Jump to content

Malware that keeps redirecting me to random sites


Recommended Posts

Hi,

I'm running Windows 7 x64. I downloaded a file earlier today and when I ran it nothing happened. Now, everytime I click on a google search link, it redirects me to some other website instead of the intended website. I tried running malware bytes but nothing was found on the computer, I also ran superantispyware and it managed to find cookies which I promptly deleted but the problem still persisted. I tried opening Windows Security Essentials but it closes everytime i try to run it.

Attached are the two logs that were outlined in the instructions.

I appreciate if you could get back to me on this matter.

Thank you very much.

Attach.txt

DDS.txt

Link to post
Share on other sites

Hello elevation11 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please uninstall Ad-Aware Security Toolbar

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • aswMBR log
  • a new fresh DDS log

Link to post
Share on other sites

Please read my instructions:

Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Copy&Paste the entire report in your next reply.
On completion of the scan click save log, save it to your desktop and post in your next reply
In your next reply, post the following log files:
Link to post
Share on other sites

Malware Log:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.09.06.11

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Asus :: ASUS-PC [administrator]

7/9/2012 5:50:36 PM

mbam-log-2012-09-07 (17-50-36).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 216774

Time elapsed: 4 minute(s), 38 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-09-07 18:03:40

-----------------------------

18:03:40.362 OS Version: Windows x64 6.1.7600

18:03:40.362 Number of processors: 4 586 0x2A07

18:03:40.363 ComputerName: ASUS-PC UserName: Asus

18:03:41.610 Initialize success

18:03:49.881 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

18:03:49.884 Disk 0 Vendor: Hitachi_ JE3O Size: 476940MB BusType: 3

18:03:49.906 Disk 0 MBR read successfully

18:03:49.912 Disk 0 MBR scan

18:03:49.915 Disk 0 Windows 7 default MBR code

18:03:49.919 Disk 0 Partition 1 00 0C FAT32 LBA MSDOS5.0 25600 MB offset 2048

18:03:49.937 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 119235 MB offset 52430848

18:03:49.941 Disk 0 Partition - 00 0F Extended LBA 332103 MB offset 296624128

18:03:49.975 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 332101 MB offset 296626176

18:03:49.995 Disk 0 scanning C:\Windows\system32\drivers

18:03:56.584 Service scanning

18:04:20.732 Modules scanning

18:04:20.742 Disk 0 trace - called modules:

18:04:20.762 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll

18:04:21.096 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007dec060]

18:04:21.108 3 CLASSPNP.SYS[fffff880013ca43f] -> nt!IofCallDriver -> [0xfffffa800772e8c0]

18:04:21.120 5 ACPI.sys[fffff88000f4a781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007732050]

18:04:21.137 Scan finished successfully

18:04:55.245 Disk 0 MBR has been saved successfully to "C:\Users\Asus\Desktop\MBR.dat"

18:04:55.333 The log file has been saved successfully to "C:\Users\Asus\Desktop\aswMBR.txt"

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by Asus at 18:05:47 on 2012-09-07

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.60.1033.18.8169.5655 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\FBAgent.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Atheros\Bluetooth Suite\adminservice.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe

C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe

C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe

C:\Program Files\Intel\TurboBoost\TurboBoost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe

C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe

C:\Users\Asus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\AsScrPro.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Asus\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Windows\sysWOW64\wbem\wmiprvse.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\splwow64.exe

C:\Windows\notepad.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://asus.msn.com

uDefault_Page_URL = hxxp://asus.msn.com

mStart Page = hxxp://asus.msn.com

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

uRun: [Google Update] "C:\Users\Asus\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [spotify Web Helper] "C:\Users\Asus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [ZRNGFM] rundll32 "C:\Users\Asus\AppData\Roaming\mountvol6.dll",Lsezulv

mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

mRun: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun: [<NO NAME>]

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\Asus\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

TCP: DhcpNameServer = 97.64.168.12 97.64.183.165 192.168.1.1

TCP: Interfaces\{40B6CF44-90A6-47A9-A7CF-62B3255C6E36} : DhcpNameServer = 10.1.21.1

TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC} : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC} : DhcpNameServer = 97.64.168.12 97.64.183.165 192.168.1.1

TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC}\05162747970225F636B60214E6478656D6 : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC}\05162747970225F636B60214E6478656D6 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC}\34F6E6E6563647966697D2D656 : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC}\4556374796E676021302230233 : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC}\4556374796E676021302230233 : DhcpNameServer = 192.168.137.1

TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC}\7416E67637471602354797C656 : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC}\7416E676E616D602354797C656 : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC}\C4F4C4F4C4 : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC}\C65656368656E67666F6E6760457E6966696 : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC}\C65656368656E67666F6E6760457E6966696 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{EE79411C-A9C6-4EE7-BCCE-E2DB25A2D1E9} : NameServer = 10.19.56.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll

BHO-X64: IESpeakDoc - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

BHO-X64: Google Dictionary Compression sdch - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

mRun-x64: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

mRun-x64: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe

mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [(Default)]

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun-x64: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\system32\DRIVERS\hssdrv6.sys --> C:\Windows\system32\DRIVERS\hssdrv6.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]

R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe [2012-6-8 151552]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Atheros\Bluetooth Suite\AdminService.exe [2010-11-25 52896]

R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-8-2 476016]

R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2012-8-2 387440]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-8-17 1262400]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-12 135664]

S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]

S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]

S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]

S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-9-7 14216]

S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-9-7 8456]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-6-12 1038088]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-12 135664]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUVStor.sys --> C:\Windows\system32\Drivers\RtsUVStor.sys [?]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-09-07 05:53:49 3316736 ----a-w- C:\Windows\System32\BootMan.exe

2012-09-07 05:53:49 2468520 ----a-w- C:\Windows\SysWow64\BootMan.exe

2012-09-07 05:53:49 19840 ----a-w- C:\Windows\SysWow64\EuEpmGdi.dll

2012-09-07 05:53:49 16256 ----a-w- C:\Windows\System32\EuEpmGdi.dll

2012-09-07 05:53:49 100232 ----a-w- C:\Windows\System32\setupempdrvx64.exe

2012-09-07 05:53:48 9096 ----a-w- C:\Windows\System32\EuGdiDrv.sys

2012-09-07 05:53:48 86408 ----a-w- C:\Windows\SysWow64\setupempdrv03.exe

2012-09-07 05:53:48 8456 ----a-w- C:\Windows\SysWow64\EuGdiDrv.sys

2012-09-07 05:53:48 16776 ----a-w- C:\Windows\System32\epmntdrv.sys

2012-09-07 05:53:48 14216 ----a-w- C:\Windows\SysWow64\epmntdrv.sys

2012-09-07 05:53:41 -------- d-----w- C:\Program Files (x86)\EaseUS

2012-09-06 22:55:31 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3922CDC6-DA51-4242-9C38-D5271D5BB864}\mpengine.dll

2012-09-06 22:19:46 -------- d-----w- C:\Users\Asus\AppData\Roaming\Ad-Aware Antivirus

2012-09-06 19:38:52 114688 --sha-r- C:\Users\Asus\AppData\Roaming\mountvol6.dll

2012-09-05 22:21:44 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-08-21 03:40:33 -------- d-----w- C:\ProgramData\hssff

2012-08-20 21:29:56 -------- d-----w- C:\Users\Asus\AppData\Local\Spotify

2012-08-20 21:29:22 -------- d-----w- C:\Users\Asus\AppData\Roaming\Spotify

2012-08-18 05:57:25 -------- d-----w- C:\Nexon

2012-08-18 05:57:23 -------- d-----w- C:\ProgramData\NexonUS

2012-08-18 05:44:40 -------- d-----w- C:\Users\Asus\AppData\Local\PMB Files

2012-08-18 05:44:38 -------- d-----w- C:\ProgramData\PMB Files

2012-08-18 05:44:32 -------- d-----w- C:\Program Files (x86)\Pando Networks

2012-08-17 21:51:01 -------- d-----w- C:\NVIDIA

2012-08-17 06:25:53 -------- d-----w- C:\Program Files (x86)\Oracle

2012-08-17 06:25:03 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-08-17 06:25:01 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-08-17 06:20:09 -------- d-----w- C:\Users\Asus\AppData\Local\storage

