C (033b4aed2c5519072c0d81e00804d003) C:\Windows\system32\DRIVERS\L1C62x64.sys

09:55:46.0058 2072 L1C - ok

09:55:46.0096 2072 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

09:55:46.0143 2072 lltdio - ok

09:55:46.0183 2072 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

09:55:46.0198 2072 LSI_FC - ok

09:55:46.0213 2072 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

09:55:46.0226 2072 LSI_SAS - ok

09:55:46.0241 2072 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

09:55:46.0253 2072 LSI_SAS2 - ok

09:55:46.0271 2072 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

09:55:46.0284 2072 LSI_SCSI - ok

09:55:46.0315 2072 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

09:55:46.0370 2072 luafv - ok

09:55:46.0412 2072 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

09:55:46.0422 2072 MBAMProtector - ok

09:55:46.0461 2072 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

09:55:46.0473 2072 megasas - ok

09:55:46.0490 2072 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

09:55:46.0507 2072 MegaSR - ok

09:55:46.0542 2072 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

09:55:46.0600 2072 Modem - ok

09:55:46.0631 2072 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

09:55:46.0656 2072 monitor - ok

09:55:46.0676 2072 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

09:55:46.0688 2072 mouclass - ok

09:55:46.0712 2072 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

09:55:46.0733 2072 mouhid - ok

09:55:46.0748 2072 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

09:55:46.0761 2072 mountmgr - ok

09:55:46.0803 2072 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

09:55:46.0817 2072 mpio - ok

09:55:46.0832 2072 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

09:55:46.0874 2072 mpsdrv - ok

09:55:46.0898 2072 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

09:55:46.0944 2072 MRxDAV - ok

09:55:46.0968 2072 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

09:55:46.0998 2072 mrxsmb - ok

09:55:47.0018 2072 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

09:55:47.0049 2072 mrxsmb10 - ok

09:55:47.0074 2072 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

09:55:47.0105 2072 mrxsmb20 - ok

09:55:47.0129 2072 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

09:55:47.0140 2072 msahci - ok

09:55:47.0158 2072 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

09:55:47.0172 2072 msdsm - ok

09:55:47.0196 2072 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

09:55:47.0238 2072 Msfs - ok

09:55:47.0246 2072 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

09:55:47.0300 2072 mshidkmdf - ok

09:55:47.0311 2072 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

09:55:47.0322 2072 msisadrv - ok

09:55:47.0359 2072 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

09:55:47.0406 2072 MSKSSRV - ok

09:55:47.0425 2072 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

09:55:47.0475 2072 MSPCLOCK - ok

09:55:47.0493 2072 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

09:55:47.0539 2072 MSPQM - ok

09:55:47.0565 2072 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

09:55:47.0584 2072 MsRPC - ok

09:55:47.0597 2072 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

09:55:47.0608 2072 mssmbios - ok

09:55:47.0626 2072 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

09:55:47.0672 2072 MSTEE - ok

09:55:47.0692 2072 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

09:55:47.0714 2072 MTConfig - ok

09:55:47.0730 2072 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

09:55:47.0741 2072 Mup - ok

09:55:47.0787 2072 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

09:55:47.0821 2072 NativeWifiP - ok

09:55:47.0866 2072 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

09:55:47.0898 2072 NDIS - ok

09:55:47.0943 2072 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

09:55:48.0003 2072 NdisCap - ok

09:55:48.0018 2072 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

09:55:48.0067 2072 NdisTapi - ok

09:55:48.0084 2072 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

09:55:48.0133 2072 Ndisuio - ok

09:55:48.0143 2072 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

09:55:48.0192 2072 NdisWan - ok

09:55:48.0202 2072 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

09:55:48.0246 2072 NDProxy - ok

09:55:48.0256 2072 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

09:55:48.0307 2072 NetBIOS - ok

09:55:48.0322 2072 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

09:55:48.0376 2072 NetBT - ok

09:55:48.0421 2072 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

09:55:48.0433 2072 nfrd960 - ok

09:55:48.0464 2072 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

09:55:48.0513 2072 Npfs - ok

09:55:48.0525 2072 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

09:55:48.0570 2072 nsiproxy - ok

09:55:48.0622 2072 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

09:55:48.0678 2072 Ntfs - ok

09:55:48.0693 2072 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

09:55:48.0743 2072 Null - ok

09:55:48.0768 2072 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

09:55:48.0782 2072 nvraid - ok

09:55:48.0803 2072 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

09:55:48.0819 2072 nvstor - ok

09:55:48.0854 2072 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

09:55:48.0868 2072 nv_agp - ok

09:55:48.0882 2072 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

09:55:48.0910 2072 ohci1394 - ok

09:55:48.0936 2072 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

09:55:48.0953 2072 Parport - ok

09:55:48.0973 2072 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

09:55:48.0987 2072 partmgr - ok

09:55:49.0008 2072 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

09:55:49.0023 2072 pci - ok

09:55:49.0032 2072 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

09:55:49.0043 2072 pciide - ok

09:55:49.0062 2072 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

09:55:49.0078 2072 pcmcia - ok

09:55:49.0088 2072 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

09:55:49.0100 2072 pcw - ok

09:55:49.0125 2072 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

09:55:49.0177 2072 PEAUTH - ok

09:55:49.0244 2072 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

09:55:49.0293 2072 PptpMiniport - ok

09:55:49.0311 2072 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

09:55:49.0338 2072 Processor - ok

09:55:49.0368 2072 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

09:55:49.0422 2072 Psched - ok

09:55:49.0466 2072 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

09:55:49.0525 2072 ql2300 - ok

09:55:49.0547 2072 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

09:55:49.0560 2072 ql40xx - ok

09:55:49.0587 2072 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

09:55:49.0614 2072 QWAVEdrv - ok

09:55:49.0628 2072 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

09:55:49.0669 2072 RasAcd - ok

09:55:49.0702 2072 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

09:55:49.0745 2072 RasAgileVpn - ok

09:55:49.0770 2072 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

09:55:49.0823 2072 Rasl2tp - ok

09:55:49.0837 2072 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

09:55:49.0885 2072 RasPppoe - ok

09:55:49.0903 2072 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

09:55:49.0957 2072 RasSstp - ok

09:55:49.0983 2072 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

09:55:50.0037 2072 rdbss - ok

09:55:50.0052 2072 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

09:55:50.0084 2072 rdpbus - ok

09:55:50.0095 2072 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

09:55:50.0140 2072 RDPCDD - ok

09:55:50.0165 2072 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

09:55:50.0217 2072 RDPENCDD - ok

09:55:50.0230 2072 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

09:55:50.0303 2072 RDPREFMP - ok

09:55:50.0326 2072 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

09:55:50.0380 2072 RDPWD - ok

09:55:50.0401 2072 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

09:55:50.0416 2072 rdyboost - ok

09:55:50.0463 2072 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

09:55:50.0490 2072 RFCOMM - ok

09:55:50.0527 2072 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

09:55:50.0570 2072 rspndr - ok

09:55:50.0610 2072 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\Windows\system32\Drivers\RtsUStor.sys

