Results 1 to 4 of 4

Thread: W3i.IQ5.fraud Removal

  1. #1
    Junior Member
    Join Date
    Mar 2012
    Posts
    2

    Default W3i.IQ5.fraud Removal

    Hello. After seeing the tremendous help others have gotten i decided to trust the same dedicated pros who seem to be doing a very good job. Okay so my problem is with the removal of this malware. Firstly when spybot picks it up, it prompts saying "this action may not be performed completely since i am not an administrator (although i am). Then when i go on a second prompt pops up saying "some problems could not be fixed : the reason could be that the associated files are still in use (in memory). This could be fixed after a restart." I tried the restart and it didnt help.

    Below is the spybot scan log :

    W3i.IQ5.fraud: [SBI $5ADC6E84] Program directory (Directory, fixing failed)
    C:\Windows\System32\AI_RecycleBin\


    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SDWinSec.exe (1.0.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2012-03-29 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2012-01-16 Includes\Adware.sbi (*)
    2012-03-20 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2010-12-14 Includes\Dialer.sbi (*)
    2011-11-29 Includes\DialerC.sbi (*)
    2012-01-31 Includes\HeavyDuty.sbi (*)
    2012-03-20 Includes\Hijackers.sbi (*)
    2011-10-04 Includes\HijackersC.sbi (*)
    2010-09-15 Includes\iPhone.sbi (*)
    2012-03-13 Includes\Keyloggers.sbi (*)
    2012-03-13 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2012-03-27 Includes\Malware.sbi (*)
    2012-03-27 Includes\MalwareC.sbi (*)
    2011-02-24 Includes\PUPS.sbi (*)
    2012-02-28 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2011-02-24 Includes\Security.sbi (*)
    2011-12-13 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2012-01-17 Includes\Spyware.sbi (*)
    2012-02-28 Includes\SpywareC.sbi (*)
    2010-03-08 Includes\Tracks.uti
    2011-09-28 Includes\Trojans.sbi (*)
    2012-03-21 Includes\TrojansC-02.sbi (*)
    2012-03-27 Includes\TrojansC-03.sbi (*)
    2012-03-27 Includes\TrojansC-04.sbi (*)
    2012-03-27 Includes\TrojansC-05.sbi (*)
    2012-03-21 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll


    Here is the DDS log:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
    Run by Faizan at 20:45:24 on 2012-03-29
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8169.3833 [GMT -4:00]
    .
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
    AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\ASUS\FaceLogon\smartlogon.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\ASUS\P4G\BatteryLife.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
    C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
    C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
    C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
    C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
    C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
    C:\ExpressGateUtil\VAWinService.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Program Files (x86)\ooVoo\ooVoo.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Windows\AsScrPro.exe
    C:\ExpressGateUtil\VAWinAgent.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
    C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
    C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
    C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
    C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files (x86)\Browny02\BrYNSvc.exe
    C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\WimaxConsole.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
    C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    E:\Program Files (x86)\iTunes\iTunes.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    E:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://asus.msn.com
    mStart Page = hxxp://asus.msn.com
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe
    BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
    uRun: [Facebook Update] "C:\Users\Faizan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [DAEMON Tools Lite] "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
    uRun: [Google Update] "C:\Users\Faizan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
    mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
    mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
    mRun: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe
    mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [UpdReg] C:\Windows\UpdReg.EXE
    mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    mRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
    mRun: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent
    mRun: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
    mRun: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
    mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
    mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
    mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
    mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
    mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
    mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
    mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    mRun: [FLxHCIm64] "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe"
    mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    mRun: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\Users\Faizan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
    StartupFolder: C:\Users\Faizan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files (x86)\Intel\TurboBoost\SignalIslandUi.exe
    StartupFolder: C:\Users\Faizan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 129.97.2.1 129.97.129.10 129.97.2.2
    TCP: Interfaces\{4FAA5CA3-EDD3-40F7-9FD7-4FC5E0A3B131} : DhcpNameServer = 129.97.2.1 129.97.129.10 129.97.2.2
    TCP: Interfaces\{FEC63BEA-3FC3-470B-93EA-DFAD91438A8A} : DhcpNameServer = 129.97.2.1 129.97.129.10 129.97.2.2
    TCP: Interfaces\{FEC63BEA-3FC3-470B-93EA-DFAD91438A8A}\0716E6B69646F6B616E6 : DhcpNameServer = 192.168.123.254
    TCP: Interfaces\{FEC63BEA-3FC3-470B-93EA-DFAD91438A8A}\1486D65646 : DhcpNameServer = 64.71.255.198
    TCP: Interfaces\{FEC63BEA-3FC3-470B-93EA-DFAD91438A8A}\14B414B4 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{FEC63BEA-3FC3-470B-93EA-DFAD91438A8A}\2756A7E2D6367696C6C6E23616 : DhcpNameServer = 132.206.85.18 132.206.85.19 132.206.85.36 132.206.44.21 132.206.25.21
    TCP: Interfaces\{FEC63BEA-3FC3-470B-93EA-DFAD91438A8A}\4527166756C6F6467656 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{FEC63BEA-3FC3-470B-93EA-DFAD91438A8A}\B48616E6 : DhcpNameServer = 192.168.1.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
    BHO-X64: Trend Micro NSC BHO - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO-X64: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
    BHO-X64: TmBpIeBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    mRun-x64: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
    mRun-x64: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
    mRun-x64: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
    mRun-x64: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe
    mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
    mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    mRun-x64: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
    mRun-x64: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent
    mRun-x64: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
    mRun-x64: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
    mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
    mRun-x64: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
    mRun-x64: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
    mRun-x64: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
    mRun-x64: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
    mRun-x64: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
    mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun-x64: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    mRun-x64: [FLxHCIm64] "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe"
    mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    mRun-x64: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Faizan\AppData\Roaming\Mozilla\Firefox\Profiles\mnsltlfa.default\
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Faizan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Users\Faizan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Faizan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Faizan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - plugin: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
    R1 ATKWMIACPIIO_;ATKWMIACPI Driver_;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
    R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-2-2 18656]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-11-7 499200]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-23 2152152]
    R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-5-4 25824]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-12 2348352]
    R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-9 144672]
    R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
    R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2011-6-2 1839888]
    R2 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2010-10-26 241488]
    R2 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-12 2655768]
    R2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2011-3-25 91464]
    R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-11-7 869376]
    R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2012-1-30 17152]
    R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
    R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]
    R3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]
    R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2011-9-19 245760]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-3 138360]
    R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]
    R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2012-1-11 17152]
    R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\system32\DRIVERS\nvoclk64.sys --> C:\Windows\system32\DRIVERS\nvoclk64.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 SmbDrv;SmbDrv;C:\Windows\system32\DRIVERS\Smb_driver.sys --> C:\Windows\system32\DRIVERS\Smb_driver.sys [?]
    R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-4 136176]
    S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-3-29 1153368]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
    S3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-4-11 267480]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-7-12 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-7-12 79360]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-9-27 1431888]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-4 136176]
    S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUVStor.sys --> C:\Windows\system32\Drivers\RtsUVStor.sys [?]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\Faizan\Desktop\Utilities\RealTemp_360\WinRing0x64.sys [2008-7-26 14544]
    S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== File Associations ===============
    .
    .scr=AutoCADScriptFile
    .
    =============== Created Last 30 ================
    .
    2012-03-30 00:22:27 -------- d-----w- C:\Program Files\iTunes
    2012-03-30 00:22:27 -------- d-----w- C:\Program Files\iPod
    2012-03-28 05:01:32 154240 ----a-w- C:\Windows\AsPatch10430001.exe
    2012-03-28 05:01:21 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
    2012-03-28 05:00:49 -------- d-----w- C:\Program Files\Fresco Logic
    2012-03-28 04:59:20 -------- d-----w- C:\Program Files\Synaptics
    2012-03-28 04:52:47 380 ----a-w- C:\Users\Faizan\AppData\Roaming\sp_data.sys
    2012-03-28 04:46:58 196224 ----a-w- C:\Program Files\Windows Sidebar\Shared Gadgets\P4GUpdate.Gadget\P4GUpdate.dll
    2012-03-28 04:46:55 -------- d-----w- C:\ProgramData\P4G
    2012-03-28 04:46:55 -------- d-----w- C:\Program Files\ASUS
    2012-03-28 04:45:05 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
    2012-03-28 04:45:05 471144 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
    2012-03-28 04:45:05 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
    2012-03-28 02:46:29 -------- d-----w- C:\Users\Faizan\AppData\Local\{FDAE3AD4-7E93-4A6B-9E78-18E3E3310BC2}
    2012-03-28 02:46:29 -------- d-----w- C:\Users\Faizan\AppData\Local\{4A18CFFC-5DE0-4352-8933-1B916B206A28}
    2012-03-26 01:29:40 -------- d-----w- C:\Users\Faizan\AppData\Roaming\Softland
    2012-03-26 01:29:39 24928 ----a-w- C:\Windows\System32\dopdfmn7.dll
    2012-03-26 01:29:39 21344 ----a-w- C:\Windows\System32\dopdfmi7.dll
    2012-03-26 01:29:38 1700352 ----a-w- C:\Windows\System32\GdiPlus.dll
    2012-03-26 01:29:37 -------- d-----w- C:\Program Files\Softland
    2012-03-25 22:03:20 -------- d-----w- C:\Users\Faizan\AppData\Local\{835683F4-E699-47A9-96F9-DDB25F43462D}
    2012-03-25 22:03:19 -------- d-----w- C:\Users\Faizan\AppData\Local\{56684A89-61DE-452D-86BE-AB84AE42A7B5}
    2012-03-25 19:27:38 -------- d-----w- C:\Users\Faizan\AppData\Roaming\Research In Motion
    2012-03-25 19:27:12 44032 ----a-w- C:\Windows\System32\drivers\RimSerial_AMD64.sys
    2012-03-25 19:26:54 -------- d-----w- C:\ProgramData\Research In Motion
    2012-03-24 23:49:12 -------- d-----w- C:\Windows\System32\wbem\Framework\root\OpenHardwareMonitor
    2012-03-24 23:49:12 -------- d-----w- C:\Windows\System32\wbem\Framework\root
    2012-03-24 23:49:12 -------- d-----w- C:\Windows\System32\wbem\Framework
    2012-03-21 04:29:22 -------- d-----w- C:\Users\Faizan\AppData\Local\{87DB5A1E-BF37-4EC2-948E-6C81CFCA89C1}
    2012-03-21 04:29:20 -------- d-----w- C:\Users\Faizan\AppData\Local\{D865F8D1-9DA9-4159-9140-6D59816D5993}
