Jump to content

infected with partner37.mydomainadvisor.com what to do


Recommended Posts

i have windows 7 installed on my laptop. when i connect to internet it works fine for sometime,but afterwards whatever is

typed in the address bar the browser (netscape) is redirected to partner37.mydomainadvisor.com. and then when i again try a

blank page with message "no site configured at this address" is displayed.please help me what should i do

Link to post
Share on other sites

mbam log:

Malwarebytes Anti-Malware (Trial) 1.65.0.1400

www.malwarebytes.org

Database version: v2012.10.17.08

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Jagdeep :: JAGDEEP-PC [administrator]

Protection: Enabled

10/17/2012 9:18:11 PM

mbam-log-2012-10-17 (21-18-11).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 286646

Time elapsed: 11 minute(s), 38 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

dds log:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2

Run by Jagdeep at 21:31:45 on 2012-10-17

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3872.1527 [GMT 5.5:30]

.

AV: Trend Micro Titanium Internet Security *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902}

AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Trend Micro Titanium Internet Security *Disabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\FBAgent.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe

C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe

C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Users\Jagdeep\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Users\Jagdeep\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe

C:\Users\Jagdeep\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jagdeep\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\AsScrPro.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mURLSearchHooks: BitTorrentControl_v12 Toolbar: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll

mWinlogon: Userinit=userinit.exe

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll

BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: BitTorrentControl_v12 Toolbar: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll

BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: BitTorrentControl_v12 Toolbar: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe

mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe

uPolicies-system: HideFastUserSwitching = 0 (0x0)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: HideFastUserSwitching = 0 (0x0)

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{C9CEB78C-4866-4F39-9855-EC75FA0693CD} : DhcpNameServer = 124.124.5.135 124.124.5.136 124.124.5.140 124.124.5.141

TCP: Interfaces\{F140426F-3D26-4464-8C49-AC38D49A833D} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{F140426F-3D26-4464-8C49-AC38D49A833D}\D697E6564776561627 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{F140426F-3D26-4464-8C49-AC38D49A833D}\E4544574541425 : DhcpNameServer = 10.0.0.1

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -

AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll

BHO-X64: btorbit.com - No File

BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll

BHO-X64: Trend Micro NSC BHO - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO-X64: IESpeakDoc - No File

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: BitTorrentControl_v12 Toolbar: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll

BHO-X64: BitTorrentControl_v12 - No File

BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll

BHO-X64: TmBpIeBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB-X64: BitTorrentControl_v12 Toolbar: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll

mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun-x64: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe

mRun-x64: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe

AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Jagdeep\AppData\Roaming\Mozilla\Firefox\Profiles\85l4lp0m.default\

FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll

FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Users\Jagdeep\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]

R1 asdrm;asdrm;C:\Windows\system32\DRIVERS\asdrm.sys --> C:\Windows\system32\DRIVERS\asdrm.sys [?]

R1 asdws;asdws;C:\Windows\system32\DRIVERS\asdws.sys --> C:\Windows\system32\DRIVERS\asdws.sys [?]

R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]

R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-8-11 256336]

R2 asdrs;AntiMalware Host-based Intrusion Prevention System;\??\C:\Windows\system32\DRIVERS\asdrs.sys --> C:\Windows\system32\DRIVERS\asdrs.sys [?]

R2 asdsrv;Anvi Smart Defender Realtime Guard Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-8-23 686896]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]

R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe [2011-9-29 92800]

R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-8-2 146592]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-8-2 103584]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-11 399432]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-11 676936]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-8-11 2253120]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000]

R2 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-11 2656280]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-2 116648]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-20 250808]

S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]

S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\system32\drivers\btath_avdt.sys --> C:\Windows\system32\drivers\btath_avdt.sys [?]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]

S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]

S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]

S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-2 116648]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-9 115168]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

.

=============== Created Last 30 ================

.

