Infected with svchost.exe Trojan.Agent

InsomniacR · April 3, 2013

Hello,

I'm a new to this forum. My laptop has been recently infected by this pesky trojan on the file of svchost.exe. I discovered it after I kept seeing svchost.exe acting strangely on the task manager under process. My CPU usage is constantly being drained at 15-20 percent on idle which made me gather that I had a Virus. Mbam discovered the Trojan but it was unable to remove it. Something keeps writing it back in from a deeper part of the infection. I thought it was a root virus so, next used Mbar but it could not remove it as well.

If anyone could provide assistant it would be greatly appreciated.

Thank You,

InsomniacR

MrCharlie · April 3, 2013

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

MrC

Note:

Removing malware can be unpredictable

...things can go very wrong!

Backup

any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>

Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>

Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

InsomniacR · April 3, 2013

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 8.0.7601.17514

Run by Ricky Lee at 11:27:00 on 2013-04-03

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6069.3797 [GMT -5:00]

.

AV: Microsoft Forefront Endpoint Protection *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Forefront Endpoint Protection *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\FBAgent.exe

C:\Windows\system32\WLANExt.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\Winferno\WSS\WSS.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\P4G\BatteryLife.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe

E:\Gamebooster\Game Booster 3\gbtray.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Users\Ricky Lee\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Users\Ricky Lee\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

E:\Programs Files\PowerISO\PWRISOVM.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe

C:\Windows\SysWOW64\net.exe

C:\Windows\SysWOW64\net1.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\taskmgr.exe

C:\Users\Ricky Lee\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\AsScrPro.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Users\RICKYL~1\AppData\Local\Temp\svchost.exe -o http://p.44379f2b1a5611f625592bbf6e596a47.info -O r4:r4 -l 1

C:\Windows\System32\cscript.exe

C:\Users\RICKYL~1\AppData\Local\Temp\svchost.exe -o http://p.44379f2b1a5611f625592bbf6e596a47.info -O r4:r4 -l 1

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uDefault_Page_URL = hxxp://asus.msn.com

uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>

uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>

mURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>

mURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [Google Update] "C:\Users\Ricky Lee\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background

uRun: [Akamai NetSession Interface] "C:\Users\Ricky Lee\AppData\Local\Akamai\netsession_win.exe"

mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun: [PWRISOVM.EXE] E:\Programs Files\PowerISO\PWRISOVM.EXE

mRun: [Microsoft Pinyin IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe] C:\Users\Ricky Lee\AppData\Roaming\AdobeUpdater\color.vbe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: HideSCAHealth = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

TCP: NameServer = 10.50.0.1

TCP: Interfaces\{16D37337-993E-4E79-A2DB-91C70EC73481} : DHCPNameServer = 10.50.0.1

TCP: Interfaces\{57B5DF38-5D5D-413A-A62C-734549EF40CC} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{57B5DF38-5D5D-413A-A62C-734549EF40CC}\16474777966696 : DHCPNameServer = 10.33.1.1 64.134.255.2 64.134.255.10

TCP: Interfaces\{57B5DF38-5D5D-413A-A62C-734549EF40CC}\2375942554135373 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{57B5DF38-5D5D-413A-A62C-734549EF40CC}\2375942554839323 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{57B5DF38-5D5D-413A-A62C-734549EF40CC}\44F63647F62774162797 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{57B5DF38-5D5D-413A-A62C-734549EF40CC}\7594E4D215559344F4F49305A43464D24393533303 : DHCPNameServer = 192.168.137.1

TCP: Interfaces\{57B5DF38-5D5D-413A-A62C-734549EF40CC}\C4F6F56616D696C697F5131376D274D245B49405 : DHCPNameServer = 192.168.11.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll

x64-Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [RunDLLEntry] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\AmbRunE.dll,RunDLLEntry

x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray

x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Ricky Lee\AppData\Roaming\Mozilla\Firefox\Profiles\k7ik1b4r.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.utexas.edu/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll

FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Program Files\Mozilla Plugins\npitunes.dll

FF - plugin: C:\Users\Ricky Lee\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Users\Ricky Lee\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\Ricky Lee\AppData\Roaming\Mozilla\Firefox\Profiles\k7ik1b4r.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll

FF - plugin: C:\Users\Ricky Lee\AppData\Roaming\Mozilla\Firefox\Profiles\k7ik1b4r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll

FF - plugin: C:\Users\Ricky Lee\AppData\Roaming\Mozilla\Firefox\Profiles\k7ik1b4r.default\extensions\npretoxlive@live.heroesandgenerals.com\plugins\npretoxlive.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.BabylonToolbar.autoRvrt - false

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=0c03b6d20000000000000023156ecead&q=

FF - user.js: extensions.BabylonToolbar.id - 0c03b6d20000000000000023156ecead

FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}

FF - user.js: extensions.BabylonToolbar.instlDay - 15588

FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12

FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1221:37:02

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - base

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=3612_2

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-4-18 228768]

R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-2-26 379520]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 128456]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-1 1153368]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-2-26 2314240]

R2 Winferno Subscription Service;Winferno Subscription Service;C:\Program Files (x86)\Common Files\Winferno\WSS\WSS.exe [2012-6-2 132488]

R3 AmdTools64;AMD Special Tools Driver;C:\Windows\System32\drivers\AmdTools64.sys [2012-1-19 47160]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-2-26 56344]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-1-15 76912]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-3-17 7680512]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S2 WajamUpdater;WajamUpdater;"C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe" --> C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [?]

S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-8-21 44032]

S3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;C:\Preload64\procmon\AsPrOb64.sys [2009-12-28 11320]

S3 bthav;Bluetooth AV Profile;C:\Windows\System32\drivers\bthav.sys [2008-7-10 40448]

S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2009-6-30 52264]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-2-26 35104]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-1-14 61792]

S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]

S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2012-9-26 14448]

S3 IOMap;IOMap;C:\Windows\System32\drivers\IOMap64.sys [2012-2-2 23680]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]

S3 NMgamingmsFltr;USB Optical Mouse;C:\Windows\System32\drivers\NMgamingms.sys [2009-7-24 11264]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-29 19456]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]

S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-9-26 155320]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-29 57856]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-15 1255736]

S3 WinRing0_1_2_0;WinRing0_1_2_0;E:\ThrottleStop_500\WinRing0x64.sys [2013-3-1 14544]

.

=============== Created Last 30 ================

.

2013-04-03 02:53:57 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7C27D0EC-28A7-41B4-84D9-C276218AAD29}\mpengine.dll

2013-04-03 00:18:34 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-04-03 00:14:14 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-04-03 00:13:02 1013248 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll

2013-03-30 05:51:18 -------- d-----w- C:\Users\Ricky Lee\AppData\Local\FLT

2013-03-30 01:37:48 0 ----a-w- C:\Windows\ativpsrm.bin

2013-03-30 01:35:31 -------- d-----w- C:\Program Files (x86)\AMD AVT

2013-03-30 01:35:27 -------- d-----w- C:\Program Files (x86)\AMD APP

2013-03-30 01:35:23 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

2013-03-30 01:35:23 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies

2013-03-30 01:33:03 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2013-03-30 01:32:50 -------- d-----w- C:\Program Files\ATI Technologies

2013-03-30 01:32:49 -------- d-----w- C:\Program Files\ATI

2013-03-30 01:32:08 -------- d-----w- C:\AMD

2013-03-21 01:14:56 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3367A3C5-2B99-486E-86AB-E874F1DF9F22}\gapaengine.dll

2013-03-09 06:53:26 -------- d-----w- C:\ProgramData\GFACE

2013-03-07 23:55:21 -------- d-----w- C:\Program Files (x86)\Phyxion.net

2013-03-07 07:01:48 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

.

==================== Find3M ====================

.

2013-04-02 10:34:28 282744 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-01 05:09:22 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-04-01 05:09:22 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-04-01 05:03:10 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2013-03-13 07:00:52 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-13 07:00:52 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-03-07 07:01:43 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-03-07 07:01:43 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-02-28 13:57:26 1188864 ----a-w- C:\Windows\System32\wininet.dll

2013-02-28 13:37:29 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-28 12:03:52 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-28 11:38:43 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-02-26 20:05:20 76288 ----a-w- C:\Windows\System32\OpenVideo64.dll

2013-02-26 20:05:16 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2013-02-26 20:05:10 64000 ----a-w- C:\Windows\System32\OVDecode64.dll

2013-02-26 20:05:08 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2013-02-26 20:04:58 29149696 ----a-w- C:\Windows\System32\amdocl64.dll

2013-02-26 20:03:04 23810048 ----a-w- C:\Windows\SysWow64\amdocl.dll

2013-02-26 20:01:22 54784 ----a-w- C:\Windows\System32\OpenCL.dll

2013-02-26 20:01:20 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2013-02-26 19:54:44 5067264 ----a-w- C:\Windows\System32\amdsc64.dll

2013-02-26 19:54:40 4083200 ----a-w- C:\Windows\SysWow64\amdsc.dll

2013-02-16 06:57:47 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-01-15 10:11:12 110080 ----a-w- C:\Windows\System32\DelayAPO.dll

2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-01-16 23:22:16 293736 ----a-w- C:\Program Files\iTunesOutlookAddIn.dll

2012-01-16 23:22:12 421736 ----a-w- C:\Program Files\iTunesHelper.exe

2012-01-16 23:22:12 403304 ----a-w- C:\Program Files\iTunesAdmin.dll

2012-01-16 23:22:12 156520 ----a-w- C:\Program Files\iTunesHelper.dll

2012-01-16 23:22:08 9777000 ----a-w- C:\Program Files\iTunes.exe

2012-01-16 23:22:04 20868968 ----a-w- C:\Program Files\iTunes.dll

2012-01-16 23:22:02 803200 ----a-w- C:\Program Files\gnsdk_sdkmanager.dll

2012-01-16 23:22:02 3035520 ----a-w- C:\Program Files\gnsdk_dsp.dll

2012-01-16 23:22:02 287104 ----a-w- C:\Program Files\gnsdk_submit.dll

2012-01-16 23:22:02 246144 ----a-w- C:\Program Files\gnsdk_musicid.dll

2011-11-15 02:16:44 112488 ----a-w- C:\Program Files\ITDetector.ocx

.

============= FINISH: 11:27:11.86 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 1/14/2012 10:35:30 PM

System Uptime: 4/3/2013 11:17:39 AM (0 hours ago)

.

Motherboard: ASUSTeK Computer Inc. | | G73Jh

Processor: Intel® Core i7 CPU Q 740 @ 1.73GHz | Socket 989 | 1734/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 137 GiB total, 78.88 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 440 GiB total, 211.289 GiB free.

F: is FIXED (NTFS) - 931 GiB total, 12.853 GiB free.

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Intel® Centrino® Advanced-N + WiMAX 6250

Device ID: USB\VID_8086&PID_0186\6&37D20768&0&1

Manufacturer:

Name: Intel® Centrino® Advanced-N + WiMAX 6250

PNP Device ID: USB\VID_8086&PID_0186\6&37D20768&0&1

Service:

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

ÊÍÏíË áÜ Microsoft Office Excel 2007 Help (KB963678)

ÊÍÏíË áÜ Microsoft Office Powerpoint 2007 Help (KB963669)

ÊÍÏíË áÜ Microsoft Office Word 2007 Help (KB963665)

2007 Microsoft Office system

Acrobat.com

Actualização do Microsoft Office Excel 2007 Help (KB963678)

Actualização do Microsoft Office Powerpoint 2007 Help (KB963669)

Actualização do Microsoft Office Word 2007 Help (KB963665)

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.6)

AIM 7

Akamai NetSession Interface

Alcor Micro USB Card Reader

Aleks 3.17

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD GPU Clock Tool

AMD Media Foundation Decoders

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ASUS AI Recovery

ASUS FancyStart

ASUS LifeFrame3

ASUS Power4Gear Hybrid

ASUS Splendid Video Enhancement Technology

ASUS Virtual Camera

ASUS_Notebook_G73 Screen Saver

ATK Package

Atualização do produto Microsoft Office Excel 2007 Help (KB963678)

Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)

Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)

Atualização do produto Microsoft Office Word 2007 Help (KB963665)

Auslogics Registry Cleaner

Battlefield 3™

Battlelog Web Plugins

Bonjour

Borderlands 2

BrickForce 1.9.87

Bullet Run

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Choice Guard

ControlDeck

Counter-Strike: Global Offensive

Counter-Strike: Source

CPUID CPU-Z 1.61.3

Creative MediaSource 5

CyberLink LabelPrint

Dishonored

Download Updater (AOL LLC)

Driver Sweeper version 3.2.0

ESN Sonar

Express Gate

Fallout New Vegas

Fast Boot

ffdshow [rev 3154] [2009-12-09]

Fraps

FXAA Post Process Injector

Game Booster 3

Glary Utilities 2.52.0.1698

Google Chrome

Heaven DX11 Benchmark version 3.0

Intel PROSet Wireless

Intel® Management Engine Components

Intel® PROSet/Wireless WiFi Software

Intel® Turbo Boost Technology Monitor 2.0

iTunes

Java 7 Update 17

Java Auto Updater

JavaFX 2.1.1

Junk Mail filter update

Malwarebytes Anti-Malware version 1.70.0.1100

Mass Effect

McAfee Virtual Technician

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Endpoint Protection Management Components

Microsoft Forefront Endpoint Protection

Microsoft Forefront Endpoint Protection 2010 Server Management

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (Arabic) 2007

Microsoft Office Access MUI (Chinese (Simplified)) 2007

Microsoft Office Access MUI (Chinese (Traditional)) 2007

Microsoft Office Access MUI (English) 2007

Microsoft Office Access MUI (French) 2007

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Access MUI (Portuguese (Portugal)) 2007

Microsoft Office Access MUI (Spanish) 2007

Microsoft Office Access MUI (Thai) 2007

Microsoft Office Access MUI (Turkish) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel 2007 Help ©ºÑºÍÑ¾à´· (KB963678)

Microsoft Office Excel 2007 Help ¸üÐÂ (KB963678)

Microsoft Office Excel 2007 Help Actualización (KB963678)

Microsoft Office Excel 2007 Help Güncelleþtirmesi (KB963678)

Microsoft Office Excel 2007 Help §ó·sµ{¦¡ (KB963678)

Microsoft Office Excel MUI (Arabic) 2007

Microsoft Office Excel MUI (Chinese (Simplified)) 2007

Microsoft Office Excel MUI (Chinese (Traditional)) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Excel MUI (French) 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Excel MUI (Portuguese (Portugal)) 2007

Microsoft Office Excel MUI (Spanish) 2007

Microsoft Office Excel MUI (Thai) 2007

Microsoft Office Excel MUI (Turkish) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office IME (Chinese (Simplified)) 2007

Microsoft Office IME (Chinese (Traditional)) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Live Add-in 1.5

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook 2007 Help ¸üÐÂ (KB963677)

Microsoft Office Outlook 2007 Help Actualización (KB963677)

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (Arabic) 2007

Microsoft Office Outlook MUI (Chinese (Simplified)) 2007

Microsoft Office Outlook MUI (Chinese (Traditional)) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office Outlook MUI (French) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007

Microsoft Office Outlook MUI (Spanish) 2007

Microsoft Office Outlook MUI (Thai) 2007

Microsoft Office Outlook MUI (Turkish) 2007

Microsoft Office Powerpoint 2007 Help ©ºÑºÍÑ¾à´· (KB963669)

Microsoft Office Powerpoint 2007 Help ¸üÐÂ (KB963669)

Microsoft Office Powerpoint 2007 Help Actualización (KB963669)

Microsoft Office Powerpoint 2007 Help Güncelleþtirmesi (KB963669)

Microsoft Office Powerpoint 2007 Help §ó·sµ{¦¡ (KB963669)

Microsoft Office PowerPoint 2007 §ó·sµ{¦¡ (KB963669)

Microsoft Office PowerPoint MUI (Arabic) 2007

Microsoft Office PowerPoint MUI (Chinese (Simplified)) 2007

Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint MUI (French) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007

Microsoft Office PowerPoint MUI (Spanish) 2007

Microsoft Office PowerPoint MUI (Thai) 2007

Microsoft Office PowerPoint MUI (Turkish) 2007

Microsoft Office Professional Hybrid 2007

Microsoft Office Proof (Arabic) 2007

Microsoft Office Proof (Basque) 2007

Microsoft Office Proof (Catalan) 2007

Microsoft Office Proof (Chinese (Simplified)) 2007

Microsoft Office Proof (Chinese (Traditional)) 2007

Microsoft Office Proof (Dutch) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Galician) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Portuguese (Portugal)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proof (Thai) 2007

Microsoft Office Proof (Turkish) 2007

Microsoft Office Proofing (Arabic) 2007

Microsoft Office Proofing (Chinese (Simplified)) 2007

Microsoft Office Proofing (Chinese (Traditional)) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (French) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Proofing (Portuguese (Portugal)) 2007

Microsoft Office Proofing (Spanish) 2007

Microsoft Office Proofing (Thai) 2007

Microsoft Office Proofing (Turkish) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (Arabic) 2007

Microsoft Office Publisher MUI (Chinese (Simplified)) 2007

Microsoft Office Publisher MUI (Chinese (Traditional)) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Publisher MUI (French) 2007

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007

Microsoft Office Publisher MUI (Spanish) 2007

Microsoft Office Publisher MUI (Thai) 2007

Microsoft Office Publisher MUI (Turkish) 2007

Microsoft Office Shared 64-bit MUI (Arabic) 2007

Microsoft Office Shared 64-bit MUI (Chinese (Simplified)) 2007

Microsoft Office Shared 64-bit MUI (Chinese (Traditional)) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit MUI (French) 2007

Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared 64-bit MUI (Portuguese (Portugal)) 2007

Microsoft Office Shared 64-bit MUI (Spanish) 2007

Microsoft Office Shared 64-bit MUI (Thai) 2007

Microsoft Office Shared 64-bit MUI (Turkish) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (Arabic) 2007

Microsoft Office Shared MUI (Chinese (Simplified)) 2007

Microsoft Office Shared MUI (Chinese (Traditional)) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (French) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Portugal)) 2007

Microsoft Office Shared MUI (Spanish) 2007

Microsoft Office Shared MUI (Thai) 2007

Microsoft Office Shared MUI (Turkish) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word 2007 Help ©ºÑºÍÑ¾à´· (KB963665)

Microsoft Office Word 2007 Help ¸üÐÂ (KB963665)

Microsoft Office Word 2007 Help Actualización (KB963665)

Microsoft Office Word 2007 Help Güncelleþtirmesi (KB963665)

Microsoft Office Word 2007 Help §ó·sµ{¦¡ (KB963665)

Microsoft Office Word 2007 §ó·sµ{¦¡ (KB963665)

Microsoft Office Word MUI (Arabic) 2007

Microsoft Office Word MUI (Chinese (Simplified)) 2007

Microsoft Office Word MUI (Chinese (Traditional)) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Office Word MUI (French) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Portugal)) 2007

Microsoft Office Word MUI (Spanish) 2007

Microsoft Office Word MUI (Thai) 2007

Microsoft Office Word MUI (Turkish) 2007

Microsoft Security Client

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Minecraft1.4.6

Mise à jour Microsoft Office Excel 2007 Help (KB963678)

Mise à jour Microsoft Office Outlook 2007 Help (KB963677)

Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)

Mise à jour Microsoft Office Word 2007 Help (KB963665)

Mozilla Firefox 19.0.2 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB2758694)

MSXML 4.0 SP3 Parser (KB973685)

NVIDIA PhysX

Origin

Pando Media Booster

PeerBlock 1.1 (r518)

PowerISO

PunkBuster Services

Realtek HDMI Audio Driver for ATI

Realtek High Definition Audio Driver

Rockstar Games Social Club

Saints Row The Third

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Skype™ 5.8

Sleeping Dogs version 1.4

Sniper Elite V2 Demo

Sony Ericsson Update Engine

Sony PC Companion 2.10.136

SpeedFan (remove only)

Spybot - Search & Destroy

SpywareBlaster 5.0

Steam

Synaptics Pointing Device Driver

System Requirements Lab CYRI

System Requirements Lab Detection

System Requirements Lab Test

Team Fortress 2

TeamSpeak 3 Client

The Elder Scrolls V Skyrim - High Resolution Texture Pack

Tombraider

Ubisoft Game Launcher

Unity Web Player

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Uplay

USB 2.0 1.3M UVC WebCam

USB 2.0 2.0M UVC WebCam

uTorrentBar Toolbar

uTorrentControl2 Toolbar

Visual Studio 2008 x64 Redistributables

WIDCOMM Bluetooth Software

Winamp

Winamp Detector Plug-in

Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403)

Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0)

Windows Driver Package - Broadcom HIDClass (06/11/2009 6.2.0.9500)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

WinFlash

WinRAR 4.10 (64-bit)

Wireless Console 3

.

==== Event Viewer Messages From Past Week ========

.

4/3/2013 12:26:30 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll

4/3/2013 12:25:19 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

4/3/2013 11:18:08 AM, Error: Service Control Manager [7000] - The WajamUpdater service failed to start due to the following error: The system cannot find the file specified.

4/2/2013 6:18:49 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

4/2/2013 10:01:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WajamUpdater service to connect.

4/2/2013 10:01:56 PM, Error: Service Control Manager [7000] - The WajamUpdater service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/2/2013 1:44:35 PM, Error: Service Control Manager [7001] - The SBSD Security Center Service service depends on the Security Center service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

4/2/2013 1:43:42 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 258

4/2/2013 1:43:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Bluetooth Service service to connect.

4/2/2013 1:43:23 PM, Error: Service Control Manager [7000] - The Bluetooth Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/29/2013 8:26:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® PROSet/Wireless Event Log service to connect.

3/29/2013 8:26:50 PM, Error: Service Control Manager [7000] - The Intel® PROSet/Wireless Event Log service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/28/2013 6:59:00 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer LETICIACONTRERA that believes that it is the master browser for the domain on transport NetBT_Tcpip_{16D37337-993E-4E79-A2DB-91C70EC73481}. The master browser is stopping or an election is being forced.

3/27/2013 12:50:37 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.

