Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Persistent whitesmoke toolbar


  • This topic is locked This topic is locked
15 replies to this topic

#1 jimmyjames99

jimmyjames99

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:59 AM

Posted 12 September 2012 - 08:08 PM

Hello, I am having an issue with the whitesmoke toolbar. It only shows up in Chrome. I can disable and remove the toolbar using the extensions manager within Chrome, but when I restart Chrome it automatically opens a second tab that is directed to bing.com(search.conduit.com/?ctid=CT3244149&SearchSource=48). I have followed removal instructions from various sites with no luck. I'm running Windows 7 Home Premium Edition. Sorry I posted this in the Am I Infected? What should I Do? forum. I'm new to forums.

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:59 AM

Posted 12 September 2012 - 09:06 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Then proceed to run aswMbr.exe as noted below.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Note:
If you are unable to run a Gmer scan due the fact you are running a 64bit machine please run the following tool and post its log.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.




Do you have a USB Flash Drive you can use?

Thanks and again sorry for the delay.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 jimmyjames99

jimmyjames99
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:59 AM

Posted 13 September 2012 - 07:13 AM

Thank you fireman for the fast response. I have a 64bit system, no restore CD but I do have a complete image from when I bought the computer, and I do have a USB drive. I will post the logs around 4 eastern time when I get out of work. Thank you again.

#4 jimmyjames99

jimmyjames99
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:59 AM

Posted 13 September 2012 - 03:40 PM

Here is the DDS log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421
Run by ASUS at 16:35:06 on 2012-09-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6028.4982 [GMT -4:00]
.
AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://asus.msn.com
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll
uRun: [Google Update] "C:\Users\ASUS\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [AsusVibeLuncher] C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe /start
StartupFolder: C:\Users\ASUS\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
uPolicies-explorer: <NO NAME> =
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5C98BD89-D889-43BB-B693-C78EC3F88392} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5C98BD89-D889-43BB-B693-C78EC3F88392}\1555051535 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5C98BD89-D889-43BB-B693-C78EC3F88392}\E4544574541425 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{81278460-FA1E-4B85-9701-0A2BA28B68F9} : DhcpNameServer = 13.4.0.66
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll
BHO-X64: TmBpIeBHO - No File
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun-x64: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
mRun-x64: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun-x64: [AsusVibeLuncher] C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe /start
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\system32\DRIVERS\iusb3hcs.sys --> C:\Windows\system32\DRIVERS\iusb3hcs.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2012-1-30 17152]
R3 AsusVBus;AsusVBus;C:\Windows\system32\DRIVERS\AsusVBus.sys --> C:\Windows\system32\DRIVERS\AsusVBus.sys [?]
R3 AsusVTouch;AsusVTouch;C:\Windows\system32\DRIVERS\AsusVTouch.sys --> C:\Windows\system32\DRIVERS\AsusVTouch.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\iusb3hub.sys --> C:\Windows\system32\DRIVERS\iusb3hub.sys [?]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\DRIVERS\iusb3xhc.sys --> C:\Windows\system32\DRIVERS\iusb3xhc.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
S1 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
S2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
S2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
S2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-2-3 277120]
S2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-1-31 19232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
S2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-5-10 128280]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-5-10 161560]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-10 363800]
S3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-3-6 275912]
S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-11 276248]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-8-31 1432400]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\system32\DRIVERS\RtsBaStor.sys --> C:\Windows\system32\DRIVERS\RtsBaStor.sys [?]
S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2012-1-5 247072]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-09-12 21:56:22 -------- d-----w- C:\Users\ASUS\AppData\Local\Google
2012-09-12 21:40:37 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-09-11 04:52:39 -------- d-----w- C:\Users\ASUS\AppData\Local\Deployment
2012-09-11 04:52:39 -------- d-----w- C:\Users\ASUS\AppData\Local\Apps
2012-09-11 01:27:29 -------- d-----w- C:\Users\ASUS\AppData\Roaming\Malwarebytes
2012-09-11 01:27:13 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-10 22:31:53 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{990A65F8-04B1-4B39-88B2-3FEBC84CC1E5}\mpengine.dll
2012-09-10 22:31:53 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-09-09 21:06:19 -------- d-----w- C:\Users\ASUS\AppData\Local\CRE
2012-09-09 00:57:52 -------- d-----w- C:\Program Files (x86)\The Elder Scrolls V Skyrim
2012-09-09 00:01:26 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-09-09 00:01:09 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-09-09 00:00:54 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-09-09 00:00:54 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-09-06 17:38:37 -------- d-----w- C:\Users\ASUS\AppData\Local\Adobe
2012-09-05 23:34:03 -------- d-----w- C:\ProgramData\VirtualizedApplications
2012-09-05 21:10:51 -------- d-----w- C:\Users\ASUS\AppData\Roaming\SoftGrid Client
2012-09-05 21:10:51 -------- d-----w- C:\Users\ASUS\AppData\Local\SoftGrid Client
2012-09-05 21:09:29 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-09-05 21:09:08 -------- d-----w- C:\Users\ASUS\AppData\Roaming\TP
2012-09-05 17:19:27 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2012-09-05 03:09:13 -------- d-----w- C:\Program Files\VideoLAN
2012-09-01 04:10:54 -------- d-----w- C:\ProgramData\ASUS
2012-08-31 19:40:51 -------- d-----w- C:\Users\ASUS\Work
2012-08-31 17:29:51 -------- d-----w- C:\Users\ASUS\AppData\Local\cache
2012-08-31 12:46:14 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-08-31 12:45:29 -------- d-----w- C:\Users\ASUS\AppData\Roaming\uTorrent
2012-08-31 10:25:49 -------- d-----w- C:\Users\ASUS\AppData\Local\Diagnostics
2012-08-31 10:00:49 -------- d-----w- C:\Users\ASUS\AppData\Roaming\Autodesk
2012-08-31 09:44:13 255552 ----a-w- C:\Windows\SysWow64\drivers\mcdbus.sys
2012-08-31 09:44:13 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys
2012-08-31 09:44:12 -------- d-----w- C:\Program Files (x86)\MagicDisc
2012-08-31 08:39:52 -------- d-----w- C:\Users\ASUS\AppData\Local\Microsoft Games
2012-08-31 08:33:57 -------- d-----w- C:\Users\ASUS\AppData\Roaming\ASUS WebStorage
2012-08-31 05:26:55 -------- d-----w- C:\Users\ASUS\AppData\Local\Axialis
2012-08-31 05:21:59 380 ----a-w- C:\Users\ASUS\AppData\Roaming\sp_data.sys
2012-08-31 05:21:44 -------- d-----w- C:\Users\ASUS\AppData\Local\Power2Go
2012-08-31 05:21:09 -------- d-----w- C:\Users\ASUS\AppData\Local\VirtualStore
2012-08-31 04:13:26 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared
2012-08-31 04:12:49 -------- d-----w- C:\Users\ASUS\AppData\Local\Autodesk
2012-08-31 04:10:32 -------- d-----w- C:\Program Files\Common Files\Autodesk Shared
2012-08-31 04:10:32 -------- d-----w- C:\Program Files\Autodesk
2012-08-31 04:08:45 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
2012-08-31 04:08:45 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2012-08-31 04:08:44 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll
2012-08-31 04:08:44 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2012-08-31 04:08:44 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2012-08-31 04:08:44 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2012-08-31 04:08:44 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
2012-08-31 04:08:44 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2012-08-31 04:06:57 -------- d-----w- C:\Program Files (x86)\Common Files\Autodesk Shared
2012-08-31 04:06:57 -------- d-----w- C:\Program Files (x86)\Autodesk
2012-08-31 03:06:13 -------- d-----w- C:\Users\ASUS\AppData\Local\Skyrim
2012-08-31 03:01:59 520544 ----a-w- C:\Windows\System32\d3dx10_41.dll
.
==================== Find3M ====================
.
.
============= FINISH: 16:35:47.46 ===============

