freakstyle

partner37.mydomainadvisor.com

40 posts in this topic

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by MJ at 22:48:21 on 2012-07-04

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6055.3464 [GMT 8:00]

.

AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\FBAgent.exe

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files\Intel\TurboBoost\TurboBoost.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Trend Micro\Titanium\TiMiniService.exe

C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe

C:\Windows\system32\conhost.exe

C:\Windows\AsScrPro.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Users\MJ\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MJ\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MJ\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MJ\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MJ\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MJ\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MJ\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MJ\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\MJ\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MJ\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MJ\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MJ\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MJ\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MJ\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\msiexec.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Users\MJ\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MJ\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://mystart.incredibar.com/mb143?a=6PQyvOs8Gw&i=26

uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

mWinlogon: Userinit=userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll

BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - C:\Program Files\Web Assistant\Extension32.dll

BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

BHO: ToolKit IE Helper: {70ea269e-56df-49c2-86b2-1a1924ed88b4} - C:\Program Files (x86)\ToolKitService\splash.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

TB: eToolKit Toolbar: {d3b22a92-87a2-47b6-b3e6-a64877b5c242} - C:\Program Files (x86)\ToolKitService\toolbar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Google Update] "C:\Users\MJ\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [tktray] C:\Program Files (x86)\ToolKitService\tktray.exe

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet

uRunOnce: [blekkotb] reg.exe delete "HKCU\Software\AppDataLow\Software\blekkotb" /f

uRunOnce: [blekkotb_XP] reg.exe delete "HKCU\Software\blekkotb" /f

uRunOnce: [blekkotb_DATA_FOLDER] cmd.exe /c rmdir "C:\ProgramData\Anti-phishing Domain Advisor" /s /q

uRunOnce: [blekkotb_INSTALL_FOLDER] cmd.exe /c rmdir "C:\Users\MJ\AppData\Local\blekkotb" /s /q

mRun: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: Interfaces\{538F4406-7704-49CD-80CF-D0F76323D532} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{538F4406-7704-49CD-80CF-D0F76323D532}\C696E6B6379737 : DhcpNameServer = 124.106.5.2 124.106.4.2

TCP: Interfaces\{96137A0D-01AC-4750-8742-FDDAF4D5DECA} : DhcpNameServer = 124.106.6.2 124.106.5.2

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll

AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll

BHO-X64: Trend Micro NSC BHO - No File

BHO-X64: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll

BHO-X64: Web Assistant Helper - No File

BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

BHO-X64: uTorrentControl2 - No File

BHO-X64: ToolKit IE Helper: {70EA269E-56DF-49C2-86B2-1A1924ED88B4} - C:\Program Files (x86)\ToolKitService\splash.dll

BHO-X64: ToolKit IE Helper - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO-X64: IESpeakDoc - No File

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

BHO-X64: TmBpIeBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

TB-X64: eToolKit Toolbar: {D3B22A92-87A2-47b6-B3E6-A64877B5C242} - C:\Program Files (x86)\ToolKitService\toolbar.dll

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

mRun-x64: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe

mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\MJ\AppData\Roaming\Mozilla\Firefox\Profiles\4ybhqm3v.default\

FF - prefs.js: browser.search.selectedEngine - MyStart Search

FF - prefs.js: browser.startup.homepage - hxxp://Mystart.incredibar.com/mb124

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=

FF - plugin: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL

FF - plugin: C:\Program Files\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Users\MJ\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Users\MJ\AppData\Roaming\Mozilla\Firefox\Profiles\4ybhqm3v.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll

FF - plugin: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll

FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.BabylonToolbar_i.id - f27bfa55000000000000742f68a05421

FF - user.js: extensions.BabylonToolbar_i.hardId - f27bfa55000000000000742f68a05421

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15449

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:05:37

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109217

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQyvOs8Gw&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - f27bfa55000000000000742f68a05421

FF - user.js: extensions.incredibar_i.instlDay - 15486

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1410:26:06

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6PQyvOs8Gw

FF - user.js: extensions.incredibar_i.upn2n - 92542948975584844

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10643

FF - user.js: extensions.incredibar_i.ppd - 1

.

============= SERVICES / DRIVERS ===============

.

