Infected with partner37.mydomainadvisor.com

[m1a2lt]

Got this and tried Malwarebytes and tdsskiller to no avail.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Andrew at 21:24:45 on 2012-03-21

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.5458 [GMT -5:00]

.

AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Windows\System32\rpcnetp.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Windows\Explorer.EXE

C:\Program Files\P4G\BatteryLife.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Program Files\Trend Micro\Titanium\TiMiniService.exe

C:\Program Files\Intel\TurboBoost\TurboBoost.exe

C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe

C:\Windows\system32\conhost.exe

C:\ExpressGateUtil\VAWinService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Windows\AsScrPro.exe

C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe

C:\ExpressGateUtil\VAWinAgent.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\DllHost.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\taskeng.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://asus.msn.com

mStart Page = hxxp://asus.msn.com

mWinlogon: Userinit=userinit.exe,

BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll

BHO: Updater For Spam Free Search Bar: {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll

BHO: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\bin\IPS\IPSBHO.DLL

BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - C:\ProgramData\Partner\Partner.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRunOnce: [blekkotb] reg.exe delete "HKCU\Software\AppDataLow\Software\blekkotb" /f

uRunOnce: [blekkotb_XP] reg.exe delete "HKCU\Software\blekkotb" /f

mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"

mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.102.211\AsusWSPanel.exe /S

mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe

mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"

mRun: [sessionLogon] C:\ExpressGateUtil\SessionLogon.exe

mRun: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe

mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{37CFCD65-F9E2-4782-BB89-AC990EFF2736} : DhcpNameServer = 192.168.2.1

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: SEP - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll

BHO-X64: Trend Micro NSC BHO - No File

BHO-X64: Updater For Spam Free Search Bar: {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll

BHO-X64: Updater For Spam Free Search Bar - No File

BHO-X64: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll

BHO-X64: Spam Free Search Bar - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\bin\IPS\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

BHO-X64: TmBpIeBHO - No File

BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

BHO-X64: Google Dictionary Compression sdch - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll

mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

mRun-x64: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"

mRun-x64: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.102.211\AsusWSPanel.exe /S

mRun-x64: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"

mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun-x64: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe

mRun-x64: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r

mRun-x64: [updReg] C:\Windows\UpdReg.EXE

mRun-x64: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"

mRun-x64: [sessionLogon] C:\ExpressGateUtil\SessionLogon.exe

mRun-x64: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe

mRun-x64: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS --> C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS --> C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS [?]

R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20120317.011\BHDrvx64.sys [2012-3-20 1157240]

R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20120320.002\IDSviA64.sys [2012-3-20 488568]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS --> C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS [?]

R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS --> C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-19 652360]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-17 2348352]

R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe [2011-6-14 137224]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]

R2 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2011-4-28 241488]

R2 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-5 2655768]

R2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2010-8-20 77312]

R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]

R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

RUnknown rpcnetp;rpcnetp; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-17 135664]

S3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-7-17 267480]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-12-5 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-12-5 79360]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-17 135664]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2011-7-17 332272]

S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUVStor.sys --> C:\Windows\system32\Drivers\RtsUVStor.sys [?]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]

S3 SyDvCtrl;SyDvCtrl;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\SyDvCtrl64.sys [2011-6-17 29664]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-03-22 01:53:58 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-22 01:26:00 -------- d-----w- C:\Users\Andrew\AppData\Local\blekkotb

2012-03-21 00:44:44 -------- d-----w- C:\Program Files (x86)\EA Games

2012-03-21 00:38:52 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe

2012-03-21 00:38:51 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll

2012-03-21 00:38:51 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll

2012-03-21 00:38:51 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe

2012-03-21 00:38:51 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll

2012-03-21 00:38:51 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll

2012-03-21 00:38:48 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll

2012-03-21 00:38:48 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll

2012-03-20 01:52:17 -------- d-----w- C:\Users\Andrew\AppData\Roaming\Malwarebytes