2012-10-17 15:44:39 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ACBC599B-B58A-4919-8F85-9B17BCAE57C7}\mpengine.dll

2012-10-16 14:30:10 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-10-13 18:05:55 23376 ----a-w- C:\Windows\System32\drivers\asdrs.sys

2012-10-13 18:05:55 18768 ----a-w- C:\Windows\System32\drivers\asdrm.sys

2012-10-13 18:05:55 17232 ----a-w- C:\Windows\System32\drivers\asdws.sys

2012-10-13 16:51:12 -------- d-----w- C:\Program Files\CCleaner

2012-10-12 16:06:11 -------- d-----w- C:\Windows\SysWow64\%LOCALAPPDATA%

2012-10-11 09:37:32 -------- d-----w- C:\Users\Jagdeep\AppData\Roaming\Malwarebytes

2012-10-11 09:37:03 -------- d-----w- C:\ProgramData\Malwarebytes

2012-10-11 09:36:57 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-10-11 09:36:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-10-11 07:47:18 -------- d-----w- C:\Program Files (x86)\ESET

2012-10-11 07:37:03 -------- d-----w- C:\Users\Jagdeep\AppData\Roaming\Anvisoft

2012-10-11 07:36:53 -------- d-----w- C:\ProgramData\Anvisoft

2012-10-11 07:36:45 -------- d-----w- C:\Program Files (x86)\Anvisoft

2012-10-11 06:54:47 -------- d-----w- C:\Users\Jagdeep\AppData\Roaming\YourFileDownloader

2012-10-11 06:54:47 -------- d-----w- C:\Program Files (x86)\YourFileDownloader

2012-10-10 17:42:40 -------- d-----w- C:\Users\Jagdeep\AppData\Roaming\SpeedyPC Software

2012-10-10 17:42:40 -------- d-----w- C:\Users\Jagdeep\AppData\Roaming\DriverCure

2012-10-10 17:42:21 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedyPC Software

2012-10-10 17:42:15 -------- d-----w- C:\ProgramData\SpeedyPC Software

2012-10-10 17:42:15 -------- d-----w- C:\Program Files (x86)\SpeedyPC Software

2012-10-10 17:19:40 -------- d-----w- C:\Users\Jagdeep\AppData\Local\Macromedia

2012-10-09 17:15:09 -------- d-----w- C:\Users\Jagdeep\AppData\Local\Mozilla

2012-10-09 17:13:28 192592 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-10-09 17:12:45 416224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll

2012-10-09 17:12:45 115168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-10-09 17:12:44 80864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll

2012-10-09 17:12:44 2560480 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll

2012-10-09 17:12:43 917984 ----a-w- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

2012-10-09 17:12:43 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll

2012-10-09 17:12:43 258528 ----a-w- C:\Program Files (x86)\Mozilla Firefox\freebl3.dll

2012-10-09 17:12:43 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2012-10-09 17:12:43 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll

2012-10-09 17:12:43 18912 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll

2012-10-09 17:12:43 116192 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe

2012-10-07 15:10:17 -------- d-----w- C:\Windows\System32\appmgmt

2012-10-07 10:07:32 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2012-10-07 10:07:26 -------- d-----w- C:\Program Files\Microsoft Security Client

2012-10-03 03:05:16 -------- d-----w- C:\Users\Jagdeep\AppData\Local\MetaGeek,_LLC

2012-10-03 02:56:05 -------- d-----w- C:\Program Files (x86)\MetaGeek

2012-10-03 02:12:24 -------- d-----w- C:\Users\Jagdeep\AppData\Roaming\Netgear Live Parental Controls

2012-10-03 02:12:19 -------- d-----w- C:\Program Files (x86)\NETGEAR Live Parental Controls Management Utility

2012-10-03 01:47:57 35840 ----a-r- C:\Windows\System32\drivers\BVRPMPR5a64.SYS

2012-10-03 01:47:04 -------- d-----w- C:\Netgear

2012-09-22 07:32:01 -------- d-----w- C:\Users\Jagdeep\AppData\Roaming\Foxit Software

2012-09-22 02:40:34 -------- d-sh--w- C:\KRECYCLE

2012-09-20 10:09:42 -------- d-----w- C:\Users\Jagdeep\AppData\Roaming\Kingsoft

2012-09-20 10:09:41 -------- d-----w- C:\ProgramData\Kingsoft

2012-09-20 10:09:25 -------- d-----w- C:\Program Files (x86)\Kingsoft

.

==================== Find3M ====================

.