09:55:50.0622 2072 RSUSBSTOR - ok

09:55:50.0668 2072 RTL8167 (16d4e350420baa7e63e16e3fc033e1f5) C:\Windows\system32\DRIVERS\Rt64win7.sys

09:55:50.0688 2072 RTL8167 - ok

09:55:50.0761 2072 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

09:55:50.0771 2072 SASDIFSV - ok

09:55:50.0789 2072 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

09:55:50.0799 2072 SASKUTIL - ok

09:55:50.0863 2072 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

09:55:50.0877 2072 sbp2port - ok

09:55:50.0899 2072 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

09:55:50.0949 2072 scfilter - ok

09:55:50.0988 2072 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys

09:55:51.0021 2072 sdbus - ok

09:55:51.0045 2072 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

09:55:51.0097 2072 secdrv - ok

09:55:51.0131 2072 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

09:55:51.0155 2072 Serenum - ok

09:55:51.0172 2072 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

09:55:51.0197 2072 Serial - ok

09:55:51.0216 2072 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

09:55:51.0243 2072 sermouse - ok

09:55:51.0265 2072 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

09:55:51.0289 2072 sffdisk - ok

09:55:51.0300 2072 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

09:55:51.0331 2072 sffp_mmc - ok

09:55:51.0341 2072 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

09:55:51.0361 2072 sffp_sd - ok

09:55:51.0372 2072 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

09:55:51.0389 2072 sfloppy - ok

09:55:51.0440 2072 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys

09:55:51.0467 2072 SiSGbeLH - ok

09:55:51.0494 2072 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

09:55:51.0506 2072 SiSRaid2 - ok

09:55:51.0523 2072 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

09:55:51.0536 2072 SiSRaid4 - ok

09:55:51.0552 2072 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

09:55:51.0606 2072 Smb - ok

09:55:51.0642 2072 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

09:55:51.0654 2072 spldr - ok

09:55:51.0696 2072 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

09:55:51.0725 2072 srv - ok

09:55:51.0750 2072 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

09:55:51.0777 2072 srv2 - ok

09:55:51.0794 2072 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

09:55:51.0823 2072 srvnet - ok

09:55:51.0867 2072 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

09:55:51.0882 2072 stexstor - ok

09:55:51.0909 2072 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

09:55:51.0920 2072 swenum - ok

09:55:51.0991 2072 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

09:55:52.0035 2072 Tcpip - ok

09:55:52.0090 2072 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

09:55:52.0134 2072 TCPIP6 - ok

09:55:52.0158 2072 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

09:55:52.0203 2072 tcpipreg - ok

09:55:52.0225 2072 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

09:55:52.0273 2072 TDPIPE - ok

09:55:52.0282 2072 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

09:55:52.0323 2072 TDTCP - ok

09:55:52.0349 2072 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

09:55:52.0397 2072 tdx - ok

09:55:52.0407 2072 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

09:55:52.0419 2072 TermDD - ok

09:55:52.0479 2072 tmactmon (73aaffdd2ac3c8814b26c440e5dd9dd4) C:\Windows\system32\DRIVERS\tmactmon.sys

09:55:52.0491 2072 tmactmon - ok

09:55:52.0508 2072 tmcomm (360e61217d4e1e333583d0c721057f70) C:\Windows\system32\DRIVERS\tmcomm.sys

09:55:52.0520 2072 tmcomm - ok

09:55:52.0537 2072 tmevtmgr (699d34eb7c670139ca23a65372bd5743) C:\Windows\system32\DRIVERS\tmevtmgr.sys

09:55:52.0547 2072 tmevtmgr - ok

09:55:52.0575 2072 tmtdi (262198efb734012bfcd17e7479ae4a09) C:\Windows\system32\DRIVERS\tmtdi.sys

09:55:52.0586 2072 tmtdi - ok

09:55:52.0621 2072 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

09:55:52.0670 2072 tssecsrv - ok

09:55:52.0698 2072 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

09:55:52.0734 2072 TsUsbFlt - ok

09:55:52.0744 2072 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

09:55:52.0759 2072 TsUsbGD - ok

09:55:52.0780 2072 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

09:55:52.0836 2072 tunnel - ok

09:55:52.0858 2072 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

09:55:52.0871 2072 uagp35 - ok

09:55:52.0890 2072 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

09:55:52.0947 2072 udfs - ok

09:55:52.0977 2072 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

09:55:52.0989 2072 uliagpkx - ok

09:55:53.0009 2072 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

09:55:53.0026 2072 umbus - ok

09:55:53.0036 2072 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

09:55:53.0053 2072 UmPass - ok

09:55:53.0082 2072 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

09:55:53.0100 2072 usbccgp - ok

09:55:53.0118 2072 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

09:55:53.0145 2072 usbcir - ok

09:55:53.0163 2072 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

09:55:53.0182 2072 usbehci - ok

09:55:53.0214 2072 usbfilter (b7037444dc5138fc7d3d3968b4de5c4b) C:\Windows\system32\DRIVERS\usbfilter.sys

