Jump to content

Sirefef infection


Recommended Posts

About 2 days ago microsoft security essentials popped up and said I was infected so I checked it out and it said, Trojan Sirefef.w. So I freaked out because it uninstalled my MSE and took down my firewall and could not get it back up and started to look up how to get rid of it because if i removed it, it would keep coming back. So I restored back to May 20th and so far the scan comes up clean but I bought Malwarebytes to make sure. I scanned my pc again in safe mode and it came back clean, but malwarebytes keeps popping up in the corner saying its blocking an outgoing ip(random every time) from svchost.exe. Then I ran TDSS Killer and Combofix. TDSS came up clean and I have a log from Combo fix. I dont know what combo did because I dont know what to look for in the log. But I have All the logs you need, so just tell me what to post and Ill post it right off. Thanks!

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Ryan at 18:39:51 on 2012-06-01

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.5689 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe

C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe

C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Intel\TurboBoost\TurboBoost.exe

C:\ExpressGateUtil\VAWinService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\SmartTechnology\Software\ProfilerU.exe

C:\Program Files\SmartTechnology\Software\SaiMfd.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\ExpressGateUtil\VAWinAgent.exe

C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe

C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Windows\AsScrPro.exe

E:\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\svchost.exe -k netsvcs

E:\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\System32\perfmon.exe

C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://asus.msn.com

mStart Page = hxxp://asus.msn.com

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - Google Dictionary Compression sdch

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"

mRun: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"

mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe

mRun: [Malwarebytes' Anti-Malware] "E:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\Ryan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MBAMEX~1.LNK - E:\Malwarebytes' Anti-Malware\mbam.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

TCP: Interfaces\{D6BE5DCB-C901-4BB2-8C87-2317C064D9A7} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

TCP: Interfaces\{D6BE5DCB-C901-4BB2-8C87-2317C064D9A7}\2456C6B696E6E253245383 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{D6BE5DCB-C901-4BB2-8C87-2317C064D9A7}\259716E67237 : DhcpNameServer = 192.168.43.1

TCP: Interfaces\{D6BE5DCB-C901-4BB2-8C87-2317C064D9A7}\35A736A7560716E6F67737B696 : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

TCP: Interfaces\{D6BE5DCB-C901-4BB2-8C87-2317C064D9A7}\54D6562716C646F416B6D27657563747 : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

TCP: Interfaces\{D6BE5DCB-C901-4BB2-8C87-2317C064D9A7}\8497164747023427F677E6023456E6475627 : DhcpNameServer = 4.2.2.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - Google Dictionary Compression sdch

BHO-X64: Google Dictionary Compression sdch - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun-x64: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe

mRun-x64: [updReg] C:\Windows\UpdReg.EXE

mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun-x64: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"

mRun-x64: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"

mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun-x64: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe

mRun-x64: [Malwarebytes' Anti-Malware] "E:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 fltsrv;Acronis Storage Filter Management;C:\Windows\system32\DRIVERS\fltsrv.sys --> C:\Windows\system32\DRIVERS\fltsrv.sys [?]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 vidsflt61;Acronis Disk Storage Filter (61);C:\Windows\system32\DRIVERS\vsflt61.sys --> C:\Windows\system32\DRIVERS\vsflt61.sys [?]

R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]

R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

R2 MBAMService;MBAMService;E:\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-31 654408]

R2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011-9-14 86016]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-11-30 1262400]

R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-3-16 531328]

R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-3-15 370504]

R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-5-28 275968]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-16 2655768]

R2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2010-8-20 77312]

R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]

R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUVStor.sys --> C:\Windows\system32\Drivers\RtsUVStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 SaiK0CCB;SaiK0CCB;C:\Windows\system32\DRIVERS\SaiK0CCB.sys --> C:\Windows\system32\DRIVERS\SaiK0CCB.sys [?]

R3 SaiU0CCB;SaiU0CCB;C:\Windows\system32\DRIVERS\SaiU0CCB.sys --> C:\Windows\system32\DRIVERS\SaiU0CCB.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-16 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-8 257696]

S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys --> C:\Windows\system32\Drivers\androidusb.sys [?]

S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-4-16 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-4-16 79360]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-5-11 1432400]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-1-6 130976]

S3 iDispService;iDispService;C:\Windows\system32\DRIVERS\idisplayminiport.sys --> C:\Windows\system32\DRIVERS\idisplayminiport.sys [?]

S3 libusb0;libusb-win32 - Kernel Driver 02/04/2012 0.0.0.0;C:\Windows\system32\DRIVERS\libusb0.sys --> C:\Windows\system32\DRIVERS\libusb0.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-06-01 21:29:07 -------- d-sh--w- C:\$RECYCLE.BIN

2012-06-01 21:00:26 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9CE6634F-FB9D-4948-A914-47F0E930201A}\gapaengine.dll

2012-06-01 21:00:24 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EB79D275-ACF7-4F22-80FD-4ADEDBFB11A0}\mpengine.dll

2012-06-01 21:00:11 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2012-06-01 21:00:09 -------- d-----w- C:\Program Files\Microsoft Security Client

2012-06-01 04:52:51 -------- d-----w- C:\TDSSKiller_Quarantine

2012-05-31 16:25:47 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Malwarebytes

2012-05-31 16:25:40 -------- d-----w- C:\ProgramData\Malwarebytes

2012-05-31 16:25:39 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-05-31 00:07:26 -------- d-----w- C:\Windows\System32\wbem\Logs