R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]

R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-5-25 17536]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]

R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]

R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-13 138400]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-5 654408]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-4-19 2009704]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-6-19 3048136]

R2 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]

R2 Web Assistant Updater;Web Assistant Updater;C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-5-26 185856]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]

R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]

R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]

R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys --> C:\Windows\system32\DRIVERS\tap0901t.sys [?]

R3 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2010-9-18 241488]

S2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-4-5 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-22 250056]

S3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-4-19 267480]

S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

S3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUVStor.sys --> C:\Windows\system32\Drivers\RtsUVStor.sys [?]

S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]

S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]

S3 ToolkitDisk;ToolkitDisk;\??\C:\Windows\system32\Drivers\toolkitdisk.sys --> C:\Windows\system32\Drivers\toolkitdisk.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]

S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-6-15 736104]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-07-04 14:44:05 -------- d-----w- C:\Program Files (x86)\Oracle

2012-07-04 14:43:48 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-07-04 10:14:20 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{598D5999-0A53-4384-8193-F69EC7677FD4}\gapaengine.dll

2012-07-04 10:14:12 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3EE231A1-B8D7-4F87-BB12-99EF3D24564D}\mpengine.dll

2012-07-01 01:07:24 33856 ---ha-w- C:\Windows\System32\hamachi.sys

2012-07-01 01:07:21 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi

2012-06-24 09:07:42 -------- d-----w- C:\Program Files (x86)\Battle Realms

2012-06-23 15:46:20 178688 ----a-w- C:\Windows\SysWow64\unrar.dll

2012-06-23 15:46:14 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack

2012-06-22 08:18:43 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-22 08:18:22 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-22 08:18:01 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-22 08:18:01 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-21 08:49:41 -------- d-----w- C:\Users\MJ\AppData\Roaming\.minecraft

2012-06-21 03:32:32 -------- d-----w- C:\Users\MJ\AppData\Local\LogMeIn Hamachi

2012-06-19 12:40:46 -------- d-----w- C:\Users\MJ\AppData\Local\Diagnostics

2012-06-15 13:27:39 -------- d-----w- C:\Users\MJ\AppData\Roaming\Tunngle

2012-06-15 13:27:39 -------- d-----w- C:\ProgramData\Tunngle

2012-06-15 13:27:34 31232 ----a-w- C:\Windows\System32\drivers\tap0901t.sys

2012-06-15 13:27:31 -------- d-----w- C:\Program Files (x86)\Tunngle

2012-06-13 10:42:27 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-06-13 10:42:25 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{974AC2D7-8721-4331-B79D-C79F1E9C7998}\gapaengine.dll

2012-06-06 15:27:37 33096 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2012-06-05 07:35:31 -------- d-----w- C:\Users\MJ\AppData\Roaming\Malwarebytes

2012-06-05 07:35:22 -------- d-----w- C:\ProgramData\Malwarebytes

2012-06-05 07:35:21 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-05 07:35:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-06-04 16:02:16 -------- d-----w- C:\Users\MJ\jagexcache3

.

==================== Find3M ====================

.

2012-07-04 10:03:04 45056 ----a-w- C:\Windows\System32\acovcnt.exe

2012-06-23 14:05:36 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-23 14:05:36 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-04 11:29:16 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-04-19 11:54:11 525544 ----a-w- C:\Windows\System32\deployJava1.dll

2012-04-19 09:09:18 80512 ----a-w- C:\Windows\ASUS K3 Series ScreenSaver Uninstaller.exe

2012-04-19 09:09:02 3058304 ----a-w- C:\Windows\AsScrPro.exe

.

============= FINISH: 22:49:02.46 ===============

Share this post


Link to post
Share on other sites

Hello freakstyle and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • aswMBR log

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.07.04.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

MJ :: K53SI7 [administrator]

Protection: Enabled

7/4/2012 11:14:56 PM

mbam-log-2012-07-04 (23-14-56).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 231007