09:55:53.0224 2072 usbfilter - ok

09:55:53.0251 2072 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

09:55:53.0281 2072 usbhub - ok

09:55:53.0301 2072 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

09:55:53.0330 2072 usbohci - ok

09:55:53.0356 2072 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

09:55:53.0375 2072 usbprint - ok

09:55:53.0400 2072 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS

09:55:53.0428 2072 USBSTOR - ok

09:55:53.0444 2072 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

09:55:53.0466 2072 usbuhci - ok

09:55:53.0497 2072 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

09:55:53.0525 2072 usbvideo - ok

09:55:53.0541 2072 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

09:55:53.0553 2072 vdrvroot - ok

09:55:53.0578 2072 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

09:55:53.0598 2072 vga - ok

09:55:53.0608 2072 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

09:55:53.0658 2072 VgaSave - ok

09:55:53.0682 2072 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

09:55:53.0698 2072 vhdmp - ok

09:55:53.0716 2072 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

09:55:53.0728 2072 viaide - ok

09:55:53.0746 2072 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

09:55:53.0759 2072 volmgr - ok

09:55:53.0777 2072 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

09:55:53.0796 2072 volmgrx - ok

09:55:53.0810 2072 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

09:55:53.0826 2072 volsnap - ok

09:55:53.0848 2072 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

09:55:53.0863 2072 vsmraid - ok

09:55:53.0886 2072 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

09:55:53.0920 2072 vwifibus - ok

09:55:53.0930 2072 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

09:55:53.0959 2072 vwififlt - ok

09:55:53.0980 2072 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

09:55:54.0004 2072 WacomPen - ok

09:55:54.0036 2072 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

09:55:54.0090 2072 WANARP - ok

09:55:54.0095 2072 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

09:55:54.0137 2072 Wanarpv6 - ok

09:55:54.0168 2072 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

09:55:54.0180 2072 Wd - ok

09:55:54.0211 2072 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

09:55:54.0238 2072 Wdf01000 - ok

09:55:54.0277 2072 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

09:55:54.0327 2072 WfpLwf - ok

09:55:54.0357 2072 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys

09:55:54.0372 2072 WimFltr - ok

09:55:54.0392 2072 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

09:55:54.0404 2072 WIMMount - ok

09:55:54.0463 2072 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

09:55:54.0490 2072 WmiAcpi - ok

09:55:54.0527 2072 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

09:55:54.0574 2072 ws2ifsl - ok

09:55:54.0605 2072 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

09:55:54.0660 2072 WudfPf - ok

09:55:54.0685 2072 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

09:55:54.0741 2072 WUDFRd - ok

09:55:54.0786 2072 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

09:55:54.0964 2072 \Device\Harddisk0\DR0 - ok

09:55:54.0968 2072 Boot (0x1200) (76956dffe1dc17865cf1f01658f364fa) \Device\Harddisk0\DR0\Partition0

09:55:54.0969 2072 \Device\Harddisk0\DR0\Partition0 - ok

09:55:54.0997 2072 Boot (0x1200) (e22c73821519384b1cfe0da80e1c4e2a) \Device\Harddisk0\DR0\Partition1

09:55:54.0999 2072 \Device\Harddisk0\DR0\Partition1 - ok

09:55:54.0999 2072 ============================================================

09:55:54.0999 2072 Scan finished

09:55:54.0999 2072 ============================================================

09:55:55.0015 3036 Detected object count: 0

09:55:55.0015 3036 Actual detected object count: 0

Share this post


Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Share this post


Link to post
Share on other sites

ComboFix 12-01-01.02 - Alexis 01/01/2012 10:28:19.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3561.2054 [GMT -8:00]

Running from: c:\users\Alexis\Desktop\ComboFix.exe

AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_wuauserv

.

.

((((((((((((((((((((((((( Files Created from 2011-12-01 to 2012-01-01 )))))))))))))))))))))))))))))))

.

.

2012-01-01 18:37 . 2012-01-01 18:37 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-30 05:13 . 2011-12-30 05:14 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-12-30 05:13 . 2011-12-30 05:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-12-30 02:15 . 2011-12-30 02:15 -------- d-----w- c:\programdata\Malwarebytes

2011-12-30 02:15 . 2011-12-30 04:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-12-30 02:15 . 2011-12-10 23:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-30 02:07 . 2011-12-30 02:07 191760 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys

2011-12-29 03:16 . 2008-07-31 18:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll

2011-12-29 03:16 . 2008-07-31 18:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll

2011-12-29 03:16 . 2008-07-12 16:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll

2011-12-29 03:16 . 2008-07-12 16:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll

2011-12-29 03:16 . 2008-07-12 16:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll

2011-12-29 03:13 . 2011-12-29 03:13 -------- d-----w- C:\Riot Games

2011-12-27 22:13 . 2011-12-29 10:54 -------- d-----w- c:\programdata\PMB Files

2011-12-27 22:13 . 2011-12-27 22:13 -------- d-----w- c:\program files (x86)\Pando Networks

2011-12-26 16:55 . 2010-08-03 23:30 196224 ----a-w- c:\program files\Windows Sidebar\Shared Gadgets\P4GUpdate.Gadget\P4GUpdate.dll

2011-12-26 16:55 . 2011-12-26 16:55 -------- d-----w- c:\programdata\P4G

2011-12-26 13:14 . 2011-12-26 13:14 -------- d-----w- c:\program files (x86)\AMD APP

2011-12-26 13:14 . 2011-12-26 13:14 -------- d-----w- c:\program files\Common Files\ATI Technologies

2011-12-26 13:14 . 2011-12-26 13:14 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2011-12-26 13:12 . 2011-12-26 13:12 -------- d-----w- c:\program files\ATI Technologies

2011-12-26 13:12 . 2011-08-18 12:44 53376 ----a-w- c:\windows\system32\drivers\usbfilter.sys

2011-12-26 13:11 . 2011-12-26 13:13 -------- d-----w- c:\program files (x86)\ATI Technologies

2011-12-26 13:11 . 2011-07-16 12:53 96896 ----a-w- c:\windows\system32\drivers\amdhub30.sys

2011-12-26 13:11 . 2011-07-16 12:53 214144 ----a-w- c:\windows\system32\drivers\amdxhc.sys

2011-12-26 12:53 . 2011-12-26 12:53 -------- d-----w- c:\windows\SysWow64\Wat

2011-12-26 12:53 . 2011-12-26 12:53 -------- d-----w- c:\windows\system32\Wat

2011-12-26 12:09 . 2011-12-26 12:09 -------- d-----w- c:\program files (x86)\Microsoft.NET

2011-12-25 16:59 . 2011-12-25 16:59 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-25 16:59 . 2011-12-25 16:59 -------- d-----w- c:\windows\system32\Macromed

2011-12-25 08:33 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-12-24 09:39 . 2011-12-24 09:39 -------- d-----w- c:\programdata\ASUS

2011-12-24 09:37 . 2011-12-24 09:37 -------- d-----w- c:\programdata\AIM

2011-12-24 09:36 . 2011-12-24 09:37 -------- d-----w- c:\program files (x86)\AIM

2011-12-24 09:36 . 2011-12-24 09:36 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility

2011-12-24 09:36 . 2011-12-24 09:36 -------- d-----w- c:\program files (x86)\Common Files\AOL

2011-12-24 06:10 . 2011-12-24 06:10 -------- d-----w- c:\programdata\FolderView

2011-12-24 06:10 . 2011-12-31 07:03 -------- d-----w- C:\ASUS.DAT

2011-12-24 06:10 . 2011-12-29 04:00 -------- d-----w- c:\users\Alexis

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-01 18:39 . 2011-07-30 01:27 45056 ----a-w- c:\windows\system32\acovcnt.exe

2011-12-24 06:10 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-10-04 20:14 . 2011-10-04 20:14 768848 ----a-w- c:\windows\SysWow64\msvcr100.dll