I ran aswMBR in safe mode because it gave me a blue screen the first time, and i ran it twice. the first is with out the avast update and the second is with the update, don't know if that makes a difference.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-13 16:30:10
-----------------------------
16:30:10.182 OS Version: Windows x64 6.1.7601 Service Pack 1
16:30:10.182 Number of processors: 4 586 0x2A07
16:30:10.182 ComputerName: ASUS-PC UserName: ASUS
16:30:10.228 Initialze error 1 Incorrect function.
16:30:17.326 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:30:17.326 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
16:30:17.358 Disk 0 MBR read successfully
16:30:17.373 Disk 0 MBR scan
16:30:17.373 Disk 0 unknown MBR code
16:30:17.373 Disk 0 Partition 1 00 EE GPT 715404 MB offset 1
16:30:17.373 Disk 0 scanning C:\Windows\system32\drivers
16:30:17.373 Service scanning
16:30:18.699 Modules scanning
16:30:18.699 Disk 0 trace - called modules:
16:30:18.699 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
16:30:18.699 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005fbd060]
16:30:18.699 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> [0xfffffa8005d37960]
16:30:18.715 5 ACPI.sys[fffff88000f257a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005d3b050]
16:30:18.715 Scan finished successfully
16:30:36.234 Disk 0 MBR has been saved successfully to "C:\Users\ASUS\Desktop\MBR.dat"
16:30:36.234 The log file has been saved successfully to "C:\Users\ASUS\Desktop\aswMBR.txt"

This is the second one
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-13 16:30:43
-----------------------------
16:30:43.566 OS Version: Windows x64 6.1.7601 Service Pack 1
16:30:43.566 Number of processors: 4 586 0x2A07
16:30:43.566 ComputerName: ASUS-PC UserName: ASUS
16:30:43.566 Initialze error 1 Incorrect function.
16:31:58.305 AVAST engine defs: 12091300
16:32:07.244 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:32:07.244 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
16:32:07.275 Disk 0 MBR read successfully
16:32:07.275 Disk 0 MBR scan
16:32:07.275 Disk 0 unknown MBR code
16:32:07.291 Disk 0 Partition 1 00 EE GPT 715404 MB offset 1
16:32:07.291 Disk 0 scanning C:\Windows\system32\drivers
16:32:07.291 Service scanning
16:32:07.884 Modules scanning
16:32:07.884 Disk 0 trace - called modules:
16:32:07.899 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
16:32:07.899 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005fbd060]
16:32:07.899 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> [0xfffffa8005d37960]
16:32:07.899 5 ACPI.sys[fffff88000f257a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005d3b050]
16:32:07.915 AVAST engine scan C:\Windows
16:32:07.915 AVAST engine scan C:\Windows\system32
16:32:07.931 AVAST engine scan C:\Windows\system32\drivers
16:32:07.931 AVAST engine scan C:\Users\ASUS
16:32:07.931 AVAST engine scan C:\ProgramData
16:32:07.931 Scan finished successfully
16:32:24.357 Disk 0 MBR has been saved successfully to "C:\Users\ASUS\Desktop\MBR.dat"
16:32:24.357 The log file has been saved successfully to "C:\Users\ASUS\Desktop\aswMBR1.txt"

#5 jimmyjames99

jimmyjames99
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:59 AM

Posted 13 September 2012 - 03:45 PM

I also DDS in safe mode because my first scan was erased after the bluescreen.

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:59 AM

Posted 13 September 2012 - 05:05 PM

Please run the following tools and post there logs.


1.
Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 jimmyjames99

jimmyjames99
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:59 AM

Posted 13 September 2012 - 08:32 PM

In general the computer is running great. the only problem is the whitesmoke toolbar in Google Chrome. Here is the combofix log but the TDSSkiller log is to large to post or attach.

ComboFix 12-09-13.03 - ASUS 09/13/2012 21:12:12.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6028.4634 [GMT -4:00]
Running from: c:\users\ASUS\Desktop\ComboFix.exe
AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msvcr71.dll
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\AuthFWSnapIn.Resources.dll
c:\windows\SysWow64\pt\AuthFWWizFwk.Resources.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-08-14 to 2012-09-14 )))))))))))))))))))))))))))))))
.
.
2012-09-14 01:17 . 2012-09-14 01:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-12 21:40 . 2012-09-12 21:40 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-09-11 01:27 . 2012-09-11 01:27 -------- d-----w- c:\programdata\Malwarebytes
2012-09-10 22:31 . 2012-08-28 05:49 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{990A65F8-04B1-4B39-88B2-3FEBC84CC1E5}\mpengine.dll
2012-09-10 22:31 . 2012-05-31 16:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-09-09 00:57 . 2012-09-09 01:14 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim
2012-09-09 00:01 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-09-09 00:01 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-09-09 00:01 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-09-09 00:01 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-09-09 00:01 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-09-09 00:01 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-09-09 00:01 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-09-09 00:00 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-09-09 00:00 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-09-05 23:34 . 2012-09-05 23:34 -------- d-----w- c:\programdata\VirtualizedApplications
2012-09-05 21:09 . 2012-09-05 21:09 -------- d-----w- c:\program files\Microsoft Office
2012-09-05 21:09 . 2012-09-05 21:09 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2012-09-05 17:19 . 2012-09-05 17:19 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2012-09-05 03:09 . 2012-09-05 03:09 -------- d-----w- c:\program files\VideoLAN
2012-09-01 04:10 . 2012-09-01 04:10 -------- d-----w- c:\programdata\ASUS
2012-08-31 17:25 . 2012-09-11 04:25 -------- d-----w- c:\programdata\FLEXnet
2012-08-31 12:46 . 2012-08-31 12:46 -------- d-----w- c:\program files (x86)\uTorrent
2012-08-31 10:00 . 2012-09-04 21:33 -------- d-----w- c:\programdata\Autodesk
2012-08-31 09:44 . 2009-02-24 22:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys
2012-08-31 09:44 . 2009-02-24 22:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2012-08-31 09:44 . 2012-08-31 09:44 -------- d-----w- c:\program files (x86)\MagicDisc
2012-08-31 05:18 . 2012-09-13 20:21 -------- d-----w- c:\users\ASUS
2012-08-31 04:13 . 2012-08-31 04:13 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-08-31 04:10 . 2012-08-31 04:16 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2012-08-31 04:10 . 2012-08-31 04:15 -------- d-----w- c:\program files\Autodesk
2012-08-31 04:08 . 2010-05-26 15:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-08-31 04:08 . 2010-05-26 15:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-08-31 04:08 . 2010-05-26 15:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-08-31 04:08 . 2010-05-26 15:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2012-08-31 04:08 . 2010-05-26 15:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-08-31 04:08 . 2010-05-26 15:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2012-08-31 04:08 . 2010-05-26 15:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-08-31 04:08 . 2010-05-26 15:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-08-31 04:06 . 2012-08-31 04:16 -------- d-----w- c:\program files (x86)\Common Files\Autodesk Shared
2012-08-31 04:06 . 2012-08-31 04:09 -------- d-----w- c:\program files (x86)\Autodesk
2012-08-31 03:01 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-08-31 00:47 . 2012-08-31 00:47 -------- d-----w- c:\program files\7-Zip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-13 20:52 . 2011-03-29 02:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-03-06 3331312]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-07 291608]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-23 318080]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-25 174720]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072]
"AsusVibeLuncher"="c:\program files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe" [2012-08-10 549552]
.
c:\users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-8-31 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2012-3-6 549552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-22 276248]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-08-31 1432400]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-07 16152]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2011-08-11 70928]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-02-03 277120]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2011-12-16 128280]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2012-01-30 17152]
S3 AsusVBus;AsusVBus;c:\windows\system32\DRIVERS\AsusVBus.sys [2011-12-21 35968]
S3 AsusVTouch;AsusVTouch;c:\windows\system32\DRIVERS\AsusVTouch.sys [2011-11-08 16512]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-02-19 200488]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-02-20 331264]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-07 356120]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-07 787736]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys [2012-02-01 292968]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-03 721768]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-03 269672]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-03 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-03 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
S3 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2011-08-02 247072]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 31680061
*NewlyCreated* - 87447789
*Deregistered* - 31680061
*Deregistered* - 87447789
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-289746401-564520130-4194583551-1000Core.job
- c:\users\ASUS\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-12 22:44]
.
2012-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-289746401-564520130-4194583551-1000UA.job
- c:\users\ASUS\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-12 22:44]
.
2012-09-14 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2012-09-13 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2011-10-26 1654992]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-10-04 213824]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2011-08-02 416992]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-22 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-22 398616]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-06 415680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-31680061.sys
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-13 21:19:55
ComboFix-quarantined-files.txt 2012-09-14 01:19
.
Pre-Run: 238,353,457,152 bytes free
Post-Run: 238,071,128,064 bytes free
.
- - End Of File - - E61A35177D54B9850CBC0D67FF92FC97

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:59 AM

Posted 13 September 2012 - 09:02 PM

1.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


2.
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.


Still have the whitesmoke toolbar?
[*]Please post the contents of that logfile with your next reply.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.[/list]

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 jimmyjames99

jimmyjames99
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:59 AM

Posted 14 September 2012 - 12:13 PM

The toolbar is gone but the extra tab in chrome came back after I signed back in.

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.14.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ASUS :: ASUS-PC [administrator]

Protection: Disabled

9/14/2012 12:52:46 PM
mbam-log-2012-09-14 (12-52-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198520
Time elapsed: 1 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


# AdwCleaner v2.001 - Logfile created 09/14/2012 at 13:01:12
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : ASUS - ASUS-PC
# Boot Mode : Normal
# Running from : C:\Users\ASUS\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif
Folder Deleted : C:\Users\ASUS\AppData\LocalLow\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kfkcangbigakljkjeglcofaomihpejif

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Google Chrome v21.0.1180.89

File : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.11] : homepage = "hxxps://mail.google.com/mail/?shva=1#inbox",
Deleted [l.15] : urls_to_restore_on_startup = [ "hxxps://mail.google.com/mail/?shva=1#inbox", "hxxp://search.conduit.com/?ctid=CT3244149&SearchSource=48" ]
Deleted [l.1469] : homepage = "hxxps://mail.google.com/mail/?shva=1#inbox",
Deleted [l.1798] : urls_to_restore_on_startup = [ "hxxps://mail.google.com/mail/?shva=1#inbox", "hxxp://search.conduit.com/?ctid=CT3244149&SearchSource=48" ]

*************************

AdwCleaner[R1].txt - [1603 octets] - [14/09/2012 13:00:55]
AdwCleaner[S1].txt - [1619 octets] - [14/09/2012 13:01:12]