Time elapsed: 1 minute(s),

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-04 23:19:13

-----------------------------

23:19:13.709 OS Version: Windows x64 6.1.7601 Service Pack 1

23:19:13.709 Number of processors: 8 586 0x2A07

23:19:13.710 ComputerName: K53SI7 UserName: MJ

23:19:14.667 Initialize success

23:27:26.843 AVAST engine defs: 12070400

23:28:26.042 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

23:28:26.045 Disk 0 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 3

23:28:26.054 Disk 0 MBR read successfully

23:28:26.057 Disk 0 MBR scan

23:28:26.116 Disk 0 Windows 7 default MBR code

23:28:26.119 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

23:28:26.150 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 249899 MB offset 206848

23:28:26.184 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 250000 MB offset 512000000

23:28:26.218 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 215403 MB offset 1024000000

23:28:26.283 Disk 0 scanning C:\Windows\system32\drivers

23:28:39.352 Service scanning

23:29:10.690 Modules scanning

23:29:10.699 Disk 0 trace - called modules:

23:29:10.717 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll

23:29:10.720 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006904790]

23:29:10.724 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8006324970]

23:29:10.727 5 ACPI.sys[fffff88000f0f7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800664b050]

23:29:11.854 AVAST engine scan C:\Windows

23:29:14.586 AVAST engine scan C:\Windows\system32

23:32:54.022 AVAST engine scan C:\Windows\system32\drivers

23:33:08.211 AVAST engine scan C:\Users\MJ

23:39:31.795 AVAST engine scan C:\ProgramData

23:40:06.845 Scan finished successfully

23:40:21.912 Disk 0 MBR has been saved successfully to "C:\Users\MJ\Desktop\MBR.dat"

23:40:21.962 The log file has been saved successfully to "C:\Users\MJ\Desktop\aswMBR.txt"

Share this post


Link to post
Share on other sites

Thanks!

Step 1

Please uninstall µTorrent and uTorrentControl2 Toolbar, because of our rules:

http://forums.malwarebytes.org/index.php?showtopic=97700

Step 2

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Share this post


Link to post
Share on other sites

ComboFix 12-07-04.03 - MJ 07/05/2012 0:08.1.8 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6055.4003 [GMT 8:00]

Running from: c:\users\MJ\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Web Assistant\ExTEnsion32.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))

.

.

2012-07-04 16:17 . 2012-07-04 16:17 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-07-04 16:17 . 2012-07-04 16:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-04 14:44 . 2012-07-04 14:44 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-07-04 14:44 . 2012-07-04 14:44 -------- d-----w- c:\program files (x86)\Oracle

2012-07-04 14:43 . 2012-05-04 11:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-07-04 10:14 . 2012-04-19 10:42 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{598D5999-0A53-4384-8193-F69EC7677FD4}\gapaengine.dll

2012-07-04 10:14 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3EE231A1-B8D7-4F87-BB12-99EF3D24564D}\mpengine.dll

2012-07-01 01:07 . 2009-03-18 09:35 33856 ---ha-w- c:\windows\system32\hamachi.sys

2012-07-01 01:07 . 2012-07-01 01:07 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

2012-06-24 09:07 . 2012-06-24 09:09 -------- d-----w- c:\program files (x86)\Battle Realms

2012-06-23 15:46 . 2012-06-23 15:46 -------- d-----w- c:\users\MJ\AppData\Roaming\Media Player Classic

2012-06-23 15:46 . 2012-06-09 17:21 178688 ----a-w- c:\windows\SysWow64\unrar.dll

2012-06-23 15:46 . 2012-06-23 15:46 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack

2012-06-22 08:18 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-22 08:18 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-22 08:18 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-22 08:18 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-22 08:18 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-22 08:18 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-22 08:18 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-22 08:18 . 2012-06-02 07:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-22 08:18 . 2012-06-02 07:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-21 08:49 . 2012-06-21 08:51 -------- d-----w- c:\users\MJ\AppData\Roaming\.minecraft

2012-06-21 03:32 . 2012-07-04 10:15 -------- d-----w- c:\users\MJ\AppData\Local\LogMeIn Hamachi

2012-06-19 12:40 . 2012-06-19 12:40 -------- d-----w- c:\users\MJ\AppData\Local\Diagnostics

2012-06-15 13:27 . 2012-06-21 04:26 -------- d-----w- c:\users\MJ\AppData\Roaming\Tunngle