2012-10-16 16:00:49 45056 ----a-w- C:\Windows\SysWow64\acovcnt.exe

2012-10-10 17:04:34 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-10-10 17:04:33 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-14 16:05:06 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-14 16:05:03 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-09-14 16:05:03 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-08-30 16:33:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

2012-08-30 16:33:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2012-08-20 14:17:07 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2012-08-11 04:48:35 80512 ----a-w- C:\Windows\AsusScr_K3 Series_ENG Uninstaller.exe

2012-08-11 04:48:14 3058304 ----a-w- C:\Windows\AsScrPro.exe

.

============= FINISH: 21:33:40.42 ===============

Link to post
Share on other sites

  • Staff

Hi,

I notice that you are using more than one antivirus program (Trend Micro and Microsoft). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Reboot.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingc...to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

If after ComboFix reboots you get a message about an "Invalid Option Registry Key Marked for Deletion," please reboot again and the error will go away.

-screen317

Link to post
Share on other sites

hello

i have uninstalled micro trend antivirus and after rebooting my laptop i ran combofix.

combofix window hanged for some 3 times, first 2 times i waited for more than 30 minutes(& third time for 10 to 15 min) but with no response. so i had to reboot.it stopped responding at following three stages

1.- while trying to create restore point

2.-while scanning for viruses

3.- while scanning for viruses when "completed stage 3" appeared

and 4rth time it ran sucessfully

and below is the log that was created after it ran sucessfully

COMBOFIX LOG

ComboFix 12-10-18.03 - Jagdeep 10/18/2012 21:57:55.2.4 - x64

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3872.2436 [GMT 5.5:30]

Running from: c:\users\Jagdeep\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Jagdeep\AppData\Roaming\.#

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_nvsvc

.

.

((((((((((((((((((((((((( Files Created from 2012-09-18 to 2012-10-18 )))))))))))))))))))))))))))))))

.

.

2012-10-18 16:37 . 2012-10-18 16:37 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-10-18 16:37 . 2012-10-18 16:37 -------- d-----w- c:\users\Riya\AppData\Local\temp

2012-10-18 16:37 . 2012-10-18 16:37 -------- d-----w- c:\users\Saiyam\AppData\Local\temp

2012-10-18 16:37 . 2012-10-18 16:37 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-10-17 15:44 . 2012-09-18 19:28 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ACBC599B-B58A-4919-8F85-9B17BCAE57C7}\mpengine.dll

2012-10-16 14:30 . 2012-09-18 19:28 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-10-15 13:55 . 2012-10-15 14:07 -------- d-----w- c:\users\Riya\AppData\Local\Google

2012-10-13 18:05 . 2012-08-20 09:23 23376 ----a-w- c:\windows\system32\drivers\asdrs.sys

2012-10-13 18:05 . 2012-08-20 09:23 18768 ----a-w- c:\windows\system32\drivers\asdrm.sys

2012-10-13 18:05 . 2012-08-20 09:23 17232 ----a-w- c:\windows\system32\drivers\asdws.sys

2012-10-13 16:51 . 2012-10-13 16:51 -------- d-----w- c:\program files\CCleaner

2012-10-13 09:07 . 2012-10-13 09:07 -------- d-----w- c:\users\Riya\AppData\Roaming\Malwarebytes

2012-10-13 04:33 . 2012-10-13 04:33 -------- d-----w- c:\users\Saiyam\AppData\Local\Mozilla

2012-10-12 16:06 . 2012-10-12 16:06 -------- d-----w- c:\windows\SysWow64\%LOCALAPPDATA%

2012-10-11 11:32 . 2012-10-11 11:32 -------- d-----w- c:\users\Riya\AppData\Local\Macromedia

2012-10-11 09:37 . 2012-10-11 09:37 -------- d-----w- c:\users\Jagdeep\AppData\Roaming\Malwarebytes

2012-10-11 09:37 . 2012-10-11 09:37 -------- d-----w- c:\programdata\Malwarebytes

2012-10-11 09:36 . 2012-10-11 09:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-10-11 09:36 . 2012-09-07 11:34 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-11 07:47 . 2012-10-11 07:47 -------- d-----w- c:\program files (x86)\ESET

2012-10-11 07:37 . 2012-10-13 18:06 -------- d-----w- c:\users\Jagdeep\AppData\Roaming\Anvisoft

