Solved: Advertisements in background + hogging resources.

Hungraninc · 21-Jan-2013, 06:17 PM #1

Hello there!
Been having a problem where advertisements randomly start playing even with nothing open. I noticed when it happened that "Svchost.exe, Host Process for Windows Services" Would be running and taking up a ton of memory. When I end it the advertisements stop. Butttt they come back randomly. Also having a problem with fullscreen games minimizing itself a lot.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, 64 bit
Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz, Intel64 Family 6 Model 30 Stepping 5
Processor Count: 8
RAM: 12221 Mb
Graphics Card: NVIDIA GeForce GTS 360M, 1024 Mb
Hard Drives: C: Total - 119232 MB, Free - 8676 MB; D: Total - 337702 MB, Free - 44951 MB;
Motherboard: PEGATRON CORPORATION, G60JX
Antivirus: AVG Internet Security, Disabled

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:53:14 PM, on 1/21/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Users\Hungran\AppData\Local\AOL\AIM\aim.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Users\Hungran\jagexcache\jagexlauncher\bin\JagexLauncher.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Hungran\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
R3 - URLSearchHook: RuneScape Toolbar - {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRune.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: RuneScape - {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRune.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: RuneScape Toolbar - {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRune.dll
O3 - Toolbar: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [AA30DCE6-37A5-4A15-B09C-16E9346BA802] cmd.exe /C start /D "C:\Users\Hungran\AppData\Local\Temp" /B AA30DCE6-37A5-4A15-B09C-16E9346BA802.exe -postboot
O4 - HKCU\..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe
O4 - Global Startup: FancyStart daemon.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VideAceWindowsService - Unknown owner - C:\ExpressGateUtil\VAWinService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 15704 bytes