2011-10-04 20:14 . 2011-10-04 20:14 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-12-30_04.01.06 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-02-18 20:13 . 2011-12-30 05:25 27150 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-12-31 07:04 40418 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 04:46 . 2011-12-31 07:06 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2011-04-02 04:37 . 2011-04-02 04:37 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

+ 2011-04-02 04:37 . 2011-12-31 23:46 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

+ 2011-12-24 06:04 . 2011-12-31 07:04 5162 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1239031536-485061120-2446755693-1001_UserData.bin

+ 2012-01-01 18:38 . 2012-01-01 18:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-12-30 02:23 . 2011-12-30 02:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-12-30 02:23 . 2011-12-30 02:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-01-01 18:38 . 2012-01-01 18:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-12-25 08:24 . 2012-01-01 17:22 209230 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

+ 2011-12-24 09:25 . 2011-12-31 01:50 174444 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-07-14 02:36 . 2011-12-31 23:46 635590 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-12-30 02:28 635590 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-12-31 23:46 110274 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2011-12-30 02:28 110274 c:\windows\system32\perfc009.dat

- 2011-07-29 10:41 . 2011-12-30 02:23 277264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-07-29 10:41 . 2012-01-01 18:38 277264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2009-07-14 05:01 . 2011-12-30 02:23 230264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-01-01 18:38 230264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-12-24 09:43 . 2011-12-30 02:02 610704 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1239031536-485061120-2446755693-1001-12288.dat

+ 2011-12-24 09:43 . 2011-12-30 05:23 610704 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1239031536-485061120-2446755693-1001-12288.dat

+ 2011-12-24 09:43 . 2012-01-01 18:38 9769366 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1239031536-485061120-2446755693-1001-8192.dat

+ 2011-04-16 08:14 . 2011-04-16 08:14 3186176 c:\windows\Installer\75ec50f.msi

+ 2011-12-20 00:30 . 2011-12-20 00:30 7976448 c:\windows\Installer\5bb2d5b.msi

+ 2011-04-16 16:44 . 2011-04-16 16:44 2770944 c:\windows\Installer\1e6f966.msi

+ 2011-12-31 15:55 . 2011-12-31 15:55 20333568 c:\windows\Installer\1e6f971.msp

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2011-04-02 04:36 433648 ----a-w- c:\programdata\Partner\Partner.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-05-03 4321112]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 5486464]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-02 2018032]

"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]

"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"USBChargerPlusTray"="c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe" [2011-04-18 496560]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-09-13 2317312]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-1 548528]

FancyStart daemon.lnk - c:\windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe [2011-12-26 12862]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 135664]

R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 135664]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]

R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2011-04-02 332272]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-28 361984]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-25 652872]

S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]

S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]

S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [x]

S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [x]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36]

.

2012-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36]

.

2012-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1239031536-485061120-2446755693-1001Core.job

- c:\users\Alexis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 06:04]

.

2012-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1239031536-485061120-2446755693-1001UA.job

- c:\users\Alexis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 06:04]

.

2012-01-01 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 498fcc95-3633-4b91-846c-b1e58f224461.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

2012-01-01 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task ceb0b3be-15af-4283-b2cd-bdc3c269280c.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2011-04-02 04:36 750064 ----a-w- c:\programdata\Partner\Partner64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]

"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-17 322384]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-22 2226280]

"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU]

"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [bU]

"combofix"="c:\combofix\CF12003.3XE" [2010-11-20 345088]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3007394

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

FF - ProfilePath - c:\users\Alexis\AppData\Roaming\Mozilla\Firefox\Profiles\n89g5flp.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - WhiteSmoke Bar Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://www.basicscan.com/?tmp=nemo_results_removelink&prt=BscscnPB&keywords=

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

c:\program files (x86)\ASUS\FaceLogon\sensorsrv.exe

c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

c:\program files (x86)\ASUS\Splendid\ACMON.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

c:\program files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe

.

**************************************************************************

.

Completion time: 2012-01-01 10:42:06 - machine was rebooted

ComboFix-quarantined-files.txt 2012-01-01 18:42

ComboFix2.txt 2011-12-30 04:05

.

Pre-Run: 166,326,415,360 bytes free

Post-Run: 166,113,878,016 bytes free

.

- - End Of File - - 820C12211684D405A7623DA817E9F1E9

Share this post


Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

DDS::

FF - prefs.js: browser.search.selectedEngine - WhiteSmoke Bar Customized Web Search

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

----------------------------

also..........

Please Update and run a Quick Scan with MBAM, post the report.

Please let me know how it is, MrC

Share this post


Link to post
Share on other sites

The search is on my Firefox, and the homepage still comes up as Conduit.com/Bing on my internet explorer.

Malwarebytes Anti-Malware (Trial) 1.60.0.1800

www.malwarebytes.org

Database version: v2011.12.31.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Alexis :: BLANKYMUN [administrator]

Protection: Enabled

1/1/2012 11:45:16 AM

mbam-log-2012-01-01 (11-45-16).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 173816

Time elapsed: 2 minute(s), 13 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

ComboFix 12-01-01.02 - Alexis 01/01/2012 11:17:13.3.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3561.2335 [GMT -8:00]

Running from: c:\users\Alexis\Desktop\ComboFix.exe

Command switches used :: c:\users\Alexis\Desktop\CFScript.txt

AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_wuauserv

.

.

((((((((((((((((((((((((( Files Created from 2011-12-01 to 2012-01-01 )))))))))))))))))))))))))))))))

.

.

2012-01-01 19:25 . 2012-01-01 19:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-30 05:13 . 2011-12-30 05:14 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-12-30 05:13 . 2011-12-30 05:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-12-30 02:15 . 2011-12-30 02:15 -------- d-----w- c:\programdata\Malwarebytes

2011-12-30 02:15 . 2011-12-30 04:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-12-30 02:15 . 2011-12-10 23:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-30 02:07 . 2011-12-30 02:07 191760 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys

2011-12-29 03:16 . 2008-07-31 18:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll

2011-12-29 03:16 . 2008-07-31 18:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll

2011-12-29 03:16 . 2008-07-12 16:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll

2011-12-29 03:16 . 2008-07-12 16:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll

2011-12-29 03:16 . 2008-07-12 16:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll

2011-12-29 03:13 . 2011-12-29 03:13 -------- d-----w- C:\Riot Games

2011-12-27 22:13 . 2011-12-29 10:54 -------- d-----w- c:\programdata\PMB Files

2011-12-27 22:13 . 2011-12-27 22:13 -------- d-----w- c:\program files (x86)\Pando Networks