2012-10-11 07:36 . 2012-10-11 07:36 -------- d-----w- c:\programdata\Anvisoft

2012-10-11 07:36 . 2012-10-11 07:36 -------- d-----w- c:\program files (x86)\Anvisoft

2012-10-11 06:54 . 2012-10-11 06:54 -------- d-----w- c:\program files (x86)\YourFileDownloader

2012-10-11 06:54 . 2012-10-11 06:54 -------- d-----w- c:\users\Jagdeep\AppData\Roaming\YourFileDownloader

2012-10-10 17:42 . 2012-10-10 17:42 -------- d-----w- c:\users\Jagdeep\AppData\Roaming\SpeedyPC Software

2012-10-10 17:42 . 2012-10-10 17:42 -------- d-----w- c:\users\Jagdeep\AppData\Roaming\DriverCure

2012-10-10 17:42 . 2012-10-10 17:42 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software

2012-10-10 17:42 . 2012-10-10 17:42 -------- d-----w- c:\programdata\SpeedyPC Software

2012-10-10 17:42 . 2012-10-10 17:42 -------- d-----w- c:\program files (x86)\SpeedyPC Software

2012-10-10 17:19 . 2012-10-10 17:19 -------- d-----w- c:\users\Jagdeep\AppData\Local\Macromedia

2012-10-10 10:09 . 2012-10-10 10:09 -------- d-----w- c:\users\Riya\AppData\Local\Mozilla

2012-10-09 17:15 . 2012-10-09 17:15 -------- d-----w- c:\users\Jagdeep\AppData\Local\Mozilla

2012-10-09 17:14 . 2012-10-09 17:14 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-10-07 15:10 . 2012-10-07 15:10 -------- d-----w- c:\windows\system32\appmgmt

2012-10-07 10:07 . 2012-10-07 10:07 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-10-07 10:07 . 2012-10-07 10:07 -------- d-----w- c:\program files\Microsoft Security Client

2012-10-06 02:12 . 2012-10-06 02:12 -------- d-----w- c:\users\Saiyam\AppData\Local\Unity

2012-10-06 02:12 . 2012-10-06 02:12 -------- d-----w- c:\users\Saiyam\AppData\Local\Apps

2012-10-06 02:12 . 2012-10-06 02:12 -------- d-----w- c:\users\Saiyam\AppData\Local\Deployment

2012-10-06 01:56 . 2012-10-06 01:56 -------- d-----w- c:\program files (x86)\7-Zip

2012-10-06 01:54 . 2012-10-06 02:19 -------- d-----w- c:\users\Saiyam\AppData\Roaming\Orbit

2012-10-06 01:54 . 2012-10-06 01:54 -------- d-----w- c:\users\Saiyam\AppData\Roaming\ProgSense

2012-10-04 03:58 . 2012-10-04 03:58 -------- d-----w- c:\users\temp

2012-10-03 11:41 . 2012-10-03 11:41 -------- d-----w- c:\users\Riya\AppData\Roaming\Netgear Live Parental Controls

2012-10-03 03:05 . 2012-10-03 03:05 -------- d-----w- c:\users\Jagdeep\AppData\Local\MetaGeek,_LLC

2012-10-03 02:56 . 2012-10-03 02:56 -------- d-----w- c:\program files (x86)\MetaGeek

2012-10-03 02:12 . 2012-10-03 02:12 -------- d-----w- c:\users\Jagdeep\AppData\Roaming\Netgear Live Parental Controls

2012-10-03 02:12 . 2012-10-03 02:12 -------- d-----w- c:\program files (x86)\NETGEAR Live Parental Controls Management Utility

2012-10-03 01:47 . 2010-08-13 04:41 35840 ----a-r- c:\windows\system32\drivers\BVRPMPR5a64.SYS

2012-10-03 01:47 . 2012-10-03 17:06 -------- d-----w- C:\Netgear

2012-10-02 02:54 . 2012-10-02 02:54 -------- d-----w- c:\users\Saiyam\AppData\Roaming\Skype

2012-09-30 13:35 . 2012-10-08 10:01 -------- d-----w- c:\users\Riya\AppData\Roaming\Skype

2012-09-22 15:02 . 2012-09-22 15:02 -------- d-----w- c:\users\Riya\AppData\Roaming\Kingsoft