2012-05-30 22:49:44 -------- d-----w- C:\Users\Ryan\AppData\Roaming\ParetoLogic

2012-05-30 22:49:44 -------- d-----w- C:\Users\Ryan\AppData\Roaming\DriverCure

2012-05-30 22:48:29 -------- d-----w- C:\Program Files (x86)\Common Files\ParetoLogic

2012-05-30 22:48:28 -------- d-----w- C:\ProgramData\ParetoLogic

2012-05-30 22:48:28 -------- d-----w- C:\Program Files (x86)\ParetoLogic

2012-05-15 07:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2012-05-14 17:48:38 -------- d-----w- C:\Program Files (x86)\Diablo III

2012-05-11 20:33:31 -------- d-----w- C:\Users\Ryan\Diablo-III-8370-enUS-Installer

2012-05-08 21:57:20 1544704 ----a-w- C:\Windows\System32\DWrite.dll

2012-05-08 21:57:20 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-05-08 21:57:19 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-08 21:57:18 3146240 ----a-w- C:\Windows\System32\win32k.sys

2012-05-08 21:57:17 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-08 21:57:17 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-08 21:57:04 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2012-05-08 21:56:58 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-05-08 21:56:57 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-08 21:56:57 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL

2012-05-08 21:56:57 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

2012-05-08 21:56:57 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2012-05-08 21:56:57 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

.

==================== Find3M ====================

.

2012-05-31 04:38:11 151552 ----a-w- C:\Windows\KMSEmulator.exe

2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll

2012-05-15 09:29:46 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll

2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll

2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll

2012-05-05 02:53:30 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-05 02:53:29 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-05 02:53:19 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-05-02 02:34:13 45056 ----a-w- C:\Windows\System32\acovcnt.exe

2012-04-29 23:11:51 4608 ----a-w- C:\Windows\SysWow64\adesk_patcher64.exe

2012-04-18 17:08:08 31040 ----a-w- C:\Windows\System32\nvhdap64.dll

2012-04-18 17:08:03 188736 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys

2012-04-18 17:08:02 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll

2012-04-16 00:22:24 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll

2012-04-16 00:22:24 660368 ----a-w- C:\Windows\System32\deployJava1.dll

2012-04-04 18:02:02 1285216 ----a-w- C:\Windows\System32\drivers\tdrpman.sys

2012-04-04 18:02:00 986208 ----a-w- C:\Windows\System32\drivers\timntr.sys

2012-04-04 18:01:55 211040 ----a-w- C:\Windows\System32\drivers\vididr.sys

2012-04-04 18:01:53 142944 ----a-w- C:\Windows\System32\drivers\vsflt61.sys

2012-04-04 18:01:51 310368 ----a-w- C:\Windows\System32\drivers\snapman.sys

2012-04-04 18:01:50 133728 ----a-w- C:\Windows\System32\drivers\fltsrv.sys

2012-04-03 19:19:10 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys

2012-04-03 19:19:10 166192 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys

2012-04-03 19:19:10 147248 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys

2012-04-03 19:19:10 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys

2012-04-03 19:19:08 320816 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll

2012-03-26 05:36:37 1817088 ----a-w- C:\Windows\SysWow64\Mcx2Svc.dll

2012-03-23 03:19:22 726016 ----a-w- C:\Windows\SysWow64\7z.dll

2012-03-21 01:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2012-03-21 01:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

.

============= FINISH: 18:40:17.32 ===============

No help at all :-(

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

Currently my computer is running fine, its fast as always. But I am receiving a pop-up in the taskbar saying that MBAM blocked an outgoing ip. It alternates between 2 different ips and it says that svchost was the program doing it.

here is me MBAM full scan log followed by the ip block log.

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.01.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Ryan :: TERMINATOR [administrator]

Protection: Enabled

6/3/2012 1:16:40 PM

mbam-log-2012-06-02 (13-16-40).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 752291

Time elapsed: 1 hour(s), 33 minute(s), 55 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

My log on blocked ip addresses

2012/06/04 11:12:37 -0500 TERMINATOR Ryan IP-BLOCK 93.170.52.20 (Type: outgoing, Port: 49657, Process: svchost.exe)

2012/06/04 11:15:34 -0500 TERMINATOR Ryan IP-BLOCK 112.175.243.22 (Type: outgoing, Port: 49658, Process: svchost.exe)

2012/06/04 11:18:38 -0500 TERMINATOR Ryan IP-BLOCK 93.170.52.20 (Type: outgoing, Port: 49660, Process: svchost.exe)

2012/06/04 11:21:34 -0500 TERMINATOR Ryan IP-BLOCK 112.175.243.22 (Type: outgoing, Port: 49663, Process: svchost.exe)

2012/06/04 11:24:38 -0500 TERMINATOR Ryan IP-BLOCK 93.170.52.20 (Type: outgoing, Port: 49664, Process: svchost.exe)

2012/06/04 11:27:34 -0500 TERMINATOR Ryan IP-BLOCK 112.175.243.21 (Type: outgoing, Port: 49666, Process: svchost.exe)

2012/06/04 11:33:34 -0500 TERMINATOR Ryan IP-BLOCK 112.175.243.23 (Type: outgoing, Port: 49675, Process: svchost.exe)

2012/06/04 11:36:38 -0500 TERMINATOR Ryan IP-BLOCK 95.215.1.248 (Type: outgoing, Port: 49677, Process: svchost.exe)

2012/06/04 11:39:34 -0500 TERMINATOR Ryan IP-BLOCK 112.175.243.21 (Type: outgoing, Port: 49678, Process: svchost.exe)