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.6.2
Run by Hungran at 17:54:46 on 2013-01-21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.12221.8849 [GMT -5:00]
.
AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\ExpressGateUtil\VAWinService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Hungran\AppData\Local\AOL\AIM\aim.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\Hungran\jagexcache\jagexlauncher\bin\JagexLauncher.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\$Recycle.Bin\S-1-5-21-138338194-604536875-1673374467-1000\$a22e9ca6559a2f8e6a68eb3c55ad94ae\U
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://asus.msn.com
uURLSearchHooks: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll
uURLSearchHooks: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - <orphaned>
uURLSearchHooks: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRune.dll
mURLSearchHooks: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRune.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRune.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: RuneScape Toolbar: {A8864317-E18B-4292-99D9-E6E65AB905D3} - C:\Program Files (x86)\RuneScape\prxtbRune.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRune.dll
TB: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe
mRun: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRunOnce: [AA30DCE6-37A5-4A15-B09C-16E9346BA802] cmd.exe /C start /D "C:\Users\Hungran\AppData\Local\Temp" /B AA30DCE6-37A5-4A15-B09C-16E9346BA802.exe -postboot
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{B639D597-0501-46BE-BF02-A8F68C9D00D2} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B639D597-0501-46BE-BF02-A8F68C9D00D2}\331593D473 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B639D597-0501-46BE-BF02-A8F68C9D00D2}\9303230593 : DHCPNameServer = 192.168.1.1 68.237.161.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Hungran\AppData\Roaming\Mozilla\Firefox\Profiles\cuxlo4ba.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - component: C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-12-07 17:53; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; C:\Users\Hungran\AppData\Roaming\Mozilla\Firefox\Profiles\cuxlo4ba.default\ extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 AvgRkx64;avgrkx64.sys;C:\Windows\System32\drivers\avgrkx64.sys [2010-8-22 56008]
R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2010-8-22 269904]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-8-22 35664]
R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2010-8-22 317520]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/07/16 08:40:28];C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [2009-9-1 146928]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-7-16 359552]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-12-25 308136]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2010-7-16 60416]
R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2010-7-16 55808]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-7-16 2314240]
R2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService .exe [2011-3-25 91464]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-7-16 35104]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-7-16 56344]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-28 58368]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2012-12-20 446312]
S2 avg9emc;AVG E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-12-25 921952]
S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\System32\drivers\lgandbus64.sys [2011-5-26 19456]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2011-5-26 36256]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-7-16 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-7-16 79360]
S3 cxbu0x64;SmartTerminal XX44;C:\Windows\System32\drivers\cxbu0x64.sys [2012-2-25 115456]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-8-14 61792]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2011-5-26 15360]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-14 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2013-01-21 05:57:25 208216 ----a-w- C:\Windows\System32\drivers\91926101.sys
2013-01-21 05:46:31 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-04 05:14:40 -------- d-----w- C:\Users\Hungran\AppData\Local\Macromedia
2013-01-03 22:35:46 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-03 21:30:44 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2013-01-03 21:30:44 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2013-01-03 21:11:46 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-01-03 21:11:46 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-01-03 21:11:46 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-01-03 21:11:46 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-01-03 20:32:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-03 20:32:00 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-01-03 20:29:04 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-01-03 20:29:04 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-01-03 20:29:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-01-03 20:29:03 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-01-03 20:28:40 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-01-03 20:28:40 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-01-03 20:28:39 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-01-03 20:28:39 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-01-03 20:28:39 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-01-03 20:28:39 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-01-03 20:28:39 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-01-03 20:20:43 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2013-01-03 20:20:43 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-01-03 20:20:43 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-01-03 20:20:43 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-01-03 20:20:43 220672 ----a-w- C:\Windows\System32\wintrust.dll
2013-01-03 20:20:43 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-01-03 20:20:43 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-01-03 20:04:53 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2013-01-03 20:03:58 956416 ----a-w- C:\Windows\System32\localspl.dll
