JCSoong Posted January 18, 2012 ID:518007 Share Posted January 18, 2012 Hi D-Fred-BrownMy apologies for interrupting the thread. I just created an account here and it wouldn't allow me to post a new thread. I have a redirect issue whenever I click on the link after I do a search on google. It wouldn't allow me to open the sites that I want, instead it redirects me to 95p.com. I am at a loss at what am I supposed to do and I think I will post my scan details here.Farbar Service Scanner Version: 17-01-2012 00Ran by Soong Jin Chang (administrator) on 18-01-2012 at 19:33:41Microsoft Windows 7 Home Premium Service Pack 1 (X64)Boot Mode: Normal****************************************************************Internet Services:============Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Yahoo IP is accessible.Windows Firewall:=============MpsSvc Service is not running. Checking service configuration:Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.bfe Service is not running. Checking service configuration:Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.mpsdrv Service is not running. Checking service configuration:The start type of mpsdrv service is OK.The ImagePath of mpsdrv service is OK.Firewall Disabled Policy:==================System Restore:============VSS Service is not running. Checking service configuration:The start type of VSS service is OK.The ImagePath of VSS service is OK.System Restore Disabled Policy:========================File Check:========C:\Windows\System32\nsisvc.dll => MD5 is legitC:\Windows\System32\drivers\nsiproxy.sys => MD5 is legitC:\Windows\System32\dhcpcore.dll => MD5 is legitC:\Windows\System32\drivers\afd.sys => MD5 is legitC:\Windows\System32\drivers\tdx.sys => MD5 is legitC:\Windows\System32\Drivers\tcpip.sys => MD5 is legitC:\Windows\System32\dnsrslvr.dll => MD5 is legitC:\Windows\System32\mpssvc.dll => MD5 is legitC:\Windows\System32\bfe.dll => MD5 is legitC:\Windows\System32\drivers\mpsdrv.sys => MD5 is legitC:\Windows\System32\SDRSVC.dll => MD5 is legitC:\Windows\System32\vssvc.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legit**** End of log **** Link to post Share on other sites More sharing options...
JCSoong Posted January 18, 2012 Author ID:518008 Share Posted January 18, 2012 ComboFix 12-01-09.03 - Soong Jin Chang 18/01/2012 19:57:22.1.8 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.4021.2218 [GMT 8:00]Running from: c:\users\Soong Jin Chang\Downloads\ComboFix.exeAV: Trend Micro Internet Security *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}SP: Trend Micro Internet Security *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.- REDUCED FUNCTIONALITY MODE -..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\assembly\tmp\Uc:\windows\assembly\tmp\U\00000001.@c:\windows\assembly\tmp\U\000000c0.@c:\windows\assembly\tmp\U\000000cb.@c:\windows\assembly\tmp\U\000000cf.@c:\windows\assembly\tmp\U\80000000.@c:\windows\assembly\tmp\U\800000c0.@c:\windows\assembly\tmp\U\800000cb.@c:\windows\assembly\tmp\U\800000cf.@c:\windows\iun6002.exe..((((((((((((((((((((((((( Files Created from 2011-12-18 to 2012-01-18 )))))))))))))))))))))))))))))))..2012-01-18 12:00 . 2012-01-18 12:00 -------- d-----w- c:\users\Default\AppData\Local\temp2012-01-18 07:36 . 2012-01-18 07:36 -------- d-----w- c:\users\Soong Jin Chang\AppData\Roaming\Malwarebytes2012-01-18 07:36 . 2012-01-19 00:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2012-01-18 07:36 . 2012-01-18 07:36 -------- d-----w- c:\programdata\Malwarebytes2012-01-14 10:08 . 2012-01-14 13:39 -------- d-----w- c:\users\Soong Jin Chang\AppData\Local\ElevatedDiagnostics2012-01-14 09:57 . 2012-01-19 00:04 -------- d-----w- c:\program files (x86)\PC Tools Security2012-01-14 09:57 . 2012-01-14 09:57 -------- d-----w- c:\users\Soong Jin Chang\AppData\Roaming\PC Tools2012-01-14 09:55 . 2012-01-14 10:19 -------- d-----w- c:\programdata\PC Tools2012-01-07 02:49 . 2012-01-15 02:49 -------- d-----w- c:\program files\iTunes2012-01-07 02:49 . 2012-01-07 02:49 -------- d-----w- c:\program files\iPod2012-01-03 16:22 . 2012-01-03 16:22 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-12-13 11:37 . 2011-07-08 19:38 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2011-11-24 04:52 . 2011-12-14 04:27 3145216 ----a-w- c:\windows\system32\win32k.sys2011-11-21 11:40 . 2011-12-09 07:12 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B745C200-8381-41BB-BC04-1A6CD21EB3CB}\mpengine.dll2011-11-05 05:32 . 2011-12-14 04:27 2048 ----a-w- c:\windows\system32\tzres.dll2011-11-05 04:26 . 