2012/06/04 11:42:39 -0500 TERMINATOR Ryan IP-BLOCK 93.170.52.30 (Type: outgoing, Port: 49681, Process: svchost.exe)

2012/06/04 11:45:43 -0500 TERMINATOR Ryan IP-BLOCK 112.175.243.24 (Type: outgoing, Port: 49682, Process: svchost.exe)

2012/06/04 11:51:43 -0500 TERMINATOR Ryan IP-BLOCK 112.175.243.23 (Type: outgoing, Port: 49690, Process: svchost.exe)

2012/06/04 11:54:39 -0500 TERMINATOR Ryan IP-BLOCK 95.215.1.248 (Type: outgoing, Port: 49694, Process: svchost.exe)

2012/06/04 11:57:43 -0500 TERMINATOR Ryan IP-BLOCK 112.175.243.23 (Type: outgoing, Port: 49696, Process: svchost.exe)

2012/06/04 12:00:39 -0500 TERMINATOR Ryan IP-BLOCK 93.170.52.20 (Type: outgoing, Port: 49697, Process: svchost.exe)

2012/06/04 12:03:44 -0500 TERMINATOR Ryan IP-BLOCK 112.175.243.21 (Type: outgoing, Port: 49771, Process: svchost.exe)

2012/06/04 12:06:40 -0500 TERMINATOR Ryan IP-BLOCK 93.170.52.30 (Type: outgoing, Port: 49774, Process: svchost.exe)

2012/06/04 12:09:44 -0500 TERMINATOR Ryan IP-BLOCK 112.175.243.21 (Type: outgoing, Port: 49852, Process: svchost.exe)

2012/06/04 12:12:40 -0500 TERMINATOR Ryan IP-BLOCK 93.170.52.20 (Type: outgoing, Port: 49856, Process: svchost.exe)

2012/06/04 12:15:45 -0500 TERMINATOR Ryan IP-BLOCK 112.175.243.23 (Type: outgoing, Port: 49863, Process: svchost.exe)

Link to post
Share on other sites

IP Information for 93.170.52.20

IP Location: Netherlands Netherlands Amsterdam Alfa Telecom S.r.o.

IP Information for 112.175.243.22

IP Location: Korea, Republic Of Korea, Republic Of Seoul Korea Telecom

I'll assume you're not anywhere near either of those.

Had you downloaed anything or visited any gaming sites, etc., around the time this started?

Link to post
Share on other sites

No I am located in Nebraska! I have been trying to remember what sites I have been on in the past 2 weeks. I could not think of anything. I usually browse the web on my tablet and play games on my pc. I was wondering when I had the sirefef infection if it redirected my web page and I just did not notice at the time.

Link to post
Share on other sites

You already have CF so just follow the directions

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Here is my Combofix log

ComboFix 12-06-04.02 - Ryan 06/04/2012 16:47:22.3.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.5828 [GMT -5:00]

Running from: c:\users\Ryan\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 )))))))))))))))))))))))))))))))

.

.

2012-06-04 21:51 . 2012-06-04 21:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-06-04 21:51 . 2012-06-04 21:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-04 21:45 . 2012-06-04 21:45 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{34737A5B-8810-4260-8CF6-C6DC6A78FD87}\offreg.dll

2012-06-04 15:18 . 2012-05-08 15:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{34737A5B-8810-4260-8CF6-C6DC6A78FD87}\mpengine.dll

2012-06-03 02:04 . 2012-06-03 02:04 -------- d-----w- c:\program files (x86)\ESET

2012-06-02 17:42 . 2012-05-08 15:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-01 21:00 . 2012-06-01 21:00 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9CE6634F-FB9D-4948-A914-47F0E930201A}\gapaengine.dll

2012-06-01 21:00 . 2012-06-01 21:00 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-06-01 21:00 . 2012-06-01 21:00 -------- d-----w- c:\program files\Microsoft Security Client

2012-06-01 04:52 . 2012-06-01 04:52 -------- d-----w- C:\TDSSKiller_Quarantine

2012-05-31 16:25 . 2012-05-31 16:25 -------- d-----w- c:\users\Ryan\AppData\Roaming\Malwarebytes

2012-05-31 16:25 . 2012-05-31 16:25 -------- d-----w- c:\programdata\Malwarebytes

2012-05-31 16:25 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-31 00:07 . 2012-05-31 00:07 -------- d-----w- c:\windows\system32\wbem\Logs

2012-05-30 22:49 . 2012-05-30 22:49 -------- d-----w- c:\users\Ryan\AppData\Roaming\ParetoLogic

2012-05-30 22:49 . 2012-05-30 22:49 -------- d-----w- c:\users\Ryan\AppData\Roaming\DriverCure

2012-05-30 22:48 . 2012-05-30 22:48 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic

2012-05-30 22:48 . 2012-05-30 22:48 -------- d-----w- c:\programdata\ParetoLogic

2012-05-30 22:48 . 2012-05-30 22:48 -------- d-----w- c:\program files (x86)\ParetoLogic

2012-05-15 22:08 . 2012-05-31 05:01 -------- d-----w- c:\users\Ryan\AppData\Roaming\Ventrilo

2012-05-15 07:21 . 2012-05-15 07:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-05-14 17:48 . 2012-06-03 04:37 -------- d-----w- c:\program files (x86)\Diablo III

2012-05-11 20:33 . 2012-05-12 10:02 -------- d-----w- c:\users\Ryan\Diablo-III-8370-enUS-Installer

2012-05-08 21:57 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-05-08 21:57 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-08 21:57 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-08 21:57 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys

2012-05-08 21:57 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-08 21:57 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-08 21:57 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-08 21:56 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-08 21:56 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-08 21:56 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-05-08 21:56 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-08 21:56 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-05-08 21:56 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-15 10:48 . 2012-03-15 19:06 68928 ----a-w- c:\windows\system32\OpenCL.dll

2012-05-15 10:48 . 2012-03-15 19:06 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-05-15 10:48 . 2011-10-26 19:34 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-05-15 10:48 . 2011-09-23 06:03 1738048 ----a-w- c:\windows\system32\nvdispco64.dll

2012-05-15 10:48 . 2011-09-23 06:03 1468224 ----a-w- c:\windows\system32\nvgenco64.dll

2012-05-15 10:48 . 2010-10-29 07:54 2741568 ----a-w- c:\windows\system32\nvapi64.dll

2012-05-15 10:48 . 2010-10-29 07:54 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-05-15 09:29 . 2010-10-29 11:38 889664 ----a-w- c:\windows\system32\nvvsvc.exe

2012-05-15 09:29 . 2010-10-29 11:38 63296 ----a-w- c:\windows\system32\nvshext.dll

2012-05-15 09:29 . 2010-10-29 11:38 2561856 ----a-w- c:\windows\system32\nvsvcr.dll

2012-05-15 09:29 . 2010-10-29 11:38 118080 ----a-w- c:\windows\system32\nvmctray.dll

2012-05-15 09:29 . 2010-10-29 11:38 3149632 ----a-w- c:\windows\system32\nvsvc64.dll

2012-05-15 09:28 . 2010-10-29 11:38 6151488 ----a-w- c:\windows\system32\nvcpl.dll

2012-05-05 02:53 . 2012-04-09 04:36 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-05 02:53 . 2011-06-08 21:33 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-05 02:53 . 2012-04-10 23:53 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-05-02 02:34 . 2011-04-17 03:35 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-04-29 23:11 . 2012-04-29 23:11 4608 ----a-w- c:\windows\SysWow64\adesk_patcher64.exe

2012-04-18 17:08 . 2011-11-30 04:57 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll

2012-04-16 00:22 . 2012-04-16 00:22 750488 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-04-16 00:22 . 2011-07-04 22:22 660368 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-04 18:02 . 2012-04-04 18:02 1285216 ----a-w- c:\windows\system32\drivers\tdrpman.sys

2012-04-04 18:02 . 2012-04-04 18:02 986208 ----a-w- c:\windows\system32\drivers\timntr.sys

2012-04-04 18:01 . 2012-04-04 18:01 211040 ----a-w- c:\windows\system32\drivers\vididr.sys

2012-04-04 18:01 . 2012-04-04 18:01 142944 ----a-w- c:\windows\system32\drivers\vsflt61.sys

2012-04-04 18:01 . 2012-04-04 18:01 310368 ----a-w- c:\windows\system32\drivers\snapman.sys

2012-04-04 18:01 . 2012-04-04 18:01 133728 ----a-w- c:\windows\system32\drivers\fltsrv.sys

2012-04-03 19:19 . 2012-04-08 20:16 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2012-04-03 19:19 . 2012-04-08 20:16 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2012-04-03 19:19 . 2012-04-03 19:19 166192 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys

2012-04-03 19:19 . 2012-04-03 19:19 147248 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2012-04-03 19:19 . 2012-04-03 19:19 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll

2012-03-26 05:36 . 2012-03-26 05:36 1817088 ----a-w- c:\windows\SysWow64\Mcx2Svc.dll

2012-03-23 03:19 . 2012-03-23 03:18 726016 ----a-w- c:\windows\SysWow64\7z.dll

2012-03-21 01:44 . 2012-03-21 01:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-03-21 01:44 . 2012-03-21 01:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]

"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2010-08-13 21504]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2010-09-08 905216]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2010-11-19 37888]

"CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-10-15 84464]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]

"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-04-17 3058304]

"Malwarebytes' Anti-Malware"="e:\malwarebytes' anti-malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

mbam.exe - Shortcut.lnk - e:\malwarebytes' anti-malware\mbam.exe [2012-5-31 981672]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 135664]

R2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;c:\program files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011-09-14 86016]

R2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2010-08-21 77312]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

R3 ALSysIO;ALSysIO;c:\users\Ryan\AppData\Local\Temp\ALSysIO64.sys [x]

R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-04-17 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-04-17 79360]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]

R3 DxkgFilter;Filtering Dxkg;c:\program files (x86)\iDisplay\idisplay.sys [x]

R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-04-29 1432400]

R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-02 130976]

R3 iDispService;iDispService;c:\windows\system32\DRIVERS\idisplayminiport.sys [x]

R3 libusb0;libusb-win32 - Kernel Driver 02/04/2012 0.0.0.0;c:\windows\system32\DRIVERS\libusb0.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [x]

R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\DRIVERS\vsflt61.sys [x]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]

S2 MBAMService;MBAMService;e:\malwarebytes' anti-malware\mbamservice.exe [2012-04-04 654408]

S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]

S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-03-16 531328]

S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]

S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]

S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [x]

S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [x]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]

S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Mcx2Svc

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 02:53]

.

2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 02:39]

.

2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 02:39]

.

2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2388485762-2462165164-2089254216-1001Core.job

- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-10 23:57]

.

2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2388485762-2462165164-2089254216-1001UA.job

- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-10 23:57]

.

2012-05-30 c:\windows\Tasks\ParetoLogic Registration3.job

- c:\windows\system32\rundll32.exe [2009-07-13 01:14]

.

2012-05-31 c:\windows\Tasks\ParetoLogic Update Version3.job

- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-11-25 02:25]

.

2012-06-02 c:\windows\Tasks\RegCure Pro.job

- c:\program files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe [2011-12-21 22:46]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-22 11075176]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 112512]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]

"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2011-11-10 310272]

"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2011-11-10 158208]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://asus.msn.com

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-06-04 16:53:50

ComboFix-quarantined-files.txt 2012-06-04 21:53

ComboFix2.txt 2012-06-03 01:56

.

Pre-Run: 542,064,525,312 bytes free

Post-Run: 541,881,147,392 bytes free

.

- - End Of File - - FF441B62F40ED551A2DCA72EA8F935B6

Link to post
Share on other sites

Did it start after you installed this?

2012-05-30 22:49 . 2012-05-30 22:49 -------- d-----w- c:\users\Ryan\AppData\Roaming\ParetoLogic

2012-05-30 22:49 . 2012-05-30 22:49 -------- d-----w- c:\users\Ryan\AppData\Roaming\DriverCure

2012-05-30 22:48 . 2012-05-30 22:48 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic

2012-05-30 22:48 . 2012-05-30 22:48 -------- d-----w- c:\programdata\ParetoLogic

2012-05-30 22:48 . 2012-05-30 22:48 -------- d-----w- c:\program files (x86)\ParetoLogic

Link to post
Share on other sites

I uninstalled Regcure which was the maker of Paretologic. I re-ran combofix and here is the log. I noticed the 3 files below were still there so I manually deleted them. So far no pop ups but I will let you know if they come back.

2012-05-30 22:49 . 2012-05-30 22:49 -------- d-----w- c:\users\Ryan\AppData\Roaming\ParetoLogic

2012-05-30 22:49 . 2012-05-30 22:49 -------- d-----w- c:\users\Ryan\AppData\Roaming\DriverCure

2012-05-30 22:48 . 2012-06-04 22:23 -------- d-----w- c:\programdata\ParetoLogic

ComboFix 12-06-04.02 - Ryan 06/04/2012 17:29:29.4.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.5958 [GMT -5:00]

Running from: c:\users\Ryan\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 )))))))))))))))))))))))))))))))

.

.

2012-06-04 22:34 . 2012-06-04 22:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-06-04 22:34 . 2012-06-04 22:34 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-04 21:45 . 2012-06-04 21:45 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{34737A5B-8810-4260-8CF6-C6DC6A78FD87}\offreg.dll

2012-06-04 15:18 . 2012-05-08 15:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{34737A5B-8810-4260-8CF6-C6DC6A78FD87}\mpengine.dll

2012-06-03 02:04 . 2012-06-03 02:04 -------- d-----w- c:\program files (x86)\ESET

2012-06-02 17:42 . 2012-05-08 15:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-01 21:00 . 2012-06-01 21:00 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9CE6634F-FB9D-4948-A914-47F0E930201A}\gapaengine.dll

2012-06-01 21:00 . 2012-06-01 21:00 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-06-01 21:00 . 2012-06-01 21:00 -------- d-----w- c:\program files\Microsoft Security Client

2012-06-01 04:52 . 2012-06-01 04:52 -------- d-----w- C:\TDSSKiller_Quarantine

2012-05-31 16:25 . 2012-05-31 16:25 -------- d-----w- c:\users\Ryan\AppData\Roaming\Malwarebytes

2012-05-31 16:25 . 2012-05-31 16:25 -------- d-----w- c:\programdata\Malwarebytes

2012-05-31 16:25 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-31 00:07 . 2012-05-31 00:07 -------- d-----w- c:\windows\system32\wbem\Logs

2012-05-30 22:49 . 2012-05-30 22:49 -------- d-----w- c:\users\Ryan\AppData\Roaming\ParetoLogic

2012-05-30 22:49 . 2012-05-30 22:49 -------- d-----w- c:\users\Ryan\AppData\Roaming\DriverCure

2012-05-30 22:48 . 2012-06-04 22:23 -------- d-----w- c:\programdata\ParetoLogic

2012-05-15 22:08 . 2012-05-31 05:01 -------- d-----w- c:\users\Ryan\AppData\Roaming\Ventrilo

2012-05-15 07:21 . 2012-05-15 07:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-05-14 17:48 . 2012-06-03 04:37 -------- d-----w- c:\program files (x86)\Diablo III

2012-05-11 20:33 . 2012-05-12 10:02 -------- d-----w- c:\users\Ryan\Diablo-III-8370-enUS-Installer

2012-05-08 21:57 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-05-08 21:57 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-08 21:57 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-08 21:57 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys

2012-05-08 21:57 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-08 21:57 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-08 21:57 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-08 21:56 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-08 21:56 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-08 21:56 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-05-08 21:56 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-08 21:56 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-05-08 21:56 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-15 10:48 . 2012-03-15 19:06 68928 ----a-w- c:\windows\system32\OpenCL.dll

2012-05-15 10:48 . 2012-03-15 19:06 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-05-15 10:48 . 2011-10-26 19:34 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-05-15 10:48 . 2011-09-23 06:03 1738048 ----a-w- c:\windows\system32\nvdispco64.dll

2012-05-15 10:48 . 2011-09-23 06:03 1468224 ----a-w- c:\windows\system32\nvgenco64.dll

2012-05-15 10:48 . 2010-10-29 07:54 2741568 ----a-w- c:\windows\system32\nvapi64.dll

2012-05-15 10:48 . 2010-10-29 07:54 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-05-15 09:29 . 2010-10-29 11:38 889664 ----a-w- c:\windows\system32\nvvsvc.exe