2012-03-20 01:52:14 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-20 01:52:14 -------- d-----w- C:\ProgramData\Malwarebytes

2012-03-20 01:52:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-03-18 17:52:28 -------- d-----w- C:\ProgramData\Anti-phishing Domain Advisor

2012-03-18 17:52:25 -------- d-----w- C:\Program Files (x86)\WinAce

2012-03-18 17:52:22 -------- d-----w- C:\Program Files (x86)\blekkotb

2012-03-17 22:13:19 -------- d-----w- C:\Users\Andrew\AppData\Roaming\GetRightToGo

2012-03-17 21:12:19 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll

2012-03-17 15:50:00 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation

2012-03-17 15:45:04 -------- d-----w- C:\NVIDIA

2012-03-17 04:52:58 202381 ----a-w- C:\Program Files\Microsoft Games\Train Simulator\Uninst_MSTS Patch 1.7.0519.exe

2012-03-17 03:44:09 -------- d-----w- C:\ProgramData\VirtualizedApplications

2012-03-17 01:33:43 -------- d-----w- C:\Users\Andrew\AppData\Local\SoftGrid Client

2012-03-17 01:33:42 -------- d-----w- C:\Users\Andrew\AppData\Roaming\SoftGrid Client

2012-03-17 01:32:38 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client

2012-03-17 01:32:21 -------- d-----w- C:\Users\Andrew\AppData\Roaming\TP

2012-03-16 14:53:19 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-15 21:38:22 -------- d-----w- C:\Users\Andrew\AppData\Roaming\The Creative Assembly

2012-03-15 21:36:59 4992520 ----a-w- C:\Windows\System32\D3DX9_39.dll

2012-03-15 21:26:59 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared

2012-03-15 21:19:46 -------- d-----w- C:\Users\Andrew\AppData\Local\Symantec

2012-03-15 21:19:18 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-03-15 21:19:18 -------- d-----w- C:\Program Files\Symantec

2012-03-15 21:19:18 -------- d-----w- C:\Program Files\Common Files\Symantec Shared

2012-03-15 01:23:42 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS

2012-03-15 01:23:42 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys

2012-03-14 22:36:44 -------- d-----w- C:\Windows\SysWow64\Wat

2012-03-14 22:36:44 -------- d-----w- C:\Windows\System32\Wat

2012-03-14 14:48:44 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-14 14:48:42 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-14 14:48:41 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-03-14 14:40:01 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-03-14 14:40:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-03-14 14:40:00 141112 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll

2012-03-14 09:17:53 -------- d-----w- C:\Program Files (x86)\Activision

2012-03-14 09:09:51 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-03-14 09:09:47 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll

2012-03-14 09:09:46 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2012-03-14 09:04:57 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

2012-03-14 09:04:57 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2012-03-14 09:04:57 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2012-03-14 09:04:57 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2012-03-14 09:04:18 498688 ----a-w- C:\Windows\System32\drivers\afd.sys

2012-03-14 09:02:14 -------- d-----w- C:\Program Files (x86)\Microsoft Games

2012-03-14 09:01:51 -------- d-----w- C:\Windows\Profiles

2012-03-14 09:01:50 565760 ----a-w- C:\Windows\SysWow64\MSVCP50.DLL

2012-03-14 09:01:45 306688 ----a-w- C:\Windows\IsUninst.exe

2012-03-14 08:51:30 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll

2012-03-14 08:51:30 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe

2012-03-14 08:51:29 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

2012-03-14 08:51:29 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll

2012-03-14 08:51:29 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll

2012-03-14 08:51:21 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll

2012-03-14 08:51:21 634880 ----a-w- C:\Windows\System32\msvcrt.dll

2012-03-14 08:51:12 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2012-03-14 08:51:12 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2012-03-14 08:51:12 331776 ----a-w- C:\Windows\System32\oleacc.dll

2012-03-14 08:51:12 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2012-03-14 08:50:50 723456 ----a-w- C:\Windows\System32\EncDec.dll

2012-03-14 08:50:50 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2012-03-14 08:50:40 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-03-14 08:50:40 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-03-14 08:49:15 1731920 ----a-w- C:\Windows\System32\ntdll.dll

2012-03-14 08:49:15 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll

2012-03-14 08:38:18 77312 ----a-w- C:\Windows\System32\packager.dll

2012-03-14 08:38:18 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-03-14 07:27:51 -------- d-----w- C:\Users\Andrew\AppData\Local\World in Conflict

2012-03-14 07:24:52 -------- d-----w- C:\ProgramData\Media Center Programs

2012-03-14 07:15:00 -------- d-----w- C:\Program Files (x86)\Sierra Entertainment

2012-03-14 06:28:56 -------- d-----w- C:\Users\Andrew\AppData\Roaming\ASUS WebStorage

2012-03-14 06:13:19 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2012-03-14 06:13:18 -------- d-----w- C:\Program Files (x86)\Steam

2012-03-14 06:09:33 -------- d-----w- C:\Users\Andrew\AppData\Local\Google

2012-03-14 05:17:45 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-03-14 05:17:45 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-03-14 05:17:45 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-03-14 05:17:44 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-03-14 05:17:44 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-03-14 05:17:43 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-03-14 05:17:43 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-03-14 05:17:07 -------- d-----w- C:\Users\Andrew\AppData\Local\Broadcom

2012-03-14 05:17:05 -------- d-----w- C:\Users\Andrew\AppData\Local\Power2Go

2012-03-14 05:15:03 45056 ----a-w- C:\Windows\System32\acovcnt.exe

2012-02-29 18:26:56 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

.

==================== Find3M ====================

.

2012-03-21 20:35:35 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll

2012-03-21 20:35:07 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe

2012-03-21 20:35:07 17920 ----a-w- C:\Windows\System32\rpcnetp.exe

2012-03-15 21:18:46 58288 ----a-w- C:\Windows\SysWow64\snacnp.dll

2012-03-15 21:18:46 58288 ----a-w- C:\Windows\System32\snacnp.dll

2012-03-15 21:18:46 513456 ----a-w- C:\Windows\System32\sysfer.dll

2012-03-15 21:18:46 42632 ----a-w- C:\Windows\System32\drivers\WGX64.SYS

2012-03-15 21:18:46 374704 ----a-w- C:\Windows\SysWow64\sysfer.dll

2012-03-15 21:18:46 287152 ----a-w- C:\Windows\System32\SymVPN.dll

2012-03-15 21:18:46 147632 ----a-w- C:\Windows\System32\drivers\SysPlant.sys

2012-03-15 21:18:46 11184 ----a-w- C:\Windows\System32\sysferThunk.dll

2012-03-15 21:18:46 10672 ----a-w- C:\Windows\SysWow64\sysferThunk.dll

2012-03-15 21:18:46 102832 ----a-w- C:\Windows\SysWow64\FwsVpn.dll

2012-02-29 21:00:22 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-02-29 21:00:09 6074176 ----a-w- C:\Windows\System32\nvcpl.dll

2012-02-29 20:59:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-02-29 20:59:47 63296 ----a-w- C:\Windows\System32\nvshext.dll

2012-02-29 20:59:47 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll

2012-02-29 20:59:47 118080 ----a-w- C:\Windows\System32\nvmctray.dll

2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-01-17 12:46:01 31040 ----a-w- C:\Windows\System32\nvhdap64.dll

2012-01-17 12:45:56 188224 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys

2012-01-17 12:45:55 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll

2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl

2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

.

============= FINISH: 21:27:38.31 ===============

Attach.txt

[LDTate]

Logs will be closed if you haven't replied within 3 days

Looks like you're running 2 anti-virus programs.

AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!

The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.

Also because more than one Antivirus and Firewall installed are not compatible with each other, it can cause system performance problems and a serious system slowdown.

Please do not delete anything unless instructed to.

1.Click Start > Settings > Control Panel.

2.Next, open Add/Remove Programs and remove either:

Trend Micro

Symantec

Next:

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!