3/27/2013 10:56:21 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer JANETDENISE-HP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{16D37337-993E-4E79-A2DB-91C70EC73481}. The master browser is stopping or an election is being forced.

.

==== End Of File ===========================

InsomniacR · April 3, 2013

I've ran the RougeKiller as you directed. Here is the log of the results

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Ricky Lee [Admin rights]

Mode : Scan -- Date : 04/03/2013 11:50:27

| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤

[sVCHOST] svchost.exe -- [x] -> KILLED [TermThr]

¤¤¤ Registry Entries : 4 ¤¤¤

[RUN][bLACKLISTDLL] HKLM\[...]\Run : RunDLLEntry (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry) -> FOUND

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : Adobe (C:\Users\Ricky Lee\AppData\Roaming\AdobeUpdater\color.vbe) [-] -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400BEVT-80A0RT0 +++++

--- User ---

[MBR] ea495f0b0197509311a206ab04a89419

[bSP] 430b25a55e864bde579cd49e2260a437 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 20001 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 40966144 | Size: 139916 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 327514112 | Size: 450559 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_04032013_02d1150.txt >>

RKreport[1]_S_04032013_02d1150.txt

MrCharlie · April 3, 2013

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

[RUN][bLACKLISTDLL] HKLM\[...]\Run : RunDLLEntry (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry) -> FOUND
[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : Adobe (C:\Users\Ricky Lee\AppData\Roaming\AdobeUpdater\color.vbe) [-] -> FOUND

Now click Delete on the right hand column under Options

-------------------------------------------------------------------------------------

Next................

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Here's a video that explains how to run it if needed:

Please download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Put a checkmark beside loaded modules.
A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on Change parameters in TDSSKiller.
Check all boxes then click OK.
Click the Start Scan button.
The scan should take no longer than 2 minutes.
If a suspicious object is detected, the default action will be Skip, click on Continue.

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.
If in doubt about an entry....please ask or choose Skip
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

New window that comes up.

MrC

InsomniacR · April 3, 2013

I've attached the 3 logs since they were too long for the post to be processed.

TDSSKiller.2.8.16.0_03.04.2013_01.27.01_log.txt

TDSSKiller.2.8.16.0_03.04.2013_12.03.32_log.txt

TDSSKiller.2.8.16.0_03.04.2013_12.07.15_log.txt

MrCharlie · April 3, 2013

Next......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

InsomniacR · April 3, 2013

Here is the log from combo fix that popped up.

ComboFix 13-04-02.01 - Ricky Lee 04/03/2013 15:35:36.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6069.4239 [GMT -5:00]

Running from: c:\users\Ricky Lee\Desktop\ComboFix.exe

AV: Microsoft Forefront Endpoint Protection *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Forefront Endpoint Protection *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\FullRemove.exe

c:\windows\msvcr71.dll

c:\windows\wininit.ini

.

((((((((((((((((((((((((( Files Created from 2013-03-03 to 2013-04-03 )))))))))))))))))))))))))))))))

.

2013-04-03 20:41 . 2013-04-03 20:41 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-04-03 02:53 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7C27D0EC-28A7-41B4-84D9-C276218AAD29}\mpengine.dll

2013-04-03 00:18 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-04-03 00:14 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-04-03 00:13 . 2013-02-28 13:57 9061376 ----a-w- c:\windows\system32\mshtml.dll

2013-04-03 00:13 . 2013-02-28 13:57 12296192 ----a-w- c:\windows\system32\ieframe.dll

2013-04-03 00:13 . 2013-02-28 13:57 2458112 ----a-w- c:\windows\system32\iertutil.dll

2013-04-03 00:13 . 2013-02-28 13:57 735744 ----a-w- c:\windows\system32\msfeeds.dll

2013-04-03 00:13 . 2013-02-28 13:57 1013248 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2013-03-30 05:51 . 2013-03-30 05:51 -------- d-----w- c:\users\Ricky Lee\AppData\Local\FLT

2013-03-30 01:43 . 2013-03-30 01:43 -------- d-----w- c:\programdata\ATI

2013-03-30 01:37 . 2013-03-30 01:37 0 ----a-w- c:\windows\ativpsrm.bin

2013-03-30 01:35 . 2013-03-30 01:35 -------- d-----w- c:\program files (x86)\AMD AVT

2013-03-30 01:35 . 2013-03-30 01:35 -------- d-----w- c:\program files (x86)\AMD APP

2013-03-30 01:35 . 2013-03-30 01:35 -------- d-----w- c:\program files\Common Files\ATI Technologies

2013-03-30 01:35 . 2013-03-30 01:35 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2013-03-30 01:33 . 2013-03-30 01:33 -------- d-----w- c:\program files (x86)\ATI Technologies

2013-03-30 01:32 . 2013-03-30 01:34 -------- d-----w- c:\program files\ATI Technologies

2013-03-30 01:32 . 2013-03-30 01:32 -------- d-----w- c:\program files\ATI

2013-03-30 01:32 . 2013-03-30 01:32 -------- d-----w- C:\AMD

2013-03-21 01:14 . 2013-01-07 23:13 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3367A3C5-2B99-486E-86AB-E874F1DF9F22}\gapaengine.dll

2013-03-09 06:53 . 2013-03-30 09:38 -------- d-----w- c:\programdata\GFACE

2013-03-07 23:55 . 2013-03-07 23:55 -------- d-----w- c:\program files (x86)\Phyxion.net

2013-03-07 07:01 . 2013-03-07 07:01 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-02 10:34 . 2012-01-15 05:11 282744 ------w- c:\windows\system32\MpSigStub.exe

2013-04-01 05:09 . 2013-02-16 06:56 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2013-04-01 05:09 . 2012-02-21 06:34 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2013-04-01 05:03 . 2012-02-21 06:21 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2013-03-13 07:00 . 2013-03-02 07:19 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-13 07:00 . 2013-03-02 07:19 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-03-07 07:01 . 2012-06-19 08:03 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-03-07 07:01 . 2012-01-21 00:34 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-02-26 20:05 . 2013-02-26 20:05 76288 ----a-w- c:\windows\system32\OpenVideo64.dll

2013-02-26 20:05 . 2013-02-26 20:05 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2013-02-26 20:05 . 2013-02-26 20:05 64000 ----a-w- c:\windows\system32\OVDecode64.dll

2013-02-26 20:05 . 2013-02-26 20:05 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2013-02-26 20:04 . 2013-02-26 20:04 29149696 ----a-w- c:\windows\system32\amdocl64.dll

2013-02-26 20:03 . 2013-02-26 20:03 23810048 ----a-w- c:\windows\SysWow64\amdocl.dll

2013-02-26 20:01 . 2013-02-26 20:01 54784 ----a-w- c:\windows\system32\OpenCL.dll

2013-02-26 20:01 . 2013-02-26 20:01 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll

2013-02-26 19:54 . 2013-02-26 19:54 5067264 ----a-w- c:\windows\system32\amdsc64.dll

2013-02-26 19:54 . 2013-02-26 19:54 4083200 ----a-w- c:\windows\SysWow64\amdsc.dll

2013-02-16 06:57 . 2013-02-16 06:56 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2013-02-12 05:45 . 2013-04-03 00:12 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45 . 2013-04-03 00:12 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45 . 2013-04-03 00:12 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 05:45 . 2013-04-03 00:12 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 04:48 . 2013-04-03 00:12 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-04-03 00:12 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-01-15 10:11 . 2013-01-15 10:11 110080 ----a-w- c:\windows\system32\DelayAPO.dll

2013-01-07 23:13 . 2013-01-13 03:52 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-01-05 05:53 . 2013-02-15 18:56 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-05 05:00 . 2013-02-15 18:56 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-01-05 05:00 . 2013-02-15 18:56 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-01-04 05:46 . 2013-02-15 18:56 215040 ----a-w- c:\windows\system32\winsrv.dll

2013-01-04 04:51 . 2013-02-15 18:56 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-01-04 04:43 . 2013-02-15 18:56 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-01-04 03:26 . 2013-02-15 18:56 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-01-04 02:47 . 2013-02-15 18:56 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-01-04 02:47 . 2013-02-15 18:56 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-01-04 02:47 . 2013-02-15 18:56 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-01-04 02:47 . 2013-02-15 18:56 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2012-01-16 23:22 . 2012-01-16 23:22 293736 ----a-w- c:\program files\iTunesOutlookAddIn.dll

2012-01-16 23:22 . 2012-01-16 23:22 421736 ----a-w- c:\program files\iTunesHelper.exe

2012-01-16 23:22 . 2012-01-16 23:22 403304 ----a-w- c:\program files\iTunesAdmin.dll

2012-01-16 23:22 . 2012-01-16 23:22 156520 ----a-w- c:\program files\iTunesHelper.dll

2012-01-16 23:22 . 2012-01-16 23:22 9777000 ----a-w- c:\program files\iTunes.exe

2012-01-16 23:22 . 2012-01-16 23:22 20868968 ----a-w- c:\program files\iTunes.dll

2012-01-16 23:22 . 2012-01-16 23:22 803200 ----a-w- c:\program files\gnsdk_sdkmanager.dll

2012-01-16 23:22 . 2012-01-16 23:22 3035520 ----a-w- c:\program files\gnsdk_dsp.dll

2012-01-16 23:22 . 2012-01-16 23:22 287104 ----a-w- c:\program files\gnsdk_submit.dll

2012-01-16 23:22 . 2012-01-16 23:22 246144 ----a-w- c:\program files\gnsdk_musicid.dll

2011-11-15 02:16 . 2011-11-15 02:16 112488 ----a-w- c:\program files\ITDetector.ocx

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2013-01-07 446648]

"Akamai NetSession Interface"="c:\users\Ricky Lee\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"PWRISOVM.EXE"="e:\programs files\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]

"Microsoft Pinyin IME Migration"="c:\progra~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2011-05-31 32112]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"Adobe"="c:\users\Ricky Lee\AppData\Roaming\AdobeUpdater\color.vbe" [2013-02-03 69759]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [x]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-21 44032]

R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;c:\preload64\procmon\AsPrOb64.sys [2008-01-04 11320]

R3 atillk64;atillk64;c:\program files (x86)\AMD GPU Clock Tool\atillk64.sys [x]

R3 bthav;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys [2008-07-11 40448]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 52264]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-09-27 14448]

R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [2010-02-23 23680]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]

R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [2009-07-24 11264]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-15 1255736]

R3 WinRing0_1_2_0;WinRing0_1_2_0;e:\throttlestop_500\WinRing0x64.sys [2008-07-27 14544]

R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-12-08 379520]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]

S2 Winferno Subscription Service;Winferno Subscription Service;c:\program files (x86)\Common Files\Winferno\WSS\WSS.exe [2012-05-31 132488]

S3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys [2008-04-28 47160]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-04-21 76912]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-03-18 7680512]

.

Contents of the 'Scheduled Tasks' folder

.

2013-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-02 07:00]

.

2013-04-03 c:\windows\Tasks\GlaryInitialize.job

- c:\program files (x86)\Security Programs\Glary Utilities\initialize.exe [2012-02-27 06:26]

.

2013-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-454164672-1201679167-2793277201-1000Core.job

- c:\users\Ricky Lee\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-21 07:29]

.

2013-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-454164672-1201679167-2793277201-1000UA.job

- c:\users\Ricky Lee\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-21 07:29]

.

2013-04-03 c:\windows\Tasks\WSSHelper.job

- c:\program files (x86)\Common Files\Winferno\WSS\WSSHelper.exe [2012-01-15 20:41]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Microsoft Pinyin IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2011-05-26 59248]

"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local;<local>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 10.50.0.1

FF - ProfilePath - c:\users\Ricky Lee\AppData\Roaming\Mozilla\Firefox\Profiles\k7ik1b4r.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.utexas.edu/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=

FF - user.js: extensions.BabylonToolbar.autoRvrt - false

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=0c03b6d20000000000000023156ecead&q=

FF - user.js: extensions.BabylonToolbar.id - 0c03b6d20000000000000023156ecead

FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}

FF - user.js: extensions.BabylonToolbar.instlDay - 15588

FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12

FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1221:37

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - base

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=3612_2

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)

Toolbar-Locked - (no file)

Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

Toolbar-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)

SafeBoot-12240872.sys

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-ASUS_Notebook_G73 - c:\windows\system32\ASUS_Notebook_G73.scr

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-04-03 15:45:05

ComboFix-quarantined-files.txt 2013-04-03 20:45

.

Pre-Run: 84,397,461,504 bytes free

Post-Run: 84,359,593,984 bytes free

.

- - End Of File - - 82EE128989F24D6245690A1B752036E1

MrCharlie · April 3, 2013

Looks Good.......Next:

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.
AdwCleaner is a tool that deletes :
· Adwares (software ads)
· PUP/LPI (Potentially Undesirable Program)
· Toolbars
· Hijacker (Hijack of the browser's homepage)
It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.

Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
Now click on the Search tab.
Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

MrC

InsomniacR · April 3, 2013

The log for the adwcleaner:

# AdwCleaner v2.200 - Logfile created 04/03/2013 at 16:08:37

# Updated 02/04/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Ricky Lee - RICKYLEE-PC

# Boot Mode : Normal

# Running from : C:\Users\Ricky Lee\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

Found : WajamUpdater

***** [Files / Folders] *****

File Found : C:\END

File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt

File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Found : C:\user.js

File Found : C:\Users\Ricky Lee\AppData\Roaming\Mozilla\Firefox\Profiles\k7ik1b4r.default\searchplugins\Conduit.xml

Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility

Folder Found : C:\Program Files (x86)\Conduit

Folder Found : C:\Program Files (x86)\uTorrentBar

Folder Found : C:\Program Files (x86)\uTorrentControl2

Folder Found : C:\ProgramData\Partner

Folder Found : C:\Users\Ricky Lee\AppData\Local\APN

Folder Found : C:\Users\Ricky Lee\AppData\Local\Conduit

Folder Found : C:\Users\Ricky Lee\AppData\Local\Coupon Companion Plugin

Folder Found : C:\Users\Ricky Lee\AppData\LocalLow\Conduit

Folder Found : C:\Users\Ricky Lee\AppData\LocalLow\uTorrentBar

Folder Found : C:\Users\Ricky Lee\AppData\LocalLow\uTorrentControl2

Folder Found : C:\Users\Ricky Lee\AppData\Roaming\Mozilla\Firefox\Profiles\k7ik1b4r.default\ConduitCommon

Folder Found : C:\Users\Ricky Lee\AppData\Roaming\Mozilla\Firefox\Profiles\k7ik1b4r.default\CT2786678

Folder Found : C:\Users\Ricky Lee\AppData\Roaming\Mozilla\Firefox\Profiles\k7ik1b4r.default\CT3072253

Folder Found : C:\Users\Ricky Lee\AppData\Roaming\Mozilla\Firefox\Profiles\k7ik1b4r.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

Folder Found : C:\Users\Ricky Lee\AppData\Roaming\Mozilla\Firefox\Profiles\k7ik1b4r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

Folder Found : C:\Users\Ricky Lee\AppData\Roaming\yourfiledownloader

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\Crossrider

Key Found : HKCU\Software\AppDataLow\Software\uTorrentBar

Key Found : HKCU\Software\AppDataLow\Software\uTorrentControl2

Key Found : HKCU\Software\AppDataLow\Toolbar

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Found : HKCU\Software\wecarereminder

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}

Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE

Key Found : HKLM\SOFTWARE\Classes\dnUpdate

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1

Key Found : HKLM\SOFTWARE\Classes\Prod.cap

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\Software\Conduit

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A97B89CD-B65C-49DD-AF46-2B772C627456}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}

Key Found : HKLM\Software\uTorrentBar

Key Found : HKLM\Software\uTorrentControl2

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{097F9E08-6122-4356-B3BE-AE984777BE55}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{146B7FEF-6B3B-4B3E-9C5F-6B406989AAE1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AD4C813-02FE-4E33-B595-3C6392786F0F}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CDB3757B-B1EA-4202-BEC0-AAE87E5869D0}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Found : HKU\S-1-5-21-454164672-1201679167-2793277201-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKU\S-1-5-21-454164672-1201679167-2793277201-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKU\S-1-5-21-454164672-1201679167-2793277201-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Ricky Lee\AppData\Roaming\Mozilla\Firefox\Profiles\k7ik1b4r.default\prefs.js

Found : user_pref("CT2786678..clientLogIsEnabled", false);

Found : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Found : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Found : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Found : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Found : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);

Found : user_pref("CT2786678.BrowserCompStateIsOpen_130067977588633691", true);

Found : user_pref("CT2786678.BrowserCompStateIsOpen_1359634298000", true);

Found : user_pref("CT2786678.CTID", "CT2786678");

Found : user_pref("CT2786678.CurrentServerDate", "2-4-2013");

Found : user_pref("CT2786678.DSInstall", true);

Found : user_pref("CT2786678.DialogsAlignMode", "LTR");

Found : user_pref("CT2786678.DialogsGetterLastCheckTime", "Thu Mar 28 2013 01:37:40 GMT-0500 (Central Daylig[...]

Found : user_pref("CT2786678.DownloadReferralCookieData", "");

Found : user_pref("CT2786678.FirstServerDate", "29-9-2012");

Found : user_pref("CT2786678.FirstTime", true);

Found : user_pref("CT2786678.FirstTimeFF3", true);

Found : user_pref("CT2786678.FirstTimeHiddenVer", true);

Found : user_pref("CT2786678.FixPageNotFoundErrors", true);

Found : user_pref("CT2786678.GroupingServerCheckInterval", 1440);

Found : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Found : user_pref("CT2786678.HPInstall", false);

Found : user_pref("CT2786678.HasUserGlobalKeys", true);

Found : user_pref("CT2786678.Initialize", true);

Found : user_pref("CT2786678.InitializeCommonPrefs", true);

Found : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);

Found : user_pref("CT2786678.InstallationType", "Unknown");

Found : user_pref("CT2786678.InstalledDate", "Fri Sep 28 2012 17:57:32 GMT-0500 (Central Daylight Time)");

Found : user_pref("CT2786678.IsGrouping", false);

Found : user_pref("CT2786678.IsInitSetupIni", true);

Found : user_pref("CT2786678.IsMulticommunity", false);

Found : user_pref("CT2786678.IsOpenThankYouPage", true);

Found : user_pref("CT2786678.IsOpenUninstallPage", true);

Found : user_pref("CT2786678.LanguagePackLastCheckTime", "Tue Apr 02 2013 03:58:09 GMT-0500 (Central Dayligh[...]

Found : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);

Found : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Found : user_pref("CT2786678.LastLogin_3.15.1.0", "Wed Nov 07 2012 01:02:48 GMT-0600 (Central Standard Time)[...]

Found : user_pref("CT2786678.LastLogin_3.16.0.3", "Fri Feb 08 2013 19:42:33 GMT-0600 (Central Standard Time)[...]

Found : user_pref("CT2786678.LastLogin_3.18.0.7", "Tue Apr 02 2013 03:58:09 GMT-0500 (Central Daylight Time)[...]

Found : user_pref("CT2786678.LatestVersion", "3.18.0.7");

Found : user_pref("CT2786678.Locale", "en");

Found : user_pref("CT2786678.MCDetectTooltipHeight", "83");

Found : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Found : user_pref("CT2786678.MCDetectTooltipWidth", "295");

Found : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);

Found : user_pref("CT2786678.OriginalFirstVersion", "3.15.1.0");

Found : user_pref("CT2786678.SearchCaption", "uTorrentBar Customized Web Search");

Found : user_pref("CT2786678.SearchFromAddressBarIsInit", true);

Found : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...]

Found : user_pref("CT2786678.SearchInNewTabEnabled", true);

Found : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);

Found : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Tue Apr 02 2013 03:58:07 GMT-0500 (Central Dayli[...]

Found : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Found : user_pref("CT2786678.SearchInNewTabUserEnabled", false);

Found : user_pref("CT2786678.SendProtectorDataViaLogin", true);

Found : user_pref("CT2786678.ServiceMapLastCheckTime", "Tue Apr 02 2013 03:58:08 GMT-0500 (Central Daylight [...]

Found : user_pref("CT2786678.SettingsLastCheckTime", "Tue Apr 02 2013 03:58:07 GMT-0500 (Central Daylight Ti[...]

Found : user_pref("CT2786678.SettingsLastUpdate", "1364888341");

Found : user_pref("CT2786678.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13");

Found : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);

Found : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");

Found : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Found : user_pref("CT2786678.UserID", "UN08393207288246751");

Found : user_pref("CT2786678.alertChannelId", "1178763");

Found : user_pref("CT2786678.backendstorage.cbfirsttime", "53756E2046656220323420323031332031373A32393A32312[...]

Found : user_pref("CT2786678.backendstorage.searchappstate", "31");

Found : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Found : user_pref("CT2786678.homepageProtectorEnableByLogin", true);

Found : user_pref("CT2786678.initDone", true);

Found : user_pref("CT2786678.myStuffEnabled", true);

Found : user_pref("CT2786678.myStuffPublihserMinWidth", 400);

Found : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Found : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);

Found : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Found : user_pref("CT2786678.navigateToUrlOnSearch", false);

Found : user_pref("CT2786678.revertSettingsEnabled", true);

Found : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);

Found : user_pref("CT2786678.searchProtectorEnableByLogin", true);

Found : user_pref("CT2786678.testingCtid", "");

Found : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Tue Apr 02 2013 03:58:09 GMT-0500 (Central D[...]

Found : user_pref("CT3072253..clientLogIsEnabled", false);

Found : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Found : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Found : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Found : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Found : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);

Found : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);

Found : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);

Found : user_pref("CT3072253.BrowserCompStateIsOpen_130067979083742856", true);

Found : user_pref("CT3072253.BrowserCompStateIsOpen_1359634299000", true);

Found : user_pref("CT3072253.CTID", "CT3072253");

Found : user_pref("CT3072253.CurrentServerDate", "2-4-2013");

Found : user_pref("CT3072253.DSChangedManually", false);

Found : user_pref("CT3072253.DSInstall", true);

Found : user_pref("CT3072253.DialogsAlignMode", "LTR");

Found : user_pref("CT3072253.DialogsGetterLastCheckTime", "Thu Mar 28 2013 01:37:40 GMT-0500 (Central Daylig[...]