2013-01-03 20:01:38 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-01-03 20:01:37 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2013-01-03 20:01:37 723456 ----a-w- C:\Windows\System32\EncDec.dll
2013-01-03 20:01:37 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2013-01-03 20:01:37 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2013-01-03 20:01:37 331776 ----a-w- C:\Windows\System32\oleacc.dll
2013-01-03 20:01:37 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2013-01-03 19:57:58 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-01-03 19:57:58 67584 ----a-w- C:\Windows\splwow64.exe
2013-01-03 19:57:58 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2013-01-03 19:57:58 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-01-03 19:56:26 1462784 ----a-w- C:\Windows\System32\crypt32.dll
2013-01-03 19:56:26 1157632 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-01-03 19:56:25 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-01-03 19:56:25 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2013-01-03 19:56:25 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-01-03 19:56:25 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-01-03 19:56:16 77312 ----a-w- C:\Windows\System32\packager.dll
2013-01-03 19:56:16 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-01-03 18:48:33 -------- d--h--w- C:\ExpressGateUtil
2013-01-03 16:41:10 -------- d-----w- C:\Users\Hungran\AppData\Roaming\Xilisoft
2013-01-03 16:40:37 -------- d-----w- C:\ProgramData\Xilisoft
2013-01-03 16:40:37 -------- d-----w- C:\Program Files (x86)\Xilisoft
2013-01-02 01:46:55 -------- d-----w- C:\Program Files (x86)\Common Files\Software Update Utility
.
==================== Find3M ====================
.
2013-01-21 17:10:23 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2013-01-09 22:44:19 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-06 19:10:15 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-01-06 19:10:15 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-01-06 19:01:07 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-12-09 17:57:55 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-12-01 12:41:38 446312 ----a-w- C:\Windows\System32\drivers\nvstusb.sys
2012-12-01 12:41:38 1509736 ----a-w- C:\Windows\System32\nvir3dgenco6420152.dll
2012-12-01 05:49:26 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-12-01 05:49:25 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-12-01 05:49:25 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-12-01 05:49:24 890216 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-12-01 05:48:41 6223208 ----a-w- C:\Windows\System32\nvcpl.dll
2012-12-01 05:48:37 3311464 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-12-01 03:43:52 438632 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-09 05:34:27 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:49:37 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:27:51 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 04:48:28 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-10-25 08:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 17:55:07.32 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/14/2010 5:07:53 AM
System Uptime: 1/21/2013 12:54:00 AM (17 hours ago)
.
Motherboard: PEGATRON CORPORATION | | G60JX
Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz | Socket 989 | 1600/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 116 GiB total, 8.48 GiB free.
D: is FIXED (NTFS) - 330 GiB total, 43.898 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.2 MUI
Advertising Center
AIM 7
AIM for Windows
Aimersoft Video Converter Professional(Build 2.7.2.0)
American McGee's Alice(tm)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS AI Recovery
ASUS AP Bank
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ASUS WebStorage
ASUS_ScreenSaver_GSeries
Atheros Client Installation Program
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
ATK Package
AVG 9.0
AviSynth 2.5
Bing Bar
BitTorrent
Boingo Wi-Fi
Bonjour
Borderlands 2
Cherry Smart Device Package V1.7 Build 7
Choice Guard
Combined Community Codec Pack 2009-09-09
ControlDeck
Creative MediaSource 5
CyberLink LabelPrint
CyberLink Power2Go
CyberLink PowerDVD 9
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diablo II
Diablo III
DirectX 9 Runtime
DolbyFiles
Download Updater (AOL LLC)
ExpressGateCloud
Facebook Video Calling 1.2.0.287
Far Cry 3
Fast Boot
GameSpy Comrade
Google Chrome
Google Update Helper
Hero Editor V0.96
Intel(R) Management Engine Components
iTunes
Java 7 Update 6
Java Auto Updater
Junk Mail filter update
Logitech Gaming Software 5.10
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 18.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP3 Parser (KB973685)
Nero ControlCenter
Nero Installer
neroxml
Nexus Mod Manager
NVIDIA 3D Vision Controller Driver 310.70
NVIDIA 3D Vision Driver 310.70
NVIDIA 3D Vision PowerPack - Batman Arkham Asylum
NVIDIA 3D Vision PowerPack - Santa Clara Classic Car Show 2009
NVIDIA 3D Vision Video Player
NVIDIA Control Panel 310.70
NVIDIA Display Control Panel
NVIDIA Graphics Driver 310.70
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
PowerISO
Project64 1.6
PunkBuster Services
QuickTime
RCT3 Soaked
Realtek High Definition Audio Driver
RICOH R5U230 Media Driver ver.2.05.02.02
RuneScape Launcher 1.2.2
RuneScape Toolbar
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Skype Click to Call
Skype™ 5.10
Sound Blaster Audigy HD
Spybot - Search & Destroy
StarCraft II
Steam
Synaptics Pointing Device Driver
syncables desktop SE
UltraISO Premium V9.36
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Uplay
USB 2.0 2.0M UVC WebCam
VC80CRTRedist - 8.0.50727.6195
Videora Xbox 360 Converter 6
Visual C++ 8.0 Runtime Setup Package (x64)
VLC media player 1.1.0
WIDCOMM Bluetooth Software
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinFlash
WinRAR archiver
Wireless Console 3
World of Warcraft
Xilisoft Video Converter Ultimate
Xilisoft Xbox Converter 6
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar
YTD Toolbar v6.6
.
==== Event Viewer Messages From Past Week ========
.
1/21/2013 12:54:22 AM, Error: Microsoft-Windows-Smartcard-Server [602] - WDM Reader driver initialization cannot open reader device: The system cannot find the path specified.
1/20/2013 1:04:33 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
1/14/2013 8:20:20 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
.
==== End Of File ===========================

GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-21 18:00:20
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.0003 465.76GB
Running: 9ewsfnsw.exe; Driver: C:\Users\Hungran\AppData\Local\Temp\uwdiifod.sys

---- Devices - GMER 2.0 ----
Device \Driver\a9ee3suk \Device\Scsi\a9ee3suk1 ð¹A
Device \FileSystem\Ntfs \Ntfs
Device \FileSystem\fastfat \Fat
---- Modules - GMER 2.0 ----
Module \SystemRoot\System32\Drivers\a9ee3suk.SYS fffff88005c33000-fffff88005c77000 (278528 bytes)
---- Threads - GMER 2.0 ----
Thread C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [3340:5752] 0000000077cf2e3e
Thread C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [3340:6712] 0000000077cf3e59
Thread C:\Program Files\P4G\BatteryLife.exe [3372:4092] 0000000180001440
Thread C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [3416:988] 00000000742d52c9
Thread C:\Windows\Explorer.EXE [3436:1408] 000000000817180c
Thread C:\Windows\Explorer.EXE [3436:5208] 0000000008181670
Thread C:\Windows\Explorer.EXE [3436:2536] 0000000008181518
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2332:5276] 000007fefb9e2a74
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2288] 000000006d740000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [3392] 0000000075570000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [3416] 0000000077ca0000
Library c:\windows\system32\z (*** suspicious ***) @ C:\Windows\Explorer.EXE [3436] 0000066656340000
Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [2332] 000007feeb370000
Library ? (*** suspicious ***) @ C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [6160] 000007fee9f40000
Library ? (*** suspicious ***) @ C:\Windows\system32\svchost.exe [2276] 000007fefc030000
---- EOF - GMER 2.0 ----

Hungraninc · 23-Jan-2013, 08:11 PM #2

(Bump)

Hungraninc · 08:08 PM

Bump Bump

Edit: I'm currently updating windows and some misc programs. I wanted to re-run the scans and post them again. I'm unable to find an edit for the first post. Should I just scan again and post a second time in this thread?

Hungraninc · 09-Feb-2013, 12:55 AM #4

Bumped

**dvk01** · 11-Feb-2013, 07:22 AM #5

Delete any existing version of ComboFix you have sitting on your desktop

Please read and follow all these instructions very carefully

Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Hereto your Desktop.

**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
Remember to re enable the protection again after combofix has finished

--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running

Double click on renamed combofix.exe & follow the prompts.

If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues

*EXTRA NOTES*

If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Hungraninc · 11-Feb-2013, 12:53 PM #6