2012-09-22 07:32 . 2012-09-22 07:32 -------- d-----w- c:\users\Jagdeep\AppData\Roaming\Foxit Software

2012-09-22 02:40 . 2012-09-22 02:40 -------- d-----w- C:\KRECYCLE

2012-09-20 10:09 . 2012-09-20 10:10 -------- d-----w- c:\users\Jagdeep\AppData\Roaming\Kingsoft

2012-09-20 10:09 . 2012-09-22 09:04 -------- d-----w- c:\programdata\Kingsoft

2012-09-20 10:09 . 2012-09-20 10:13 -------- d-----w- c:\program files (x86)\Kingsoft

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-18 16:41 . 2012-08-11 04:58 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe

2012-10-13 04:41 . 2012-09-02 07:04 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2012-10-13 04:41 . 2012-09-02 07:03 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2012-10-13 04:40 . 2012-08-31 14:28 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2012-10-10 17:04 . 2012-08-15 02:11 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-10 17:04 . 2012-08-15 02:11 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-07 06:11 . 2012-08-28 16:14 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2012-10-07 06:10 . 2012-08-31 14:30 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-10-07 06:09 . 2012-08-27 14:25 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-10-07 06:09 . 2012-08-27 14:24 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-09-22 04:31 . 2012-09-12 11:14 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2012-09-14 16:05 . 2012-09-14 16:05 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-14 16:05 . 2012-08-12 15:23 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-09-14 16:05 . 2012-08-12 15:23 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-08-30 16:33 . 2012-08-30 16:33 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-08-30 16:33 . 2012-08-30 16:33 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-08-20 14:28 . 2012-08-20 14:28 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-08-20 14:28 . 2012-08-20 14:28 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-08-20 14:28 . 2012-08-20 14:28 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-08-20 14:28 . 2012-08-20 14:28 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-08-20 14:28 . 2012-08-20 14:28 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-08-20 14:28 . 2012-08-20 14:28 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-08-20 14:28 . 2012-08-20 14:28 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-08-20 14:28 . 2012-08-20 14:28 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-08-20 14:28 . 2012-08-20 14:28 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-08-20 14:28 . 2012-08-20 14:28 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-08-20 14:28 . 2012-08-20 14:28 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-08-20 14:28 . 2012-08-20 14:28 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-08-20 14:28 . 2012-08-20 14:28 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-08-20 14:28 . 2012-08-20 14:28 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-08-20 14:28 . 2012-08-20 14:28 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-08-20 14:28 . 2012-08-20 14:28 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-08-20 14:28 . 2012-08-20 14:28 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-08-20 14:28 . 2012-08-20 14:28 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-08-20 14:28 . 2012-08-20 14:28 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-08-20 14:28 . 2012-08-20 14:28 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-08-20 14:28 . 2012-08-20 14:28 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-08-20 14:28 . 2012-08-20 14:28 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-08-20 14:28 . 2012-08-20 14:28 222208 ----a-w- c:\windows\system32\msls31.dll

2012-08-20 14:28 . 2012-08-20 14:28 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-08-20 14:28 . 2012-08-20 14:28 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-08-20 14:28 . 2012-08-20 14:28 65024 ----a-w- c:\windows\system32\pngfilt.dll

2012-08-20 14:28 . 2012-08-20 14:28 267776 ----a-w- c:\windows\system32\ieaksie.dll

2012-08-20 14:28 . 2012-08-20 14:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-20 14:28 . 2012-08-20 14:28 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-08-20 14:28 . 2012-08-20 14:28 197120 ----a-w- c:\windows\system32\msrating.dll

2012-08-20 14:28 . 2012-08-20 14:28 17809920 ----a-w- c:\windows\system32\mshtml.dll

2012-08-20 14:28 . 2012-08-20 14:28 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-20 14:28 . 2012-08-20 14:28 149504 ----a-w- c:\windows\system32\occache.dll

2012-08-20 14:28 . 2012-08-20 14:28 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-08-20 14:28 . 2012-08-20 14:28 12288 ----a-w- c:\windows\system32\mshta.exe

2012-08-20 14:28 . 2012-08-20 14:28 114176 ----a-w- c:\windows\system32\admparse.dll