Found : user_pref("CT3072253.DownloadReferralCookieData", "");

Found : user_pref("CT3072253.FirstServerDate", "29-9-2012");

Found : user_pref("CT3072253.FirstTime", true);

Found : user_pref("CT3072253.FirstTimeFF3", true);

Found : user_pref("CT3072253.FirstTimeHiddenVer", true);

Found : user_pref("CT3072253.FixPageNotFoundErrors", true);

Found : user_pref("CT3072253.GroupingServerCheckInterval", 1440);

Found : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Found : user_pref("CT3072253.HPInstall", false);

Found : user_pref("CT3072253.HPProtectChoice", true);

Found : user_pref("CT3072253.HPProtectCount", 2);

Found : user_pref("CT3072253.HasUserGlobalKeys", true);

Found : user_pref("CT3072253.HomePageProtectorEnabled", false);

Found : user_pref("CT3072253.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");

Found : user_pref("CT3072253.Initialize", true);

Found : user_pref("CT3072253.InitializeCommonPrefs", true);

Found : user_pref("CT3072253.InstallationAndCookieDataSentCount", 3);

Found : user_pref("CT3072253.InstallationType", "Unknown");

Found : user_pref("CT3072253.InstalledDate", "Fri Sep 28 2012 17:57:32 GMT-0500 (Central Daylight Time)");

Found : user_pref("CT3072253.IsAlertDBUpdated", true);

Found : user_pref("CT3072253.IsGrouping", false);

Found : user_pref("CT3072253.IsInitSetupIni", true);

Found : user_pref("CT3072253.IsMulticommunity", false);

Found : user_pref("CT3072253.IsOpenThankYouPage", true);

Found : user_pref("CT3072253.IsOpenUninstallPage", true);

Found : user_pref("CT3072253.IsProtectorsInit", true);

Found : user_pref("CT3072253.LanguagePackLastCheckTime", "Tue Apr 02 2013 03:58:09 GMT-0500 (Central Dayligh[...]

Found : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);

Found : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Found : user_pref("CT3072253.LastLogin_3.15.1.0", "Wed Nov 07 2012 01:02:48 GMT-0600 (Central Standard Time)[...]

Found : user_pref("CT3072253.LastLogin_3.16.0.3", "Sun Feb 10 2013 23:44:18 GMT-0600 (Central Standard Time)[...]

Found : user_pref("CT3072253.LastLogin_3.18.0.7", "Tue Apr 02 2013 03:58:09 GMT-0500 (Central Daylight Time)[...]

Found : user_pref("CT3072253.LatestVersion", "3.18.0.7");

Found : user_pref("CT3072253.Locale", "en");

Found : user_pref("CT3072253.MCDetectTooltipHeight", "83");

Found : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Found : user_pref("CT3072253.MCDetectTooltipWidth", "295");

Found : user_pref("CT3072253.MyStuffEnabledAtInstallation", true);

Found : user_pref("CT3072253.OriginalFirstVersion", "3.15.1.0");

Found : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");

Found : user_pref("CT3072253.SearchEngineBeforeUnload", "AVG Secure Search");

Found : user_pref("CT3072253.SearchFromAddressBarIsInit", true);

Found : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...]

Found : user_pref("CT3072253.SearchInNewTabEnabled", true);

Found : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);

Found : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Tue Apr 02 2013 03:58:08 GMT-0500 (Central Dayli[...]

Found : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Found : user_pref("CT3072253.SearchInNewTabUserEnabled", false);

Found : user_pref("CT3072253.SearchProtectorEnabled", true);

Found : user_pref("CT3072253.SearchProtectorToolbarDisabled", false);

Found : user_pref("CT3072253.SendProtectorDataViaLogin", true);

Found : user_pref("CT3072253.ServiceMapLastCheckTime", "Tue Apr 02 2013 03:58:09 GMT-0500 (Central Daylight [...]

Found : user_pref("CT3072253.SettingsLastCheckTime", "Tue Apr 02 2013 03:58:07 GMT-0500 (Central Daylight Ti[...]

Found : user_pref("CT3072253.SettingsLastUpdate", "1364888341");

Found : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");

Found : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);

Found : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Sat Sep 29 2012 01:08:25 GMT-0500 (Central Day[...]

Found : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997");

Found : user_pref("CT3072253.ToolbarShrinkedFromSetup", false);

Found : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");

Found : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Found : user_pref("CT3072253.UserID", "UN79053880590507710");

Found : user_pref("CT3072253.ValidationData_Toolbar", 1);

Found : user_pref("CT3072253.alertChannelId", "1463702");

Found : user_pref("CT3072253.backendstorage.cb_experience_000", "3135");

Found : user_pref("CT3072253.backendstorage.cb_firstuse0100", "31");

Found : user_pref("CT3072253.backendstorage.cb_user_id_000", "43423635393232323631333238345F46697265666F78")[...]

Found : user_pref("CT3072253.backendstorage.cbcountry_001", "5553");

Found : user_pref("CT3072253.backendstorage.cbfirsttime", "4672692053657020323820323031322031373A35363A35352[...]

Found : user_pref("CT3072253.backendstorage.searchappstate", "31");

Found : user_pref("CT3072253.backendstorage.searchapptracking", "73656E74");

Found : user_pref("CT3072253.backendstorage.url_history0001", "687474703A2F2F7777772E66616365626F6F6B2E636F6[...]

Found : user_pref("CT3072253.components.129593762370823811", false);

Found : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Found : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Fri Sep 28 2012 17:56:48 GMT-0500 (Central [...]

Found : user_pref("CT3072253.homepageProtectorEnableByLogin", true);

Found : user_pref("CT3072253.initDone", true);

Found : user_pref("CT3072253.isAppTrackingManagerOn", false);

Found : user_pref("CT3072253.myStuffEnabled", true);

Found : user_pref("CT3072253.myStuffPublihserMinWidth", 400);

Found : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Found : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);

Found : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Found : user_pref("CT3072253.navigateToUrlOnSearch", false);

Found : user_pref("CT3072253.revertSettingsEnabled", true);

Found : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);

Found : user_pref("CT3072253.searchProtectorEnableByLogin", true);

Found : user_pref("CT3072253.testingCtid", "");

Found : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Tue Apr 02 2013 03:58:09 GMT-0500 (Central D[...]

Found : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Fri Sep 28 2012 17:56:50 GMT-0500 (Central D[...]

Found : user_pref("CT3072253.usagesFlag", 2);

Found : user_pref("CommunityToolbar.ConduitSearchList", "uTorrentBar Customized Web Search,uTorrentControl2 [...]

Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/US", "\"0\"[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1463702/1459356/US", "\"0\"[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", [...]

Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678",[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"70f[...]

Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Ricky Lee\\AppData\\Roaming\\Mozill[...]

Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");

Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://isearch.avg.com/search?cid=%7Bec0[...]

Found : user_pref("CommunityToolbar.ToolbarsList", "CT3072253,CT2786678");

Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678,CT3072253");

Found : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253,CT2786678");

Found : user_pref("CommunityToolbar.globalUserId", "d668e594-abef-48a3-be1e-bc2e42134201");

Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");

Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Sep 28 2012 17:56:5[...]

Found : user_pref("CommunityToolbar.notifications.alertEnabled", true);

Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);

Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Oct 01 2012 19:54:03 GMT-050[...]

Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Found : user_pref("CommunityToolbar.notifications.locale", "en");

Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Oct 01 2012 19:53:56 GMT-0500 (C[...]

Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Found : user_pref("CommunityToolbar.notifications.userId", "703f4aef-8bd5-42f8-ab8e-3c5bac537c4a");

Found : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");

Found : user_pref("CommunityToolbar.originalSearchEngine", "AVG Secure Search");

Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");

Found : user_pref("browser.search.defaultthis.engineName", "uTorrentControl2 Customized Web Search");

Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&Sea[...]

Found : user_pref("extensions.BabylonToolbar.admin", false);

Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Found : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");

Found : user_pref("extensions.BabylonToolbar.autoRvrt", "false");

Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Found : user_pref("extensions.BabylonToolbar.excTlbr", false);

Found : user_pref("extensions.BabylonToolbar.id", "0c03b6d20000000000000023156ecead");

Found : user_pref("extensions.BabylonToolbar.instlDay", "15588");

Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");

Found : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]

Found : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");

Found : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");

Found : user_pref("extensions.BabylonToolbar_i.babExt", "");

Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112555&tt=3612_2");

Found : user_pref("extensions.BabylonToolbar_i.newTab", false);

Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1221:37:02");

Found : user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sa[...]

Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=[...]

-\\ Google Chrome v26.0.1410.43

File : C:\Users\Ricky Lee\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [29704 octets] - [03/04/2013 16:08:37]

########## EOF - C:\AdwCleaner[R1].txt - [29765 octets] ##########

MrCharlie · April 3, 2013

Please create a new system restore point before continuing.

Lots of adware found....lets clear it out.....

Please re-run AdwCleaner
Click on Delete button.
Confirm each time with OK if asked.
Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Then......

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Last....

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

InsomniacR · April 3, 2013

I have the results of both scans, however the svchost.exe.trojan.agent wasn't affected or deleted. I did the a third quick scan upon restart and it said it was still here.

# AdwCleaner v2.200 - Logfile created 04/03/2013 at 16:21:36

# Updated 02/04/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Ricky Lee - RICKYLEE-PC

# Boot Mode : Normal

# Running from : C:\Users\Ricky Lee\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : WajamUpdater

***** [Files / Folders] *****

File Deleted : C:\END

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Deleted : C:\user.js

File Deleted : C:\Users\Ricky Lee\AppData\Roaming\Mozilla\Firefox\Profiles\k7ik1b4r.default\searchplugins\Conduit.xml

Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\uTorrentBar

Folder Deleted : C:\Program Files (x86)\uTorrentControl2

Folder Deleted : C:\ProgramData\Partner

Folder Deleted : C:\Users\Ricky Lee\AppData\Local\APN

Folder Deleted : C:\Users\Ricky Lee\AppData\Local\Conduit

Folder Deleted : C:\Users\Ricky Lee\AppData\Local\Coupon Companion Plugin

Folder Deleted : C:\Users\Ricky Lee\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Ricky Lee\AppData\LocalLow\uTorrentBar

Folder Deleted : C:\Users\Ricky Lee\AppData\LocalLow\uTorrentControl2

Folder Deleted : C:\Users\Ricky Lee\AppData\Roaming\Mozilla\Firefox\Profiles\k7ik1b4r.default\ConduitCommon

Folder Deleted : C:\Users\Ricky Lee\AppData\Roaming\Mozilla\Firefox\Profiles\k7ik1b4r.default\CT2786678

Folder Deleted : C:\Users\Ricky Lee\AppData\Roaming\Mozilla\Firefox\Profiles\k7ik1b4r.default\CT3072253

Folder Deleted : C:\Users\Ricky Lee\AppData\Roaming\Mozilla\Firefox\Profiles\k7ik1b4r.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

Folder Deleted : C:\Users\Ricky Lee\AppData\Roaming\Mozilla\Firefox\Profiles\k7ik1b4r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

Folder Deleted : C:\Users\Ricky Lee\AppData\Roaming\yourfiledownloader

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar

Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Deleted : HKCU\Software\wecarereminder

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A97B89CD-B65C-49DD-AF46-2B772C627456}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}

Key Deleted : HKLM\Software\uTorrentBar

Key Deleted : HKLM\Software\uTorrentControl2

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{097F9E08-6122-4356-B3BE-AE984777BE55}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{146B7FEF-6B3B-4B3E-9C5F-6B406989AAE1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AD4C813-02FE-4E33-B595-3C6392786F0F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CDB3757B-B1EA-4202-BEC0-AAE87E5869D0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Ricky Lee\AppData\Roaming\Mozilla\Firefox\Profiles\k7ik1b4r.default\prefs.js

C:\Users\Ricky Lee\AppData\Roaming\Mozilla\Firefox\Profiles\k7ik1b4r.default\user.js ... Deleted !