2011-12-26 16:55 . 2010-08-03 23:30 196224 ----a-w- c:\program files\Windows Sidebar\Shared Gadgets\P4GUpdate.Gadget\P4GUpdate.dll

2011-12-26 16:55 . 2011-12-26 16:55 -------- d-----w- c:\programdata\P4G

2011-12-26 13:14 . 2011-12-26 13:14 -------- d-----w- c:\program files (x86)\AMD APP

2011-12-26 13:14 . 2011-12-26 13:14 -------- d-----w- c:\program files\Common Files\ATI Technologies

2011-12-26 13:14 . 2011-12-26 13:14 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2011-12-26 13:12 . 2011-12-26 13:12 -------- d-----w- c:\program files\ATI Technologies

2011-12-26 13:12 . 2011-08-18 12:44 53376 ----a-w- c:\windows\system32\drivers\usbfilter.sys

2011-12-26 13:11 . 2011-12-26 13:13 -------- d-----w- c:\program files (x86)\ATI Technologies

2011-12-26 13:11 . 2011-07-16 12:53 96896 ----a-w- c:\windows\system32\drivers\amdhub30.sys

2011-12-26 13:11 . 2011-07-16 12:53 214144 ----a-w- c:\windows\system32\drivers\amdxhc.sys

2011-12-26 12:53 . 2011-12-26 12:53 -------- d-----w- c:\windows\SysWow64\Wat

2011-12-26 12:53 . 2011-12-26 12:53 -------- d-----w- c:\windows\system32\Wat

2011-12-26 12:09 . 2011-12-26 12:09 -------- d-----w- c:\program files (x86)\Microsoft.NET

2011-12-25 16:59 . 2011-12-25 16:59 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-25 16:59 . 2011-12-25 16:59 -------- d-----w- c:\windows\system32\Macromed

2011-12-25 08:33 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-12-24 09:39 . 2011-12-24 09:39 -------- d-----w- c:\programdata\ASUS

2011-12-24 09:37 . 2011-12-24 09:37 -------- d-----w- c:\programdata\AIM

2011-12-24 09:36 . 2011-12-24 09:37 -------- d-----w- c:\program files (x86)\AIM

2011-12-24 09:36 . 2011-12-24 09:36 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility

2011-12-24 09:36 . 2011-12-24 09:36 -------- d-----w- c:\program files (x86)\Common Files\AOL

2011-12-24 06:10 . 2011-12-24 06:10 -------- d-----w- c:\programdata\FolderView

2011-12-24 06:10 . 2012-01-01 18:44 -------- d-----w- C:\ASUS.DAT

2011-12-24 06:10 . 2011-12-29 04:00 -------- d-----w- c:\users\Alexis

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-01 19:26 . 2011-07-30 01:27 45056 ----a-w- c:\windows\system32\acovcnt.exe

2011-12-24 06:10 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-10-04 20:14 . 2011-10-04 20:14 768848 ----a-w- c:\windows\SysWow64\msvcr100.dll

2011-10-04 20:14 . 2011-10-04 20:14 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-12-30_04.01.06 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-02-18 20:13 . 2012-01-01 18:45 28028 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-01-01 18:45 40860 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2009-07-14 04:46 . 2011-12-29 04:06 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2009-07-14 04:46 . 2012-01-01 18:51 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2011-04-02 04:37 . 2011-04-02 04:37 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

+ 2011-04-02 04:37 . 2011-12-31 23:46 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

+ 2011-12-24 06:04 . 2012-01-01 18:45 5554 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1239031536-485061120-2446755693-1001_UserData.bin

+ 2012-01-01 19:26 . 2012-01-01 19:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-12-30 02:23 . 2011-12-30 02:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-12-25 08:24 . 2012-01-01 17:22 209230 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

+ 2011-12-24 09:25 . 2011-12-31 01:50 174444 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-07-14 02:36 . 2011-12-31 23:46 635590 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-12-30 02:28 635590 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-12-31 23:46 110274 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2011-12-30 02:28 110274 c:\windows\system32\perfc009.dat

+ 2011-07-29 10:41 . 2012-01-01 19:25 277264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2011-07-29 10:41 . 2011-12-30 02:23 277264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2009-07-14 05:01 . 2012-01-01 19:25 230264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2011-12-30 02:23 230264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-12-24 09:43 . 2011-12-30 02:02 610704 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1239031536-485061120-2446755693-1001-12288.dat

+ 2011-12-24 09:43 . 2011-12-30 05:23 610704 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1239031536-485061120-2446755693-1001-12288.dat

- 2009-07-14 04:45 . 2011-12-27 22:40 7111262 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2009-07-14 04:45 . 2012-01-01 18:41 7111262 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2011-12-24 09:43 . 2012-01-01 19:25 9769366 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1239031536-485061120-2446755693-1001-8192.dat

+ 2011-04-16 08:14 . 2011-04-16 08:14 3186176 c:\windows\Installer\75ec50f.msi

+ 2011-12-20 00:30 . 2011-12-20 00:30 7976448 c:\windows\Installer\5bb2d5b.msi

+ 2011-04-16 16:44 . 2011-04-16 16:44 2770944 c:\windows\Installer\1e6f966.msi

+ 2011-12-31 15:55 . 2011-12-31 15:55 20333568 c:\windows\Installer\1e6f971.msp

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2011-04-02 04:36 433648 ----a-w- c:\programdata\Partner\Partner.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-05-03 4321112]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 5486464]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-02 2018032]

"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]

"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"USBChargerPlusTray"="c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe" [2011-04-18 496560]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-09-13 2317312]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-1 548528]

FancyStart daemon.lnk - c:\windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe [2011-12-26 12862]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 135664]

R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 135664]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]

R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2011-04-02 332272]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-28 361984]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-25 652872]

S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]

S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]

S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [x]

S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [x]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36]

.

2012-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36]

.

2012-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1239031536-485061120-2446755693-1001Core.job

- c:\users\Alexis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 06:04]

.

2012-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1239031536-485061120-2446755693-1001UA.job

- c:\users\Alexis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 06:04]

.

2012-01-01 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 498fcc95-3633-4b91-846c-b1e58f224461.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

2012-01-01 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task ceb0b3be-15af-4283-b2cd-bdc3c269280c.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2011-04-02 04:36 750064 ----a-w- c:\programdata\Partner\Partner64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]

"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-17 322384]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-22 2226280]

"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU]

"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [bU]

"combofix"="c:\combofix\CF21692.3XE" [2010-11-20 345088]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3007394

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

FF - ProfilePath - c:\users\Alexis\AppData\Roaming\Mozilla\Firefox\Profiles\n89g5flp.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - WhiteSmoke Bar Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://www.basicscan.com/?tmp=nemo_results_removelink&prt=BscscnPB&keywords=

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

c:\program files (x86)\ASUS\FaceLogon\sensorsrv.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

c:\program files (x86)\ASUS\Splendid\ACMON.exe

c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

c:\program files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe

.