########## EOF - C:\AdwCleaner[S1].txt - [1679 octets] ##########

Attached Files



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:59 AM

Posted 14 September 2012 - 01:25 PM

  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    c:\windows\*. /SL
    c:\windows\*. /RP 
    netsvcs
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav 
    %systemroot%\system32\drivers\*.sys /90
    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 jimmyjames99

jimmyjames99
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:59 AM

Posted 14 September 2012 - 03:29 PM

OTL logfile created on: 9/14/2012 4:17:35 PM - Run 1
OTL by OldTimer - Version 3.2.61.4 Folder = C:\Users\ASUS\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.89 Gb Total Physical Memory | 4.50 Gb Available Physical Memory | 76.44% Memory free
11.77 Gb Paging File | 10.18 Gb Available in Paging File | 86.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.45 Gb Total Space | 221.77 Gb Free Space | 79.36% Space Free | Partition Type: NTFS
Drive D: | 393.86 Gb Total Space | 393.76 Gb Free Space | 99.97% Space Free | Partition Type: NTFS

Computer Name: ASUS-PC | User Name: ASUS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/14 16:16:35 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/05/10 13:47:21 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2012/02/07 00:12:52 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/02/06 22:32:34 | 000,102,568 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2012/02/06 22:32:30 | 000,162,456 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
PRC - [2012/02/03 19:24:50 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
PRC - [2012/02/03 18:40:42 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
PRC - [2012/02/02 19:33:32 | 002,321,072 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2012/01/31 10:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2012/01/30 17:32:16 | 001,120,936 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2011/12/23 19:39:38 | 000,174,720 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2011/12/22 22:58:42 | 000,318,080 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2011/12/21 17:15:54 | 000,017,872 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
PRC - [2011/12/16 15:30:40 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/12/16 15:30:38 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/12/16 14:02:56 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2011/12/16 14:02:46 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2011/11/21 17:22:08 | 000,080,512 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2011/11/21 17:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2011/10/24 20:20:38 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2011/10/03 14:45:58 | 000,375,424 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
PRC - [2010/08/20 12:57:06 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/06/19 13:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 13:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2008/12/22 20:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/08/14 00:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/29 22:58:45 | 000,442,392 | ---- | M] () -- C:\Users\ASUS\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll
MOD - [2012/08/29 22:58:42 | 003,997,720 | ---- | M] () -- C:\Users\ASUS\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
MOD - [2012/08/29 22:57:15 | 000,144,424 | ---- | M] () -- C:\Users\ASUS\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll
MOD - [2012/08/29 22:57:13 | 000,266,792 | ---- | M] () -- C:\Users\ASUS\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll
MOD - [2012/08/29 22:57:12 | 002,480,680 | ---- | M] () -- C:\Users\ASUS\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll
MOD - [2012/02/06 22:32:30 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
MOD - [2012/01/31 12:25:12 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
MOD - [2010/08/20 12:57:06 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2010/08/20 12:57:00 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll


========== Services (SafeList) ==========

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2012/08/31 00:13:26 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/12/08 19:38:24 | 000,607,456 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2011/08/02 16:33:14 | 000,247,072 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Titanium\TiMiniService.exe -- (TiMiniService)
SRV:64bit: - [2011/03/03 19:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/05 13:19:27 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/02/22 03:18:24 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/02/03 19:24:50 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2012/01/31 10:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2011/12/16 15:30:40 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/12/16 15:30:38 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/12/16 14:02:56 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011/12/16 14:02:46 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2011/11/21 17:22:08 | 000,080,512 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2011/11/21 17:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/06 06:02:17 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/03/06 06:02:17 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/02/22 03:18:14 | 014,692,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/02/19 22:31:14 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/02/19 14:16:24 | 000,200,488 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012/02/07 00:12:56 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/02/07 00:12:54 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/02/07 00:12:54 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/02/01 05:06:18 | 000,292,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsBaStor.sys -- (RSBASTOR)
DRV:64bit: - [2012/01/30 17:32:16 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2011/12/22 23:09:00 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/12/21 17:15:56 | 000,035,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsusVBus.sys -- (AsusVBus)
DRV:64bit: - [2011/11/10 04:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/11/07 22:48:28 | 000,016,512 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsusVTouch.sys -- (AsusVTouch)
DRV:64bit: - [2011/10/04 02:49:32 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/09/29 13:07:26 | 000,105,744 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2011/08/23 09:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/11 03:53:50 | 000,167,696 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2011/08/11 03:53:50 | 000,091,920 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2011/08/11 03:53:50 | 000,070,928 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2011/05/13 19:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/11/20 09:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/12/02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2009/12/02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009/12/02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2009/12/02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/07/20 05:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 16:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/05/23 20:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/01/30 17:32:16 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AiCharger.sys -- (AiCharger)
DRV - [2011/09/07 12:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 20:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ASUS\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ASUS\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension [2012/03/06 07:00:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012/03/06 07:00:26 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: https://mail.google.com/mail/?shva=1#inbox
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: https://mail.google.com/mail/?shva=1#inbox
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ASUS\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ASUS\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ASUS\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ASUS\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\ASUS\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - Extension: Select To Get Maps = C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hinehgnhgiohbfpbpgkjnelkcgdkcgha\1.1.1_0\
CHR - Extension: Google Voice (by Google) = C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.3.6.8_0\
CHR - Extension: FVD Video Downloader = C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\1.3.0_0\
CHR - Extension: Large Document = C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\mccldfhipgghpkkamlldhiajioepaklb\2.45_0\
CHR - Extension: Google Play Books = C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.3_0\
CHR - Extension: Virtual Keyboard (by Google) = C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpphfcjpaldmedbbomcdhgonmhjngfig\0.9.8.8_0\
CHR - Extension: Send from Gmail (by Google) = C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.12_0\

O1 HOSTS File: ([2012/09/13 21:17:19 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe32.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [AsusVibeLuncher] C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUSTeK Computer Inc.)
O4 - Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C98BD89-D889-43BB-B693-C78EC3F88392}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81278460-FA1E-4B85-9701-0A2BA28B68F9}: DhcpNameServer = 13.4.0.66
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll (Trend Micro Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