2012-08-20 14:28 . 2012-08-20 14:28 816640 ----a-w- c:\windows\system32\jscript.dll

2012-08-20 14:28 . 2012-08-20 14:28 55296 ----a-w- c:\windows\system32\msfeedsbs.dll

2012-08-20 14:28 . 2012-08-20 14:28 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-08-20 14:28 . 2012-08-20 14:28 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-20 14:28 . 2012-08-20 14:28 163840 ----a-w- c:\windows\system32\ieakui.dll

2012-08-20 14:28 . 2012-08-20 14:28 160256 ----a-w- c:\windows\system32\ieakeng.dll

2012-08-20 14:28 . 2012-08-20 14:28 145920 ----a-w- c:\windows\system32\iepeers.dll

2012-08-20 14:28 . 2012-08-20 14:28 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-08-20 14:28 . 2012-08-20 14:28 10752 ----a-w- c:\windows\system32\msfeedssync.exe

2012-08-20 14:28 . 2012-08-20 14:28 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-08-20 14:28 . 2012-08-20 14:28 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-08-20 14:28 . 2012-08-20 14:28 534528 ----a-w- c:\windows\system32\ieapfltr.dll

2012-08-20 14:28 . 2012-08-20 14:28 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-08-20 14:28 . 2012-08-20 14:28 452608 ----a-w- c:\windows\system32\dxtmsft.dll

2012-08-20 14:28 . 2012-08-20 14:28 448512 ----a-w- c:\windows\system32\html.iec

2012-08-20 14:28 . 2012-08-20 14:28 3695416 ----a-w- c:\windows\system32\ieapfltr.dat

2012-08-20 14:28 . 2012-08-20 14:28 282112 ----a-w- c:\windows\system32\dxtrans.dll

2012-08-20 14:28 . 2012-08-20 14:28 248320 ----a-w- c:\windows\system32\ieui.dll

2012-08-20 14:28 . 2012-08-20 14:28 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-08-20 14:28 . 2012-08-20 14:28 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-08-20 14:28 . 2012-08-20 14:28 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-08-20 14:28 . 2012-08-20 14:28 89088 ----a-w- c:\windows\system32\ie4uinit.exe

2012-08-20 14:28 . 2012-08-20 14:28 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-08-20 14:28 . 2012-08-20 14:28 82432 ----a-w- c:\windows\system32\icardie.dll

2012-08-20 14:28 . 2012-08-20 14:28 403248 ----a-w- c:\windows\system32\iedkcs32.dll

2012-08-20 14:28 . 2012-08-20 14:28 39936 ----a-w- c:\windows\system32\iernonce.dll

2012-08-20 14:28 . 2012-08-20 14:28 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-20 14:28 . 2012-08-20 14:28 249344 ----a-w- c:\windows\system32\webcheck.dll

2012-08-20 14:28 . 2012-08-20 14:28 237056 ----a-w- c:\windows\system32\url.dll

2012-08-20 14:28 . 2012-08-20 14:28 160256 ----a-w- c:\windows\system32\wextract.exe

2012-08-20 14:28 . 2012-08-20 14:28 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-20 14:28 . 2012-08-20 14:28 103936 ----a-w- c:\windows\system32\inseng.dll

2012-08-20 14:28 . 2012-08-20 14:28 697344 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-20 14:28 . 2012-08-20 14:28 603648 ----a-w- c:\windows\system32\vbscript.dll

2012-08-20 14:28 . 2012-08-20 14:28 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-08-20 14:17 . 2012-08-20 14:17 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL

2012-08-20 14:17 . 2012-08-20 14:17 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL

2012-08-20 14:17 . 2012-08-20 14:17 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2012-08-20 14:17 . 2012-08-20 14:17 662528 ----a-w- c:\windows\system32\XpsPrint.dll

2012-08-20 14:17 . 2012-08-20 14:17 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2012-08-20 14:17 . 2012-08-20 14:17 320512 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-08-20 14:17 . 2012-08-20 14:17 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2012-08-20 14:17 . 2012-08-20 14:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll

2012-08-20 14:17 . 2012-08-20 14:17 1837568 ----a-w- c:\windows\system32\d3d10warp.dll

2012-08-20 14:17 . 2012-08-20 14:17 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll

2012-08-20 14:17 . 2012-08-20 14:17 144384 ----a-w- c:\windows\system32\cdd.dll

2012-08-20 14:17 . 2012-08-20 14:17 1133568 ----a-w- c:\windows\system32\FntCache.dll

2012-08-20 14:17 . 2012-08-20 14:17 902656 ----a-w- c:\windows\system32\d2d1.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}]

2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\BitTorrentControl_v12\prxtbBitT.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}"= "c:\program files (x86)\BitTorrentControl_v12\prxtbBitT.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-07-21 5716608]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-09-13 2317312]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"Anvi Smart Defender"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-08-23 1229104]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"HideFastUserSwitching"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-02 116648]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-10 250808]

R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-08-02 36000]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-08-02 330912]

R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-08-02 110240]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-08-02 167584]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-08-02 68256]

R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-08-02 280992]

R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-08-02 511136]

R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-08-13 35840]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-02 116648]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-06 115168]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-10-17 28992]

S1 asdrm;asdrm;c:\windows\system32\DRIVERS\asdrm.sys [2012-08-20 18768]

S1 asdws;asdws;c:\windows\system32\DRIVERS\asdws.sys [2012-08-20 17232]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]

S2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\asdrs.sys [2012-08-20 23376]

S2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-08-23 686896]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]

S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\Common Files\InstantOn\InsOnSrv.exe [2011-09-29 92800]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-08-02 146592]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-08-02 103584]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2012-07-13 769432]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-17 2253120]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-10-03 129512]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-10-03 394728]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-08-02 30368]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]

S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-09-19 108656]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-10-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-20 17:04]

.

2012-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-02 09:12]

.

2012-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-02 09:12]

.

2012-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2382360282-1360722930-1941866962-1000Core.job

- c:\users\Jagdeep\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-23 16:51]

.

2012-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2382360282-1360722930-1941866962-1000UA.job

- c:\users\Jagdeep\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-23 16:51]

.

2012-10-11 c:\windows\Tasks\SpeedyPC Pro.job

- c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-10-04 20:42]

.

2012-10-18 c:\windows\Tasks\SpeedyPC Registration3.job

- c:\windows\system32\rundll32.exe [2009-07-13 01:14]

.

2012-10-18 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job

- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-10-04 20:42]

.

2012-10-11 c:\windows\Tasks\SpeedyPC Update Version3.job

- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-10-04 20:42]

.

2012-10-18 c:\windows\Tasks\WpsUpdateTask_Jagdeep.job

- c:\program files (x86)\Kingsoft\Kingsoft Office\office6\wpsupdate.exe [2011-11-03 16:00]

.

2012-10-18 c:\windows\Tasks\WpsUpdateTask_Riya.job

- c:\program files (x86)\Kingsoft\Kingsoft Office\office6\wpsupdate.exe [2011-11-03 16:00]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-10-14 2278504]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-08-02 961184]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-08-02 798880]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-28 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-28 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-28 416024]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Jagdeep\AppData\Roaming\Mozilla\Firefox\Profiles\85l4lp0m.default\

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll

WebBrowser-{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

c:\program files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\program files (x86)\Common Files\InstantOn\InsOnWMI.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

c:\program files (x86)\ASUS\FaceLogon\sensorsrv.exe

c:\program files (x86)\ASUS\Splendid\ACMON.exe

c:\program files (x86)\YourFileDownloader\YourFileUpdater.exe

c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

c:\windows\SysWOW64\ACEngSvr.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

c:\windows\AsScrPro.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-10-18 22:17:42 - machine was rebooted

ComboFix-quarantined-files.txt 2012-10-18 16:47

.

Pre-Run: 43,121,627,136 bytes free

Post-Run: 42,759,680,000 bytes free

.

- - End Of File - - 185F79424B27E1547F37DCE54C2A4010

Link to post
Share on other sites

  • Staff

Hi,

Just saw this:

Please see:

Forum Piracy Policy

We will not assist users that are obviously using illegal software.

If any such evidence is found you will be given the benefit of the doubt and the opportunity to completely uninstall and delete any such data from your system.

During the scanning process if any further evidence shows up your topic will be closed and no further assistance will be provided.

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

It's likely why your issue began in the first place.

Link to post
Share on other sites

  • 1 month later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.