**************************************************************************

.

Completion time: 2012-01-01 11:29:53 - machine was rebooted

ComboFix-quarantined-files.txt 2012-01-01 19:29

ComboFix2.txt 2012-01-01 18:42

ComboFix3.txt 2011-12-30 04:05

.

Pre-Run: 167,290,953,728 bytes free

Post-Run: 166,970,134,528 bytes free

.

- - End Of File - - 3501F18AC7C0231A892950C4C8E5133F

Share this post


Link to post
Share on other sites

You didn't run the script as directed:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

DDS::

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3007394

Firefox::

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - WhiteSmoke Bar Customized Web Search

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

Share this post


Link to post
Share on other sites

When I drag and drop, is it supposed to start automatically? It makes me afraid that I haven't done something right!

ComboFix 12-01-01.06 - Alexis 01/01/2012 20:48:52.5.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3561.2022 [GMT -8:00]

Running from: c:\users\Alexis\Desktop\ComboFix.exe

Command switches used :: c:\users\Alexis\Desktop\CFScript.txt

AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-12-02 to 2012-01-02 )))))))))))))))))))))))))))))))

.

.

2012-01-02 04:56 . 2012-01-02 04:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-30 05:13 . 2011-12-30 05:14 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-12-30 05:13 . 2011-12-30 05:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-12-30 02:15 . 2011-12-30 02:15 -------- d-----w- c:\programdata\Malwarebytes

2011-12-30 02:15 . 2011-12-30 04:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-12-30 02:15 . 2011-12-10 23:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-30 02:07 . 2011-12-30 02:07 191760 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys

2011-12-29 03:16 . 2008-07-31 18:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll

2011-12-29 03:16 . 2008-07-31 18:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll

2011-12-29 03:16 . 2008-07-12 16:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll

2011-12-29 03:16 . 2008-07-12 16:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll

2011-12-29 03:16 . 2008-07-12 16:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll

2011-12-29 03:13 . 2011-12-29 03:13 -------- d-----w- C:\Riot Games

2011-12-27 22:13 . 2011-12-29 10:54 -------- d-----w- c:\programdata\PMB Files

2011-12-27 22:13 . 2011-12-27 22:13 -------- d-----w- c:\program files (x86)\Pando Networks

2011-12-26 16:55 . 2010-08-03 23:30 196224 ----a-w- c:\program files\Windows Sidebar\Shared Gadgets\P4GUpdate.Gadget\P4GUpdate.dll

2011-12-26 16:55 . 2011-12-26 16:55 -------- d-----w- c:\programdata\P4G

2011-12-26 13:14 . 2011-12-26 13:14 -------- d-----w- c:\program files (x86)\AMD APP

2011-12-26 13:14 . 2011-12-26 13:14 -------- d-----w- c:\program files\Common Files\ATI Technologies

2011-12-26 13:14 . 2011-12-26 13:14 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2011-12-26 13:12 . 2011-12-26 13:12 -------- d-----w- c:\program files\ATI Technologies

2011-12-26 13:12 . 2011-08-18 12:44 53376 ----a-w- c:\windows\system32\drivers\usbfilter.sys

2011-12-26 13:11 . 2011-12-26 13:13 -------- d-----w- c:\program files (x86)\ATI Technologies

2011-12-26 13:11 . 2011-07-16 12:53 96896 ----a-w- c:\windows\system32\drivers\amdhub30.sys

2011-12-26 13:11 . 2011-07-16 12:53 214144 ----a-w- c:\windows\system32\drivers\amdxhc.sys

2011-12-26 12:53 . 2011-12-26 12:53 -------- d-----w- c:\windows\SysWow64\Wat

2011-12-26 12:53 . 2011-12-26 12:53 -------- d-----w- c:\windows\system32\Wat

2011-12-26 12:09 . 2011-12-26 12:09 -------- d-----w- c:\program files (x86)\Microsoft.NET

2011-12-25 16:59 . 2011-12-25 16:59 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-25 16:59 . 2011-12-25 16:59 -------- d-----w- c:\windows\system32\Macromed

2011-12-25 08:33 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-12-24 09:39 . 2011-12-24 09:39 -------- d-----w- c:\programdata\ASUS

2011-12-24 09:37 . 2011-12-24 09:37 -------- d-----w- c:\programdata\AIM

2011-12-24 09:36 . 2011-12-24 09:37 -------- d-----w- c:\program files (x86)\AIM

2011-12-24 09:36 . 2011-12-24 09:36 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility

2011-12-24 09:36 . 2011-12-24 09:36 -------- d-----w- c:\program files (x86)\Common Files\AOL

2011-12-24 06:10 . 2011-12-24 06:10 -------- d-----w- c:\programdata\FolderView

2011-12-24 06:10 . 2012-01-01 19:42 -------- d-----w- C:\ASUS.DAT

2011-12-24 06:10 . 2011-12-29 04:00 -------- d-----w- c:\users\Alexis

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-01 19:42 . 2011-07-30 01:27 45056 ----a-w- c:\windows\system32\acovcnt.exe

2011-12-24 06:10 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-10-04 20:14 . 2011-10-04 20:14 768848 ----a-w- c:\windows\SysWow64\msvcr100.dll

2011-10-04 20:14 . 2011-10-04 20:14 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-12-30_04.01.06 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-02-18 20:13 . 2012-01-01 19:44 28300 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-01-01 19:44 40980 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2011-12-24 06:03 . 2011-12-30 01:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-12-24 06:03 . 2012-01-01 20:32 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-12-24 06:03 . 2012-01-01 20:32 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-12-24 06:03 . 2011-12-30 01:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-12-30 01:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-01-01 20:32 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:46 . 2012-01-01 18:51 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2009-07-14 04:46 . 2011-12-29 04:06 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2011-04-02 04:37 . 2011-04-02 04:37 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

+ 2011-04-02 04:37 . 2011-12-31 23:46 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

+ 2011-12-24 06:04 . 2012-01-01 19:44 5682 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1239031536-485061120-2446755693-1001_UserData.bin

+ 2012-01-01 19:42 . 2012-01-01 19:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-12-30 02:23 . 2011-12-30 02:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-12-30 02:23 . 2011-12-30 02:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-01-01 19:42 . 2012-01-01 19:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-12-25 08:24 . 2012-01-01 17:22 209230 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