2012-08-17 06:11:56 -------- d-----w- C:\Users\Asus\AppData\Local\Ubisoft Game Launcher

2012-08-17 06:07:59 3977496 ----a-w- C:\Windows\System32\d3dx9_31.dll

2012-08-17 05:55:25 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2012-08-17 05:55:19 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite

2012-08-10 04:06:43 565616 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor14.dll

2012-08-10 04:04:52 -------- d-----w- C:\ProgramData\Hotspot Shield

2012-08-10 04:04:22 -------- d-----w- C:\Program Files (x86)\Hotspot Shield

.

==================== Find3M ====================

.

2012-09-07 22:44:32 45056 ----a-w- C:\Windows\System32\acovcnt.exe

2012-08-01 18:13:42 41704 ----a-w- C:\Windows\System32\drivers\hssdrv6.sys

2012-08-01 18:13:40 38632 ----a-w- C:\Windows\System32\drivers\taphss.sys

2012-07-20 17:13:57 98304 ----a-w- C:\Windows\SysWow64\CmdLineExt.dll

2012-07-04 14:45:00 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll

2012-07-03 05:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-25 08:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll

2012-06-12 03:02:52 3147264 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 18:06:44.94 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 7/6/2012 10:01:41 AM

System Uptime: 7/9/2012 5:43:59 PM (1 hours ago)

.

Motherboard: ASUSTeK Computer Inc. | | K43SV

Processor: Intel® Core i5-2430M CPU @ 2.40GHz | CPU 1 | 1584/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 116 GiB total, 11.649 GiB free.

D: is FIXED (NTFS) - 324 GiB total, 324.174 GiB free.

E: is CDROM ()

H: is CDROM ()

R: is FIXED (FAT32) - 25 GiB total, 11.487 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP84: 5/9/2012 5:20:35 PM - Windows Update

.

==== Installed Programs ======================

.

???? ??? Windows Live

???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ???????

???? Windows Live

??????? Windows Live Mesh ActiveX ??(????)

??????? Windows Live Mesh ActiveX ???

????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???)

Acrobat.com

Ad-Aware Browsing Protection

Adobe Acrobat 9 Pro - English, Français, Deutsch

Adobe AIR

Adobe Anchor Service CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe Color - Photoshop Specific CS4

Adobe Color EU Recommended Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Extra Settings CS4

Adobe Color Video Profiles CS CS4

Adobe Creative Suite 4 Web Premium

Adobe CSI CS4

Adobe Default Language CS4

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Fonts All

Adobe Illustrator CS4

Adobe Linguistics CS4

Adobe Media Encoder CS4 Importer

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS4

Adobe Photoshop CS4 Support

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe Soundbooth CS4 Codecs

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

Asmedia ASM104x USB 3.0 Host Controller Driver

ASUS AI Recovery

ASUS FancyStart

ASUS LifeFrame3

ASUS Live Update

ASUS SmartLogon

ASUS Splendid Video Enhancement Technology

ASUS Virtual Camera

ASUS WebStorage

AsusVibe2.0

Atheros WLAN and Bluetooth Client Installation Program

ATK Package

BioShock 2

Bookworm Deluxe

Complément Messenger

Connect

Contrôle ActiveX Windows Live Mesh pour connexions à distance

Control ActiveX de Windows Live Mesh para conexiones remotas

Controle ActiveX do Windows Live Mesh para Conexões Remotas

Cooking Dash

CyberLink LabelPrint

CyberLink Power2Go

D3DX10

DAEMON Tools Lite

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dropbox

EaseUS Partition Master 9.1.1 Home Edition

Galactic Civilizations II: Ultimate Edition

Galerie de photos Windows Live

Galería fotográfica de Windows Live

Game Park Console

Google Chrome

Google Talk Plugin

Google Toolbar for Internet Explorer

Google Update Helper

Governor of Poker

Hotel Dash Suite Success

Hotspot Shield 2.67

Java Auto Updater

Java 7 Update 5

JavaFX 2.1.1

Jewel Quest 3

Junk Mail filter update

kuler

Luxor 3

Mafia II

Mahjongg dimensions

Malwarebytes Anti-Malware version 1.62.0.1300

MapleStory

Mesh Runtime

Messenger ????

Messenger ?????

Messenger Companion

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB973685)

Nexon Game Manager

Nuance PDF Reader

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

Pando Media Booster

PDF Settings CS4

Photoshop Camera Raw

Plants vs Zombies

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Realtek USB 2.0 Reader Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition

Sonic Focus

Spec Ops: The Line

Spotify

Steam

Suite Shared Configuration CS4

syncables desktop SE

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

VLC media player 2.0.1

Windows Live

Windows Live ???

Windows Live ????

Windows Live Communications Platform

Windows Live Essentials

Windows Live Fotograf Galerisi

Windows Live Galeria de Fotos

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Temel Parçalar

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinFlash

Wireless Console 3

World of Goo

.

==== Event Viewer Messages From Past Week ========

.

4/9/2012 6:45:38 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

3/9/2012 6:07:09 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

.

==== End Of File ===========================

My bad

Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Hello. I did as you asked and ran ComboFix here is the log:

ComboFix 12-09-08.02 - Asus 08/09/2012 10:53:55.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.60.1033.18.8169.6062 [GMT -5:00]

Running from: c:\users\Asus\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\prefs.js

c:\programdata\FullRemove.exe

c:\users\Asus\AppData\Local\uninst.tmp

c:\users\Asus\AppData\Roaming\mountvol6.dll

c:\windows\msvcr71.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-08-08 to 2012-09-08 )))))))))))))))))))))))))))))))

.

.

2012-09-08 16:07 . 2012-09-08 16:07 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-08 02:10 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C8A51F8-8A0B-4EFF-9832-F100336CFE40}\mpengine.dll

2012-09-07 05:53 . 2012-05-17 22:36 2468520 ----a-w- c:\windows\SysWow64\BootMan.exe

2012-09-07 05:53 . 2012-05-15 16:13 3316736 ----a-w- c:\windows\system32\BootMan.exe

2012-09-07 05:53 . 2011-07-29 18:54 100232 ----a-w- c:\windows\system32\setupempdrvx64.exe

2012-09-07 05:53 . 2011-07-29 18:54 19840 ----a-w- c:\windows\SysWow64\EuEpmGdi.dll

2012-09-07 05:53 . 2011-07-29 18:54 16256 ----a-w- c:\windows\system32\EuEpmGdi.dll

2012-09-07 05:53 . 2011-07-29 18:54 9096 ----a-w- c:\windows\system32\EuGdiDrv.sys

2012-09-07 05:53 . 2011-07-29 18:54 86408 ----a-w- c:\windows\SysWow64\setupempdrv03.exe

2012-09-07 05:53 . 2011-07-29 18:54 8456 ----a-w- c:\windows\SysWow64\EuGdiDrv.sys

2012-09-07 05:53 . 2011-07-29 18:54 16776 ----a-w- c:\windows\system32\epmntdrv.sys

2012-09-07 05:53 . 2011-07-29 18:54 14216 ----a-w- c:\windows\SysWow64\epmntdrv.sys

2012-09-07 05:53 . 2012-09-07 05:53 -------- d-----w- c:\program files (x86)\EaseUS

2012-09-06 22:55 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-09-06 22:19 . 2012-09-06 22:19 -------- d-----w- c:\users\Asus\AppData\Roaming\Ad-Aware Antivirus

2012-08-21 03:40 . 2012-08-21 03:40 -------- d-----w- c:\programdata\hssff

2012-08-20 21:29 . 2012-09-08 04:13 -------- d-----w- c:\users\Asus\AppData\Local\Spotify

2012-08-20 21:29 . 2012-09-08 06:43 -------- d-----w- c:\users\Asus\AppData\Roaming\Spotify

2012-08-18 05:57 . 2012-08-18 06:18 -------- d-----w- C:\Nexon

2012-08-18 05:57 . 2012-08-18 05:57 -------- d-----w- c:\programdata\NexonUS

2012-08-18 05:44 . 2012-08-18 06:07 -------- d-----w- c:\users\Asus\AppData\Local\PMB Files