2012-06-15 13:27 . 2012-06-21 03:22 -------- d-----w- c:\programdata\Tunngle

2012-06-15 13:27 . 2009-09-16 00:02 31232 ----a-w- c:\windows\system32\drivers\tap0901t.sys

2012-06-15 13:27 . 2012-06-15 13:28 -------- d-----w- c:\program files (x86)\Tunngle

2012-06-13 10:42 . 2012-04-19 10:42 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-06-13 10:42 . 2012-04-19 10:42 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{974AC2D7-8721-4331-B79D-C79F1E9C7998}\gapaengine.dll

2012-06-06 15:27 . 2012-06-06 15:27 33096 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-06-05 07:35 . 2012-06-05 07:35 -------- d-----w- c:\users\MJ\AppData\Roaming\Malwarebytes

2012-06-05 07:35 . 2012-06-05 07:35 -------- d-----w- c:\programdata\Malwarebytes

2012-06-05 07:35 . 2012-06-05 07:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-05 07:35 . 2012-04-04 07:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-04 10:03 . 2012-04-19 09:18 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-06-23 14:05 . 2012-04-21 16:14 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-23 14:05 . 2012-04-21 16:14 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-19 14:27 . 2012-04-30 10:35 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-06-19 14:26 . 2012-04-30 10:34 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-06-19 14:26 . 2012-04-30 10:33 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-06-12 13:27 . 2012-05-15 12:35 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2012-06-12 13:27 . 2012-05-15 12:35 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2012-06-12 13:26 . 2012-05-15 12:34 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2012-06-12 13:26 . 2012-05-15 12:34 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2012-05-31 04:04 . 2012-04-20 10:56 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-05-17 03:24 . 2012-04-30 10:36 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2012-05-04 11:29 . 2012-04-19 09:54 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-04-25 11:08 . 2012-04-25 11:08 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-04-25 11:08 . 2012-04-25 11:08 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-04-25 11:08 . 2012-04-25 11:08 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-04-25 11:08 . 2012-04-25 11:08 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-04-25 11:08 . 2012-04-25 11:08 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-04-25 11:08 . 2012-04-25 11:08 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-04-25 11:08 . 2012-04-25 11:08 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-04-25 11:08 . 2012-04-25 11:08 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-04-25 11:08 . 2012-04-25 11:08 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-04-25 11:08 . 2012-04-25 11:08 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-04-25 11:08 . 2012-04-25 11:08 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-04-25 11:08 . 2012-04-25 11:08 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-04-25 11:08 . 2012-04-25 11:08 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-04-25 11:08 . 2012-04-25 11:08 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-04-25 11:08 . 2012-04-25 11:08 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-04-25 11:08 . 2012-04-25 11:08 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-04-25 11:08 . 2012-04-25 11:08 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-04-25 11:08 . 2012-04-25 11:08 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-04-25 11:08 . 2012-04-25 11:08 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-04-25 11:08 . 2012-04-25 11:08 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-04-25 11:08 . 2012-04-25 11:08 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-04-25 11:08 . 2012-04-25 11:08 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-04-25 11:08 . 2012-04-25 11:08 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-04-25 11:08 . 2012-04-25 11:08 448512 ----a-w- c:\windows\system32\html.iec

2012-04-25 11:08 . 2012-04-25 11:08 222208 ----a-w- c:\windows\system32\msls31.dll

2012-04-25 11:08 . 2012-04-25 11:08 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-04-25 11:08 . 2012-04-25 11:08 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-04-25 11:08 . 2012-04-25 11:08 12288 ----a-w- c:\windows\system32\mshta.exe

2012-04-25 11:08 . 2012-04-25 11:08 114176 ----a-w- c:\windows\system32\admparse.dll

2012-04-25 11:08 . 2012-04-25 11:08 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-04-25 11:08 . 2012-04-25 11:08 603648 ----a-w- c:\windows\system32\vbscript.dll

2012-04-25 11:08 . 2012-04-25 11:08 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-04-25 11:08 . 2012-04-25 11:08 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-04-25 11:08 . 2012-04-25 11:08 160256 ----a-w- c:\windows\system32\wextract.exe

2012-04-19 11:54 . 2012-04-19 11:54 525544 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-19 09:09 . 2012-04-19 09:09 80512 ----a-w- c:\windows\ASUS K3 Series ScreenSaver Uninstaller.exe