Good morning!
Here is your Combofix log:
ComboFix 13-02-07.02 - Hungran 02/11/2013 11:31:16.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.12221.10202 [GMT -5:00]
Running from: c:\users\Hungran\Desktop\ComboFix.exe
AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\S-1-5-21-138338194-604536875-1673374467-1000\$a22e9ca6559a2f8e6a68eb3c55ad94ae\@
c:\$recycle.bin\S-1-5-21-138338194-604536875-1673374467-1000\$a22e9ca6559a2f8e6a68eb3c55ad94ae\n
c:\$recycle.bin\S-1-5-21-138338194-604536875-1673374467-1000\$a22e9ca6559a2f8e6a68eb3c55ad94ae\U\00000001.@
c:\$recycle.bin\S-1-5-21-138338194-604536875-1673374467-1000\$a22e9ca6559a2f8e6a68eb3c55ad94ae\U\80000000.@
c:\$recycle.bin\S-1-5-21-138338194-604536875-1673374467-1000\$a22e9ca6559a2f8e6a68eb3c55ad94ae\U\800000cb.@
c:\programdata\FullRemove.exe
c:\programdata\Microsoft\Windows\DRM\1194.tmp
c:\programdata\Microsoft\Windows\DRM\11A5.tmp
c:\programdata\Microsoft\Windows\DRM\22C2.tmp
c:\programdata\Microsoft\Windows\DRM\22C3.tmp
c:\programdata\Microsoft\Windows\DRM\27B0.tmp
c:\programdata\Microsoft\Windows\DRM\27B1.tmp
c:\programdata\Microsoft\Windows\DRM\5F8C.tmp
c:\programdata\Microsoft\Windows\DRM\5F8D.tmp
c:\programdata\Microsoft\Windows\DRM\6FA.tmp
c:\programdata\Microsoft\Windows\DRM\6FB.tmp
c:\programdata\Microsoft\Windows\DRM\D0B6.tmp
c:\programdata\Microsoft\Windows\DRM\D0B7.tmp
c:\programdata\Microsoft\Windows\DRM\D10F.tmp
c:\programdata\Microsoft\Windows\DRM\D11F.tmp
c:\windows\msvcr71.dll
c:\windows\SysWow64\tmp1983.tmp
c:\windows\SysWow64\tmp19A3.tmp
c:\windows\SysWow64\tmp441B.tmp
c:\windows\SysWow64\tmp443B.tmp
c:\windows\SysWow64\tmp6392.tmp
c:\windows\SysWow64\tmp7D05.tmp
c:\windows\SysWow64\tmp7D16.tmp
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-01-11 to 2013-02-11 )))))))))))))))))))))))))))))))
.
.
2013-02-11 17:13 . 2013-02-11 17:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-02-11 17:13 . 2013-02-11 17:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-09 05:19 . 2013-02-09 05:19 -------- d-----w- c:\programdata\SwiftKit
2013-02-09 05:19 . 2012-11-30 10:45 117507 ----a-w- c:\windows\SysWow64\msinet.ocx
2013-02-09 05:19 . 2012-11-30 10:45 109248 ----a-w- c:\windows\SysWow64\MSWINSCK.OCX
2013-02-09 05:19 . 2013-02-09 05:19 -------- d-----w- c:\program files (x86)\SwiftKit
2013-01-30 19:52 . 2013-02-09 23:51 -------- d-----w- c:\windows\LastGood
2013-01-28 02:30 . 2012-08-21 18:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-01-28 02:29 . 2013-01-28 02:29 -------- d-----w- c:\program files\iPod
2013-01-28 02:29 . 2013-01-28 02:29 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-28 02:29 . 2013-01-28 02:29 -------- d-----w- c:\program files\iTunes
2013-01-28 02:29 . 2013-01-28 02:29 -------- d-----w- c:\program files (x86)\iTunes
2013-01-28 02:28 . 2013-01-28 02:28 -------- d-----w- c:\program files\Bonjour
2013-01-28 02:28 . 2013-01-28 02:28 -------- d-----w- c:\program files (x86)\Bonjour
2013-01-27 01:08 . 2011-03-11 06:18 2566144 ----a-w- c:\windows\system32\esent.dll
2013-01-27 01:08 . 2011-03-11 06:23 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2013-01-27 01:08 . 2011-03-11 06:23 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2013-01-27 01:08 . 2011-03-11 06:22 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2013-01-27 01:08 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\SysWow64\esent.dll
2013-01-27 01:08 . 2011-03-11 06:23 187264 ----a-w- c:\windows\system32\drivers\storport.sys
2013-01-27 01:08 . 2011-03-11 06:23 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2013-01-27 01:08 . 2011-03-11 06:22 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2013-01-27 01:08 . 2011-03-11 06:15 96768 ----a-w- c:\windows\system32\fsutil.exe
2013-01-27 01:08 . 2011-03-11 05:37 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2013-01-27 01:08 . 2011-03-11 04:31 91136 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2013-01-27 01:05 . 2011-02-05 12:41 556928 ----a-w- c:\windows\system32\winresume.efi
2013-01-26 18:40 . 2013-01-26 18:40 -------- d-----w- c:\users\Hungran\AppData\Local\My Games
2013-01-21 05:46 . 2013-01-21 23:20 -------- d-----w- C:\TDSSKiller_Quarantine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-08 16:44 . 2013-01-03 22:35 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-08 16:44 . 2011-08-30 04:11 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-31 21:34 . 2012-12-09 18:21 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-01-31 21:34 . 2012-12-09 17:57 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-01-31 18:47 . 2012-12-09 17:57 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-01-27 15:35 . 2012-05-25 22:54 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-01-27 01:20 . 2011-02-14 20:26 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-16 16:52 . 2013-01-03 20:29 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:40 . 2013-01-03 20:29 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:25 . 2013-01-03 20:29 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:25 . 2013-01-03 20:29 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-09 17:57 . 2011-03-27 00:26 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-12-03 15:47 . 2012-12-20 18:52 9271352 ----a-w- c:\windows\system32\nvcuda.dll
2012-12-03 15:47 . 2012-12-20 18:52 7819016 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-12-03 15:47 . 2012-12-20 18:52 7446192 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-03 15:47 . 2012-12-20 18:52 6149904 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-12-03 15:47 . 2012-12-20 18:52 2816824 ----a-w- c:\windows\system32\nvapi64.dll
2012-12-03 15:47 . 2012-12-20 18:52 2784104 ----a-w- c:\windows\system32\nvcuvid.dll
2012-12-03 15:47 . 2012-12-20 18:52 26811240 ----a-w- c:\windows\system32\nvoglv64.dll
2012-12-03 15:47 . 2012-12-20 18:52 2606440 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-12-03 15:47 . 2012-12-20 18:52 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-12-03 15:47 . 2012-12-20 18:52 2496976 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-12-03 15:47 . 2012-12-20 18:52 2226024 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-12-03 15:47 . 2012-12-20 18:52 20335976 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-12-03 15:47 . 2012-12-20 18:52 1874280 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-12-03 15:47 . 2012-12-20 18:52 1805672 ----a-w- c:\windows\system32\nvdispco64.dll
2012-12-03 15:47 . 2012-12-20 18:52 18045968 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-12-03 15:47 . 2012-12-20 18:52 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-12-03 15:47 . 2012-12-20 18:52 15122280 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-12-03 15:47 . 2012-12-20 18:52 1504104 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-12-03 15:47 . 2012-12-20 18:52 15016256 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-12-03 15:47 . 2012-12-20 18:52 12603960 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-12-03 15:47 . 2012-12-20 18:52 11532648 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-12-01 12:41 . 2012-12-20 18:52 446312 ----a-w- c:\windows\system32\drivers\nvstusb.sys
2012-12-01 12:41 . 2012-12-20 18:52 1509736 ----a-w- c:\windows\system32\nvir3dgenco6420152.dll
2012-12-01 05:49 . 2012-12-20 18:53 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-12-01 05:49 . 2012-12-20 18:53 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-12-01 05:49 . 2012-12-20 18:53 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-01 05:49 . 2012-12-20 18:53 890216 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-01 05:48 . 2012-12-20 18:53 6223208 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-01 05:48 . 2012-12-20 18:53 3311464 ----a-w- c:\windows\system32\nvsvc64.dll
2012-12-01 03:43 . 2012-12-01 03:43 438632 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-11-30 10:45 . 2012-11-30 10:45 1645320 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-11-30 10:45 . 2004-03-09 05:00 203976 ----a-w- c:\windows\SysWow64\RICHTX32.OCX
2012-11-30 10:45 . 2004-03-09 05:00 152848 ----a-w- c:\windows\SysWow64\comdlg32.ocx
2012-11-30 04:56 . 2013-01-27 01:09 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2013-01-03 20:31 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2013-01-03 20:31 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2013-01-03 20:31 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2013-01-03 20:31 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2013-01-03 20:31 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2013-01-03 20:31 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2013-01-03 20:31 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2013-01-03 20:31 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2013-01-03 20:31 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2013-01-03 20:31 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2013-01-03 20:31 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2013-01-03 20:31 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2013-01-03 20:31 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2013-01-03 20:31 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2013-01-03 20:32 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2013-01-03 20:31 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2013-01-03 20:31 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2013-01-03 20:31 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2013-01-03 20:31 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2013-01-03 20:31 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2013-01-03 20:31 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2013-01-03 20:32 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a8864317-e18b-4292-99d9-e6e65ab905d3}"= "c:\program files (x86)\RuneScape\prxtbRune.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\RuneScape\prxtbRune.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