2012-08-18 05:44 . 2012-08-18 05:44 -------- d-----w- c:\programdata\PMB Files

2012-08-18 05:44 . 2012-08-18 05:44 -------- d-----w- c:\program files (x86)\Pando Networks

2012-08-17 21:56 . 2012-09-06 17:07 -------- d-----w- c:\users\UpdatusUser

2012-08-17 21:51 . 2012-08-17 21:51 -------- d-----w- C:\NVIDIA

2012-08-17 06:26 . 2012-08-17 06:26 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-08-17 06:25 . 2012-08-17 06:25 -------- d-----w- c:\program files (x86)\Oracle

2012-08-17 06:25 . 2012-07-06 03:06 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-08-17 06:25 . 2012-07-06 03:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-08-17 06:24 . 2012-08-17 06:24 -------- d-----w- c:\program files (x86)\Java

2012-08-17 06:24 . 2012-08-17 06:24 -------- d-----w- c:\programdata\McAfee

2012-08-17 06:20 . 2012-08-17 06:20 -------- d-----w- c:\users\Asus\AppData\Local\storage

2012-08-17 06:11 . 2012-08-17 06:12 -------- d-----w- c:\users\Asus\AppData\Local\Ubisoft Game Launcher

2012-08-17 06:11 . 2012-08-18 05:54 -------- d-----w- c:\programdata\Ubisoft

2012-08-17 06:07 . 2006-09-28 21:05 3977496 ----a-w- c:\windows\system32\d3dx9_31.dll

2012-08-17 06:06 . 2005-03-18 22:19 3823312 ----a-w- c:\windows\system32\d3dx9_25.dll

2012-08-17 06:06 . 2005-02-06 00:45 3544272 ----a-w- c:\windows\system32\d3dx9_24.dll

2012-08-17 05:55 . 2012-08-17 05:55 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2012-08-17 05:55 . 2012-08-17 05:55 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite

2012-08-10 04:06 . 2012-08-10 04:06 565616 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor14.dll

2012-08-10 04:04 . 2012-08-10 04:04 -------- d-----w- c:\programdata\Hotspot Shield

2012-08-10 04:04 . 2012-08-10 04:06 -------- d-----w- c:\program files (x86)\Hotspot Shield

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-08 15:34 . 2012-06-08 20:44 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-08-01 18:13 . 2012-08-01 18:13 41704 ----a-w- c:\windows\system32\drivers\hssdrv6.sys

2012-08-01 18:13 . 2012-08-01 18:13 38632 ----a-w- c:\windows\system32\drivers\taphss.sys

2012-07-20 17:13 . 2012-07-20 17:13 98304 ----a-w- c:\windows\SysWow64\CmdLineExt.dll

2012-07-16 02:55 . 2012-07-16 02:55 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{349997FA-D677-4FE1-BD57-EC769B6CED0F}\gapaengine.dll

2012-07-11 18:09 . 2012-06-12 17:59 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-04 14:45 . 2012-07-04 14:44 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll

2012-07-03 05:46 . 2012-06-13 13:16 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-25 08:04 . 2012-06-25 08:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll

2012-06-12 14:29 . 2010-06-24 19:33 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-06-12 11:01 . 2012-06-12 11:01 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-06-12 11:01 . 2012-06-12 11:01 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-06-12 11:01 . 2012-06-12 11:01 89088 ----a-w- c:\windows\system32\ie4uinit.exe

2012-06-12 11:01 . 2012-06-12 11:01 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-06-12 11:01 . 2012-06-12 11:01 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-06-12 11:01 . 2012-06-12 11:01 82432 ----a-w- c:\windows\system32\icardie.dll

2012-06-12 11:01 . 2012-06-12 11:01 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-06-12 11:01 . 2012-06-12 11:01 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-06-12 11:01 . 2012-06-12 11:01 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-06-12 11:01 . 2012-06-12 11:01 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-06-12 11:01 . 2012-06-12 11:01 697344 ----a-w- c:\windows\system32\msfeeds.dll

2012-06-12 11:01 . 2012-06-12 11:01 65024 ----a-w- c:\windows\system32\pngfilt.dll

2012-06-12 11:01 . 2012-06-12 11:01 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-06-12 11:01 . 2012-06-12 11:01 603648 ----a-w- c:\windows\system32\vbscript.dll

2012-06-12 11:01 . 2012-06-12 11:01 55296 ----a-w- c:\windows\system32\msfeedsbs.dll

2012-06-12 11:01 . 2012-06-12 11:01 534528 ----a-w- c:\windows\system32\ieapfltr.dll

2012-06-12 11:01 . 2012-06-12 11:01 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-06-12 11:01 . 2012-06-12 11:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-06-12 11:01 . 2012-06-12 11:01 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-06-12 11:01 . 2012-06-12 11:01 452608 ----a-w- c:\windows\system32\dxtmsft.dll

2012-06-12 11:01 . 2012-06-12 11:01 448512 ----a-w- c:\windows\system32\html.iec

2012-06-12 11:01 . 2012-06-12 11:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-06-12 11:01 . 2012-06-12 11:01 403248 ----a-w- c:\windows\system32\iedkcs32.dll

2012-06-12 11:01 . 2012-06-12 11:01 39936 ----a-w- c:\windows\system32\iernonce.dll

2012-06-12 11:01 . 2012-06-12 11:01 3695416 ----a-w- c:\windows\system32\ieapfltr.dat

2012-06-12 11:01 . 2012-06-12 11:01 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-06-12 11:01 . 2012-06-12 11:01 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-06-12 11:01 . 2012-06-12 11:01 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-06-12 11:01 . 2012-06-12 11:01 282112 ----a-w- c:\windows\system32\dxtrans.dll

2012-06-12 11:01 . 2012-06-12 11:01 267776 ----a-w- c:\windows\system32\ieaksie.dll

2012-06-12 11:01 . 2012-06-12 11:01 249344 ----a-w- c:\windows\system32\webcheck.dll

2012-06-12 11:01 . 2012-06-12 11:01 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-06-12 11:01 . 2012-06-12 11:01 222208 ----a-w- c:\windows\system32\msls31.dll

2012-06-12 11:01 . 2012-06-12 11:01 197120 ----a-w- c:\windows\system32\msrating.dll

2012-06-12 11:01 . 2012-06-12 11:01 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-06-12 11:01 . 2012-06-12 11:01 163840 ----a-w- c:\windows\system32\ieakui.dll

2012-06-12 11:01 . 2012-06-12 11:01 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-06-12 11:01 . 2012-06-12 11:01 160256 ----a-w- c:\windows\system32\wextract.exe

2012-06-12 11:01 . 2012-06-12 11:01 160256 ----a-w- c:\windows\system32\ieakeng.dll

2012-06-12 11:01 . 2012-06-12 11:01 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-06-12 11:01 . 2012-06-12 11:01 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-06-12 11:01 . 2012-06-12 11:01 149504 ----a-w- c:\windows\system32\occache.dll

2012-06-12 11:01 . 2012-06-12 11:01 145920 ----a-w- c:\windows\system32\iepeers.dll

2012-06-12 11:01 . 2012-06-12 11:01 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-06-12 11:01 . 2012-06-12 11:01 12288 ----a-w- c:\windows\system32\mshta.exe

2012-06-12 11:01 . 2012-06-12 11:01 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-06-12 11:01 . 2012-06-12 11:01 114176 ----a-w- c:\windows\system32\admparse.dll

2012-06-12 11:01 . 2012-06-12 11:01 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-06-12 11:01 . 2012-06-12 11:01 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-06-12 11:01 . 2012-06-12 11:01 10752 ----a-w- c:\windows\system32\msfeedssync.exe

2012-06-12 11:01 . 2012-06-12 11:01 103936 ----a-w- c:\windows\system32\inseng.dll

2012-06-12 11:01 . 2012-06-12 11:01 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-06-12 03:02 . 2012-07-11 18:11 3147264 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Asus\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Asus\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Asus\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]

"Spotify Web Helper"="c:\users\Asus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-20 1193176]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]

"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-11 37232]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]