2011-12-14 04:27 2048 ----a-w- c:\windows\SysWow64\tzres.dll2011-11-04 01:53 . 2011-12-14 12:51 2309120 ----a-w- c:\windows\system32\jscript9.dll2011-11-04 01:44 . 2011-12-14 12:51 1390080 ----a-w- c:\windows\system32\wininet.dll2011-11-04 01:44 . 2011-12-14 12:51 1493504 ----a-w- c:\windows\system32\inetcpl.cpl2011-11-04 01:34 . 2011-12-14 12:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb2011-11-03 22:47 . 2011-12-14 12:51 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll2011-11-03 22:40 . 2011-12-14 12:51 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl2011-11-03 22:39 . 2011-12-14 12:51 1127424 ----a-w- c:\windows\SysWow64\wininet.dll2011-11-03 22:31 . 2011-12-14 12:51 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb2011-10-26 05:21 . 2011-12-14 04:27 43520 ----a-w- c:\windows\system32\csrsrv.dll2011-10-25 01:24 . 2010-06-04 13:27 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll2011-10-24 04:29 . 2011-10-24 04:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx2011-10-24 04:29 . 2011-10-24 04:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-14 3077528]"PPS Accelerator"="d:\pps.tv\PPStream\PPSAP.exe" [2010-02-24 214408]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-05-13 26192168].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2009-09-01 75048]"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-06-04 2429]"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]"S6000Mnt"="S6000Rmv.dll" [bU]"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-01 59240]"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]"MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe" [2009-11-15 240992]"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-10-25 273528]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2011-12-07 421736].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-3 1080608]FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-6-4 12862]HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-6-4 156952].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"mixer5"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-04 135664]R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\Garena Messenger\Apps\BlackShot\BlackShot\System\GameGuard\dump_wmimmc.sys [x]R3 Gun;Gun;c:\game\SoftnyxGame\GunBoundIS\Gun64.sys [x]R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-04 135664]R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [x]R3 Mkd3kfNt;Mkd3kfNt;c:\windows\system32\drivers\Mkd3kfNt.sys [x]R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2010-02-23 917768]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/06/04 06:29];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-09-01 23:59 146928]S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [x]S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]S3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys [x]S3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20fb741d-a729-11df-b0b7-1c4bd6108b29}]\shell\AutoRun\command - "F:\WD SmartWare.exe" autoplay=true.[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26f86b79-1185-11e0-a1f7-1c4bd6108b29}]\shell\AutoRun\command - F:\AutoRun.exe.[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26f86b7d-1185-11e0-a1f7-1c4bd6108b29}]\shell\AutoRun\command - F:\AutoRun.exe.[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59538eba-22b5-11e0-b6dd-1c4bd6108b29}]\shell\AutoRun\command - F:\AutoRun.exe.[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59538eda-22b5-11e0-b6dd-1c4bd6108b29}]\shell\AutoRun\command - F:\AutoRun.exe.[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86452977-22b4-11e0-bb7a-1c4bd6108b29}]\shell\AutoRun\command - F:\AutoRun.exe.[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd3e93fd-d1ed-11e0-a6d7-485b398aa776}]\shell\AutoRun\command - F:\Autorun.exe.[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3575d2c-22b6-11e0-a252-1c4bd6108b29}]\shell\AutoRun\command - G:\AutoRun.exe.Contents of the 'Scheduled Tasks' folder.2012-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-04 13:44].2012-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-04 13:44]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]@="{64174815-8D98-4CE6-8646-4C039977D808}"[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-02-23 1022904]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-13 16413288]"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-01-18 324608]"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU]"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [bU]"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"LoadAppInit_DLLs"=0x0.