ActiveX:64bit: {0BFD92B7-444F-BCB3-2A1C-AD17F628B83F} - Browser Customizations
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3856AFAD-4228-39FC-35ED-EB43357F9425} - Themes Setup
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {430642F0-9F57-2075-DE3E-3AC68ED75DE9} - Themes Setup
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6648F53A-3CB5-6D9A-DEC1-4ED886E5B853} - Offline Browsing Pack
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {D31A4C73-76D5-29F7-F292-EE94673F8938} - Themes Setup
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CE4BC71D-A88B-4943-BB3D-AF9C0E7D4387} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/14 16:16:35 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe
[2012/09/14 13:03:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/14 12:50:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/14 12:50:18 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/14 12:50:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/13 21:19:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/13 21:11:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/13 21:11:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/13 21:11:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/13 21:10:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/13 21:10:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/13 21:03:06 | 004,749,794 | R--- | C] (Swearware) -- C:\Users\ASUS\Desktop\ComboFix.exe
[2012/09/13 16:34:43 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\ASUS\Desktop\dds.com
[2012/09/13 16:27:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/09/13 16:22:07 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\ASUS\Desktop\aswMBR.exe
[2012/09/12 18:45:44 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/09/12 17:56:22 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\Google
[2012/09/12 17:40:38 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/09/12 17:40:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012/09/11 00:52:39 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\Deployment
[2012/09/11 00:52:39 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\Apps
[2012/09/11 00:38:56 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Desktop\Message Board - Questions and Answers to All Things Digital - The Kim Komando Radio Show_files
[2012/09/10 21:27:29 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Malwarebytes
[2012/09/10 21:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/09 17:06:19 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\CRE
[2012/09/08 20:57:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Elder Scrolls V Skyrim
[2012/09/06 13:38:37 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\Adobe
[2012/09/05 19:34:03 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2012/09/05 17:10:51 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\SoftGrid Client
[2012/09/05 17:10:51 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\SoftGrid Client
[2012/09/05 17:10:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
[2012/09/05 17:09:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/09/05 17:09:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/09/05 17:09:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2012/09/05 17:09:08 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\TP
[2012/09/05 13:19:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2012/09/04 23:09:27 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\vlc
[2012/09/04 23:09:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/09/04 23:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/09/01 00:11:01 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Documents\ASUS
[2012/09/01 00:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS
[2012/08/31 15:40:51 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Work
[2012/08/31 13:29:51 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\cache
[2012/08/31 13:25:08 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012/08/31 08:46:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2012/08/31 08:45:29 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\uTorrent
[2012/08/31 08:44:45 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Macromedia
[2012/08/31 08:44:45 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Adobe
[2012/08/31 06:25:49 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\Diagnostics
[2012/08/31 06:00:49 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Autodesk
[2012/08/31 06:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2012/08/31 05:44:51 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc
[2012/08/31 05:44:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
[2012/08/31 05:44:13 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysWow64\drivers\mcdbus.sys
[2012/08/31 05:44:13 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys
[2012/08/31 05:44:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc
[2012/08/31 04:39:52 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\Microsoft Games
[2012/08/31 04:33:57 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\ASUS WebStorage
[2012/08/31 01:26:55 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\Axialis
[2012/08/31 01:21:45 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security 2012
[2012/08/31 01:21:44 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\Power2Go
[2012/08/31 01:21:23 | 000,000,000 | R--D | C] -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/08/31 01:21:23 | 000,000,000 | R--D | C] -- C:\Users\ASUS\Searches
[2012/08/31 01:21:23 | 000,000,000 | R--D | C] -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/08/31 01:21:23 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/08/31 01:21:14 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Identities
[2012/08/31 01:21:12 | 000,000,000 | R--D | C] -- C:\Users\ASUS\Contacts
[2012/08/31 01:21:09 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\VirtualStore
[2012/08/31 01:18:51 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\ASUS
[2012/08/31 01:18:48 | 000,000,000 | -HSD | C] -- C:\Users\ASUS\AppData\Local\Temporary Internet Files
[2012/08/31 01:18:48 | 000,000,000 | -HSD | C] -- C:\Users\ASUS\Templates
[2012/08/31 01:18:48 | 000,000,000 | -HSD | C] -- C:\Users\ASUS\Start Menu
[2012/08/31 01:18:48 | 000,000,000 | -HSD | C] -- C:\Users\ASUS\SendTo
[2012/08/31 01:18:48 | 000,000,000 | -HSD | C] -- C:\Users\ASUS\Recent
[2012/08/31 01:18:48 | 000,000,000 | -HSD | C] -- C:\Users\ASUS\PrintHood
[2012/08/31 01:18:48 | 000,000,000 | -HSD | C] -- C:\Users\ASUS\NetHood
[2012/08/31 01:18:48 | 000,000,000 | -HSD | C] -- C:\Users\ASUS\Documents\My Videos
[2012/08/31 01:18:48 | 000,000,000 | -HSD | C] -- C:\Users\ASUS\Documents\My Pictures
[2012/08/31 01:18:48 | 000,000,000 | -HSD | C] -- C:\Users\ASUS\Documents\My Music
[2012/08/31 01:18:48 | 000,000,000 | -HSD | C] -- C:\Users\ASUS\My Documents
[2012/08/31 01:18:48 | 000,000,000 | -HSD | C] -- C:\Users\ASUS\Local Settings
[2012/08/31 01:18:48 | 000,000,000 | -HSD | C] -- C:\Users\ASUS\AppData\Local\History
[2012/08/31 01:18:48 | 000,000,000 | -HSD | C] -- C:\Users\ASUS\Cookies
[2012/08/31 01:18:48 | 000,000,000 | -HSD | C] -- C:\Users\ASUS\Application Data
[2012/08/31 01:18:48 | 000,000,000 | -HSD | C] -- C:\Users\ASUS\AppData\Local\Application Data
[2012/08/31 01:18:47 | 000,000,000 | --SD | C] -- C:\Users\ASUS\AppData\Roaming\Microsoft
[2012/08/31 01:18:47 | 000,000,000 | R--D | C] -- C:\Users\ASUS\Videos
[2012/08/31 01:18:47 | 000,000,000 | R--D | C] -- C:\Users\ASUS\Saved Games
[2012/08/31 01:18:47 | 000,000,000 | R--D | C] -- C:\Users\ASUS\Pictures
[2012/08/31 01:18:47 | 000,000,000 | R--D | C] -- C:\Users\ASUS\Music
[2012/08/31 01:18:47 | 000,000,000 | R--D | C] -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/08/31 01:18:47 | 000,000,000 | R--D | C] -- C:\Users\ASUS\Links
[2012/08/31 01:18:47 | 000,000,000 | R--D | C] -- C:\Users\ASUS\Favorites
[2012/08/31 01:18:47 | 000,000,000 | R--D | C] -- C:\Users\ASUS\Downloads
[2012/08/31 01:18:47 | 000,000,000 | R--D | C] -- C:\Users\ASUS\Documents
[2012/08/31 01:18:47 | 000,000,000 | R--D | C] -- C:\Users\ASUS\Desktop
[2012/08/31 01:18:47 | 000,000,000 | R--D | C] -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/08/31 01:18:47 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData
[2012/08/31 01:18:47 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\Temp
[2012/08/31 01:18:47 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\Microsoft
[2012/08/31 01:18:47 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Media Center Programs
[2012/08/31 00:14:13 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Documents\Inventor Server SDK ACAD 2013
[2012/08/31 00:13:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2012/08/31 00:12:49 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\Autodesk
[2012/08/31 00:10:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2012/08/31 00:10:32 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2012/08/31 00:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[2012/08/31 00:06:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared
[2012/08/31 00:06:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk
[2012/08/30 23:06:13 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\Skyrim
[2012/08/30 23:06:13 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Documents\My Games
[2012/08/30 23:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
[2012/08/30 20:47:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/08/30 20:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