2012-11-28 21:42 1230216 ----a-w- c:\program files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{a8864317-e18b-4292-99d9-e6e65ab905d3}"= "c:\program files (x86)\RuneScape\prxtbRune.dll" [2011-05-09 176936]
"{F3FEE66E-E034-436a-86E4-9690573BEE8A}"= "c:\program files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll" [2012-11-28 1230216]
.
[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
.
[HKEY_CLASSES_ROOT\clsid\{f3fee66e-e034-436a-86e4-9690573bee8a}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-04-05 370480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-07-16 2429]
"VolPanel"="c:\program files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" [2008-12-29 237693]
"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2012-01-26 2077536]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Malwarebytes Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe [2010-7-16 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 avg9emc;AVG E-mail Scanner;c:\program files (x86)\AVG\AVG9\avgemc.exe [2010-12-25 921952]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [2010-08-06 19456]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2009-11-14 36256]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-07-16 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-07-16 79360]
R3 cxbu0x64;SmartTerminal XX44;c:\windows\system32\DRIVERS\cxbu0x64.sys [2007-04-17 115456]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2010-09-02 15360]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-14 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S0 AvgRkx64;avgrkx64.sys;c:\windows\System32\Drivers\avgrkx64.sys [2010-12-25 56008]
S1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [2010-12-25 269904]
S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [2011-09-14 35664]
S1 AvgTdiA;AVG Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [2011-05-06 317520]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/07/16 08:40];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-09-01 23:59 146928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-17 359552]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 avg9wd;AVG WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-12-25 308136]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-05 55808]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-01 382824]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService .exe [2011-03-25 91464]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-29 58368]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys [2012-12-01 446312]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-01 22:17 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-03 16:44]
.
2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-16 15:56]
.
2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-16 15:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\avgrssta.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Hungran\AppData\Roaming\Mozilla\Firefox\Profiles\cuxlo4ba.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-61264519.sys
SafeBoot-96825962.sys
Toolbar-Locked - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{A8864317-E18B-4292-99D9-E6E65AB905D3} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-ASUS_ScreenSaver_GSeries - c:\windows\system32\ASUS_ScreenSaver_GSeries.scr
AddRemove-NVIDIA 3D Vision PowerPack - Batman Arkham Asylum_is1 - c:\program files (x86)\NVIDIA Corporation\3D Vision\PowerPack uninstallers\NVIDIA 3D Vision PowerPack - Batman Arkham Asylum\unins000.exe
AddRemove-NVIDIA 3D Vision PowerPack - Santa Clara Classic~59A618D7_is1 - c:\program files (x86)\NVIDIA Corporation\3D Vision\PowerPack uninstallers\NVIDIA 3D Vision PowerPack - Santa Clara Classic Car Show 2009\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-138338194-604536875-1673374467-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:b6,bc,a3,8a,55,d1,a6,d7,3d,2d,d8,ea,11,a4,2d,78,35,4a,bb,a2,2d,41, 04,
43,96,7e,d5,25,65,2b,02,ae,43,ba,9b,f4,6e,6e,40,c0,bf,d2,7e,f4,d1,83,10,a6, \
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
[HKEY_USERS\S-1-5-21-138338194-604536875-1673374467-1000\Software\SecuROM\License information*]
"datasecu"=hex:87,ca,eb,38,43,e8,30,eb,e4,ff,1f,1b,7e,f1,b7,6e,74,0e,fb,89, 64,
b3,7a,84,36,c9,9c,5b,a2,f6,4f,8f,5c,07,72,5d,ad,a0,4c,1f,d6,7a,23,be,1c,97, \
"rkeysecu"=hex:e6,0b,cf,9d,d3,83,e9,01,cc,63,28,ed,52,3a,aa,95
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_ 5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-11 12:48:14
ComboFix-quarantined-files.txt 2013-02-11 17:48
.
Pre-Run: 6,700,867,584 bytes free
Post-Run: 8,350,937,088 bytes free
.
- - End Of File - - FF079D96BF4B5FCE85E56BB39BA57165