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsmcontrol.------- Supplementary Scan -------.uStart Page = hxxp://www.google.com.sg/uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105LSP: mswsock.dllTCP: DhcpNameServer = 218.186.1.58 218.186.2.16 218.186.2.6FF - ProfilePath - c:\users\Soong Jin Chang\AppData\Roaming\Mozilla\Firefox\Profiles\l3o22j97.default\.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Toolbar-Locked - (no file)...[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]"ImagePath"="c:\windows\system32\GameMon.des -service".[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exec:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exec:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exec:\program files (x86)\ASUS\ControlDeck\ControlDeck.exec:\program files (x86)\ASUS\SmartLogon\sensorsrv.exec:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exec:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exec:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exec:\windows\AsScrPro.exec:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exec:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exec:\windows\WebCam\S6000\S6000Mnt.exec:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exec:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exec:\program files (x86)\Skype\Plugin Manager\skypePM.exec:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe.**************************************************************************.Completion time: 2012-01-18 20:13:17 - machine was rebootedComboFix-quarantined-files.txt 2012-01-18 12:13.Pre-Run: 35,294,384,128 bytes freePost-Run: 35,810,795,520 bytes free.- - End Of File - - A29988DAFCCA77AEDA552896E6C84E54 Link to post Share on other sites More sharing options...
JCSoong Posted January 18, 2012 Author ID:518009 Share Posted January 18, 2012 MBRCheck, version 1.2.3© 2010, ADCommand-line: Windows Version: Windows 7 Home Premium EditionWindows Information: Service Pack 1 (build 7601), 64-bitBase Board Manufacturer: ASUSTeK Computer Inc.BIOS Manufacturer: American Megatrends Inc.System Manufacturer: ASUSTeK Computer Inc.System Product Name: N82JQLogical Drives Mask: 0x0000001cKernel Drivers (total 199): 0x0340F000 \SystemRoot\system32\ntoskrnl.exe 0x039F8000 \SystemRoot\system32\hal.dll 0x00BCA000 \SystemRoot\system32\kdcom.dll 0x00C2C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00C7B000 \SystemRoot\system32\PSHED.dll 0x00C8F000 \SystemRoot\system32\CLFS.SYS 0x00CED000 \SystemRoot\system32\CI.dll 0x00E2E000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00ED2000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00EE1000 \SystemRoot\system32\drivers\ACPI.sys 0x00F38000 \SystemRoot\system32\drivers\WMILIB.SYS 0x00F41000 \SystemRoot\system32\drivers\msisadrv.sys 0x00F4B000 \SystemRoot\system32\drivers\pci.sys 0x00F7E000 \SystemRoot\system32\drivers\vdrvroot.sys 0x00F8B000 \SystemRoot\System32\drivers\partmgr.sys 0x00FA0000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x00FA9000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x00FB5000 \SystemRoot\system32\drivers\volmgr.sys 0x010C4000 \SystemRoot\System32\drivers\volmgrx.sys 0x01120000 \SystemRoot\system32\drivers\pciide.sys 0x01127000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x01137000 \SystemRoot\System32\drivers\mountmgr.sys 0x01217000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x0141F000 \SystemRoot\system32\drivers\atapi.sys 0x01428000 \SystemRoot\system32\drivers\ataport.SYS 0x01452000 \SystemRoot\system32\drivers\msahci.sys 0x0145D000 \SystemRoot\system32\drivers\amdxata.sys 0x01468000 \SystemRoot\system32\drivers\fltmgr.sys 0x014B4000 \SystemRoot\system32\drivers\fileinfo.sys 0x01659000 \SystemRoot\System32\Drivers\Ntfs.sys 0x014C8000 \SystemRoot\System32\Drivers\msrpc.sys 0x01600000 \SystemRoot\System32\Drivers\ksecdd.sys 0x01526000 \SystemRoot\System32\Drivers\cng.sys 0x0161B000 \SystemRoot\System32\drivers\pcw.sys 0x0162C000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x01801000 \SystemRoot\system32\drivers\ndis.sys 0x018F4000 \SystemRoot\system32\drivers\NETIO.SYS 0x01954000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x01A64000 \SystemRoot\System32\drivers\tcpip.sys 0x01C68000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x01CB2000 \SystemRoot\system32\drivers\volsnap.sys 0x01CFE000 \SystemRoot\System32\Drivers\spldr.sys 0x01D06000 \SystemRoot\System32\drivers\rdyboost.sys 0x01D40000 \SystemRoot\System32\Drivers\mup.sys 0x01D52000 \SystemRoot\System32\drivers\hwpolicy.sys 0x01D5B000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x01D95000 \SystemRoot\system32\DRIVERS\disk.sys 0x01DAB000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x04288000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x042B2000 \SystemRoot\System32\Drivers\Null.SYS 0x042BB000 \SystemRoot\System32\Drivers\Beep.SYS 0x042C2000 \SystemRoot\System32\drivers\vga.sys 0x042D0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x042F5000 \SystemRoot\System32\drivers\watchdog.sys 0x04305000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x0430E000 \SystemRoot\system32\drivers\rdpencdd.sys 0x04317000 \SystemRoot\system32\drivers\rdprefmp.sys 0x04320000 \SystemRoot\System32\Drivers\Msfs.SYS 0x0432B000 \SystemRoot\System32\Drivers\Npfs.SYS 0x0433C000 \SystemRoot\system32\DRIVERS\tdx.sys 0x0435E000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x0436B000 \SystemRoot\system32\drivers\afd.sys 0x04000000 \SystemRoot\System32\DRIVERS\netbt.sys 0x04045000 \SystemRoot\system32\drivers\ws2ifsl.sys 0x04050000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x01A00000 \SystemRoot\system32\DRIVERS\pacer.sys 0x01A26000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x04059000 \SystemRoot\system32\DRIVERS\netbios.sys 0x01A3C000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x0197F000 \SystemRoot\system32\DRIVERS\tmtdi.sys 0x01DE9000 \SystemRoot\system32\drivers\termdd.sys 0x0199C000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x043F4000 \SystemRoot\system32\drivers\nsiproxy.sys 0x01A57000 \SystemRoot\system32\drivers\mssmbios.sys 0x019ED000 \SystemRoot\System32\drivers\discache.sys 0x01636000 \SystemRoot\System32\Drivers\dfsc.sys 0x01598000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x015A9000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x05A32000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x0655E000 \SystemRoot\system32\DRIVERS\nvBridge.kmd 0x0301F000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x03113000 \SystemRoot\System32\drivers\dxgmms1.sys 0x03159000 \SystemRoot\system32\drivers\HDAudBus.sys 0x0317D000 \SystemRoot\system32\DRIVERS\HECIx64.sys 0x0318E000 \SystemRoot\system32\drivers\usbehci.sys 0x0319F000 \SystemRoot\system32\drivers\USBPORT.SYS 0x04E38000 \SystemRoot\system32\DRIVERS\athrx.sys 0x04FB5000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x04FC2000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys 0x04FF2000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x04E13000 \SystemRoot\system32\drivers\i8042prt.sys 0x06560000 \SystemRoot\system32\DRIVERS\ETD.sys 0x03000000 \SystemRoot\system32\drivers\mouclass.sys 0x04FF4000 \SystemRoot\system32\DRIVERS\kbfiltr.sys 0x0300F000 \SystemRoot\system32\drivers\kbdclass.sys 0x06585000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x04E31000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x06592000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x031F5000 \SystemRoot\system32\DRIVERS\ATK64AMD.sys 0x065A8000 \SystemRoot\system32\drivers\CompositeBus.sys 0x065B8000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x065CE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x065F2000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x05A00000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x015CF000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x01151000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x01172000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x04E36000 \SystemRoot\system32\drivers\swenum.sys 0x0118C000 \SystemRoot\system32\drivers\ks.sys 0x015EA000 \SystemRoot\system32\drivers\umbus.sys 0x01000000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x0105A000 \SystemRoot\system32\DRIVERS\nusb3hub.sys 0x01200000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x01072000 \SystemRoot\system32\drivers\nvhda64v.sys 0x00DAD000 \SystemRoot\system32\drivers\portcls.sys 0x0108B000 \SystemRoot\system32\drivers\drmk.sys 0x010AD000 \SystemRoot\system32\drivers\ksthunk.sys 0x06884000 \SystemRoot\system32\drivers\RTKVHD64.sys 0x06AA6000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x00060000 \SystemRoot\System32\win32k.sys 0x06AC3000 \SystemRoot\System32\drivers\Dxapi.sys 0x06ACF000 \SystemRoot\System32\Drivers\crashdmp.sys 0x04068000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x06ADD000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x06AF0000 \SystemRoot\system32\DRIVERS\monitor.sys 0x004C0000 \SystemRoot\System32\TSDDD.dll 0x06AFE000 \SystemRoot\system32\drivers\hidusb.sys 0x06B0C000 \SystemRoot\system32\drivers\HIDCLASS.SYS 0x06B25000 \SystemRoot\system32\drivers\HIDPARSE.SYS 0x06B2E000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x06B3B000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x00770000 \SystemRoot\System32\cdd.dll 0x06B58000 \SystemRoot\System32\Drivers\S6000KNT.sys 0x06B85000 \SystemRoot\system32\drivers\luafv.sys 0x06BA8000 \SystemRoot\system32\DRIVERS\tmpreflt.sys 0x02C11000 \SystemRoot\system32\DRIVERS\vsapint.sys 0x06800000 \SystemRoot\system32\DRIVERS\tmxpflt.sys 0x0685F000 \SystemRoot\system32\drivers\WudfPf.sys 0x06BB7000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x0449B000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x044EE000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x04501000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x04519000 \SystemRoot\system32\DRIVERS\TurboB.sys 0x04520000 \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 0x04528000 \SystemRoot\system32\drivers\HTTP.sys 0x04400000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x04431000 \SystemRoot\system32\DRIVERS\bowser.sys 0x0444F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x05851000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x0589F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x058C3000 \SystemRoot\System32\DRIVERS\srv2.sys 0x0592C000 \SystemRoot\System32\DRIVERS\srv.sys 0x059C4000 \SystemRoot\system32\DRIVERS\vwifimp.sys 0x06EAA000 \SystemRoot\system32\drivers\peauth.sys 0x06F50000 \SystemRoot\System32\Drivers\secdrv.SYS 0x06F5B000 \SystemRoot\System32\drivers\tcpipreg.sys 0x06F6D000 \??\C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl 0x06F98000 \SystemRoot\System32\Drivers\fastfat.SYS 0x06E71000 \SystemRoot\system32\DRIVERS\L1C62x64.sys 0x06E84000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS 0x76E00000 \Windows\System32\ntdll.dll 0x47730000 \Windows\System32\smss.exe 0xFF120000 \Windows\System32\apisetschema.dll 0xFF990000 \Windows\System32\autochk.exe 0xFEF30000 \Windows\System32\setupapi.dll 0xFEF20000 \Windows\System32\nsi.dll 0x76FD0000 \Windows\System32\normaliz.dll 0xFEE80000 \Windows\System32\msvcrt.dll 0xFEE00000 \Windows\System32\shlwapi.dll 0x76BF0000 \Windows\System32\iertutil.dll 0xFED20000 \Windows\System32\advapi32.dll 0x76AF0000 \Windows\System32\user32.dll 0xFECC0000 \Windows\System32\Wldap32.dll 0xFDF30000 \Windows\System32\shell32.dll 0xFDF10000 \Windows\System32\sechost.dll 0xFDEC0000 \Windows\System32\ws2_32.dll 0xFDE90000 \Windows\System32\imm32.dll 0xFDC80000 \Windows\System32\ole32.dll 0xFDC00000 \Windows\System32\difxapi.dll 0xFDB30000 \Windows\System32\usp10.dll 0xFDB10000 \Windows\System32\imagehlp.dll 0x769A0000 \Windows\System32\urlmon.dll 0xFDA70000 \Windows\System32\comdlg32.dll 0xFD990000 \Windows\System32\oleaut32.dll 0xFD880000 \Windows\System32\msctf.dll 0x76FC0000 \Windows\System32\psapi.dll 0xFD810000 \Windows\System32\gdi32.dll 0xFD6E0000 \Windows\System32\rpcrt4.dll 0x76840000 \Windows\System32\wininet.dll 0xFD640000 \Windows\System32\clbcatq.dll 0x76720000 \Windows\System32\kernel32.dll 0xFD630000 \Windows\System32\lpk.dll 0xFD610000 \Windows\System32\devobj.dll 0xFD5D0000 \Windows\System32\wintrust.dll 0xFD460000 \Windows\System32\crypt32.dll 0xFD420000 \Windows\System32\cfgmgr32.dll 0xFD380000 \Windows\System32\comctl32.dll 0xFD310000 \Windows\System32\KernelBase.dll 0xFD300000 \Windows\System32\msasn1.dllProcesses (total 104): 0 System Idle Process 4 System 360 C:\Windows\System32\smss.exe 500 csrss.exe 588 C:\Windows\System32\wininit.exe 628 csrss.exe 640 C:\Windows\System32\services.exe 656 C:\Windows\System32\lsass.exe 668 C:\Windows\System32\lsm.exe 760 C:\Windows\System32\winlogon.exe 820 C:\Windows\System32\svchost.exe 912 C:\Windows\System32\nvvsvc.exe 952 C:\Windows\System32\svchost.exe 332 C:\Windows\System32\svchost.exe 512 C:\Windows\System32\svchost.exe 724 C:\Windows\System32\svchost.exe 1064 C:\Windows\System32\svchost.exe 1152 C:\Windows\System32\svchost.exe 1252 C:\Windows\System32\nvvsvc.exe 1392 C:\Windows\System32\FBAgent.exe 1416 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe 1476 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe 1556 C:\Windows\System32\spoolsv.exe 1604 C:\Windows\System32\svchost.exe 1860 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1964 C:\Program Files\Bonjour\mDNSResponder.exe 1996 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 2028 C:\Windows\SysWOW64\svchost.exe 1628 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 1668 C:\Windows\System32\svchost.exe 2068 C:\Windows\System32\svchost.exe 