+ 2011-12-24 09:25 . 2011-12-31 01:50 174444 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2009-07-14 02:36 . 2011-12-30 02:28 635590 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-12-31 23:46 635590 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-12-30 02:28 110274 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2011-12-31 23:46 110274 c:\windows\system32\perfc009.dat

+ 2011-07-29 10:41 . 2012-01-01 19:25 277264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2011-07-29 10:41 . 2011-12-30 02:23 277264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2009-07-14 05:01 . 2011-12-30 02:23 230264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-01-01 19:42 230264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-12-24 09:43 . 2011-12-30 02:02 610704 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1239031536-485061120-2446755693-1001-12288.dat

+ 2011-12-24 09:43 . 2011-12-30 05:23 610704 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1239031536-485061120-2446755693-1001-12288.dat

- 2009-07-14 04:45 . 2011-12-27 22:40 7111262 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2009-07-14 04:45 . 2012-01-01 18:41 7111262 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2011-12-24 09:43 . 2012-01-01 19:25 9769366 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1239031536-485061120-2446755693-1001-8192.dat

+ 2011-04-16 08:14 . 2011-04-16 08:14 3186176 c:\windows\Installer\75ec50f.msi

+ 2011-12-20 00:30 . 2011-12-20 00:30 7976448 c:\windows\Installer\5bb2d5b.msi

+ 2011-04-16 16:44 . 2011-04-16 16:44 2770944 c:\windows\Installer\1e6f966.msi

+ 2011-12-31 15:55 . 2011-12-31 15:55 20333568 c:\windows\Installer\1e6f971.msp

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2011-04-02 04:36 433648 ----a-w- c:\programdata\Partner\Partner.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-05-03 4321112]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 5486464]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-02 2018032]

"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]

"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"USBChargerPlusTray"="c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe" [2011-04-18 496560]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-09-13 2317312]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-1 548528]

FancyStart daemon.lnk - c:\windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe [2011-12-26 12862]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 135664]

R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 135664]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]

R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2011-04-02 332272]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-28 361984]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-25 652872]

S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]

S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]

S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [x]

S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [x]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36]

.

2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36]

.

2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1239031536-485061120-2446755693-1001Core.job

- c:\users\Alexis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 06:04]

.

2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1239031536-485061120-2446755693-1001UA.job

- c:\users\Alexis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 06:04]

.

2012-01-01 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 498fcc95-3633-4b91-846c-b1e58f224461.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

2012-01-01 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task ceb0b3be-15af-4283-b2cd-bdc3c269280c.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2011-04-02 04:36 750064 ----a-w- c:\programdata\Partner\Partner64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]

"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-17 322384]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-22 2226280]

"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU]

"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [bU]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

FF - ProfilePath - c:\users\Alexis\AppData\Roaming\Mozilla\Firefox\Profiles\n89g5flp.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - WhiteSmoke Bar Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://www.basicscan.com/?tmp=nemo_results_removelink&prt=BscscnPB&keywords=

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-01-01 20:59:59

ComboFix-quarantined-files.txt 2012-01-02 04:59

ComboFix2.txt 2012-01-01 19:29

ComboFix3.txt 2012-01-01 18:42

ComboFix4.txt 2011-12-30 04:05

.

Pre-Run: 166,559,563,776 bytes free

Post-Run: 166,271,823,872 bytes free

.

- - End Of File - - 40AF4CA453EEE6008C58B3EB885B62EB

Share this post


Link to post
Share on other sites
When I drag and drop, is it supposed to start automatically? It makes me afraid that I haven't done something right!

Yes it should start automatically, looks like you did it right last time but the entries I want to remove are still there.

Please try it one more time using this script:

--------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

KillAll::

Firefox::

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - WhiteSmoke Bar Customized Web Search

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

Share this post


Link to post
Share on other sites

Still there, stubborn thing.

ComboFix 12-01-02.01 - Alexis 01/02/2012 12:00:11.6.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3561.2174 [GMT -8:00]

Running from: c:\users\Alexis\Desktop\ComboFix.exe

Command switches used :: c:\users\Alexis\Desktop\CFScript.txt

AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-12-02 to 2012-01-02 )))))))))))))))))))))))))))))))

.

.

2012-01-02 20:07 . 2012-01-02 20:07 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-30 05:13 . 2011-12-30 05:14 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-12-30 05:13 . 2011-12-30 05:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-12-30 02:15 . 2011-12-30 02:15 -------- d-----w- c:\programdata\Malwarebytes

2011-12-30 02:15 . 2011-12-30 04:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-12-30 02:15 . 2011-12-10 23:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-30 02:07 . 2011-12-30 02:07 191760 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys

2011-12-29 03:16 . 2008-07-31 18:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll

2011-12-29 03:16 . 2008-07-31 18:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll

2011-12-29 03:16 . 2008-07-12 16:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll

2011-12-29 03:16 . 2008-07-12 16:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll

2011-12-29 03:16 . 2008-07-12 16:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll

2011-12-29 03:13 . 2011-12-29 03:13 -------- d-----w- C:\Riot Games

2011-12-27 22:13 . 2011-12-29 10:54 -------- d-----w- c:\programdata\PMB Files

2011-12-27 22:13 . 2011-12-27 22:13 -------- d-----w- c:\program files (x86)\Pando Networks

2011-12-26 16:55 . 2010-08-03 23:30 196224 ----a-w- c:\program files\Windows Sidebar\Shared Gadgets\P4GUpdate.Gadget\P4GUpdate.dll

2011-12-26 16:55 . 2011-12-26 16:55 -------- d-----w- c:\programdata\P4G

2011-12-26 13:14 . 2011-12-26 13:14 -------- d-----w- c:\program files (x86)\AMD APP

2011-12-26 13:14 . 2011-12-26 13:14 -------- d-----w- c:\program files\Common Files\ATI Technologies

2011-12-26 13:14 . 2011-12-26 13:14 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2011-12-26 13:12 . 2011-12-26 13:12 -------- d-----w- c:\program files\ATI Technologies

2011-12-26 13:12 . 2011-08-18 12:44 53376 ----a-w- c:\windows\system32\drivers\usbfilter.sys

2011-12-26 13:11 . 2011-12-26 13:13 -------- d-----w- c:\program files (x86)\ATI Technologies

2011-12-26 13:11 . 2011-07-16 12:53 96896 ----a-w- c:\windows\system32\drivers\amdhub30.sys

2011-12-26 13:11 . 2011-07-16 12:53 214144 ----a-w- c:\windows\system32\drivers\amdxhc.sys

2011-12-26 12:53 . 2011-12-26 12:53 -------- d-----w- c:\windows\SysWow64\Wat

2011-12-26 12:53 . 2011-12-26 12:53 -------- d-----w- c:\windows\system32\Wat

2011-12-26 12:09 . 2011-12-26 12:09 -------- d-----w- c:\program files (x86)\Microsoft.NET