========== Files - Modified Within 30 Days ==========

[2012/09/14 16:16:35 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe
[2012/09/14 16:15:37 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-289746401-564520130-4194583551-1000UA.job
[2012/09/14 16:15:36 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2012/09/14 16:15:31 | 000,000,380 | ---- | M] () -- C:\Users\ASUS\AppData\Roaming\sp_data.sys
[2012/09/14 16:15:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/14 13:10:16 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/14 13:10:16 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/14 13:10:05 | 000,119,737 | ---- | M] () -- C:\Users\ASUS\Desktop\Untitled.png
[2012/09/14 13:03:51 | 000,001,395 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012/09/14 13:03:02 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2012/09/14 13:02:43 | 445,579,263 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/14 12:59:44 | 000,512,399 | ---- | M] () -- C:\Users\ASUS\Desktop\adwcleaner.exe
[2012/09/14 12:52:04 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/13 21:17:19 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/13 21:03:18 | 004,749,794 | R--- | M] (Swearware) -- C:\Users\ASUS\Desktop\ComboFix.exe
[2012/09/13 21:01:41 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-289746401-564520130-4194583551-1000Core.job
[2012/09/13 16:34:45 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\ASUS\Desktop\dds.com
[2012/09/13 16:32:24 | 000,000,512 | ---- | M] () -- C:\Users\ASUS\Desktop\MBR.dat
[2012/09/13 16:27:15 | 594,332,955 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/09/13 16:22:21 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\ASUS\Desktop\aswMBR.exe
[2012/09/13 16:21:50 | 000,000,000 | ---- | M] () -- C:\Users\ASUS\defogger_reenable
[2012/09/13 16:20:06 | 000,002,868 | ---- | M] () -- C:\Users\ASUS\Desktop\Attach.zip
[2012/09/12 18:51:39 | 000,155,392 | ---- | M] () -- C:\Users\ASUS\Desktop\whitesmoketoolbar.png
[2012/09/12 18:45:48 | 000,002,323 | ---- | M] () -- C:\Users\ASUS\Desktop\Google Chrome.lnk
[2012/09/12 17:40:38 | 000,001,266 | ---- | M] () -- C:\Users\ASUS\Desktop\Revo Uninstaller.lnk
[2012/09/12 17:21:08 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/09/12 16:32:23 | 000,001,828 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012/09/11 19:47:02 | 002,587,134 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/11 19:47:02 | 000,754,626 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012/09/11 19:47:02 | 000,738,318 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2012/09/11 19:47:02 | 000,671,674 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/11 19:47:02 | 000,160,782 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012/09/11 19:47:02 | 000,155,346 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2012/09/11 19:47:02 | 000,124,652 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/11 00:38:56 | 000,135,759 | ---- | M] () -- C:\Users\ASUS\Desktop\Message Board - Questions and Answers to All Things Digital - The Kim Komando Radio Show.htm
[2012/09/10 21:12:59 | 002,691,192 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\ASUS\Desktop\procexp.exe
[2012/09/10 21:12:59 | 000,072,268 | ---- | M] () -- C:\Users\ASUS\Desktop\procexp.chm
[2012/09/09 17:06:22 | 000,000,009 | ---- | M] () -- C:\END
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/05 17:10:17 | 004,627,742 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/05 12:53:31 | 000,347,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/09/04 23:09:20 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/09/01 00:38:50 | 000,005,120 | ---- | M] () -- C:\Users\ASUS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/31 16:48:38 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\ASUS Vibe Fun Center.lnk
[2012/08/31 08:46:14 | 000,000,969 | ---- | M] () -- C:\Users\ASUS\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/08/31 06:26:14 | 000,001,439 | ---- | M] () -- C:\Users\ASUS\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/31 05:44:51 | 000,000,991 | ---- | M] () -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2012/08/31 05:44:51 | 000,000,955 | ---- | M] () -- C:\Users\ASUS\Desktop\MagicDisc.lnk
[2012/08/31 04:29:26 | 000,000,080 | ---- | M] () -- C:\Windows\SysNative\Defrag.ini
[2012/08/31 04:18:13 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/08/31 04:18:13 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/08/31 00:20:49 | 000,001,594 | ---- | M] () -- C:\Users\ASUS\Desktop\TESV - Shortcut.lnk
[2012/08/31 00:13:38 | 000,000,153 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

========== Files Created - No Company Name ==========

[2012/09/14 13:10:05 | 000,119,737 | ---- | C] () -- C:\Users\ASUS\Desktop\Untitled.png
[2012/09/14 12:59:43 | 000,512,399 | ---- | C] () -- C:\Users\ASUS\Desktop\adwcleaner.exe
[2012/09/14 12:50:19 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/13 21:11:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/13 21:11:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/13 21:11:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/13 21:11:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/13 21:11:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/13 16:30:36 | 000,000,512 | ---- | C] () -- C:\Users\ASUS\Desktop\MBR.dat
[2012/09/13 16:27:15 | 594,332,955 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/09/13 16:21:50 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\defogger_reenable
[2012/09/13 16:20:06 | 000,002,868 | ---- | C] () -- C:\Users\ASUS\Desktop\Attach.zip
[2012/09/12 18:47:55 | 000,155,392 | ---- | C] () -- C:\Users\ASUS\Desktop\whitesmoketoolbar.png
[2012/09/12 18:45:48 | 000,002,323 | ---- | C] () -- C:\Users\ASUS\Desktop\Google Chrome.lnk
[2012/09/12 18:44:24 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-289746401-564520130-4194583551-1000UA.job
[2012/09/12 18:44:24 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-289746401-564520130-4194583551-1000Core.job
[2012/09/12 17:40:38 | 000,001,266 | ---- | C] () -- C:\Users\ASUS\Desktop\Revo Uninstaller.lnk
[2012/09/11 00:38:53 | 000,135,759 | ---- | C] () -- C:\Users\ASUS\Desktop\Message Board - Questions and Answers to All Things Digital - The Kim Komando Radio Show.htm
[2012/09/09 17:06:22 | 000,000,009 | ---- | C] () -- C:\END
[2012/09/04 23:09:20 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/09/01 00:29:58 | 000,005,120 | ---- | C] () -- C:\Users\ASUS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/31 08:46:14 | 000,000,969 | ---- | C] () -- C:\Users\ASUS\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/08/31 06:26:14 | 000,001,439 | ---- | C] () -- C:\Users\ASUS\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/31 05:44:51 | 000,000,991 | ---- | C] () -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2012/08/31 05:44:51 | 000,000,955 | ---- | C] () -- C:\Users\ASUS\Desktop\MagicDisc.lnk
[2012/08/31 01:21:59 | 000,000,380 | ---- | C] () -- C:\Users\ASUS\AppData\Roaming\sp_data.sys
[2012/08/31 01:21:35 | 000,001,411 | ---- | C] () -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/08/31 01:21:27 | 000,001,445 | ---- | C] () -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/08/31 01:18:47 | 000,000,290 | ---- | C] () -- C:\Users\ASUS\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/08/31 01:18:47 | 000,000,272 | ---- | C] () -- C:\Users\ASUS\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/08/31 00:20:49 | 000,001,594 | ---- | C] () -- C:\Users\ASUS\Desktop\TESV - Shortcut.lnk
[2012/08/31 00:13:38 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/05/10 13:49:03 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
[2012/03/11 23:28:54 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/11 23:28:48 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/03/11 23:28:45 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/03/11 23:28:44 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/03/11 23:28:43 | 013,209,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/03/06 06:59:48 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/03/06 06:48:36 | 004,627,742 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/08 19:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== LOP Check ==========

[2012/08/31 04:33:57 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\ASUS WebStorage
[2012/09/04 17:33:55 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Autodesk
[2012/09/09 21:20:25 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\SoftGrid Client
[2012/09/05 17:11:10 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\TP
[2012/09/09 20:42:23 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\uTorrent
[2012/09/14 13:03:02 | 000,000,828 | ---- | M] () -- C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2012/09/14 16:15:36 | 000,000,830 | ---- | M] () -- C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2009/07/14 01:08:49 | 000,008,444 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< c:\windows\*. /SL >

< c:\windows\*. /RP >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012/09/06 13:38:37 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Adobe
[2012/08/31 04:33:57 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\ASUS WebStorage
[2012/09/04 17:33:55 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Autodesk
[2012/08/31 01:21:14 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Identities
[2012/08/31 08:44:45 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Macromedia
[2012/09/10 21:27:29 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Malwarebytes
[2009/07/14 03:44:38 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Media Center Programs
[2012/09/10 22:22:26 | 000,000,000 | --SD | M] -- C:\Users\ASUS\AppData\Roaming\Microsoft
[2012/09/09 21:20:25 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\SoftGrid Client
[2012/09/05 17:11:10 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\TP
[2012/09/09 20:42:23 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\uTorrent
[2012/09/11 23:37:40 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\vlc

< %APPDATA%\*.exe /s >

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:A1EDB939

< End of report >


OTL Extras logfile created on: 9/14/2012 4:17:35 PM - Run 1
OTL by OldTimer - Version 3.2.61.4 Folder = C:\Users\ASUS\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.89 Gb Total Physical Memory | 4.50 Gb Available Physical Memory | 76.44% Memory free
11.77 Gb Paging File | 10.18 Gb Available in Paging File | 86.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.45 Gb Total Space | 221.77 Gb Free Space | 79.36% Space Free | Partition Type: NTFS
Drive D: | 393.86 Gb Total Space | 393.76 Gb Free Space | 99.97% Space Free | Partition Type: NTFS

Computer Name: ASUS-PC | User Name: ASUS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{39AAC38A-96B4-4FEE-935D-3A979E122D68}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6A513EF3-0E92-4B2D-82E6-10D51675440F}" = lport=50248 | protocol=6 | dir=in | name=autodesk content service |
"{E6270FE6-9CFE-41B0-8138-DA4F0713BF99}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13D0D4AD-D0AF-4ACD-946A-526C30C7005A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{6E474D80-F1CF-4B06-9AA6-8ECE5051BA79}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{71CB21EC-DE1F-49CC-8944-488C54552CCC}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{B70F1A94-0081-44CC-A107-D20A439EF583}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F4D61C76-FDF4-450B-AC40-68ED9FD2FAE8}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{59B075B9-DF2B-418A-A75A-5F424C0F6D2E}C:\program files (x86)\the elder scrolls v skyrim\creationkit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the elder scrolls v skyrim\creationkit.exe |
"UDP Query User{5A3860ED-DCCB-406E-823E-1955E8370B46}C:\program files (x86)\the elder scrolls v skyrim\creationkit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the elder scrolls v skyrim\creationkit.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{23170F69-40C1-2702-0922-000001000000}" = 7-Zip 9.22 (x64 edition)
"{3CE222BA-66A6-4D18-BEE9-5D21C5798C3E}" = Windows Live Family Safety
"{3D7F836A-AE1F-4FA6-8DB9-4FE06697AB0A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5783F2D7-B001-0000-0102-0060B0CE6BBA}" = AutoCAD 2013 - English
"{5783F2D7-B001-0409-1102-0060B0CE6BBA}" = AutoCAD 2013 Language Pack - English
"{5783F2D7-B001-0409-2102-0060B0CE6BBA}" = AutoCAD 2013 - English
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6DDCFF78-6F91-438C-9567-C5CAA9D7F56C}" = Windows Live Family Safety
"{749BE6FF-815E-4F36-901B-7AC301B50330}" = Windows Live Family Safety
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{82C1E6E4-6718-4EFD-9DCC-E276D690EF46}" = Autodesk Inventor Fusion plug-in for AutoCAD 2013
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security 2012
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E01819BD-709F-43A1-9600-6F5E4C584C37}" = Windows Live Family Safety
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FE2F4875-095C-427C-9A97-4F8DE05ACF22}" = Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013
"{FFF5619F-2013-0064-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2013
"AutoCAD 2013 - English" = AutoCAD 2013 - English
"Autodesk Inventor Fusion 2013" = Autodesk Inventor Fusion 2013
"Autodesk Inventor Fusion plug-in for AutoCAD 2013" = Autodesk Inventor Fusion plug-in for AutoCAD 2013
"Elantech" = ETDWare PS/2-X64 10.5.9.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"VLC media player" = VLC media player 2.0.2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013
"{153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB}" = Autodesk Design Review 2013
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19EA33FB-B34E-40EA-8B8A-61743AEB795A}" = Wireless Console 3
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D49C296-BCCA-4800-BAF6-A0269EBDCF74}" = Windows Live Messenger
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{5172E572-C175-4F80-A6D5-5CB45826AD61}" = SceneSwitch
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62F029AB-85F2-0000-866A-9FC0DD99DDBC}" = Autodesk Content Service
"{62F029AB-85F2-0001-866A-9FC0DD99DDBC}" = Autodesk Content Service Language Pack
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS FaceLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn for NB
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{938CFBD4-0652-49E5-BB8B-153948865941}" = ASUS Virtual Touch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel® Manageability Engine Firmware Recovery Agent
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F992409C-9D10-4AE2-BAEB-B5409AD3785E}" = 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文)
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASUS K5 Series ScreenSaver" = ASUS K5 Series ScreenSaver
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"Autodesk Content Service" = Autodesk Content Service
"Autodesk Design Review 2013" = Autodesk Design Review 2013
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Revo Uninstaller" = Revo Uninstaller 1.94
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/10/2012 6:40:28 PM | Computer Name = ASUS-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\ASUS\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 9/10/2012 6:43:02 PM | Computer Name = ASUS-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\ASUS\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 9/10/2012 9:46:15 PM | Computer Name = ASUS-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.


Error - 9/11/2012 12:33:19 AM | Computer Name = ASUS-PC | Source = CVHSVC | ID = 100
Description = Information only. Error: The server returned an invalid or unrecognized
response ErrorCode: 14007(0x36b7).

Error - 9/11/2012 1:01:58 AM | Computer Name = ASUS-PC | Source = CVHSVC | ID = 100
Description = Information only. Error: The server returned an invalid or unrecognized
response ErrorCode: 14007(0x36b7).

Error - 9/12/2012 4:53:21 PM | Computer Name = ASUS-PC | Source = CVHSVC | ID = 100
Description = Information only. Error: There are currently no active network connections.
Background Intelligent Transfer Service (BITS) will try again when an adapter is
connected. ErrorCode: 14007(0x36b7).

Error - 9/12/2012 5:31:45 PM | Computer Name = ASUS-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: The server name or address could not be resolved

Error - 9/13/2012 5:02:29 PM | Computer Name = ASUS-PC | Source = CVHSVC | ID = 100
Description = Information only. Error: The server returned an invalid or unrecognized
response ErrorCode: 14007(0x36b7).

Error - 9/13/2012 9:15:33 PM | Computer Name = ASUS-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: The server name or address could not be resolved

Error - 9/14/2012 1:13:17 PM | Computer Name = ASUS-PC | Source = CVHSVC | ID = 100
Description = Information only. Error: The server returned an invalid or unrecognized
response ErrorCode: 14007(0x36b7).

[ System Events ]
Error - 8/31/2012 6:00:42 AM | Computer Name = ASUS-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom2.

Error - 9/5/2012 4:14:47 PM | Computer Name = ASUS-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 9/5/2012 5:06:50 PM | Computer Name = ASUS-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR4.

Error - 9/5/2012 5:06:51 PM | Computer Name = ASUS-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR4.

Error - 9/5/2012 5:06:53 PM | Computer Name = ASUS-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR4.

Error - 9/5/2012 5:06:53 PM | Computer Name = ASUS-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR4.

Error - 9/5/2012 5:06:54 PM | Computer Name = ASUS-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR4.

Error - 9/5/2012 5:06:54 PM | Computer Name = ASUS-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR4.

Error - 9/5/2012 5:06:55 PM | Computer Name = ASUS-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR4.


< End of report >

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:59 AM

Posted 14 September 2012 - 04:01 PM

Hello,

Go ahead and uninstall and reinstall Google Chrome. If it ask if you want to delete personnel setting select yes.

Let me know if it is still opening that page after you reinstall it.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 jimmyjames99

jimmyjames99
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:59 AM

Posted 14 September 2012 - 06:28 PM

I uninstalled chrome and then I installed chrome beta and I still get the extra page

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:59 AM

Posted 14 September 2012 - 10:41 PM

Are you connected to the internet through a router? If so we need to Reset that router.
How to reset your router.



1.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

2.
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

3.
Download AdwCleaner
  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    Posted Image
  • Click the Search button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 jimmyjames99

jimmyjames99
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:59 AM

Posted 15 September 2012 - 10:38 AM

I reimaged my computer last night and today I did a new install of chrome and after signing in the extra page is still coming up so I am assuming it has something to do with my Google acount




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users