Deleted : user_pref("CT2786678..clientLogIsEnabled", false);

Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Deleted : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);

Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_130067977588633691", true);

Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_1359634298000", true);

Deleted : user_pref("CT2786678.CTID", "CT2786678");

Deleted : user_pref("CT2786678.CurrentServerDate", "2-4-2013");

Deleted : user_pref("CT2786678.DSInstall", true);

Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");

Deleted : user_pref("CT2786678.DialogsGetterLastCheckTime", "Thu Mar 28 2013 01:37:40 GMT-0500 (Central Daylig[...]

Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");

Deleted : user_pref("CT2786678.FirstServerDate", "29-9-2012");

Deleted : user_pref("CT2786678.FirstTime", true);

Deleted : user_pref("CT2786678.FirstTimeFF3", true);

Deleted : user_pref("CT2786678.FirstTimeHiddenVer", true);

Deleted : user_pref("CT2786678.FixPageNotFoundErrors", true);

Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Deleted : user_pref("CT2786678.HPInstall", false);

Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);

Deleted : user_pref("CT2786678.Initialize", true);

Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);

Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);

Deleted : user_pref("CT2786678.InstallationType", "Unknown");

Deleted : user_pref("CT2786678.InstalledDate", "Fri Sep 28 2012 17:57:32 GMT-0500 (Central Daylight Time)");

Deleted : user_pref("CT2786678.IsGrouping", false);

Deleted : user_pref("CT2786678.IsInitSetupIni", true);

Deleted : user_pref("CT2786678.IsMulticommunity", false);

Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);

Deleted : user_pref("CT2786678.IsOpenUninstallPage", true);

Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Tue Apr 02 2013 03:58:09 GMT-0500 (Central Dayligh[...]

Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Deleted : user_pref("CT2786678.LastLogin_3.15.1.0", "Wed Nov 07 2012 01:02:48 GMT-0600 (Central Standard Time)[...]

Deleted : user_pref("CT2786678.LastLogin_3.16.0.3", "Fri Feb 08 2013 19:42:33 GMT-0600 (Central Standard Time)[...]

Deleted : user_pref("CT2786678.LastLogin_3.18.0.7", "Tue Apr 02 2013 03:58:09 GMT-0500 (Central Daylight Time)[...]

Deleted : user_pref("CT2786678.LatestVersion", "3.18.0.7");

Deleted : user_pref("CT2786678.Locale", "en");

Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");

Deleted : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);

Deleted : user_pref("CT2786678.OriginalFirstVersion", "3.15.1.0");

Deleted : user_pref("CT2786678.SearchCaption", "uTorrentBar Customized Web Search");

Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...]

Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);

Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);

Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Tue Apr 02 2013 03:58:07 GMT-0500 (Central Dayli[...]

Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Deleted : user_pref("CT2786678.SearchInNewTabUserEnabled", false);

Deleted : user_pref("CT2786678.SendProtectorDataViaLogin", true);

Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Tue Apr 02 2013 03:58:08 GMT-0500 (Central Daylight [...]

Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Tue Apr 02 2013 03:58:07 GMT-0500 (Central Daylight Ti[...]

Deleted : user_pref("CT2786678.SettingsLastUpdate", "1364888341");

Deleted : user_pref("CT2786678.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13");

Deleted : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);

Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");

Deleted : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Deleted : user_pref("CT2786678.UserID", "UN08393207288246751");

Deleted : user_pref("CT2786678.alertChannelId", "1178763");

Deleted : user_pref("CT2786678.backendstorage.cbfirsttime", "53756E2046656220323420323031332031373A32393A32312[...]

Deleted : user_pref("CT2786678.backendstorage.searchappstate", "31");

Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Deleted : user_pref("CT2786678.homepageProtectorEnableByLogin", true);

Deleted : user_pref("CT2786678.initDone", true);

Deleted : user_pref("CT2786678.myStuffEnabled", true);

Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);

Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Deleted : user_pref("CT2786678.navigateToUrlOnSearch", false);

Deleted : user_pref("CT2786678.revertSettingsEnabled", true);

Deleted : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);

Deleted : user_pref("CT2786678.searchProtectorEnableByLogin", true);

Deleted : user_pref("CT2786678.testingCtid", "");

Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Tue Apr 02 2013 03:58:09 GMT-0500 (Central D[...]

Deleted : user_pref("CT3072253..clientLogIsEnabled", false);

Deleted : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Deleted : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Deleted : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Deleted : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);

Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);

Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);

Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_130067979083742856", true);

Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_1359634299000", true);

Deleted : user_pref("CT3072253.CTID", "CT3072253");

Deleted : user_pref("CT3072253.CurrentServerDate", "2-4-2013");

Deleted : user_pref("CT3072253.DSChangedManually", false);

Deleted : user_pref("CT3072253.DSInstall", true);

Deleted : user_pref("CT3072253.DialogsAlignMode", "LTR");

Deleted : user_pref("CT3072253.DialogsGetterLastCheckTime", "Thu Mar 28 2013 01:37:40 GMT-0500 (Central Daylig[...]

Deleted : user_pref("CT3072253.DownloadReferralCookieData", "");

Deleted : user_pref("CT3072253.FirstServerDate", "29-9-2012");

Deleted : user_pref("CT3072253.FirstTime", true);

Deleted : user_pref("CT3072253.FirstTimeFF3", true);

Deleted : user_pref("CT3072253.FirstTimeHiddenVer", true);

Deleted : user_pref("CT3072253.FixPageNotFoundErrors", true);

Deleted : user_pref("CT3072253.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Deleted : user_pref("CT3072253.HPInstall", false);

Deleted : user_pref("CT3072253.HPProtectChoice", true);

Deleted : user_pref("CT3072253.HPProtectCount", 2);

Deleted : user_pref("CT3072253.HasUserGlobalKeys", true);

Deleted : user_pref("CT3072253.HomePageProtectorEnabled", false);

Deleted : user_pref("CT3072253.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");

Deleted : user_pref("CT3072253.Initialize", true);

Deleted : user_pref("CT3072253.InitializeCommonPrefs", true);

Deleted : user_pref("CT3072253.InstallationAndCookieDataSentCount", 3);

Deleted : user_pref("CT3072253.InstallationType", "Unknown");

Deleted : user_pref("CT3072253.InstalledDate", "Fri Sep 28 2012 17:57:32 GMT-0500 (Central Daylight Time)");

Deleted : user_pref("CT3072253.IsAlertDBUpdated", true);

Deleted : user_pref("CT3072253.IsGrouping", false);

Deleted : user_pref("CT3072253.IsInitSetupIni", true);

Deleted : user_pref("CT3072253.IsMulticommunity", false);

Deleted : user_pref("CT3072253.IsOpenThankYouPage", true);

Deleted : user_pref("CT3072253.IsOpenUninstallPage", true);

Deleted : user_pref("CT3072253.IsProtectorsInit", true);

Deleted : user_pref("CT3072253.LanguagePackLastCheckTime", "Tue Apr 02 2013 03:58:09 GMT-0500 (Central Dayligh[...]

Deleted : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Deleted : user_pref("CT3072253.LastLogin_3.15.1.0", "Wed Nov 07 2012 01:02:48 GMT-0600 (Central Standard Time)[...]

Deleted : user_pref("CT3072253.LastLogin_3.16.0.3", "Sun Feb 10 2013 23:44:18 GMT-0600 (Central Standard Time)[...]

Deleted : user_pref("CT3072253.LastLogin_3.18.0.7", "Tue Apr 02 2013 03:58:09 GMT-0500 (Central Daylight Time)[...]

Deleted : user_pref("CT3072253.LatestVersion", "3.18.0.7");

Deleted : user_pref("CT3072253.Locale", "en");

Deleted : user_pref("CT3072253.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Deleted : user_pref("CT3072253.MCDetectTooltipWidth", "295");

Deleted : user_pref("CT3072253.MyStuffEnabledAtInstallation", true);

Deleted : user_pref("CT3072253.OriginalFirstVersion", "3.15.1.0");

Deleted : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");

Deleted : user_pref("CT3072253.SearchEngineBeforeUnload", "AVG Secure Search");

Deleted : user_pref("CT3072253.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...]

Deleted : user_pref("CT3072253.SearchInNewTabEnabled", true);

Deleted : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);

Deleted : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Tue Apr 02 2013 03:58:08 GMT-0500 (Central Dayli[...]

Deleted : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Deleted : user_pref("CT3072253.SearchInNewTabUserEnabled", false);

Deleted : user_pref("CT3072253.SearchProtectorEnabled", true);

Deleted : user_pref("CT3072253.SearchProtectorToolbarDisabled", false);

Deleted : user_pref("CT3072253.SendProtectorDataViaLogin", true);

Deleted : user_pref("CT3072253.ServiceMapLastCheckTime", "Tue Apr 02 2013 03:58:09 GMT-0500 (Central Daylight [...]

Deleted : user_pref("CT3072253.SettingsLastCheckTime", "Tue Apr 02 2013 03:58:07 GMT-0500 (Central Daylight Ti[...]

Deleted : user_pref("CT3072253.SettingsLastUpdate", "1364888341");

Deleted : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");

Deleted : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);

Deleted : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Sat Sep 29 2012 01:08:25 GMT-0500 (Central Day[...]

Deleted : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997");

Deleted : user_pref("CT3072253.ToolbarShrinkedFromSetup", false);

Deleted : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");

Deleted : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Deleted : user_pref("CT3072253.UserID", "UN79053880590507710");

Deleted : user_pref("CT3072253.ValidationData_Toolbar", 1);

Deleted : user_pref("CT3072253.alertChannelId", "1463702");

Deleted : user_pref("CT3072253.backendstorage.cb_experience_000", "3135");

Deleted : user_pref("CT3072253.backendstorage.cb_firstuse0100", "31");

Deleted : user_pref("CT3072253.backendstorage.cb_user_id_000", "43423635393232323631333238345F46697265666F78")[...]

Deleted : user_pref("CT3072253.backendstorage.cbcountry_001", "5553");

Deleted : user_pref("CT3072253.backendstorage.cbfirsttime", "4672692053657020323820323031322031373A35363A35352[...]

Deleted : user_pref("CT3072253.backendstorage.searchappstate", "31");

Deleted : user_pref("CT3072253.backendstorage.searchapptracking", "73656E74");

Deleted : user_pref("CT3072253.backendstorage.url_history0001", "687474703A2F2F7777772E66616365626F6F6B2E636F6[...]

Deleted : user_pref("CT3072253.components.129593762370823811", false);

Deleted : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Deleted : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Fri Sep 28 2012 17:56:48 GMT-0500 (Central [...]

Deleted : user_pref("CT3072253.homepageProtectorEnableByLogin", true);

Deleted : user_pref("CT3072253.initDone", true);

Deleted : user_pref("CT3072253.isAppTrackingManagerOn", false);

Deleted : user_pref("CT3072253.myStuffEnabled", true);

Deleted : user_pref("CT3072253.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Deleted : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);

Deleted : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Deleted : user_pref("CT3072253.navigateToUrlOnSearch", false);

Deleted : user_pref("CT3072253.revertSettingsEnabled", true);

Deleted : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);

Deleted : user_pref("CT3072253.searchProtectorEnableByLogin", true);

Deleted : user_pref("CT3072253.testingCtid", "");

Deleted : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Tue Apr 02 2013 03:58:09 GMT-0500 (Central D[...]

Deleted : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Fri Sep 28 2012 17:56:50 GMT-0500 (Central D[...]

Deleted : user_pref("CT3072253.usagesFlag", 2);

Deleted : user_pref("CommunityToolbar.ConduitSearchList", "uTorrentBar Customized Web Search,uTorrentControl2 [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/US", "\"0\"[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1463702/1459356/US", "\"0\"[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"70f[...]

Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Ricky Lee\\AppData\\Roaming\\Mozill[...]

Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");

Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://isearch.avg.com/search?cid=%7Bec0[...]

Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3072253,CT2786678");

Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678,CT3072253");

Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253,CT2786678");

Deleted : user_pref("CommunityToolbar.globalUserId", "d668e594-abef-48a3-be1e-bc2e42134201");

Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");

Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Sep 28 2012 17:56:5[...]

Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);

Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);

Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Oct 01 2012 19:54:03 GMT-050[...]

Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.locale", "en");

Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Oct 01 2012 19:53:56 GMT-0500 (C[...]

Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Deleted : user_pref("CommunityToolbar.notifications.userId", "703f4aef-8bd5-42f8-ab8e-3c5bac537c4a");

Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");

Deleted : user_pref("CommunityToolbar.originalSearchEngine", "AVG Secure Search");

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

Deleted : user_pref("browser.search.defaultthis.engineName", "uTorrentControl2 Customized Web Search");

Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&Sea[...]

Deleted : user_pref("extensions.BabylonToolbar.admin", false);

Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");

Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");

Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);

Deleted : user_pref("extensions.BabylonToolbar.id", "0c03b6d20000000000000023156ecead");

Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15588");

Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");

Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]

Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");

Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");

Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112555&tt=3612_2");

Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);

Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1221:37:02");

Deleted : user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sa[...]

Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=[...]

-\\ Google Chrome v26.0.1410.43

File : C:\Users\Ricky Lee\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [29821 octets] - [03/04/2013 16:08:37]

AdwCleaner[R2].txt - [29882 octets] - [03/04/2013 16:21:19]

AdwCleaner[s1].txt - [29902 octets] - [03/04/2013 16:21:36]

########## EOF - C:\AdwCleaner[s1].txt - [29963 octets] ##########

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.04.03.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Ricky Lee :: RICKYLEE-PC [administrator]

4/3/2013 4:33:27 PM

mbam-log-2013-04-03 (16-33-27).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 219330

Time elapsed: 4 minute(s), 4 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Ricky Lee\AppData\Local\Temp\svchost.exe (Trojan.Agent.Gen) -> Delete on reboot.

(end)

MrCharlie · April 3, 2013

OK...........

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

Download Malwarebytes Anti-Rootkit from HERE

Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

New window that comes up.

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.

Verify that your system is now functioning normally.

MrC

InsomniacR · April 3, 2013

I ran the mbar twice, I believe the first attempt finally got the persistent little thing. Here are the results with the three logs:

Malwarebytes Anti-Rootkit BETA 1.01.0.1022

www.malwarebytes.org

Database version: v2013.04.03.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Ricky Lee :: RICKYLEE-PC [administrator]

4/3/2013 5:15:28 PM

mbar-log-2013-04-03 (17-15-28).txt

Scan type: Quick scan

Scan options disabled:

Objects scanned: 30875

Time elapsed: 17 minute(s), 34 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

c:\Users\Ricky Lee\AppData\Local\Temp\svchost.exe (Trojan.Agent.Gen) -> Delete on reboot.

c:\Users\Ricky Lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QWR9NDCJ\svchost[1].exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.

(end)

Malwarebytes Anti-Rootkit BETA 1.01.0.1022

www.malwarebytes.org

Database version: v2013.04.03.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Ricky Lee :: RICKYLEE-PC [administrator]

4/3/2013 5:45:18 PM

mbar-log-2013-04-03 (17-45-18).txt

Scan type: Quick scan

Scan options disabled:

Objects scanned: 30869

Time elapsed: 25 minute(s), 20 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1022

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED

CPU speed: 1.729000 GHz

Memory total: 6363336704, free: 4045443072

------------ Kernel report ------------

04/03/2013 01:45:24

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\DRIVERS\MpFilter.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\SysWOW64\speedfan.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\System32\Drivers\SCDEmu.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\NETw5s64.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\L1C62x64.sys

\SystemRoot\system32\drivers\i8042prt.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\kbfiltr.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\ATK64AMD.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\DRIVERS\AmdTools64.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\AtihdW76.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\snp2uvc.sys

\SystemRoot\system32\DRIVERS\STREAM.SYS

\SystemRoot\system32\DRIVERS\sncduvc.SYS

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\DRIVERS\TurboB.sys

\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\NisDrvWFP.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\oleaut32.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa80091f2790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000008d\

Lower Device Object: 0xfffffa800919ab60

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

Initialization returned 0x0

Load Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8006610790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa80063f9050

Lower Device Driver Name: \Driver\iaStor\

Driver name found: iaStor

Initialization returned 0x0

Load Function returned 0x0

Downloaded database version: v2013.04.03.01

Downloaded database version: v2013.03.25.01

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8006610790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80066102c0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8006610790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80063f6af0, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa80063f9050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0xfffff8a014be0e20, 0xfffffa8006610790, 0xfffffa8005de21c0

Lower DeviceData: 0xfffff8a014c359d0, 0xfffffa80063f9050, 0xfffffa80060fbcf0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: CBB46AC

Partition information:

Partition 0 type is Other (0x1c)

Partition is NOT ACTIVE.

Partition starts at LBA: 2048 Numsec = 40963702

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 40966144 Numsec = 286547968

Partition file system is NTFS

Partition is bootable

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 327514112 Numsec = 922744832

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 640135028736 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xfffffa80091f2790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800554eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80091f2790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800919ab60, DeviceName: \Device\0000008d\, DriverName: \Driver\USBSTOR\

------------ End ----------

Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

Upper DeviceData: 0xfffff8a00f1dde30, 0xfffffa80091f2790, 0xfffffa8006171790

Lower DeviceData: 0xfffff8a00e9095b0, 0xfffffa800919ab60, 0xfffffa80061f75a0

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

This drive is a GPT Drive.

MBR Signature: 55AA

Disk Signature: 6A59A1B4

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)

Partition is NOT ACTIVE.

Partition starts at LBA: 1 Numsec = 4294967295

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254

GPT Header Revision 65536 Size 92 CRC 144316753

GPT Header CurrentLba = 1 BackupLba 1953525167

GPT Header FirstUsableLba 34 LastUsableLba 1953525134

GPT Header Guid 82393e84-8f5e-4ca9-a358-3f4ecc386375

GPT Header Contains 128 partition entries starting at LBA 2

GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254

Backup GPT header Revision 65536 Size 92 CRC 144316753

Backup GPT header CurrentLba = 1953525167 BackupLba 1

Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134

Backup GPT header Guid 82393e84-8f5e-4ca9-a358-3f4ecc386375

Backup GPT header Contains 128 partition entries starting at LBA 1953525135

Backup GPT header Partition entry size = 128

Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae

Partition ID 51983ba-1232-4d15-92b9-5953d4824c6d

FirstLBA 34 Last LBA 262177

Attributes 0

Partition Name Microsoft reserved partition

Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7

Partition ID 1d08c90a-9b90-440c-8354-272fe9bcce

FirstLBA 264192 Last LBA 1953523711

Attributes 0

Partition Name Basic data partition

Disk Size: 1000204886016 bytes

Sector size: 512 bytes

Done!

Performing system, memory and registry scan...

Infected: c:\Users\Ricky Lee\AppData\Local\Temp\svchost.exe --> [Trojan.Agent.Gen]

Infected: c:\Users\Ricky Lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9486TMD2\svchost[1].exe --> [Heuristics.Reserved.Word.Exploit]

Done!

Scan finished

Creating System Restore point...

Could not create restore point...

Scheduling clean up...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Removal scheduling successful. System shutdown needed.

System shutdown occurred

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1022

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED

CPU speed: 1.729000 GHz

Memory total: 6363336704, free: 4940062720

Removal queue found; removal started

Removing c:\Users\Ricky Lee\AppData\Local\Temp\svchost.exe...

Removing c:\Users\Ricky Lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9486TMD2\svchost[1].exe...

Removal finished

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1022

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED

CPU speed: 1.729000 GHz

Memory total: 6363336704, free: 4577525760

------------ Kernel report ------------

04/03/2013 02:17:19

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\DRIVERS\MpFilter.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\SysWOW64\speedfan.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\System32\Drivers\SCDEmu.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\NETw5s64.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\L1C62x64.sys

\SystemRoot\system32\drivers\i8042prt.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\kbfiltr.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\ATK64AMD.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\DRIVERS\AmdTools64.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\AtihdW76.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\snp2uvc.sys

\SystemRoot\system32\DRIVERS\STREAM.SYS

\SystemRoot\system32\DRIVERS\sncduvc.SYS

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\DRIVERS\TurboB.sys

\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\NisDrvWFP.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\drivers\spsys.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa8006879790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000008d\

Lower Device Object: 0xfffffa80054fa740

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

Initialization returned 0x0

Load Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8006600790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa80063cf050

Lower Device Driver Name: \Driver\iaStor\

Driver name found: iaStor

Initialization returned 0x0

Load Function returned 0x0

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1022

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED

CPU speed: 1.729000 GHz

Memory total: 6363336704, free: 4902453248

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1022

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED

CPU speed: 1.729000 GHz

Memory total: 6363336704, free: 4163506176

------------ Kernel report ------------

04/03/2013 16:57:01

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\DRIVERS\MpFilter.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\SysWOW64\speedfan.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\System32\Drivers\SCDEmu.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\NETw5s64.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\L1C62x64.sys

\SystemRoot\system32\drivers\i8042prt.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\kbfiltr.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\ATK64AMD.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\DRIVERS\AmdTools64.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\AtihdW76.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\snp2uvc.sys

\SystemRoot\system32\DRIVERS\STREAM.SYS

\SystemRoot\system32\DRIVERS\sncduvc.SYS

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\DRIVERS\TurboB.sys

\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\NisDrvWFP.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\System32\ATMFD.DLL

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\iertutil.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\setupapi.dll

\Windows\System32\wininet.dll

\Windows\System32\Wldap32.dll

\Windows\System32\nsi.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa80065d9790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa8006381050

Lower Device Driver Name: \Driver\iaStor\

Driver name found: iaStor

Initialization returned 0x0

Load Function returned 0x0

Downloaded database version: v2013.04.03.02

Downloaded database version: v2013.04.03.03

Downloaded database version: v2013.04.03.04

Downloaded database version: v2013.04.03.05

Downloaded database version: v2013.04.03.06

Downloaded database version: v2013.04.03.07

Downloaded database version: v2013.04.03.08

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa80065d9790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80065d92c0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80065d9790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800637c580, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa8006381050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0xfffff8a00f3e4370, 0xfffffa80065d9790, 0xfffffa800cd13790

Lower DeviceData: 0xfffff8a00f5896d0, 0xfffffa8006381050, 0xfffffa800cfe0c80

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: CBB46AC

Partition information:

Partition 0 type is Other (0x1c)

Partition is NOT ACTIVE.