"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-08-17 737104]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

c:\users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-1 227712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-1-12 548528]

FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2012-6-8 12862]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 135664]

R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-11-26 36000]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-11-26 298144]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-11-26 201376]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-11-26 55456]

R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-11-26 154272]

R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-11-26 275616]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-06-13 1038088]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 135664]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-21 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-17 283200]

S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2012-08-01 41704]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-01-25 379520]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Atheros\Ath_CoexAgent.exe [2010-05-24 151552]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Atheros\Bluetooth Suite\adminservice.exe [2010-11-26 52896]

S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-08-03 476016]

S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-08-03 387440]

S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]

S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-11-26 28832]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-12 142632]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-22 56344]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 17:19]

.

2012-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 17:19]

.

2012-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3199379288-28890744-2802945993-1000Core.job

- c:\users\Asus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22 05:08]

.

2012-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3199379288-28890744-2802945993-1000UA.job

- c:\users\Asus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22 05:08]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]

2012-08-01 18:13 287048 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Asus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Asus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Asus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Asus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-01 2189416]

"AtherosBtStack"="c:\program files (x86)\Atheros\Bluetooth Suite\BtvStack.exe" [2010-11-26 613536]

"AthBtTray"="c:\program files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe" [2010-11-26 379040]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://asus.msn.com

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 97.64.168.12 97.64.183.165 192.168.1.1

TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC}: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC}\05162747970225F636B60214E6478656D6: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC}\34F6E6E6563647966697D2D656: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC}\4556374796E676021302230233: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC}\7416E67637471602354797C656: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC}\7416E676E616D602354797C656: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC}\C4F4C4F4C4: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC}\C65656368656E67666F6E6760457E6966696: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{EE79411C-A9C6-4EE7-BCCE-E2DB25A2D1E9}: NameServer = 10.19.56.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-ZRNGFM - c:\users\Asus\AppData\Roaming\mountvol6.dll

Toolbar-Locked - (no file)

HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe

HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3199379288-28890744-2802945993-1000\Software\SecuROM\License information*]

@Allowed: (Read) (RestrictedCode)

"datasecu"=hex:61,a6,d3,08,52,bd,ea,2e,db,70,89,09,07,da,ef,fc,d2,ff,8d,18,56,

08,9c,12,58,d6,63,a6,af,d4,3b,c1,89,f4,4a,2a,ef,f6,0b,a8,16,2b,0b,38,2c,65,\

"rkeysecu"=hex:c4,e5,d5,00,bf,32,76,c3,bd,9f,3c,8a,5e,19,f0,4a

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-09-08 11:30:18

ComboFix-quarantined-files.txt 2012-09-08 16:30

.

Pre-Run: 13,146,066,944 bytes free

Post-Run: 14,004,314,112 bytes free

.

- - End Of File - - FD19A11404E6681666AFF17DF595042C

Link to post
Share on other sites

Hello,

Not good =( I'm still being redirected to other sites. I'm almost always being redirected to this site: http://click.gethotresults.com/ads-clicktrack/click/jump1.do?sid=kXmrC67%2BWoyZ8i2xVjaozNH2%2Fijn1GWzCvj8kwrADQw%3D&affiliate=47759&subid=2877_1101&rc=0&terms=soniczonefo&stm=2012-09-08-10-07-17

I don't know if that's something that can help you but I thought I should share it with you just in case.

I zipped up the Quarantine file and uploaded it on Rapid Share. Here's the download link:

https://rapidshare.com/files/249593087/Quarantine.rar

I've never used RapidShare before so bear with me!

Link to post
Share on other sites

Wow that did the trick. It's leading me to all the sites I want to go. Can't believe I overlooked something as simple as uninstalling the program. I've been clicking links like mad just to see if they'd redirect me to some other website. So far so good :lol: . I'll post back if the problems starts to come back again. But for the moment, thank you very much for helping me with my problem :)

Link to post
Share on other sites

Glad I could help! :)

Take a note that if the main problem is not gone, so wouldn't be possible to resolve it with re-install.

Please uninstall ComboFix:

www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstall

Next, manually delete DDS and aswMBR.

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.