**dvk01** · 12-Feb-2013, 03:53 AM #7

uninstall YTD Toolbar v6.6
RuneScape Toolbar

then
Please download AdwCleaner to your desktop.

Double click the adwcleaner.exe to run the tool.
Click Search.
When the scan finished, a notepad window will be opened.
Please post the contents here in your topic.
The logfile will also be saved in C:\AdwCleaner[R1].txt.

Hungraninc · 13-Feb-2013, 12:12 AM #8

Alright I haven't been on the computer much because of work. But I haven't been able to notice the problem happen - at all. Also the Jagex Toolbar was a wanted item. I still went ahead and removed both of them anyways.

# AdwCleaner v2.112 - Logfile created 02/13/2013 at 00:10:25
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Hungran - HUNGRAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Hungran\Desktop\AdwCleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\ProgramData\Partner
Folder Found : C:\Users\Hungran\AppData\Local\Conduit
Folder Found : C:\Users\Hungran\AppData\LocalLow\Conduit
Folder Found : C:\Users\Hungran\AppData\LocalLow\PriceGong
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2680363
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Softwa reUpdUtility
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKU\S-1-5-21-138338194-604536875-1673374467-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry is clean.
-\\ Mozilla Firefox v18.0.2 (en-US)
File : C:\Users\Hungran\AppData\Roaming\Mozilla\Firefox\Profiles\cuxlo4ba.default\ prefs.js
[OK] File is clean.
-\\ Google Chrome v24.0.1312.57
File : C:\Users\Hungran\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [4444 octets] - [13/02/2013 00:10:25]
########## EOF - C:\AdwCleaner[R1].txt - [4504 octets] ##########

**dvk01** · 13-Feb-2013, 03:00 AM #9

you c an reinstall the jagex (runescape) toolbar when we have finished, but several searches suggest that it sometimes causes pop up ads or other unwanted behaviour, so it is sensible to remove it, while cleaning others to eliminate the possibility of it having some responsibility. Once the computer is clean & no more problems, you can reinstall & hopew that it isn't responsible in any way

Please run AdwCleaner again, This time press delete, It will clear the problems & then offer to reboot, please let it reboot & then post the log it makes.
The logfile will also be saved in C:\AdwCleaner[S1].txt

Hungraninc · 14-Feb-2013, 12:57 AM **#10**

# AdwCleaner v2.112 - Logfile created 02/13/2013 at 13:37:50
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Hungran - HUNGRAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Hungran\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\Hungran\AppData\Local\Conduit
Folder Deleted : C:\Users\Hungran\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Hungran\AppData\LocalLow\PriceGong
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2680363
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Softwa reUpdUtility
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry is clean.
-\\ Mozilla Firefox v18.0.2 (en-US)
File : C:\Users\Hungran\AppData\Roaming\Mozilla\Firefox\Profiles\cuxlo4ba.default\ prefs.js
C:\Users\Hungran\AppData\Roaming\Mozilla\Firefox\Profiles\cuxlo4ba.default\ user.js ... Deleted !
[OK] File is clean.
-\\ Google Chrome v24.0.1312.57
File : C:\Users\Hungran\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [4567 octets] - [13/02/2013 00:10:25]
AdwCleaner[S1].txt - [4543 octets] - [13/02/2013 13:37:50]
########## EOF - C:\AdwCleaner[S1].txt - [4603 octets] ##########

**dvk01** · 14-Feb-2013, 02:44 AM **#11**

how is it now?
what problems ( if any ) are you still having?

Hungraninc · 17-Feb-2013, 08:41 AM **#12**

I've only been on here for a few minutes in the last few days. But When I was on I couldn't find the problem again

**dvk01** · 17-Feb-2013, 11:18 AM **#13**

*Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
* Click START then RUN
* Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.

This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

and scan here http://secunia.com/vulnerability_scanning/personal for out of date & vulnerable common applications on your computer and update whatever it suggests. Download & use the PSI version ( not the OSI, in your browser java version) as I no longer recommend having Java installed on the computer at all, unless it is absolutely necessary, because of the too high risk of malware infiltration

Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us

Hungraninc · 26-Feb-2013, 10:27 PM **#14**

Sorry computer time has been zero for a little while - life

Thanks for helping me get rid of that! I shall try and update my security more since it is very much lacking.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Solved: Advertisements in background + hogging resources.

Find the solution to your computer problem!

Find the solution to your
computer problem!