Partition starts at LBA: 2048 Numsec = 40963702

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 40966144 Numsec = 286547968

Partition file system is NTFS

Partition is bootable

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 327514112 Numsec = 922744832

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 640135028736 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...

Done!

Performing system, memory and registry scan...

Infected: c:\Users\Ricky Lee\AppData\Local\Temp\svchost.exe --> [Trojan.Agent.Gen]

Infected: c:\Users\Ricky Lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QWR9NDCJ\svchost[1].exe --> [Heuristics.Reserved.Word.Exploit]

Done!

Scan finished

Creating System Restore point...

Could not create restore point...

Scheduling clean up...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Removal scheduling successful. System shutdown needed.

System shutdown occurred

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1022

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED

CPU speed: 1.729000 GHz

Memory total: 6363336704, free: 5047975936

Removal queue found; removal started

Removing c:\Users\Ricky Lee\AppData\Local\Temp\svchost.exe...

Removing c:\Users\Ricky Lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QWR9NDCJ\svchost[1].exe...

Removal finished

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1022

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED

CPU speed: 1.729000 GHz

Memory total: 6363336704, free: 4812267520

------------ Kernel report ------------

04/03/2013 17:19:33

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\DRIVERS\MpFilter.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\SysWOW64\speedfan.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\System32\Drivers\SCDEmu.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\NETw5s64.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\L1C62x64.sys

\SystemRoot\system32\drivers\i8042prt.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\kbfiltr.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\ATK64AMD.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\DRIVERS\AmdTools64.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\AtihdW76.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\snp2uvc.sys

\SystemRoot\system32\DRIVERS\STREAM.SYS

\SystemRoot\system32\DRIVERS\sncduvc.SYS

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\DRIVERS\TurboB.sys

\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\NisDrvWFP.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\drivers\spsys.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\wininet.dll

\Windows\System32\user32.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa80065e8790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa80063a1050

Lower Device Driver Name: \Driver\iaStor\

Driver name found: iaStor

Initialization returned 0x0

Load Function returned 0x0

No address found

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa80065e8790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80065e82c0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80065e8790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800639e6d0, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa80063a1050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0xfffff8a00fd18fe0, 0xfffffa80065e8790, 0xfffffa8005b33090

Lower DeviceData: 0xfffff8a00f663220, 0xfffffa80063a1050, 0xfffffa8005b28940

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: CBB46AC

Partition information:

Partition 0 type is Other (0x1c)

Partition is NOT ACTIVE.

Partition starts at LBA: 2048 Numsec = 40963702

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 40966144 Numsec = 286547968

Partition file system is NTFS

Partition is bootable

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 327514112 Numsec = 922744832

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 640135028736 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...

Done!

Performing system, memory and registry scan...

Done!

Scan finished

=======================================

MrCharlie · April 3, 2013

Good..........

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please Post the contents of that document.
Do Not Attach It!!!

MrC

InsomniacR · April 3, 2013

Here are the results from the security check:

Results of screen317's Security Check version 0.99.61

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 8 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Windows Firewall Disabled!

Microsoft Forefront Endpoint Protection

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

SpywareBlaster 5.0

Spybot - Search & Destroy

Malwarebytes Anti-Malware version 1.70.0.1100

Auslogics Registry Cleaner

JavaFX 2.1.1

Java 7 Update 17

Adobe Flash Player 10 Flash Player out of Date!

Adobe Flash Player 11.6.602.180

Adobe Reader 10.1.6 Adobe Reader out of Date!

Mozilla Firefox (19.0.2)

Google Chrome 25.0.1364.172

Google Chrome 26.0.1410.43

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

MrCharlie · April 3, 2013

A couple of small issues:

Adobe Flash Player 10 Flash Player out of Date! <---uninstall from add/remove programs

Adobe Flash Player 11.6.602.180 <---OK

Adobe Reader 10.1.6 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe.

Google Chrome 25.0.1364.172 <---OLD

Google Chrome 26.0.1410.43 <---OK

You have old versions of Google Chrome on the system.

Please download and run OldChromeRemover.

@Windows Vista/Windows 7 users must use “Run As Administrator.”

-------------------------------------

You have out dated programs on the system which are vulnerable to malware.

Please update or uninstall them

~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

InsomniacR · April 4, 2013

I spoke too soon. The virus manifested itself back in the same place... I thought it was rid off when the mbar caught it, the second sweep had shown it was gone. I did the OTL and when I rebooted the virus was once again here.

MrCharlie · April 4, 2013

Scan the system with RogueKiller again and post the new log, MrC

InsomniacR · April 4, 2013

The log from RogueKiller:

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Ricky Lee [Admin rights]

Mode : Scan -- Date : 04/03/2013 20:17:48

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤

[RUN][PREVRUN] HKLM\[...]\Run : RunDLLEntry (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry) [7] -> FOUND

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : Adobe (C:\Users\Ricky Lee\AppData\Roaming\AdobeUpdater\color.vbe) [-] -> FOUND

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400BEVT-80A0RT0 +++++

--- User ---

[MBR] ea495f0b0197509311a206ab04a89419

[bSP] 430b25a55e864bde579cd49e2260a437 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 20001 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 40966144 | Size: 139916 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 327514112 | Size: 450559 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2]_S_04032013_02d2017.txt >>

RKreport[1]_S_04032013_02d2015.txt ; RKreport[2]_S_04032013_02d2017.txt

MrCharlie · April 4, 2013

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

[RUN][PREVRUN] HKLM\[...]\Run : RunDLLEntry (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry) [7] -> FOUND
[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : Adobe (C:\Users\Ricky Lee\AppData\Roaming\AdobeUpdater\color.vbe) [-] -> FOUND

Now click Delete on the right hand column under Options

-------------------------------------

Then.........

Download aswMBR to your desktop.

http://public.avast....erek/aswMBR.exe

Double click the aswMBR.exe to run it.

If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".

Click the "Scan" button to start scan.

On completion of the scan click "Save log", save it to your desktop and post in your next reply.

MrC

InsomniacR · April 4, 2013

Run date: 2013-04-03 20:54:45

-----------------------------

20:54:45.230 OS Version: Windows x64 6.1.7601 Service Pack 1

20:54:45.230 Number of processors: 8 586 0x1E05

20:54:45.231 ComputerName: RICKYLEE-PC UserName: Ricky Lee

20:54:46.487 Initialize success

21:37:39.904 AVAST engine defs: 13040301

21:37:55.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

21:37:55.690 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3

21:37:55.803 Disk 0 MBR read successfully

21:37:55.806 Disk 0 MBR scan

21:37:55.812 Disk 0 Windows VISTA default MBR code

21:37:55.816 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 20001 MB offset 2048

21:37:55.851 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 139916 MB offset 40966144

21:37:55.892 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 450559 MB offset 327514112

21:37:56.043 Disk 0 scanning C:\Windows\system32\drivers

21:38:08.941 Service scanning

21:38:59.368 Modules scanning

21:38:59.377 Disk 0 trace - called modules:

21:38:59.402 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll

21:38:59.733 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065db790]

21:38:59.739 3 CLASSPNP.SYS[fffff88001ac243f] -> nt!IofCallDriver -> [0xfffffa80063a0ac0]

21:38:59.745 5 ACPI.sys[fffff88000efd7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800639f050]

21:39:01.313 AVAST engine scan C:\Windows

21:39:05.239 AVAST engine scan C:\Windows\system32

21:42:45.766 AVAST engine scan C:\Windows\system32\drivers

21:43:02.621 AVAST engine scan C:\Users\Ricky Lee

21:53:14.441 AVAST engine scan C:\ProgramData

21:55:08.041 Scan finished successfully

21:55:20.630 Disk 0 MBR has been saved successfully to "C:\Users\Ricky Lee\Desktop\MBR.dat"

21:55:20.630 The log file has been saved successfully to "C:\Users\Ricky Lee\Desktop\aswMBR.txt"

MrCharlie · April 4, 2013

OK, 3 programs show no rootkits.

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

Download Malwarebytes Anti-Rootkit from HERE

Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

New window that comes up.

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.

Verify that your system is now functioning normally.

MrC

InsomniacR · April 4, 2013

Here are the logs and results of the scans, it didn't require me to reboot or do a cleanup according to the results:

Malwarebytes Anti-Rootkit BETA 1.01.0.1022

www.malwarebytes.org

Database version: v2013.04.04.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Ricky Lee :: RICKYLEE-PC [administrator]

4/4/2013 10:29:59 AM

mbar-log-2013-04-04 (10-29-59).txt

Scan type: Quick scan

Scan options disabled:

Objects scanned: 30910

Time elapsed: 22 minute(s), 14 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1022

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED

CPU speed: 1.729000 GHz

Memory total: 6363336704, free: 3900575744

------------ Kernel report ------------

04/04/2013 10:07:17

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\DRIVERS\MpFilter.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\SysWOW64\speedfan.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\System32\Drivers\SCDEmu.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\NETw5s64.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\L1C62x64.sys

\SystemRoot\system32\drivers\i8042prt.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\kbfiltr.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\ATK64AMD.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\DRIVERS\AmdTools64.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\AtihdW76.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\snp2uvc.sys

\SystemRoot\system32\DRIVERS\STREAM.SYS

\SystemRoot\system32\DRIVERS\sncduvc.SYS

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\DRIVERS\TurboB.sys

\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\NisDrvWFP.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\System32\ATMFD.DLL

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa80065f1790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa80063c9050

Lower Device Driver Name: \Driver\iaStor\

Driver name found: iaStor

Initialization returned 0x0

Load Function returned 0x0

Downloaded database version: v2013.04.04.04

Downloaded database version: v2013.03.25.01

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa80065f1790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80065f1250, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80065f1790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80063cab50, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa80063c9050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0xfffff8a00d702650, 0xfffffa80065f1790, 0xfffffa800fd57090

Lower DeviceData: 0xfffff8a015082400, 0xfffffa80063c9050, 0xfffffa800ff7dd80

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: CBB46AC

Partition information:

Partition 0 type is Other (0x1c)

Partition is NOT ACTIVE.

Partition starts at LBA: 2048 Numsec = 40963702

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 40966144 Numsec = 286547968

Partition file system is NTFS

Partition is bootable

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 327514112 Numsec = 922744832

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 640135028736 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...

Done!

Performing system, memory and registry scan...

Done!

Scan finished

=======================================

MrCharlie · April 4, 2013

OK....Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Infected with svchost.exe Trojan.Agent

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information