White Smoke Toolbar Issue

NEONess · August 16, 2012

My friend has a problem on his laptop and I'm trying to help him out. His Laptop has a toolbar that appears that says "White Smoke" and he didn't install it.

I read and tried to follow this threads instructions:

http://forums.malwar...showtopic=76087

I tried that CRScript.txt with ComboFix, it seemed like it worked, but it did not. And the person on that thread said it worked for them, so the troubleshooting ends there for me.

Maybe the CRScript.txt is different for my friends laptop.

Any troubleshooting assistance would be greatly appreciated.

I ran the ComboFix again, this is the .txt document:

ComboFix 12-08-15.02 - Ch 08/15/2012 23:14:22.4.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.2236 [GMT -5:00]

Running from: c:\users\Ch\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))

.

2012-08-16 05:49 . 2012-08-16 05:49 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2012-08-16 05:49 . 2012-08-16 05:49 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-16 03:32 . 2012-07-16 07:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{781117F1-4718-48FE-991A-05770A7BF6AC}\mpengine.dll

2012-08-15 02:47 . 2012-08-15 02:47 -------- d-----w- c:\program files (x86)\VS Revo Group

2012-08-14 23:07 . 2012-08-14 23:07 -------- d-----w- c:\users\Ch\AppData\Roaming\Malwarebytes

2012-08-14 23:05 . 2012-08-14 23:05 -------- d-----w- c:\programdata\Malwarebytes

2012-08-14 23:05 . 2012-08-14 23:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-14 23:05 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-11 19:20 . 2012-08-14 22:43 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-07-27 01:21 . 2012-07-27 01:21 -------- d-----w- c:\program files (x86)\BYOND

2012-07-20 18:57 . 2012-08-14 22:43 -------- d-----w- c:\program files (x86)\SCHTHACK PSOBB

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-16 03:16 . 2010-04-29 12:04 62134624 ----a-w- c:\windows\system32\MRT.exe

2012-07-03 16:21 . 2012-05-30 01:26 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-07-03 16:21 . 2011-06-05 19:04 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-07-03 16:21 . 2011-06-05 19:04 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-07-03 16:21 . 2011-06-05 19:04 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-07-03 16:21 . 2011-06-05 19:04 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-07-03 16:21 . 2011-06-05 19:04 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-07-03 16:21 . 2011-06-05 19:03 41224 ----a-w- c:\windows\avastSS.scr

2012-07-03 16:21 . 2011-06-05 19:03 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-07-03 16:21 . 2011-06-05 19:04 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-06-12 03:02 . 2012-07-12 20:26 3147264 ----a-w- c:\windows\system32\win32k.sys

2012-06-09 05:30 . 2012-07-11 03:14 14165504 ----a-w- c:\windows\system32\shell32.dll

2012-06-06 13:49 . 2012-06-06 13:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-06-06 05:50 . 2012-07-11 03:14 2003968 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 05:50 . 2012-07-11 03:14 1880064 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 05:09 . 2012-07-11 03:14 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:09 . 2012-07-11 03:14 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-02 22:19 . 2012-06-21 16:20 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 16:20 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-21 16:20 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 16:20 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 16:20 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-21 16:20 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-21 16:20 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 20:19 . 2012-06-21 16:20 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 20:15 . 2012-06-21 16:20 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 12:49 . 2012-07-12 20:16 17807360 ----a-w- c:\windows\system32\mshtml.dll

2012-06-02 12:17 . 2012-07-12 20:16 10924032 ----a-w- c:\windows\system32\ieframe.dll

2012-06-02 12:12 . 2012-07-12 20:16 2311680 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 12:05 . 2012-07-12 20:16 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-06-02 12:05 . 2012-07-12 20:16 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 12:04 . 2012-07-12 20:16 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 12:04 . 2012-07-12 20:16 237056 ----a-w- c:\windows\system32\url.dll

2012-06-02 12:03 . 2012-07-12 20:16 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-06-02 12:01 . 2012-07-12 20:16 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 12:00 . 2012-07-12 20:16 818688 ----a-w- c:\windows\system32\jscript.dll

2012-06-02 11:59 . 2012-07-12 20:16 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-06-02 11:57 . 2012-07-12 20:16 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-06-02 11:57 . 2012-07-12 20:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-02 11:54 . 2012-07-12 20:16 248320 ----a-w- c:\windows\system32\ieui.dll

2012-06-02 08:33 . 2012-07-12 20:16 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-06-02 08:25 . 2012-07-12 20:16 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-06-02 08:25 . 2012-07-12 20:16 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-06-02 08:20 . 2012-07-12 20:16 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-06-02 08:16 . 2012-07-12 20:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-06-02 05:38 . 2012-07-11 03:14 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:38 . 2012-07-11 03:14 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:37 . 2012-07-11 03:14 459216 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:27 . 2012-07-11 03:14 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:27 . 2012-07-11 03:14 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 04:48 . 2012-07-11 03:14 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:48 . 2012-07-11 03:14 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:47 . 2012-07-11 03:14 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:42 . 2012-07-11 03:14 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2012-05-31 17:25 . 2009-11-29 21:43 279656 ------w- c:\windows\system32\MpSigStub.exe

2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll

2008-08-12 04:45 . 2008-08-12 04:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll

.