    2012-03-20 04:16:57 -------- d-----w- C:\Users\Faizan\AppData\Local\{39A946F0-DAE3-47DF-980F-9540DB9B8C48}
    2012-03-20 04:16:56 -------- d-----w- C:\Users\Faizan\AppData\Local\{367B9525-CFA9-400B-806C-B3900D91647E}
    2012-03-19 15:38:01 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
    2012-03-19 15:38:01 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
    2012-03-18 05:32:35 -------- d-----w- C:\Users\Faizan\AppData\Local\{B158C6F5-1693-488F-A405-4F44802828DB}
    2012-03-18 05:32:34 -------- d-----w- C:\Users\Faizan\AppData\Local\{88C941BE-2DC5-470D-9AC4-F80E96E24C2D}
    2012-03-15 23:39:59 -------- d-----w- C:\Users\Faizan\AppData\Local\{978C4F6D-2465-4F03-8FBD-69C46EC80F38}
    2012-03-15 23:39:58 -------- d-----w- C:\Users\Faizan\AppData\Local\{AFDBDC43-6E58-4C34-8684-3E0A4B1AEBB9}
    2012-03-14 16:45:32 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-03-14 16:45:31 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-03-14 16:45:31 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-03-14 16:07:45 3145728 ----a-w- C:\Windows\System32\win32k.sys
    2012-03-14 16:07:40 1544192 ----a-w- C:\Windows\System32\DWrite.dll
    2012-03-14 16:07:39 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-03-14 16:06:04 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-03-14 16:06:04 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-03-14 16:06:04 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-03-14 16:06:04 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-03-14 16:05:58 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-03-14 16:05:58 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-03-14 16:05:58 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-03-13 00:07:34 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
    2012-03-13 00:07:34 188224 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
    2012-03-13 00:07:34 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
    2012-03-12 23:59:35 -------- d-----w- C:\ProgramData\IVI Foundation
    2012-03-12 23:59:35 -------- d-----w- C:\Program Files (x86)\National Instruments
    2012-03-12 23:59:35 -------- d-----w- C:\Program Files (x86)\IVI Foundation
    2012-03-12 23:59:30 -------- d-----w- C:\ProgramData\National Instruments
    2012-03-11 19:22:51 -------- d-----w- C:\Users\Faizan\AppData\Local\{4C16D04E-DA49-4817-B488-05633DC0A59D}
    2012-03-11 19:22:50 -------- d-----w- C:\Users\Faizan\AppData\Local\{8CB877C0-A7EB-4432-86DD-F370418478C7}
    2012-03-10 18:57:33 -------- d-----w- C:\Users\Faizan\AppData\Local\{EB85EBBF-8206-4B66-A234-29B1B3F40281}
    2012-03-10 18:57:33 -------- d-----w- C:\Users\Faizan\AppData\Local\{51BAE198-B329-423E-A4D0-46D14144F94F}
    2012-03-04 20:16:20 162664 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
    2012-03-04 02:36:30 -------- d-----w- C:\Users\Faizan\AppData\Local\{FF5CD69B-F221-4F97-9EA8-FDCBEF79E0EE}
    2012-03-04 02:36:29 -------- d-----w- C:\Users\Faizan\AppData\Local\{613DDB68-7DC4-467C-9EC1-654D36603809}
    2012-03-01 00:07:15 -------- d-----w- C:\Users\Faizan\AppData\Local\{A40FA0D8-E126-440C-A642-8E04FA4A25B3}
    2012-03-01 00:07:12 -------- d-----w- C:\Users\Faizan\AppData\Local\{99DD787D-F820-46B2-8CEE-CFEC2403483A}
    2012-02-29 17:26:56 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    .
    ==================== Find3M ====================
    .
    2012-03-28 17:15:34 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-02-29 21:00:22 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll
    2012-02-29 21:00:09 6074176 ----a-w- C:\Windows\System32\nvcpl.dll
    2012-02-29 20:59:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
    2012-02-29 20:59:47 63296 ----a-w- C:\Windows\System32\nvshext.dll
    2012-02-29 20:59:47 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll
    2012-02-29 20:59:47 118080 ----a-w- C:\Windows\System32\nvmctray.dll
    2012-02-27 17:50:02 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-02-06 23:32:32 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
    2012-02-06 23:32:30 773968 ----a-w- C:\Windows\SysWow64\msvcr100.dll
    2012-02-06 22:41:14 4740456 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
    2012-02-06 18:45:00 2528832 ----a-w- C:\Windows\System32\FMAPO64.dll
    2012-02-06 14:55:14 3846248 ----a-w- C:\Windows\System32\RtkAPO64.dll
    2012-02-03 21:37:22 626264 ----a-w- C:\Windows\System32\MBTHX64.dll
    2012-02-03 21:37:18 561752 ----a-w- C:\Windows\SysWow64\MBTHX32.dll
    2012-01-31 21:32:16 2652264 ----a-w- C:\Windows\System32\RtPgEx64.dll
    2012-01-30 18:32:16 17152 ----a-w- C:\Windows\SysWow64\drivers\AiCharger.sys
    2012-01-30 18:32:16 17152 ----a-w- C:\Windows\System32\drivers\AiCharger.sys
    2012-01-26 20:27:36 413456 ----a-w- C:\Windows\System32\drivers\SynTP.sys
    2012-01-26 20:27:30 22800 ----a-w- C:\Windows\System32\drivers\Smb_driver.sys
    2012-01-26 20:27:26 68880 ----a-w- C:\Windows\SysWow64\SynTPEnhPS.dll
    2012-01-26 20:27:20 113936 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
    2012-01-26 20:27:14 229648 ----a-w- C:\Windows\System32\SynTPAPI.dll
    2012-01-26 20:27:14 150800 ----a-w- C:\Windows\System32\SynTPCo9.dll
    2012-01-26 20:27:06 280336 ----a-w- C:\Windows\System32\SynCtrl.dll
    2012-01-26 20:27:06 224528 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
    2012-01-26 20:27:04 183568 ----a-w- C:\Windows\SysWow64\SynCOM.dll
    2012-01-26 20:27:02 422160 ----a-w- C:\Windows\System32\SynCOM.dll
    2012-01-11 22:50:02 16432 ----a-w- C:\Windows\System32\lsdelete.exe
    2012-01-10 18:48:16 958296 ----a-w- C:\Windows\System32\MaxxAudioAPOShell64.dll
    2012-01-10 08:44:58 65024 ----a-w- C:\Windows\System32\drivers\FLxHCIh.sys
    2012-01-10 08:44:58 219648 ----a-w- C:\Windows\System32\drivers\FLxHCIc.sys
    2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
    2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
    .
    ============= FINISH: 20:46:10.46 ===============