2012-05-15 09:29 . 2010-10-29 11:38 63296 ----a-w- c:\windows\system32\nvshext.dll

2012-05-15 09:29 . 2010-10-29 11:38 2561856 ----a-w- c:\windows\system32\nvsvcr.dll

2012-05-15 09:29 . 2010-10-29 11:38 118080 ----a-w- c:\windows\system32\nvmctray.dll

2012-05-15 09:29 . 2010-10-29 11:38 3149632 ----a-w- c:\windows\system32\nvsvc64.dll

2012-05-15 09:28 . 2010-10-29 11:38 6151488 ----a-w- c:\windows\system32\nvcpl.dll

2012-05-05 02:53 . 2012-04-09 04:36 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-05 02:53 . 2011-06-08 21:33 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-05 02:53 . 2012-04-10 23:53 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-05-02 02:34 . 2011-04-17 03:35 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-04-29 23:11 . 2012-04-29 23:11 4608 ----a-w- c:\windows\SysWow64\adesk_patcher64.exe

2012-04-18 17:08 . 2011-11-30 04:57 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll

2012-04-16 00:22 . 2012-04-16 00:22 750488 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-04-16 00:22 . 2011-07-04 22:22 660368 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-04 18:02 . 2012-04-04 18:02 1285216 ----a-w- c:\windows\system32\drivers\tdrpman.sys

2012-04-04 18:02 . 2012-04-04 18:02 986208 ----a-w- c:\windows\system32\drivers\timntr.sys

2012-04-04 18:01 . 2012-04-04 18:01 211040 ----a-w- c:\windows\system32\drivers\vididr.sys

2012-04-04 18:01 . 2012-04-04 18:01 142944 ----a-w- c:\windows\system32\drivers\vsflt61.sys

2012-04-04 18:01 . 2012-04-04 18:01 310368 ----a-w- c:\windows\system32\drivers\snapman.sys

2012-04-04 18:01 . 2012-04-04 18:01 133728 ----a-w- c:\windows\system32\drivers\fltsrv.sys

2012-04-03 19:19 . 2012-04-08 20:16 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2012-04-03 19:19 . 2012-04-08 20:16 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2012-04-03 19:19 . 2012-04-03 19:19 166192 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys

2012-04-03 19:19 . 2012-04-03 19:19 147248 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2012-04-03 19:19 . 2012-04-03 19:19 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll

2012-03-26 05:36 . 2012-03-26 05:36 1817088 ----a-w- c:\windows\SysWow64\Mcx2Svc.dll

2012-03-23 03:19 . 2012-03-23 03:18 726016 ----a-w- c:\windows\SysWow64\7z.dll

2012-03-21 01:44 . 2012-03-21 01:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-03-21 01:44 . 2012-03-21 01:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-06-04_21.51.54 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 05:10 . 2012-06-04 22:26 38458 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-05-11 12:32 . 2012-06-04 22:26 23784 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2388485762-2462165164-2089254216-1001_UserData.bin

+ 2009-07-14 04:46 . 2012-06-04 22:27 91680 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2012-06-04 22:24 . 2012-06-04 22:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-06-04 15:08 . 2012-06-04 15:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-06-04 22:24 . 2012-06-04 22:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-06-04 15:08 . 2012-06-04 15:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 05:01 . 2012-06-04 22:24 476496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-06-03 04:38 476496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 04:45 . 2012-06-04 22:26 7112972 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

- 2009-07-14 04:45 . 2012-06-01 20:48 7112972 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

- 2011-04-17 03:33 . 2012-06-03 04:38 2826280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-04-17 03:33 . 2012-06-04 22:24 2826280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2011-05-11 02:47 . 2012-06-03 04:38 10827032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2388485762-2462165164-2089254216-1001-8192.dat

+ 2011-05-11 02:47 . 2012-06-04 22:24 10827032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2388485762-2462165164-2089254216-1001-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]

"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2010-08-13 21504]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2010-09-08 905216]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2010-11-19 37888]

"CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-10-15 84464]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]

"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-04-17 3058304]

"Malwarebytes' Anti-Malware"="e:\malwarebytes' anti-malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

mbam.exe - Shortcut.lnk - e:\malwarebytes' anti-malware\mbam.exe [2012-5-31 981672]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 135664]

R2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;c:\program files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011-09-14 86016]

R2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2010-08-21 77312]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

R3 ALSysIO;ALSysIO;c:\users\Ryan\AppData\Local\Temp\ALSysIO64.sys [x]

R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-04-17 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-04-17 79360]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]

R3 DxkgFilter;Filtering Dxkg;c:\program files (x86)\iDisplay\idisplay.sys [x]

R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-04-29 1432400]

R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-02 130976]

R3 iDispService;iDispService;c:\windows\system32\DRIVERS\idisplayminiport.sys [x]

R3 libusb0;libusb-win32 - Kernel Driver 02/04/2012 0.0.0.0;c:\windows\system32\DRIVERS\libusb0.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [x]

R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\DRIVERS\vsflt61.sys [x]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]

S2 MBAMService;MBAMService;e:\malwarebytes' anti-malware\mbamservice.exe [2012-04-04 654408]

S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]

S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-03-16 531328]

S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]

S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]

S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [x]

S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [x]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]

S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Mcx2Svc

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 02:53]

.

2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 02:39]

.

2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 02:39]

.

2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2388485762-2462165164-2089254216-1001Core.job

- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-10 23:57]

.

2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2388485762-2462165164-2089254216-1001UA.job

- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-10 23:57]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [bU]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-22 11075176]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 112512]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]

"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2011-11-10 310272]

"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2011-11-10 158208]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://asus.msn.com

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-06-04 17:36:29

ComboFix-quarantined-files.txt 2012-06-04 22:36

ComboFix2.txt 2012-06-04 21:53

ComboFix3.txt 2012-06-03 01:56

.

Pre-Run: 541,640,314,880 bytes free

Post-Run: 541,573,066,752 bytes free

.

- - End Of File - - 66CA397048159EFAD779877B9B42FBBB

Link to post
Share on other sites

Also do this:

Click on the Windows "Start" button, then navigate to the "Accessories" tab followed by the "System Tools" option. Under System Tools, you will find an application named "Scheduled Tasks." Click on this option to bring up the "Tasks" menu.

In the "Scheduled Tasks" windows you'll see the "Paretologic Registration" task. Left-click on the application, and then in the window on the left side click the "Delete" link to remove the scheduled task.

Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::


Folder::
c:\users\Ryan\AppData\Roaming\ParetoLogic
c:\users\Ryan\AppData\Roaming\DriverCure
c:\programdata\ParetoLogic

ClearJavaCache::

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Alright combofix is done with that script. Is it normal for the computer to restart after the scan then continue to prepare the log after it started beck up?

it looks gone!

ComboFix 12-06-04.02 - Ryan 06/04/2012 17:57:18.5.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.5874 [GMT -5:00]

Running from: c:\users\Ryan\Desktop\ComboFix.exe

Command switches used :: c:\users\Ryan\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 )))))))))))))))))))))))))))))))

.

.

2012-06-04 23:01 . 2012-06-04 23:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-06-04 23:01 . 2012-06-04 23:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-04 15:18 . 2012-05-08 15:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{34737A5B-8810-4260-8CF6-C6DC6A78FD87}\mpengine.dll

2012-06-03 02:04 . 2012-06-03 02:04 -------- d-----w- c:\program files (x86)\ESET

2012-06-02 17:42 . 2012-05-08 15:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-01 21:00 . 2012-06-01 21:00 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9CE6634F-FB9D-4948-A914-47F0E930201A}\gapaengine.dll

2012-06-01 21:00 . 2012-06-01 21:00 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-06-01 21:00 . 2012-06-01 21:00 -------- d-----w- c:\program files\Microsoft Security Client

2012-06-01 04:52 . 2012-06-01 04:52 -------- d-----w- C:\TDSSKiller_Quarantine

2012-05-31 16:25 . 2012-05-31 16:25 -------- d-----w- c:\users\Ryan\AppData\Roaming\Malwarebytes

2012-05-31 16:25 . 2012-05-31 16:25 -------- d-----w- c:\programdata\Malwarebytes

2012-05-31 16:25 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-31 00:07 . 2012-05-31 00:07 -------- d-----w- c:\windows\system32\wbem\Logs

2012-05-15 22:08 . 2012-05-31 05:01 -------- d-----w- c:\users\Ryan\AppData\Roaming\Ventrilo

2012-05-15 07:21 . 2012-05-15 07:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-05-14 17:48 . 2012-06-03 04:37 -------- d-----w- c:\program files (x86)\Diablo III

2012-05-11 20:33 . 2012-05-12 10:02 -------- d-----w- c:\users\Ryan\Diablo-III-8370-enUS-Installer

2012-05-08 21:57 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-05-08 21:57 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-08 21:57 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-08 21:57 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys

2012-05-08 21:57 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-08 21:57 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-08 21:57 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-08 21:56 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-08 21:56 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-08 21:56 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-05-08 21:56 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-08 21:56 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-05-08 21:56 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-04 23:02 . 2011-04-17 03:35 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-05-15 10:48 . 2012-03-15 19:06 68928 ----a-w- c:\windows\system32\OpenCL.dll

2012-05-15 10:48 . 2012-03-15 19:06 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-05-15 10:48 . 2011-10-26 19:34 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-05-15 10:48 . 2011-09-23 06:03 1738048 ----a-w- c:\windows\system32\nvdispco64.dll

2012-05-15 10:48 . 2011-09-23 06:03 1468224 ----a-w- c:\windows\system32\nvgenco64.dll

2012-05-15 10:48 . 2010-10-29 07:54 2741568 ----a-w- c:\windows\system32\nvapi64.dll

2012-05-15 10:48 . 2010-10-29 07:54 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-05-15 09:29 . 2010-10-29 11:38 889664 ----a-w- c:\windows\system32\nvvsvc.exe

2012-05-15 09:29 . 2010-10-29 11:38 63296 ----a-w- c:\windows\system32\nvshext.dll

2012-05-15 09:29 . 2010-10-29 11:38 2561856 ----a-w- c:\windows\system32\nvsvcr.dll

2012-05-15 09:29 . 2010-10-29 11:38 118080 ----a-w- c:\windows\system32\nvmctray.dll

2012-05-15 09:29 . 2010-10-29 11:38 3149632 ----a-w- c:\windows\system32\nvsvc64.dll

2012-05-15 09:28 . 2010-10-29 11:38 6151488 ----a-w- c:\windows\system32\nvcpl.dll

2012-05-05 02:53 . 2012-04-09 04:36 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-05 02:53 . 2011-06-08 21:33 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-05 02:53 . 2012-04-10 23:53 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-29 23:11 . 2012-04-29 23:11 4608 ----a-w- c:\windows\SysWow64\adesk_patcher64.exe

2012-04-18 17:08 . 2011-11-30 04:57 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll

2012-04-16 00:22 . 2012-04-16 00:22 750488 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-04-16 00:22 . 2011-07-04 22:22 660368 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-04 18:02 . 2012-04-04 18:02 1285216 ----a-w- c:\windows\system32\drivers\tdrpman.sys

2012-04-04 18:02 . 2012-04-04 18:02 986208 ----a-w- c:\windows\system32\drivers\timntr.sys

2012-04-04 18:01 . 2012-04-04 18:01 211040 ----a-w- c:\windows\system32\drivers\vididr.sys

2012-04-04 18:01 . 2012-04-04 18:01 142944 ----a-w- c:\windows\system32\drivers\vsflt61.sys

2012-04-04 18:01 . 2012-04-04 18:01 310368 ----a-w- c:\windows\system32\drivers\snapman.sys

2012-04-04 18:01 . 2012-04-04 18:01 133728 ----a-w- c:\windows\system32\drivers\fltsrv.sys

2012-04-03 19:19 . 2012-04-08 20:16 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2012-04-03 19:19 . 2012-04-08 20:16 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2012-04-03 19:19 . 2012-04-03 19:19 166192 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys

2012-04-03 19:19 . 2012-04-03 19:19 147248 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2012-04-03 19:19 . 2012-04-03 19:19 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll

2012-03-26 05:36 . 2012-03-26 05:36 1817088 ----a-w- c:\windows\SysWow64\Mcx2Svc.dll

2012-03-23 03:19 . 2012-03-23 03:18 726016 ----a-w- c:\windows\SysWow64\7z.dll

2012-03-21 01:44 . 2012-03-21 01:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-03-21 01:44 . 2012-03-21 01:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-06-04_21.51.54 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-04-17 03:17 . 2012-06-04 22:45 94396 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-06-04 22:45 38466 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-05-11 12:32 . 2012-06-04 22:45 24004 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2388485762-2462165164-2089254216-1001_UserData.bin

+ 2009-07-14 04:46 . 2012-06-04 22:50 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2012-06-04 15:08 . 2012-06-04 15:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-06-04 23:01 . 2012-06-04 23:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 05:01 . 2012-06-03 04:38 476496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-06-04 23:01 476496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 04:45 . 2012-06-01 20:48 7112972 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2009-07-14 04:45 . 2012-06-04 22:26 7112972 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

- 2011-04-17 03:33 . 2012-06-03 04:38 2826280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-04-17 03:33 . 2012-06-04 23:01 2826280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-05-11 02:47 . 2012-06-04 23:01 10827032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2388485762-2462165164-2089254216-1001-8192.dat

- 2011-05-11 02:47 . 2012-06-03 04:38 10827032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2388485762-2462165164-2089254216-1001-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]

"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2010-08-13 21504]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2010-09-08 905216]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2010-11-19 37888]

"CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-10-15 84464]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]

"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-04-17 3058304]

"Malwarebytes' Anti-Malware"="e:\malwarebytes' anti-malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

mbam.exe - Shortcut.lnk - e:\malwarebytes' anti-malware\mbam.exe [2012-5-31 981672]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 135664]

R2 MBAMService;MBAMService;e:\malwarebytes' anti-malware\mbamservice.exe [2012-04-04 654408]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

R3 ALSysIO;ALSysIO;c:\users\Ryan\AppData\Local\Temp\ALSysIO64.sys [x]

R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-04-17 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-04-17 79360]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]

R3 DxkgFilter;Filtering Dxkg;c:\program files (x86)\iDisplay\idisplay.sys [x]

R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-04-29 1432400]

R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-02 130976]

R3 iDispService;iDispService;c:\windows\system32\DRIVERS\idisplayminiport.sys [x]

R3 libusb0;libusb-win32 - Kernel Driver 02/04/2012 0.0.0.0;c:\windows\system32\DRIVERS\libusb0.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [x]

R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\DRIVERS\vsflt61.sys [x]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]

S2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;c:\program files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011-09-14 86016]

S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-03-16 531328]

S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]

S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2010-08-21 77312]

S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]

S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [x]

S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [x]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]

S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Mcx2Svc

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 02:53]

.

2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 02:39]

.

2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 02:39]

.

2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2388485762-2462165164-2089254216-1001Core.job

- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-10 23:57]

.

2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2388485762-2462165164-2089254216-1001UA.job

- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-10 23:57]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [bU]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-22 11075176]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 112512]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]

"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2011-11-10 310272]

"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2011-11-10 158208]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://asus.msn.com

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe

c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-06-04 18:04:37 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-04 23:04

ComboFix2.txt 2012-06-04 22:36

ComboFix3.txt 2012-06-04 21:53

ComboFix4.txt 2012-06-03 01:56

.

Pre-Run: 541,636,132,864 bytes free

Post-Run: 541,496,356,864 bytes free

.

- - End Of File - - C17EE47F74E7FDF42714A74512B5D474

Link to post
Share on other sites

Alright combofix is done with that script. Is it normal for the computer to restart after the scan then continue to prepare the log after it started beck up?
Yes.

Lets see how it goes after we uninstall CF.

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Link to post
Share on other sites

We can try a online scan and see if anything is found

http://www.eset.eu/online-scanner

Go here to run an online scannner from ESET.

Click the green ESET Online Scanner button.

Read the End User License Agreement and check the box: YES, I accept the Terms of Use.

Click on the Start button next to it.

You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.

A new window will appear asking "Do you want to install this software?"".

Answer Yes to download and install the ActiveX controls that allows the scan to run.

Click Start.

Make sure that the option "Remove found threats" is Unchecked

Click Scan to begin.

If offered the option to get information or buy software. Just close the window.

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.