2012-04-19 09:09 . 2012-04-19 09:09 3058304 ----a-w- c:\windows\AsScrPro.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-04-19 1242448]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-04-05 17356424]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-22 6591800]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-09 984400]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2012-4-19 12862]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"midi2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]

R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-05-08 185856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]

R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-06-06 33096]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]

R3 ToolkitDisk;ToolkitDisk;c:\windows\system32\Drivers\toolkitdisk.sys [2011-09-12 62552]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]

R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-06-01 736104]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-19 1255736]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-05-10 25960]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-25 17536]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-10 2009704]

S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-18 67664]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]

S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-22 56344]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]

S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]

S3 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-18 241488]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - ASWMBR

*Deregistered* - aswMBR

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 14:05]

.

2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-9987305-2436438632-174203971-1000Core.job

- c:\users\MJ\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-19 09:38]

.

2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-9987305-2436438632-174203971-1000UA.job

- c:\users\MJ\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-19 09:38]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]

2012-05-08 07:13 201728 ----a-w- c:\program files\Web Assistant\Extension64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-09 1123664]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-13 192520]

"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-18 322384]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://mystart.incredibar.com/mb143?a=6PQyvOs8Gw&i=26

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\MJ\AppData\Roaming\Mozilla\Firefox\Profiles\4ybhqm3v.default\

FF - prefs.js: browser.search.selectedEngine - MyStart Search

FF - prefs.js: browser.startup.homepage - hxxp://Mystart.incredibar.com/mb124

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=

FF - user.js: extensions.BabylonToolbar_i.id - f27bfa55000000000000742f68a05421

FF - user.js: extensions.BabylonToolbar_i.hardId - f27bfa55000000000000742f68a05421

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15449

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:05

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109217

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQyvOs8Gw&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - f27bfa55000000000000742f68a05421

FF - user.js: extensions.incredibar_i.instlDay - 15486

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1410:26

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6PQyvOs8Gw

FF - user.js: extensions.incredibar_i.upn2n - 92542948975584844

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10643

FF - user.js: extensions.incredibar_i.ppd - 1

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)

BHO-{70EA269E-56DF-49C2-86B2-1A1924ED88B4} - c:\program files (x86)\ToolKitService\splash.dll

Toolbar-{D3B22A92-87A2-47b6-B3E6-A64877B5C242} - c:\program files (x86)\ToolKitService\toolbar.dll

Wow6432Node-HKCU-Run-tktray - c:\program files (x86)\ToolKitService\tktray.exe

Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\system32\StikyNot.exe

WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-07-05 00:20:03

ComboFix-quarantined-files.txt 2012-07-04 16:20

.

Pre-Run: 138,208,239,616 bytes free

Post-Run: 138,179,346,432 bytes free

.

- - End Of File - - 7FC6CA84235EF93AA7A462F2A10CA7A2

Share this post


Link to post
Share on other sites

also successfully removed utorrent and the utorrent control2 toolbar

Share this post


Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

SecCenter::
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

Folder::
c:\program files (x86)\ToolKitService
c:\program files\Web Assistant

DDS::
uStart Page = hxxp://mystart.incredibar.com/mb143?a=6PQyvOs8Gw&i=26

FireFox::
FF - ProfilePath - c:\users\MJ\AppData\Roaming\Mozilla\Firefox\Profiles\4ybhqm3v.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://Mystart.incredibar.com/mb124
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - user.js: extensions.BabylonToolbar_i.id - f27bfa55000000000000742f68a05421
FF - user.js: extensions.BabylonToolbar_i.hardId - f27bfa55000000000000742f68a05421
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15449
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:05
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109217
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQyvOs8Gw&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - f27bfa55000000000000742f68a05421
FF - user.js: extensions.incredibar_i.instlDay - 15486
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1410:26
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQyvOs8Gw
FF - user.js: extensions.incredibar_i.upn2n - 92542948975584844
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Share this post


Link to post
Share on other sites

ComboFix 12-07-04.04 - MJ 07/05/2012 11:12:38.2.8 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6055.4220 [GMT 8:00]

Running from: c:\users\MJ\Desktop\ComboFix.exe

Command switches used :: c:\users\MJ\Desktop\CFScript.txt

AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\ToolKitService

c:\program files (x86)\ToolKitService\etkremove.exe

c:\program files (x86)\ToolKitService\tkshext.dll

c:\program files\Web Assistant

c:\program files\Web Assistant\Extension64.dll

c:\program files\Web Assistant\ExtensionUpdaterService.exe

c:\program files\Web Assistant\Firefox\chrome.manifest

c:\program files\Web Assistant\Firefox\chrome\content\libraries\DataExchangeScript.js

c:\program files\Web Assistant\Firefox\chrome\content\main.js

c:\program files\Web Assistant\Firefox\chrome\content\main.xul

c:\program files\Web Assistant\Firefox\chrome\content\resources\localscript.js

c:\program files\Web Assistant\Firefox\chrome\locale\en-US\overlay.dtd

c:\program files\Web Assistant\Firefox\chrome\skin\overlay.css

c:\program files\Web Assistant\Firefox\defaults\preferences\defaults.js

c:\program files\Web Assistant\Firefox\install.rdf

c:\program files\Web Assistant\InstallerHelper.dll

c:\program files\Web Assistant\libraries\DataExchangeScript.js

c:\program files\Web Assistant\resources\localscript.js

c:\program files\Web Assistant\source.crx

c:\program files\Web Assistant\unins000.dat

c:\program files\Web Assistant\unins000.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_Web Assistant Updater

-------\Service_Web Assistant Updater

.

.

((((((((((((((((((((((((( Files Created from 2012-06-05 to 2012-07-05 )))))))))))))))))))))))))))))))

.

.

2012-07-05 03:19 . 2012-07-05 03:19 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-07-05 03:19 . 2012-07-05 03:19 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-04 16:21 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6BD4EB6-6152-48F6-AA27-6EB896036E06}\mpengine.dll

2012-07-04 14:44 . 2012-07-04 14:44 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-07-04 14:44 . 2012-07-04 14:44 -------- d-----w- c:\program files (x86)\Oracle

2012-07-04 14:43 . 2012-05-04 11:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-07-04 10:14 . 2012-04-19 10:42 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{598D5999-0A53-4384-8193-F69EC7677FD4}\gapaengine.dll

2012-07-01 01:07 . 2009-03-18 09:35 33856 ---ha-w- c:\windows\system32\hamachi.sys

2012-07-01 01:07 . 2012-07-01 01:07 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

2012-06-24 09:07 . 2012-06-24 09:09 -------- d-----w- c:\program files (x86)\Battle Realms

2012-06-23 15:46 . 2012-06-23 15:46 -------- d-----w- c:\users\MJ\AppData\Roaming\Media Player Classic

2012-06-23 15:46 . 2012-06-09 17:21 178688 ----a-w- c:\windows\SysWow64\unrar.dll

2012-06-23 15:46 . 2012-06-23 15:46 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack

2012-06-22 08:18 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-22 08:18 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-22 08:18 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-22 08:18 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-22 08:18 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-22 08:18 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-22 08:18 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-22 08:18 . 2012-06-02 07:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-22 08:18 . 2012-06-02 07:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-21 08:49 . 2012-06-21 08:51 -------- d-----w- c:\users\MJ\AppData\Roaming\.minecraft

2012-06-21 03:32 . 2012-07-05 03:05 -------- d-----w- c:\users\MJ\AppData\Local\LogMeIn Hamachi

2012-06-19 12:40 . 2012-07-05 03:06 -------- d-----w- c:\users\MJ\AppData\Local\Diagnostics

2012-06-15 13:27 . 2012-06-21 04:26 -------- d-----w- c:\users\MJ\AppData\Roaming\Tunngle

2012-06-15 13:27 . 2012-06-21 03:22 -------- d-----w- c:\programdata\Tunngle

2012-06-15 13:27 . 2009-09-16 00:02 31232 ----a-w- c:\windows\system32\drivers\tap0901t.sys

2012-06-15 13:27 . 2012-06-15 13:28 -------- d-----w- c:\program files (x86)\Tunngle

2012-06-13 10:42 . 2012-04-19 10:42 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-06-06 15:27 . 2012-06-06 15:27 33096 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-06-05 07:35 . 2012-06-05 07:35 -------- d-----w- c:\users\MJ\AppData\Roaming\Malwarebytes

2012-06-05 07:35 . 2012-06-05 07:35 -------- d-----w- c:\programdata\Malwarebytes

2012-06-05 07:35 . 2012-06-05 07:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-05 07:35 . 2012-04-04 07:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-05 03:20 . 2012-04-19 09:18 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-06-23 14:05 . 2012-04-21 16:14 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-23 14:05 . 2012-04-21 16:14 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-19 14:27 . 2012-04-30 10:35 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-06-19 14:26 . 2012-04-30 10:34 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-06-19 14:26 . 2012-04-30 10:33 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-06-12 13:27 . 2012-05-15 12:35 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2012-06-12 13:27 . 2012-05-15 12:35 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2012-06-12 13:26 . 2012-05-15 12:34 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2012-06-12 13:26 . 2012-05-15 12:34 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2012-05-31 04:04 . 2012-04-20 10:56 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-05-17 03:24 . 2012-04-30 10:36 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2012-05-04 11:29 . 2012-04-19 09:54 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-04-25 11:08 . 2012-04-25 11:08 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-04-25 11:08 . 2012-04-25 11:08 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-04-25 11:08 . 2012-04-25 11:08 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-04-25 11:08 . 2012-04-25 11:08 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-04-25 11:08 . 2012-04-25 11:08 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-04-25 11:08 . 2012-04-25 11:08 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-04-25 11:08 . 2012-04-25 11:08 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-04-25 11:08 . 2012-04-25 11:08 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-04-25 11:08 . 2012-04-25 11:08 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-04-25 11:08 . 2012-04-25 11:08 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-04-25 11:08 . 2012-04-25 11:08 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-04-25 11:08 . 2012-04-25 11:08 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-04-25 11:08 . 2012-04-25 11:08 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-04-25 11:08 . 2012-04-25 11:08 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-04-25 11:08 . 2012-04-25 11:08 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-04-25 11:08 . 2012-04-25 11:08 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-04-25 11:08 . 2012-04-25 11:08 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-04-25 11:08 . 2012-04-25 11:08 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-04-25 11:08 . 2012-04-25 11:08 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-04-25 11:08 . 2012-04-25 11:08 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-04-25 11:08 . 2012-04-25 11:08 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-04-25 11:08 . 2012-04-25 11:08 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-04-25 11:08 . 2012-04-25 11:08 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-04-25 11:08 . 2012-04-25 11:08 448512 ----a-w- c:\windows\system32\html.iec

2012-04-25 11:08 . 2012-04-25 11:08 222208 ----a-w- c:\windows\system32\msls31.dll

2012-04-25 11:08 . 2012-04-25 11:08 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-04-25 11:08 . 2012-04-25 11:08 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-04-25 11:08 . 2012-04-25 11:08 12288 ----a-w- c:\windows\system32\mshta.exe

2012-04-25 11:08 . 2012-04-25 11:08 114176 ----a-w- c:\windows\system32\admparse.dll

2012-04-25 11:08 . 2012-04-25 11:08 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-04-25 11:08 . 2012-04-25 11:08 603648 ----a-w- c:\windows\system32\vbscript.dll

2012-04-25 11:08 . 2012-04-25 11:08 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-04-25 11:08 . 2012-04-25 11:08 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-04-25 11:08 . 2012-04-25 11:08 160256 ----a-w- c:\windows\system32\wextract.exe

2012-04-19 11:54 . 2012-04-19 11:54 525544 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-19 09:09 . 2012-04-19 09:09 80512 ----a-w- c:\windows\ASUS K3 Series ScreenSaver Uninstaller.exe

2012-04-19 09:09 . 2012-04-19 09:09 3058304 ----a-w- c:\windows\AsScrPro.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-04_16.17.52 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-11-21 03:09 . 2012-07-05 02:59 39770 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-07-05 02:59 32552 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2012-04-19 08:31 . 2012-07-05 02:59 6338 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-9987305-2436438632-174203971-1000_UserData.bin

- 2012-04-19 08:31 . 2012-07-04 10:04 6338 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-9987305-2436438632-174203971-1000_UserData.bin

+ 2012-04-19 09:03 . 2012-07-05 03:19 1816 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

- 2012-04-19 09:03 . 2012-07-03 14:45 1816 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

- 2012-07-04 10:02 . 2012-07-04 10:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-07-05 03:20 . 2012-07-05 03:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-07-04 10:02 . 2012-07-04 10:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-07-05 03:20 . 2012-07-05 03:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-04-19 09:21 . 2012-07-03 14:45 815072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2012-04-19 09:21 . 2012-07-05 03:19 815072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2009-07-14 05:01 . 2012-07-03 14:45 385436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-07-05 03:19 385436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-04-19 10:11 . 2012-07-05 03:19 15364240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-9987305-2436438632-174203971-1000-8192.dat

- 2012-04-19 10:11 . 2012-07-03 14:45 15364240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-9987305-2436438632-174203971-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{70EA269E-56DF-49C2-86B2-1A1924ED88B4}]

c:\program files (x86)\ToolKitService\splash.dll [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{D3B22A92-87A2-47b6-B3E6-A64877B5C242}"= "c:\program files (x86)\ToolKitService\toolbar.dll" [bU]

.

[HKEY_CLASSES_ROOT\clsid\{d3b22a92-87a2-47b6-b3e6-a64877b5c242}]

[HKEY_CLASSES_ROOT\ToolBand.ToolBandObj.1]

[HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}]

[HKEY_CLASSES_ROOT\ToolBand.ToolBandObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-04-19 1242448]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-04-05 17356424]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-22 6591800]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-09 984400]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2012-4-19 12862]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"midi2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]

R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-06-06 33096]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]

R3 ToolkitDisk;ToolkitDisk;c:\windows\system32\Drivers\toolkitdisk.sys [2011-09-12 62552]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]

R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-06-01 736104]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-19 1255736]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-05-10 25960]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-25 17536]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-10 2009704]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]

S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-18 67664]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]

S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-22 56344]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]

S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]

S3 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-18 241488]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 14:05]

.

2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-9987305-2436438632-174203971-1000Core.job

- c:\users\MJ\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-19 09:38]

.

2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-9987305-2436438632-174203971-1000UA.job

- c:\users\MJ\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-19 09:38]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [bU]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-09 1123664]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-13 192520]

"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-18 322384]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"combofix"="c:\combofix\CF14228.3XE" [2010-11-21 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\MJ\AppData\Roaming\Mozilla\Firefox\Profiles\4ybhqm3v.default\

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

c:\program files (x86)\ASUS\SmartLogon\smartlogon.exe

c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe

.

**************************************************************************

.

Completion time: 2012-07-05 11:24:21 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-05 03:24

ComboFix2.txt 2012-07-04 16:20

.

Pre-Run: 138,137,317,376 bytes free

Post-Run: 137,892,933,632 bytes free

.

- - End Of File - - 7E4A774BE09242712AAD0E379AC98F22

Share this post


Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Share this post


Link to post
Share on other sites

maniac. it seems to stop mostly at 30% when scanning. :|

Share this post


Link to post
Share on other sites

im gonna try again tomorow. will leave it at like 8am. and il check it back at around 6pm. lol

Share this post


Link to post
Share on other sites

Maniac by the way, earlier when i play a game that i usually play, i noticed that the graphics got worse. even though i didnt move the graphic settings of the game. can you please check maybe the things u made me do accidentally uninstall a driver or something? thanks

Share this post


Link to post
Share on other sites

No, it's not my fault.

Please download Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Share this post


Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

Share this post


Link to post
Share on other sites

Results of screen317's Security Check version 0.99.42

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Trend Micro Titanium Internet Security

Microsoft Security Essentials

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.61.0.1400

JavaFX 2.1.1

Java 6 Update 31

Java 7 Update 5

Adobe Reader X (10.1.3)

Google Chrome 19.0.1084.56

Google Chrome 20.0.1132.47

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials msseces.exe

Windows Defender MSMpEng.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Microsoft Security Client Antimalware MsMpEng.exe

Microsoft Security Client Antimalware NisSrv.exe

Trend Micro Titanium TiMiniService.exe

Trend Micro Titanium TiResumeSrv.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 2%

````````````````````End of Log``````````````````````

Share this post


Link to post
Share on other sites

I know, just ask you how are things now.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.