2200 C:\Windows\System32\svchost.exe 2220 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2320 C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe 2352 C:\Windows\System32\svchost.exe 2476 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 2584 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE 2864 C:\Windows\System32\taskeng.exe 2916 C:\Program Files\P4G\BatteryLife.exe 2924 C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe 2940 C:\Program Files (x86)\ASUS\Splendid\ACMON.exe 3020 C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe 3044 C:\Windows\SysWOW64\ACEngSvr.exe 1332 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe 1296 C:\Windows\System32\taskhost.exe 2108 C:\Windows\System32\dwm.exe 1364 C:\Windows\explorer.exe 2464 C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe 2964 C:\Windows\System32\svchost.exe 3096 WmiPrvSE.exe 3672 WmiPrvSE.exe 3736 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe 3812 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe 3836 C:\Windows\AsScrPro.exe 3912 C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe 4016 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 3252 C:\Windows\System32\svchost.exe 1920 C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe 1224 C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe 2708 C:\Program Files\Elantech\ETDCtrl.exe 3268 C:\Windows\WindowsMobile\wmdc.exe 1368 C:\Program Files\Windows Sidebar\sidebar.exe 3828 C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe 3136 D:\PPS.tv\PPStream\PPSAP.exe 3120 C:\Windows\System32\svchost.exe 1688 C:\Program Files (x86)\Skype\Phone\Skype.exe 4112 C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe 4368 C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe 4388 C:\Program Files (x86)\CyberLink\Shared files\brs.exe 4568 C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe 4580 C:\PROGRA~2\HP\DIGITA~1\bin\hpqtra08.exe 4604 C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe 4612 C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe 4768 C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe 4792 C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe 4884 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe 4916 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe 4924 C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe 4940 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 4948 C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe 4136 D:\iTunes\iTunesHelper.exe 4128 C:\Program Files\Elantech\ETDCtrlHelper.exe 4408 C:\Windows\WebCam\S6000\S6000Mnt.exe 4528 C:\Program Files\iPod\bin\iPodService.exe 3244 C:\Windows\System32\SearchIndexer.exe 4848 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe 4892 C:\Program Files\Windows Media Player\wmpnetwk.exe 4956 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe 5320 C:\Program Files\Intel\TurboBoost\TurboBoost.exe 5468 C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe 5788 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe 5580 C:\Windows\System32\svchost.exe 6136 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 2612 C:\Windows\System32\svchost.exe 5136 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe 4812 C:\Windows\System32\notepad.exe 4552 C:\Windows\System32\svchost.exe 5144 C:\Program Files (x86)\Mozilla Firefox\firefox.exe 2844 C:\Windows\System32\audiodg.exe 3168 C:\Windows\System32\dllhost.exe 3728 dllhost.exe 3328 dllhost.exe 5492 C:\Users\Soong Jin Chang\Downloads\MBRCheck.exe 3016 C:\Windows\System32\conhost.exe\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000004`e22cec00 (NTFS)\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000021`fe400000 (NTFS)PhysicalDrive0 Model Number: ST9500420AS, Rev: 0003SDM1 Size Device Name MBR Status -------------------------------------------- 465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79Done! Link to post Share on other sites More sharing options...
JCSoong Posted January 18, 2012 Author ID:518012 Share Posted January 18, 2012 please teach me how to remove the annoying 95p.com redirect. please.as attached is the TDSSkiller scan log, as I am unable to paste them here. they are too lengthy.TDSSKiller.2.7.5.0_18.01.2012_19.25.16_log.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 3, 2012 ID:532386 Share Posted March 3, 2012 Duplicate topic to this ---> http://forums.malwar...howtopic=104873which you did not follow-thru on with your helper.This is closed due to duplication. Link to post Share on other sites More sharing options...
Recommended Posts