2011-12-25 16:59 . 2011-12-25 16:59 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-25 16:59 . 2011-12-25 16:59 -------- d-----w- c:\windows\system32\Macromed

2011-12-25 08:33 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-12-24 09:39 . 2011-12-24 09:39 -------- d-----w- c:\programdata\ASUS

2011-12-24 09:37 . 2011-12-24 09:37 -------- d-----w- c:\programdata\AIM

2011-12-24 09:36 . 2011-12-24 09:37 -------- d-----w- c:\program files (x86)\AIM

2011-12-24 09:36 . 2011-12-24 09:36 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility

2011-12-24 09:36 . 2011-12-24 09:36 -------- d-----w- c:\program files (x86)\Common Files\AOL

2011-12-24 06:10 . 2011-12-24 06:10 -------- d-----w- c:\programdata\FolderView

2011-12-24 06:10 . 2012-01-01 19:42 -------- d-----w- C:\ASUS.DAT

2011-12-24 06:10 . 2011-12-29 04:00 -------- d-----w- c:\users\Alexis

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-02 20:09 . 2011-07-30 01:27 45056 ----a-w- c:\windows\system32\acovcnt.exe

2011-12-24 06:10 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-10-04 20:14 . 2011-10-04 20:14 768848 ----a-w- c:\windows\SysWow64\msvcr100.dll

2011-10-04 20:14 . 2011-10-04 20:14 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-12-30_04.01.06 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-02-18 20:13 . 2012-01-01 19:44 28300 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-01-01 19:44 40980 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2011-12-24 06:03 . 2011-12-30 01:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-12-24 06:03 . 2012-01-01 20:32 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-12-24 06:03 . 2011-12-30 01:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-12-24 06:03 . 2012-01-01 20:32 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-12-30 01:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-01-01 20:32 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:46 . 2011-12-29 04:06 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2009-07-14 04:46 . 2012-01-01 18:51 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2011-04-02 04:37 . 2011-04-02 04:37 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

+ 2011-04-02 04:37 . 2011-12-31 23:46 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

+ 2011-12-24 06:04 . 2012-01-01 19:44 5682 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1239031536-485061120-2446755693-1001_UserData.bin

- 2011-12-30 02:23 . 2011-12-30 02:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-01-02 20:08 . 2012-01-02 20:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-12-25 08:24 . 2012-01-02 16:17 209862 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

+ 2011-12-24 09:25 . 2011-12-31 01:50 174444 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-07-14 02:36 . 2012-01-02 16:19 635590 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-12-30 02:28 635590 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-01-02 16:19 110274 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2011-12-30 02:28 110274 c:\windows\system32\perfc009.dat

+ 2011-07-29 10:41 . 2012-01-02 20:08 277264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2011-07-29 10:41 . 2011-12-30 02:23 277264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2009-07-14 05:01 . 2011-12-30 02:23 230264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-01-02 20:08 230264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-12-24 09:43 . 2011-12-30 02:02 610704 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1239031536-485061120-2446755693-1001-12288.dat

+ 2011-12-24 09:43 . 2011-12-30 05:23 610704 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1239031536-485061120-2446755693-1001-12288.dat

- 2009-07-14 04:45 . 2011-12-27 22:40 7111262 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2009-07-14 04:45 . 2012-01-01 18:41 7111262 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2011-04-16 08:14 . 2011-04-16 08:14 3186176 c:\windows\Installer\75ec50f.msi

+ 2011-12-20 00:30 . 2011-12-20 00:30 7976448 c:\windows\Installer\5bb2d5b.msi

+ 2011-04-16 16:44 . 2011-04-16 16:44 2770944 c:\windows\Installer\1e6f966.msi

+ 2011-12-24 09:43 . 2012-01-02 20:08 15307708 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1239031536-485061120-2446755693-1001-8192.dat

+ 2011-12-31 15:55 . 2011-12-31 15:55 20333568 c:\windows\Installer\1e6f971.msp

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2011-04-02 04:36 433648 ----a-w- c:\programdata\Partner\Partner.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-05-03 4321112]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 5486464]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-02 2018032]

"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]

"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"USBChargerPlusTray"="c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe" [2011-04-18 496560]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-09-13 2317312]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-1 548528]

FancyStart daemon.lnk - c:\windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe [2011-12-26 12862]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 135664]

R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 135664]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]

R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2011-04-02 332272]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-28 361984]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-25 652872]

S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]

S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]

S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [x]

S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [x]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36]

.

2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36]

.

2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1239031536-485061120-2446755693-1001Core.job

- c:\users\Alexis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 06:04]

.

2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1239031536-485061120-2446755693-1001UA.job

- c:\users\Alexis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 06:04]

.

2012-01-02 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 498fcc95-3633-4b91-846c-b1e58f224461.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

2012-01-02 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task ceb0b3be-15af-4283-b2cd-bdc3c269280c.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2011-04-02 04:36 750064 ----a-w- c:\programdata\Partner\Partner64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]

"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-17 322384]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-22 2226280]

"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU]

"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [bU]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

FF - ProfilePath - c:\users\Alexis\AppData\Roaming\Mozilla\Firefox\Profiles\n89g5flp.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - WhiteSmoke Bar Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://www.basicscan.com/?tmp=nemo_results_removelink&prt=BscscnPB&keywords=

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

c:\program files (x86)\ASUS\FaceLogon\sensorsrv.exe

c:\program files (x86)\ASUS\Splendid\ACMON.exe

c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

c:\program files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe

.

**************************************************************************

.

Completion time: 2012-01-02 12:12:07 - machine was rebooted

ComboFix-quarantined-files.txt 2012-01-02 20:12

ComboFix2.txt 2012-01-02 05:00

ComboFix3.txt 2012-01-01 19:29

ComboFix4.txt 2012-01-01 18:42

ComboFix5.txt 2012-01-02 19:58

.

Pre-Run: 164,621,058,048 bytes free

Post-Run: 164,533,878,784 bytes free

.

- - End Of File - - 2D042412FEEC76C80D25937CAA0DD0BF

Share this post


Link to post
Share on other sites
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - WhiteSmoke Bar Customized Web Search

See if you can manually reset them:

http://www.howtogeek.com/howto/internet/firefox/restore-the-default-settings-in-firefox-without-uninstalling-it/

MrC

Share this post


Link to post
Share on other sites

I reset it, and it looks like it's all gone! Both firefox and IE, also. Thank you so much! ♥

Share this post


Link to post
Share on other sites

Great :)

Please Uninstall ComboFix:

Press the Windows logo key + R

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any questions...please post back.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.