((((((((((((((((((((((((((((( SnapShot@2012-08-15_01.35.20 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-08-16 05:51 . 2012-08-16 06:00 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat

- 2009-12-02 15:19 . 2012-08-15 01:34 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat

+ 2012-08-16 05:51 . 2012-08-16 06:00 16384 c:\windows\temp\History\History.IE5\index.dat

- 2009-12-02 15:19 . 2012-08-15 01:34 16384 c:\windows\Temp\History\History.IE5\index.dat

- 2009-12-02 15:19 . 2012-08-15 01:34 16384 c:\windows\Temp\Cookies\index.dat

+ 2012-08-16 05:51 . 2012-08-16 06:00 16384 c:\windows\temp\Cookies\index.dat

+ 2009-10-06 12:53 . 2012-08-16 06:02 50046 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-08-16 06:02 52194 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-12-02 15:19 . 2012-08-15 03:57 16938 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1856737384-1315598464-3392474006-1001_UserData.bin

+ 2009-07-14 05:30 . 2012-08-16 05:49 86016 c:\windows\system32\DriverStore\infpub.dat

- 2009-07-14 05:30 . 2011-08-04 13:31 86016 c:\windows\system32\DriverStore\infpub.dat

- 2009-10-06 12:26 . 2012-07-12 20:25 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe

+ 2009-10-06 12:26 . 2012-08-16 03:25 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe

- 2009-10-06 12:26 . 2012-07-12 20:25 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe

+ 2009-10-06 12:26 . 2012-08-16 03:25 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe

- 2009-10-06 12:26 . 2012-07-12 20:25 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe

+ 2009-10-06 12:26 . 2012-08-16 03:25 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe

- 2010-06-16 04:22 . 2012-07-12 20:26 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe

+ 2010-06-16 04:22 . 2012-08-16 03:25 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe

+ 2010-06-16 04:22 . 2012-08-16 03:25 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe

- 2010-06-16 04:22 . 2012-07-12 20:26 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe

- 2010-06-16 04:22 . 2012-07-12 20:26 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe

+ 2010-06-16 04:22 . 2012-08-16 03:25 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe

- 2012-06-16 02:36 . 2012-07-12 20:23 34144 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe

+ 2012-06-16 02:36 . 2012-08-16 03:24 34144 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe

+ 2012-06-16 02:36 . 2012-08-16 03:24 43608 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe

- 2012-06-16 02:36 . 2012-07-12 20:23 19296 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe

+ 2012-06-16 02:36 . 2012-08-16 03:24 19296 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe

+ 2012-08-16 03:20 . 2012-08-16 05:59 4766 c:\windows\SoftwareDistribution\PostRebootEventCache\{6767254B-68D1-49C8-AC9C-96F1FCB0A3D1}.bin

+ 2012-08-16 06:00 . 2012-08-16 06:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-08-15 01:33 . 2012-08-15 01:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-08-15 01:33 . 2012-08-15 01:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-08-16 06:00 . 2012-08-16 06:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-11-30 01:17 . 2012-08-16 05:17 329748 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

+ 2009-07-14 05:30 . 2012-08-16 05:49 143360 c:\windows\system32\DriverStore\infstrng.dat

- 2009-07-14 05:30 . 2011-08-04 13:31 143360 c:\windows\system32\DriverStore\infstrng.dat

- 2009-07-14 05:30 . 2011-08-04 13:31 143360 c:\windows\system32\DriverStore\infstor.dat

+ 2009-07-14 05:30 . 2012-08-16 05:49 143360 c:\windows\system32\DriverStore\infstor.dat

- 2009-07-14 05:01 . 2012-08-15 01:32 401368 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-08-16 05:59 401368 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-07-18 20:46 . 2012-07-18 20:46 593408 c:\windows\Installer\505f0c2.msp

+ 2012-07-04 12:59 . 2012-07-04 12:59 261120 c:\windows\Installer\505f017.msp

- 2009-10-06 12:26 . 2012-07-12 20:25 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe

+ 2009-10-06 12:26 . 2012-08-16 03:25 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe

- 2009-10-06 12:26 . 2012-07-12 20:25 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe

+ 2009-10-06 12:26 . 2012-08-16 03:25 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe

- 2009-10-06 12:26 . 2012-07-12 20:25 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe

+ 2009-10-06 12:26 . 2012-08-16 03:25 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe

- 2009-10-06 12:26 . 2012-07-12 20:25 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe

+ 2009-10-06 12:26 . 2012-08-16 03:25 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe

- 2010-06-16 04:22 . 2012-07-12 20:26 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe

+ 2010-06-16 04:22 . 2012-08-16 03:25 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe

- 2010-06-16 04:22 . 2012-07-12 20:26 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe

+ 2010-06-16 04:22 . 2012-08-16 03:25 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe

+ 2010-06-16 04:22 . 2012-08-16 03:25 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe

- 2010-06-16 04:22 . 2012-07-12 20:26 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe

+ 2010-06-16 04:22 . 2012-08-16 03:25 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe

- 2010-06-16 04:22 . 2012-07-12 20:26 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe

- 2010-06-16 04:22 . 2012-07-12 20:26 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe

+ 2010-06-16 04:22 . 2012-08-16 03:25 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe

- 2012-06-16 02:36 . 2012-07-12 20:23 415584 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe

+ 2012-06-16 02:36 . 2012-08-16 03:24 415584 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe

- 2012-06-16 02:36 . 2012-07-12 20:23 303456 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe

+ 2012-06-16 02:36 . 2012-08-16 03:24 303456 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe

+ 2012-06-16 02:36 . 2012-08-16 03:24 571232 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe

- 2012-06-16 02:36 . 2012-07-12 20:23 571232 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe

+ 2012-06-16 02:36 . 2012-08-16 03:24 326496 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe

- 2012-06-16 02:36 . 2012-07-12 20:23 326496 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe

+ 2011-01-07 16:38 . 2011-01-07 16:38 121208 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.6029\MSCONV97.DLL

+ 2011-01-18 07:05 . 2012-08-16 05:49 4926176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1856737384-1315598464-3392474006-1001-8192.dat

- 2011-01-18 07:05 . 2012-08-15 01:32 4926176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1856737384-1315598464-3392474006-1001-8192.dat

+ 2012-06-26 23:03 . 2012-06-26 23:03 3875840 c:\windows\Installer\505f129.msp

+ 2012-07-19 07:45 . 2012-07-19 07:45 3464704 c:\windows\Installer\505f117.msp

+ 2012-07-04 13:04 . 2012-07-04 13:04 1292288 c:\windows\Installer\505f0de.msp

+ 2012-07-04 13:12 . 2012-07-04 13:12 4772352 c:\windows\Installer\505f0b1.msp

+ 2012-07-04 13:09 . 2012-07-04 13:09 1284096 c:\windows\Installer\505f09a.msp

+ 2012-07-04 13:01 . 2012-07-04 13:01 9082368 c:\windows\Installer\505f084.msp

+ 2012-07-04 12:58 . 2012-07-04 12:58 6163456 c:\windows\Installer\505f066.msp

+ 2012-07-18 20:53 . 2012-07-18 20:53 5009920 c:\windows\Installer\505f02b.msp

+ 2009-10-06 12:26 . 2012-08-16 03:25 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe

- 2009-10-06 12:26 . 2012-07-12 20:25 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe

+ 2010-06-16 04:22 . 2012-08-16 03:25 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe

- 2010-06-16 04:22 . 2012-07-12 20:26 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe

+ 2010-06-16 04:22 . 2012-08-16 03:25 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe

- 2010-06-16 04:22 . 2012-07-12 20:26 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe

- 2012-06-16 02:36 . 2012-07-12 20:23 1479520 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe

+ 2012-06-16 02:36 . 2012-08-16 03:24 1479520 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe

+ 2012-06-16 02:36 . 2012-08-16 03:24 1858400 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe

- 2012-06-16 02:36 . 2012-07-12 20:23 1858400 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe

- 2010-07-11 03:00 . 2012-07-12 20:23 4525408 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\promoicon.exe

+ 2010-07-11 03:00 . 2012-08-16 03:24 4525408 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\promoicon.exe

- 2012-06-16 02:36 . 2012-07-12 20:23 3792736 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe

+ 2012-06-16 02:36 . 2012-08-16 03:24 3792736 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe

- 2012-06-16 02:36 . 2012-07-12 20:23 1449312 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe

+ 2012-06-16 02:36 . 2012-08-16 03:24 1449312 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe

+ 2009-07-14 02:34 . 2012-08-16 05:51 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat

- 2009-07-14 02:34 . 2012-08-15 01:03 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat

+ 2012-07-25 21:59 . 2012-07-25 21:59 11032064 c:\windows\Installer\505f0ef.msp

+ 2012-07-18 20:53 . 2012-07-18 20:53 10937344 c:\windows\Installer\505f03d.msp

+ 2011-08-04 00:53 . 2011-08-04 00:53 17324928 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\MSO.DLL

+ 2012-08-16 04:12 . 2012-08-16 04:12 10518528 c:\windows\erdnt\Hiv-backup\schema.dat

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-01-21 213816]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]

[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]

[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]

[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-02-28 00:10 35696 ----a-w- c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]

2009-06-24 19:30 272952 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]

2009-10-06 12:59 72248 ----a-w- c:\windows\AsScrProlog.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]

2009-10-06 12:59 3054136 ----a-w- c:\windows\AsScrPro.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]

2008-07-19 02:52 104936 ----a-w- c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-25 136176]

R2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam64.sys [2011-06-23 1071032]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 253088]

R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 22528]

R3 dump_wmimmc;dump_wmimmc;c:\gpotato\LunaPlus\GameGuard\dump_wmimmc.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 Gun;Gun;c:\game\SoftnyxGame\GunBoundIS\Gun64.sys [2012-05-05 45176]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-25 136176]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 uqk;uqk;c:\koramgame\STOnline\avital\wyqku64.sys [2012-05-16 50608]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-25 1255736]

S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-15 359552]

S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]

S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2009-06-11 127352]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 FastBootAgent;FastBootAgent;c:\windows\SysWOW64\Fast Boot\FastBootAgent.exe [2009-07-24 306232]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-05-01 185856]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-07-09 140800]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-09 1222144]

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 13:27]

.

2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-25 02:44]

.

2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-25 02:44]

.

2012-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1856737384-1315598464-3392474006-1001Core.job

- c:\users\Ch\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-14 22:55]

.

2012-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1856737384-1315598464-3392474006-1001UA.job

- c:\users\Ch\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-14 22:55]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.babylon.com/?babsrc=HP_Prot

mStart Page = hxxp://www.bigseekpro.com/hypercam/{9BCEB9BD-6E59-474E-ADEB-DEDA2A003D5F}

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

Trusted Zone: cinemanow.com

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Ch\AppData\Roaming\Mozilla\Firefox\Profiles\cky6wfuw.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - WhiteSmoke US Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111442

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 9603dbd300000000000090e6ba6892a9

FF - user.js: extensions.BabylonToolbar_i.hardId - 9603dbd300000000000090e6ba6892a9

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15458

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:25

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6R8t0LsJEJ

FF - user.js: extensions.incredibar_i.upn2n - 92824365698598881

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10643

FF - user.js: extensions.incredibar_i.ppd - 1

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8t0LsJEJ&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - 9603dbd300000000000090e6ba6892a9

FF - user.js: extensions.incredibar_i.instlDay - 15475

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1414:30

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{99E00A4C-D35E-11DD-BA95-9B6A56D89593} - (no file)

Toolbar-Locked - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\04\01\17\02\19\1c?"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe

c:\program files\ATKGFNEX\GFNEXSrv.exe

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe

c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe

c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe

c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe

c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe

c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe

c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe

c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe

c:\program files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe

c:\program files (x86)\ASUS\ASUS Live Update\ALU.exe

.

**************************************************************************

.

Completion time: 2012-08-16 01:07:27 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-16 06:07

ComboFix2.txt 2012-08-15 04:02

ComboFix3.txt 2012-08-15 02:37

ComboFix4.txt 2012-08-15 01:46

.

Pre-Run: 197,278,674,944 bytes free

Post-Run: 196,781,797,376 bytes free

.

- - End Of File - - E174B3F873DA4C7039B7A3834461C695

NEONess · August 17, 2012

I am currently trying to remove a White Smoke Toolbar from a laptop. I've tried to run some troubleshooting that others have done on this tech forum with no luck.

Any help would be appreciated.

Maniac · August 18, 2012

Hello NEONess! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

The right name is CFScript.txt and the script is not for you. You shouldn't run ComboFix without supervision from trained.

http://www.bleepingcomputer.com/forums/topic273628.html

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Maurice Naggar · August 23, 2012

@NEONess

Are you still with us? Have you resolved your issue ?

If we do not hear back from you soon, this thread will be closed.

Maurice Naggar · August 24, 2012

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Sign In

White Smoke Toolbar Issue

Recommended Posts

NEONess

Link to post

Share on other sites

NEONess

Link to post

Share on other sites

Maniac

Link to post

Share on other sites

Maurice Naggar

Link to post

Share on other sites

Maurice Naggar

Link to post

Share on other sites

Recently Browsing 0 members

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information