    Thanking you in advance.
    Attached Files Attached Files

  2. #2
    Security Expert jeffce's Avatar
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi and Welcome!! My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
    • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.


    IMPORTANT NOTE : Please do not delete anything unless instructed to.
    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
    Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.


    Vista and Windows 7 users:
    These tools MUST be run from the executable (.exe) every time you run them
    with Admin Rights (Right click, choose "Run as Administrator")


    Stay with this topic until I give you the all clean post.

    First we need to make all files and folders VISIBLE:

    • Go to start>control panel>folder options>view
    • Choose to "show hidden files and folders,"
    • Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
    • Close the window with OK


    Download CKScanner by askey127 from Here & save it to your Desktop.
    • Right-click and Run as Administrator CKScanner.exe then click Search For Files
    • When the cursor hourglass disappears, click Save List To File
    • A message box will verify the file saved
    • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

    ----------

    Please download aswMBR to your desktop.

    • Right click and Run as Administrator the aswMBR icon to run it.
    • Click the Scan button to start scan.
    • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.



    Click the image to enlarge it
    ----------

    Download Combofix from either of the links below, and save it to your desktop.
    Link 1
    Link 2

    **Note: It is important that it is saved directly to your desktop**

    --------------------------------------------------------------------

    IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    --------------------------------------------------------------------

    Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt for further review.

    ----------

    In your next reply please post the logs made by ckscanner, aswMBR and ComboFix.
    http://i1224.photobucket.com/albums/ee380/jeffce74/Bleedingbanner2.jpg

  3. #3
    Security Expert jeffce's Avatar
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Do you still need help?
    http://i1224.photobucket.com/albums/ee380/jeffce74/Bleedingbanner2.jpg

  4. #4
    Security Expert jeffce's Avatar
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Due to lack of feedback, this topic will now be closed.
    If you are the original poster and you still require help, please start a new thread.

    -------------------
    http://i1224.photobucket.com/albums/ee380/jeffce74/Bleedingbanner2.jpg

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •