1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Advertisements in background + hogging resources.

Discussion in 'Virus & Other Malware Removal' started by Hungraninc, Jan 21, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. Hungraninc

    Hungraninc Thread Starter

    Joined:
    Jan 21, 2013
    Messages:
    9
    Hello there!
    Been having a problem where advertisements randomly start playing even with nothing open. I noticed when it happened that "Svchost.exe, Host Process for Windows Services" Would be running and taking up a ton of memory. When I end it the advertisements stop. Butttt they come back randomly. Also having a problem with fullscreen games minimizing itself a lot.

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, 64 bit
    Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz, Intel64 Family 6 Model 30 Stepping 5
    Processor Count: 8
    RAM: 12221 Mb
    Graphics Card: NVIDIA GeForce GTS 360M, 1024 Mb
    Hard Drives: C: Total - 119232 MB, Free - 8676 MB; D: Total - 337702 MB, Free - 44951 MB;
    Motherboard: PEGATRON CORPORATION, G60JX
    Antivirus: AVG Internet Security, Disabled




    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 5:53:14 PM, on 1/21/2013
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
    C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
    C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
    C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
    C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Users\Hungran\AppData\Local\AOL\AIM\aim.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Users\Hungran\jagexcache\jagexlauncher\bin\JagexLauncher.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\Hungran\Desktop\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll
    R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
    R3 - URLSearchHook: RuneScape Toolbar - {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRune.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: RuneScape - {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRune.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: RuneScape Toolbar - {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRune.dll
    O3 - Toolbar: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O4 - HKLM\..\Run: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\RunOnce: [AA30DCE6-37A5-4A15-B09C-16E9346BA802] cmd.exe /C start /D "C:\Users\Hungran\AppData\Local\Temp" /B AA30DCE6-37A5-4A15-B09C-16E9346BA802.exe -postboot
    O4 - HKCU\..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe
    O4 - Global Startup: FancyStart daemon.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe
    O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: VideAceWindowsService - Unknown owner - C:\ExpressGateUtil\VAWinService.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    --
    End of file - 15704 bytes





    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.6.2
    Run by Hungran at 17:54:46 on 2013-01-21
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.12221.8849 [GMT -5:00]
    .
    AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\FBAgent.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\ExpressGateUtil\VAWinService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\P4G\BatteryLife.exe
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Windows\Explorer.EXE
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
    C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
    C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
    C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Users\Hungran\AppData\Local\AOL\AIM\aim.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Users\Hungran\jagexcache\jagexlauncher\bin\JagexLauncher.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\$Recycle.Bin\S-1-5-21-138338194-604536875-1673374467-1000\$a22e9ca6559a2f8e6a68eb3c55ad94ae\U
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uDefault_Page_URL = hxxp://asus.msn.com
    uURLSearchHooks: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll
    uURLSearchHooks: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - <orphaned>
    uURLSearchHooks: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRune.dll
    mURLSearchHooks: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRune.dll
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRune.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll
    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    TB: RuneScape Toolbar: {A8864317-E18B-4292-99D9-E6E65AB905D3} - C:\Program Files (x86)\RuneScape\prxtbRune.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    TB: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRune.dll
    TB: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    uRun: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe
    mRun: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
    mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
    mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    mRunOnce: [AA30DCE6-37A5-4A15-B09C-16E9346BA802] cmd.exe /C start /D "C:\Users\Hungran\AppData\Local\Temp" /B AA30DCE6-37A5-4A15-B09C-16E9346BA802.exe -postboot
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{B639D597-0501-46BE-BF02-A8F68C9D00D2} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{B639D597-0501-46BE-BF02-A8F68C9D00D2}\331593D473 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{B639D597-0501-46BE-BF02-A8F68C9D00D2}\9303230593 : DHCPNameServer = 192.168.1.1 68.237.161.12
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
    x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Hungran\AppData\Roaming\Mozilla\Firefox\Profiles\cuxlo4ba.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
    FF - component: C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
    FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2012-12-07 17:53; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; C:\Users\Hungran\AppData\Roaming\Mozilla\Firefox\Profiles\cuxlo4ba.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    ============= SERVICES / DRIVERS ===============
    .
    R0 AvgRkx64;avgrkx64.sys;C:\Windows\System32\drivers\avgrkx64.sys [2010-8-22 56008]
    R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2010-8-22 269904]
    R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-8-22 35664]
    R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2010-8-22 317520]
    R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/07/16 08:40:28];C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [2009-9-1 146928]
    R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-7-16 359552]
    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
    R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-12-25 308136]
    R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
    R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2010-7-16 60416]
    R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2010-7-16 55808]
    R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-7-16 2314240]
    R2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2011-3-25 91464]
    R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-7-16 35104]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-7-16 56344]
    R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-28 58368]
    R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2012-12-20 446312]
    S2 avg9emc;AVG E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-12-25 921952]
    S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\System32\drivers\lgandbus64.sys [2011-5-26 19456]
    S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2011-5-26 36256]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-7-16 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-7-16 79360]
    S3 cxbu0x64;SmartTerminal XX44;C:\Windows\System32\drivers\cxbu0x64.sys [2012-2-25 115456]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-8-14 61792]
    S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
    S3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2011-5-26 15360]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-14 1255736]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    .
    =============== Created Last 30 ================
    .
    2013-01-21 05:57:25 208216 ----a-w- C:\Windows\System32\drivers\91926101.sys
    2013-01-21 05:46:31 -------- d-----w- C:\TDSSKiller_Quarantine
    2013-01-04 05:14:40 -------- d-----w- C:\Users\Hungran\AppData\Local\Macromedia
    2013-01-03 22:35:46 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-01-03 21:30:44 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
    2013-01-03 21:30:44 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
    2013-01-03 21:11:46 9728 ----a-w- C:\Windows\System32\Wdfres.dll
    2013-01-03 21:11:46 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
    2013-01-03 21:11:46 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
    2013-01-03 21:11:46 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
    2013-01-03 20:32:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-01-03 20:32:00 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-01-03 20:29:04 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2013-01-03 20:29:04 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2013-01-03 20:29:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2013-01-03 20:29:03 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2013-01-03 20:28:40 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
    2013-01-03 20:28:40 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
    2013-01-03 20:28:39 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
    2013-01-03 20:28:39 744448 ----a-w- C:\Windows\System32\WUDFx.dll
    2013-01-03 20:28:39 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
    2013-01-03 20:28:39 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
    2013-01-03 20:28:39 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
    2013-01-03 20:20:43 80896 ----a-w- C:\Windows\System32\imagehlp.dll
    2013-01-03 20:20:43 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2013-01-03 20:20:43 5120 ----a-w- C:\Windows\System32\wmi.dll
    2013-01-03 20:20:43 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2013-01-03 20:20:43 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2013-01-03 20:20:43 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2013-01-03 20:20:43 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2013-01-03 20:04:53 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
    2013-01-03 20:03:58 956416 ----a-w- C:\Windows\System32\localspl.dll
    2013-01-03 20:01:38 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-01-03 20:01:37 861184 ----a-w- C:\Windows\System32\oleaut32.dll
    2013-01-03 20:01:37 723456 ----a-w- C:\Windows\System32\EncDec.dll
    2013-01-03 20:01:37 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2013-01-03 20:01:37 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2013-01-03 20:01:37 331776 ----a-w- C:\Windows\System32\oleacc.dll
    2013-01-03 20:01:37 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
    2013-01-03 19:57:58 751104 ----a-w- C:\Windows\System32\win32spl.dll
    2013-01-03 19:57:58 67584 ----a-w- C:\Windows\splwow64.exe
    2013-01-03 19:57:58 559104 ----a-w- C:\Windows\System32\spoolsv.exe
    2013-01-03 19:57:58 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2013-01-03 19:56:26 1462784 ----a-w- C:\Windows\System32\crypt32.dll
    2013-01-03 19:56:26 1157632 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-01-03 19:56:25 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
    2013-01-03 19:56:25 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2013-01-03 19:56:25 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2013-01-03 19:56:25 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2013-01-03 19:56:16 77312 ----a-w- C:\Windows\System32\packager.dll
    2013-01-03 19:56:16 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2013-01-03 18:48:33 -------- d--h--w- C:\ExpressGateUtil
    2013-01-03 16:41:10 -------- d-----w- C:\Users\Hungran\AppData\Roaming\Xilisoft
    2013-01-03 16:40:37 -------- d-----w- C:\ProgramData\Xilisoft
    2013-01-03 16:40:37 -------- d-----w- C:\Program Files (x86)\Xilisoft
    2013-01-02 01:46:55 -------- d-----w- C:\Program Files (x86)\Common Files\Software Update Utility
    .
    ==================== Find3M ====================
    .
    2013-01-21 17:10:23 45056 ----a-w- C:\Windows\System32\acovcnt.exe
    2013-01-09 22:44:19 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-06 19:10:15 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2013-01-06 19:10:15 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2013-01-06 19:01:07 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-12-09 17:57:55 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2012-12-01 12:41:38 446312 ----a-w- C:\Windows\System32\drivers\nvstusb.sys
    2012-12-01 12:41:38 1509736 ----a-w- C:\Windows\System32\nvir3dgenco6420152.dll
    2012-12-01 05:49:26 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
    2012-12-01 05:49:25 63336 ----a-w- C:\Windows\System32\nvshext.dll
    2012-12-01 05:49:25 118120 ----a-w- C:\Windows\System32\nvmctray.dll
    2012-12-01 05:49:24 890216 ----a-w- C:\Windows\System32\nvvsvc.exe
    2012-12-01 05:48:41 6223208 ----a-w- C:\Windows\System32\nvcpl.dll
    2012-12-01 05:48:37 3311464 ----a-w- C:\Windows\System32\nvsvc64.dll
    2012-12-01 03:43:52 438632 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-09 05:34:27 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-09 04:49:37 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-02 05:27:51 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 04:48:28 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    2012-10-25 08:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2012-10-25 08:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    .
    ============= FINISH: 17:55:07.32 ===============




    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 8/14/2010 5:07:53 AM
    System Uptime: 1/21/2013 12:54:00 AM (17 hours ago)
    .
    Motherboard: PEGATRON CORPORATION | | G60JX
    Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz | Socket 989 | 1600/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 116 GiB total, 8.48 GiB free.
    D: is FIXED (NTFS) - 330 GiB total, 43.898 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.2 MUI
    Advertising Center
    AIM 7
    AIM for Windows
    Aimersoft Video Converter Professional(Build 2.7.2.0)
    American McGee's Alice(tm)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ASUS AI Recovery
    ASUS AP Bank
    ASUS FancyStart
    ASUS LifeFrame3
    ASUS Live Update
    ASUS Power4Gear Hybrid
    ASUS SmartLogon
    ASUS Splendid Video Enhancement Technology
    ASUS Virtual Camera
    ASUS WebStorage
    ASUS_ScreenSaver_GSeries
    Atheros Client Installation Program
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    ATK Package
    AVG 9.0
    AviSynth 2.5
    Bing Bar
    BitTorrent
    Boingo Wi-Fi
    Bonjour
    Borderlands 2
    Cherry Smart Device Package V1.7 Build 7
    Choice Guard
    Combined Community Codec Pack 2009-09-09
    ControlDeck
    Creative MediaSource 5
    CyberLink LabelPrint
    CyberLink Power2Go
    CyberLink PowerDVD 9
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Diablo II
    Diablo III
    DirectX 9 Runtime
    DolbyFiles
    Download Updater (AOL LLC)
    ExpressGateCloud
    Facebook Video Calling 1.2.0.287
    Far Cry 3
    Fast Boot
    GameSpy Comrade
    Google Chrome
    Google Update Helper
    Hero Editor V0.96
    Intel(R) Management Engine Components
    iTunes
    Java 7 Update 6
    Java Auto Updater
    Junk Mail filter update
    Logitech Gaming Software 5.10
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office 2010
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mozilla Firefox 18.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP3 Parser (KB973685)
    Nero ControlCenter
    Nero Installer
    neroxml
    Nexus Mod Manager
    NVIDIA 3D Vision Controller Driver 310.70
    NVIDIA 3D Vision Driver 310.70
    NVIDIA 3D Vision PowerPack - Batman Arkham Asylum
    NVIDIA 3D Vision PowerPack - Santa Clara Classic Car Show 2009
    NVIDIA 3D Vision Video Player
    NVIDIA Control Panel 310.70
    NVIDIA Display Control Panel
    NVIDIA Graphics Driver 310.70
    NVIDIA HD Audio Driver 1.3.18.0
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.1031
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.11.3
    NVIDIA Update Components
    PowerISO
    Project64 1.6
    PunkBuster Services
    QuickTime
    RCT3 Soaked
    Realtek High Definition Audio Driver
    RICOH R5U230 Media Driver ver.2.05.02.02
    RuneScape Launcher 1.2.2
    RuneScape Toolbar
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
    Skype Click to Call
    Skype™ 5.10
    Sound Blaster Audigy HD
    Spybot - Search & Destroy
    StarCraft II
    Steam
    Synaptics Pointing Device Driver
    syncables desktop SE
    UltraISO Premium V9.36
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Uplay
    USB 2.0 2.0M UVC WebCam
    VC80CRTRedist - 8.0.50727.6195
    Videora Xbox 360 Converter 6
    Visual C++ 8.0 Runtime Setup Package (x64)
    VLC media player 1.1.0
    WIDCOMM Bluetooth Software
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    WinFlash
    WinRAR archiver
    Wireless Console 3
    World of Warcraft
    Xilisoft Video Converter Ultimate
    Xilisoft Xbox Converter 6
    Yahoo! Install Manager
    Yahoo! Software Update
    Yahoo! Toolbar
    YTD Toolbar v6.6
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/21/2013 12:54:22 AM, Error: Microsoft-Windows-Smartcard-Server [602] - WDM Reader driver initialization cannot open reader device: The system cannot find the path specified.
    1/20/2013 1:04:33 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    1/14/2013 8:20:20 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    .
    ==== End Of File ===========================








    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-21 18:00:20
    Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.0003 465.76GB
    Running: 9ewsfnsw.exe; Driver: C:\Users\Hungran\AppData\Local\Temp\uwdiifod.sys

    ---- Devices - GMER 2.0 ----
    Device \Driver\a9ee3suk \Device\Scsi\a9ee3suk1 ð¹A
    Device \FileSystem\Ntfs \Ntfs
    Device \FileSystem\fastfat \Fat
    ---- Modules - GMER 2.0 ----
    Module \SystemRoot\System32\Drivers\a9ee3suk.SYS fffff88005c33000-fffff88005c77000 (278528 bytes)
    ---- Threads - GMER 2.0 ----
    Thread C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [3340:5752] 0000000077cf2e3e
    Thread C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [3340:6712] 0000000077cf3e59
    Thread C:\Program Files\P4G\BatteryLife.exe [3372:4092] 0000000180001440
    Thread C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [3416:988] 00000000742d52c9
    Thread C:\Windows\Explorer.EXE [3436:1408] 000000000817180c
    Thread C:\Windows\Explorer.EXE [3436:5208] 0000000008181670
    Thread C:\Windows\Explorer.EXE [3436:2536] 0000000008181518
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2332:5276] 000007fefb9e2a74
    ---- Processes - GMER 2.0 ----
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2288] 000000006d740000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [3392] 0000000075570000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [3416] 0000000077ca0000
    Library c:\windows\system32\z (*** suspicious ***) @ C:\Windows\Explorer.EXE [3436] 0000066656340000
    Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [2332] 000007feeb370000
    Library ? (*** suspicious ***) @ C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [6160] 000007fee9f40000
    Library ? (*** suspicious ***) @ C:\Windows\system32\svchost.exe [2276] 000007fefc030000
    ---- EOF - GMER 2.0 ----
     
  2. Hungraninc

    Hungraninc Thread Starter

    Joined:
    Jan 21, 2013
    Messages:
    9
  3. Hungraninc

    Hungraninc Thread Starter

    Joined:
    Jan 21, 2013
    Messages:
    9
    Bump Bump :)
    Edit: I'm currently updating windows and some misc programs. I wanted to re-run the scans and post them again. I'm unable to find an edit for the first post. Should I just scan again and post a second time in this thread?
     
  4. Hungraninc

    Hungraninc Thread Starter

    Joined:
    Jan 21, 2013
    Messages:
    9
  5. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,903
    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Hereto your Desktop.

    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...
     
  6. Hungraninc

    Hungraninc Thread Starter

    Joined:
    Jan 21, 2013
    Messages:
    9
    Good morning!
    Here is your Combofix log:
    ComboFix 13-02-07.02 - Hungran 02/11/2013 11:31:16.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.12221.10202 [GMT -5:00]
    Running from: c:\users\Hungran\Desktop\ComboFix.exe
    AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\$recycle.bin\S-1-5-21-138338194-604536875-1673374467-1000\$a22e9ca6559a2f8e6a68eb3c55ad94ae\@
    c:\$recycle.bin\S-1-5-21-138338194-604536875-1673374467-1000\$a22e9ca6559a2f8e6a68eb3c55ad94ae\n
    c:\$recycle.bin\S-1-5-21-138338194-604536875-1673374467-1000\$a22e9ca6559a2f8e6a68eb3c55ad94ae\U\00000001.@
    c:\$recycle.bin\S-1-5-21-138338194-604536875-1673374467-1000\$a22e9ca6559a2f8e6a68eb3c55ad94ae\U\80000000.@
    c:\$recycle.bin\S-1-5-21-138338194-604536875-1673374467-1000\$a22e9ca6559a2f8e6a68eb3c55ad94ae\U\800000cb.@
    c:\programdata\FullRemove.exe
    c:\programdata\Microsoft\Windows\DRM\1194.tmp
    c:\programdata\Microsoft\Windows\DRM\11A5.tmp
    c:\programdata\Microsoft\Windows\DRM\22C2.tmp
    c:\programdata\Microsoft\Windows\DRM\22C3.tmp
    c:\programdata\Microsoft\Windows\DRM\27B0.tmp
    c:\programdata\Microsoft\Windows\DRM\27B1.tmp
    c:\programdata\Microsoft\Windows\DRM\5F8C.tmp
    c:\programdata\Microsoft\Windows\DRM\5F8D.tmp
    c:\programdata\Microsoft\Windows\DRM\6FA.tmp
    c:\programdata\Microsoft\Windows\DRM\6FB.tmp
    c:\programdata\Microsoft\Windows\DRM\D0B6.tmp
    c:\programdata\Microsoft\Windows\DRM\D0B7.tmp
    c:\programdata\Microsoft\Windows\DRM\D10F.tmp
    c:\programdata\Microsoft\Windows\DRM\D11F.tmp
    c:\windows\msvcr71.dll
    c:\windows\SysWow64\tmp1983.tmp
    c:\windows\SysWow64\tmp19A3.tmp
    c:\windows\SysWow64\tmp441B.tmp
    c:\windows\SysWow64\tmp443B.tmp
    c:\windows\SysWow64\tmp6392.tmp
    c:\windows\SysWow64\tmp7D05.tmp
    c:\windows\SysWow64\tmp7D16.tmp
    c:\windows\SysWow64\URTTemp
    c:\windows\SysWow64\URTTemp\regtlib.exe
    c:\windows\wininit.ini
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-11 to 2013-02-11 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-11 17:13 . 2013-02-11 17:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2013-02-11 17:13 . 2013-02-11 17:13 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-02-09 05:19 . 2013-02-09 05:19 -------- d-----w- c:\programdata\SwiftKit
    2013-02-09 05:19 . 2012-11-30 10:45 117507 ----a-w- c:\windows\SysWow64\msinet.ocx
    2013-02-09 05:19 . 2012-11-30 10:45 109248 ----a-w- c:\windows\SysWow64\MSWINSCK.OCX
    2013-02-09 05:19 . 2013-02-09 05:19 -------- d-----w- c:\program files (x86)\SwiftKit
    2013-01-30 19:52 . 2013-02-09 23:51 -------- d-----w- c:\windows\LastGood
    2013-01-28 02:30 . 2012-08-21 18:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2013-01-28 02:29 . 2013-01-28 02:29 -------- d-----w- c:\program files\iPod
    2013-01-28 02:29 . 2013-01-28 02:29 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-01-28 02:29 . 2013-01-28 02:29 -------- d-----w- c:\program files\iTunes
    2013-01-28 02:29 . 2013-01-28 02:29 -------- d-----w- c:\program files (x86)\iTunes
    2013-01-28 02:28 . 2013-01-28 02:28 -------- d-----w- c:\program files\Bonjour
    2013-01-28 02:28 . 2013-01-28 02:28 -------- d-----w- c:\program files (x86)\Bonjour
    2013-01-27 01:08 . 2011-03-11 06:18 2566144 ----a-w- c:\windows\system32\esent.dll
    2013-01-27 01:08 . 2011-03-11 06:23 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
    2013-01-27 01:08 . 2011-03-11 06:23 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
    2013-01-27 01:08 . 2011-03-11 06:22 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
    2013-01-27 01:08 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\SysWow64\esent.dll
    2013-01-27 01:08 . 2011-03-11 06:23 187264 ----a-w- c:\windows\system32\drivers\storport.sys
    2013-01-27 01:08 . 2011-03-11 06:23 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
    2013-01-27 01:08 . 2011-03-11 06:22 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
    2013-01-27 01:08 . 2011-03-11 06:15 96768 ----a-w- c:\windows\system32\fsutil.exe
    2013-01-27 01:08 . 2011-03-11 05:37 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
    2013-01-27 01:08 . 2011-03-11 04:31 91136 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
    2013-01-27 01:05 . 2011-02-05 12:41 556928 ----a-w- c:\windows\system32\winresume.efi
    2013-01-26 18:40 . 2013-01-26 18:40 -------- d-----w- c:\users\Hungran\AppData\Local\My Games
    2013-01-21 05:46 . 2013-01-21 23:20 -------- d-----w- C:\TDSSKiller_Quarantine
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-08 16:44 . 2013-01-03 22:35 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-02-08 16:44 . 2011-08-30 04:11 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-31 21:34 . 2012-12-09 18:21 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2013-01-31 21:34 . 2012-12-09 17:57 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2013-01-31 18:47 . 2012-12-09 17:57 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2013-01-27 15:35 . 2012-05-25 22:54 45056 ----a-w- c:\windows\system32\acovcnt.exe
    2013-01-27 01:20 . 2011-02-14 20:26 67599240 ----a-w- c:\windows\system32\MRT.exe
    2012-12-16 16:52 . 2013-01-03 20:29 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:40 . 2013-01-03 20:29 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:25 . 2013-01-03 20:29 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:25 . 2013-01-03 20:29 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-09 17:57 . 2011-03-27 00:26 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-12-03 15:47 . 2012-12-20 18:52 9271352 ----a-w- c:\windows\system32\nvcuda.dll
    2012-12-03 15:47 . 2012-12-20 18:52 7819016 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2012-12-03 15:47 . 2012-12-20 18:52 7446192 ----a-w- c:\windows\system32\nvopencl.dll
    2012-12-03 15:47 . 2012-12-20 18:52 6149904 ----a-w- c:\windows\SysWow64\nvopencl.dll
    2012-12-03 15:47 . 2012-12-20 18:52 2816824 ----a-w- c:\windows\system32\nvapi64.dll
    2012-12-03 15:47 . 2012-12-20 18:52 2784104 ----a-w- c:\windows\system32\nvcuvid.dll
    2012-12-03 15:47 . 2012-12-20 18:52 26811240 ----a-w- c:\windows\system32\nvoglv64.dll
    2012-12-03 15:47 . 2012-12-20 18:52 2606440 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2012-12-03 15:47 . 2012-12-20 18:52 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
    2012-12-03 15:47 . 2012-12-20 18:52 2496976 ----a-w- c:\windows\SysWow64\nvapi.dll
    2012-12-03 15:47 . 2012-12-20 18:52 2226024 ----a-w- c:\windows\system32\nvcuvenc.dll
    2012-12-03 15:47 . 2012-12-20 18:52 20335976 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2012-12-03 15:47 . 2012-12-20 18:52 1874280 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2012-12-03 15:47 . 2012-12-20 18:52 1805672 ----a-w- c:\windows\system32\nvdispco64.dll
    2012-12-03 15:47 . 2012-12-20 18:52 18045968 ----a-w- c:\windows\system32\nvd3dumx.dll
    2012-12-03 15:47 . 2012-12-20 18:52 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2012-12-03 15:47 . 2012-12-20 18:52 15122280 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2012-12-03 15:47 . 2012-12-20 18:52 1504104 ----a-w- c:\windows\system32\nvdispgenco64.dll
    2012-12-03 15:47 . 2012-12-20 18:52 15016256 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2012-12-03 15:47 . 2012-12-20 18:52 12603960 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2012-12-03 15:47 . 2012-12-20 18:52 11532648 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2012-12-01 12:41 . 2012-12-20 18:52 446312 ----a-w- c:\windows\system32\drivers\nvstusb.sys
    2012-12-01 12:41 . 2012-12-20 18:52 1509736 ----a-w- c:\windows\system32\nvir3dgenco6420152.dll
    2012-12-01 05:49 . 2012-12-20 18:53 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
    2012-12-01 05:49 . 2012-12-20 18:53 63336 ----a-w- c:\windows\system32\nvshext.dll
    2012-12-01 05:49 . 2012-12-20 18:53 118120 ----a-w- c:\windows\system32\nvmctray.dll
    2012-12-01 05:49 . 2012-12-20 18:53 890216 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-12-01 05:48 . 2012-12-20 18:53 6223208 ----a-w- c:\windows\system32\nvcpl.dll
    2012-12-01 05:48 . 2012-12-20 18:53 3311464 ----a-w- c:\windows\system32\nvsvc64.dll
    2012-12-01 03:43 . 2012-12-01 03:43 438632 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2012-11-30 10:45 . 2012-11-30 10:45 1645320 ----a-w- c:\windows\SysWow64\gdiplus.dll
    2012-11-30 10:45 . 2004-03-09 05:00 203976 ----a-w- c:\windows\SysWow64\RICHTX32.OCX
    2012-11-30 10:45 . 2004-03-09 05:00 152848 ----a-w- c:\windows\SysWow64\comdlg32.ocx
    2012-11-30 04:56 . 2013-01-27 01:09 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-11-14 07:06 . 2013-01-03 20:31 17811968 ----a-w- c:\windows\system32\mshtml.dll
    2012-11-14 06:32 . 2013-01-03 20:31 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-11-14 06:11 . 2013-01-03 20:31 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-11-14 06:04 . 2013-01-03 20:31 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-11-14 06:04 . 2013-01-03 20:31 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-11-14 06:02 . 2013-01-03 20:31 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-14 06:02 . 2013-01-03 20:31 237056 ----a-w- c:\windows\system32\url.dll
    2012-11-14 05:59 . 2013-01-03 20:31 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-11-14 05:58 . 2013-01-03 20:31 816640 ----a-w- c:\windows\system32\jscript.dll
    2012-11-14 05:57 . 2013-01-03 20:31 599040 ----a-w- c:\windows\system32\vbscript.dll
    2012-11-14 05:57 . 2013-01-03 20:31 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-11-14 05:55 . 2013-01-03 20:31 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-11-14 05:55 . 2013-01-03 20:31 729088 ----a-w- c:\windows\system32\msfeeds.dll
    2012-11-14 05:53 . 2013-01-03 20:31 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-11-14 05:52 . 2013-01-03 20:32 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-14 05:46 . 2013-01-03 20:31 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-11-14 02:09 . 2013-01-03 20:31 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-11-14 01:58 . 2013-01-03 20:31 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57 . 2013-01-03 20:31 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-11-14 01:49 . 2013-01-03 20:31 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48 . 2013-01-03 20:31 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-11-14 01:44 . 2013-01-03 20:32 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{a8864317-e18b-4292-99d9-e6e65ab905d3}"= "c:\program files (x86)\RuneScape\prxtbRune.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
    2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\RuneScape\prxtbRune.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
    2012-11-28 21:42 1230216 ----a-w- c:\program files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{a8864317-e18b-4292-99d9-e6e65ab905d3}"= "c:\program files (x86)\RuneScape\prxtbRune.dll" [2011-05-09 176936]
    "{F3FEE66E-E034-436a-86E4-9690573BEE8A}"= "c:\program files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll" [2012-11-28 1230216]
    .
    [HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
    .
    [HKEY_CLASSES_ROOT\clsid\{f3fee66e-e034-436a-86e4-9690573bee8a}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-04-05 370480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-07-16 2429]
    "VolPanel"="c:\program files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" [2008-12-29 237693]
    "AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2012-01-26 2077536]
    "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
    "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]
    "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    FancyStart daemon.lnk - c:\windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe [2010-7-16 12862]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    R2 avg9emc;AVG E-mail Scanner;c:\program files (x86)\AVG\AVG9\avgemc.exe [2010-12-25 921952]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [2010-08-06 19456]
    R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2009-11-14 36256]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-07-16 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-07-16 79360]
    R3 cxbu0x64;SmartTerminal XX44;c:\windows\system32\DRIVERS\cxbu0x64.sys [2007-04-17 115456]
    R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2010-09-02 15360]
    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-14 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    S0 AvgRkx64;avgrkx64.sys;c:\windows\System32\Drivers\avgrkx64.sys [2010-12-25 56008]
    S1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [2010-12-25 269904]
    S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [2011-09-14 35664]
    S1 AvgTdiA;AVG Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [2011-05-06 317520]
    S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/07/16 08:40];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-09-01 23:59 146928]
    S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-17 359552]
    S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
    S2 avg9wd;AVG WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-12-25 308136]
    S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416]
    S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-05 55808]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-01 382824]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
    S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2011-03-25 91464]
    S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
    S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-29 58368]
    S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys [2012-12-01 446312]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-02-01 22:17 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-11 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-03 16:44]
    .
    2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-16 15:56]
    .
    2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-16 15:56]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
    @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
    [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
    2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
    @="{64174815-8D98-4CE6-8646-4C039977D808}"
    [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
    2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\avgrssta.dll
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Hungran\AppData\Roaming\Mozilla\Firefox\Profiles\cuxlo4ba.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    SafeBoot-61264519.sys
    SafeBoot-96825962.sys
    Toolbar-Locked - (no file)
    WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    WebBrowser-{A8864317-E18B-4292-99D9-E6E65AB905D3} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
    AddRemove-ASUS_ScreenSaver_GSeries - c:\windows\system32\ASUS_ScreenSaver_GSeries.scr
    AddRemove-NVIDIA 3D Vision PowerPack - Batman Arkham Asylum_is1 - c:\program files (x86)\NVIDIA Corporation\3D Vision\PowerPack uninstallers\NVIDIA 3D Vision PowerPack - Batman Arkham Asylum\unins000.exe
    AddRemove-NVIDIA 3D Vision PowerPack - Santa Clara Classic~59A618D7_is1 - c:\program files (x86)\NVIDIA Corporation\3D Vision\PowerPack uninstallers\NVIDIA 3D Vision PowerPack - Santa Clara Classic Car Show 2009\unins000.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
    "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-138338194-604536875-1673374467-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    "??"=hex:b6,bc,a3,8a,55,d1,a6,d7,3d,2d,d8,ea,11,a4,2d,78,35,4a,bb,a2,2d,41,04,
    43,96,7e,d5,25,65,2b,02,ae,43,ba,9b,f4,6e,6e,40,c0,bf,d2,7e,f4,d1,83,10,a6,\
    "??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
    .
    [HKEY_USERS\S-1-5-21-138338194-604536875-1673374467-1000\Software\SecuROM\License information*]
    "datasecu"=hex:87,ca,eb,38,43,e8,30,eb,e4,ff,1f,1b,7e,f1,b7,6e,74,0e,fb,89,64,
    b3,7a,84,36,c9,9c,5b,a2,f6,4f,8f,5c,07,72,5d,ad,a0,4c,1f,d6,7a,23,be,1c,97,\
    "rkeysecu"=hex:e6,0b,cf,9d,d3,83,e9,01,cc,63,28,ed,52,3a,aa,95
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-02-11 12:48:14
    ComboFix-quarantined-files.txt 2013-02-11 17:48
    .
    Pre-Run: 6,700,867,584 bytes free
    Post-Run: 8,350,937,088 bytes free
    .
    - - End Of File - - FF079D96BF4B5FCE85E56BB39BA57165
     
  7. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,903
    uninstall YTD Toolbar v6.6
    RuneScape Toolbar

    then
    Please download AdwCleaner to your desktop.
    • Double click the adwcleaner.exe to run the tool.
    • Click Search.
    • When the scan finished, a notepad window will be opened.
    • Please post the contents here in your topic.
    • The logfile will also be saved in C:\AdwCleaner[R1].txt.
     
  8. Hungraninc

    Hungraninc Thread Starter

    Joined:
    Jan 21, 2013
    Messages:
    9
    Alright I haven't been on the computer much because of work. But I haven't been able to notice the problem happen - at all. Also the Jagex Toolbar was a wanted item. I still went ahead and removed both of them anyways.

    # AdwCleaner v2.112 - Logfile created 02/13/2013 at 00:10:25
    # Updated 10/02/2013 by Xplode
    # Operating system : Windows 7 Home Premium (64 bits)
    # User : Hungran - HUNGRAN-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Hungran\Desktop\AdwCleaner.exe
    # Option [Search]

    ***** [Services] *****

    ***** [Files / Folders] *****
    File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
    File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
    Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility
    Folder Found : C:\Program Files (x86)\Conduit
    Folder Found : C:\ProgramData\Partner
    Folder Found : C:\Users\Hungran\AppData\Local\Conduit
    Folder Found : C:\Users\Hungran\AppData\LocalLow\Conduit
    Folder Found : C:\Users\Hungran\AppData\LocalLow\PriceGong
    ***** [Registry] *****
    Key Found : HKCU\Software\AppDataLow\Software\Conduit
    Key Found : HKCU\Software\AppDataLow\Software\PriceGong
    Key Found : HKCU\Software\AppDataLow\Software\SmartBar
    Key Found : HKCU\Software\AppDataLow\Software\Toolbar
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
    Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
    Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Found : HKLM\SOFTWARE\Classes\dnUpdate
    Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
    Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
    Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
    Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2680363
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
    Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Found : HKU\S-1-5-21-138338194-604536875-1673374467-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16457
    [OK] Registry is clean.
    -\\ Mozilla Firefox v18.0.2 (en-US)
    File : C:\Users\Hungran\AppData\Roaming\Mozilla\Firefox\Profiles\cuxlo4ba.default\prefs.js
    [OK] File is clean.
    -\\ Google Chrome v24.0.1312.57
    File : C:\Users\Hungran\AppData\Local\Google\Chrome\User Data\Default\Preferences
    [OK] File is clean.
    *************************
    AdwCleaner[R1].txt - [4444 octets] - [13/02/2013 00:10:25]
    ########## EOF - C:\AdwCleaner[R1].txt - [4504 octets] ##########
     
  9. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,903
    you c an reinstall the jagex (runescape) toolbar when we have finished, but several searches suggest that it sometimes causes pop up ads or other unwanted behaviour, so it is sensible to remove it, while cleaning others to eliminate the possibility of it having some responsibility. Once the computer is clean & no more problems, you can reinstall & hopew that it isn't responsible in any way

    Please run AdwCleaner again, This time press delete, It will clear the problems & then offer to reboot, please let it reboot & then post the log it makes.
    The logfile will also be saved in C:\AdwCleaner[S1].txt
     
  10. Hungraninc

    Hungraninc Thread Starter

    Joined:
    Jan 21, 2013
    Messages:
    9
    # AdwCleaner v2.112 - Logfile created 02/13/2013 at 13:37:50
    # Updated 10/02/2013 by Xplode
    # Operating system : Windows 7 Home Premium (64 bits)
    # User : Hungran - HUNGRAN-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Hungran\Desktop\AdwCleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
    Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\ProgramData\Partner
    Folder Deleted : C:\Users\Hungran\AppData\Local\Conduit
    Folder Deleted : C:\Users\Hungran\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Hungran\AppData\LocalLow\PriceGong
    ***** [Registry] *****
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2680363
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16457
    [OK] Registry is clean.
    -\\ Mozilla Firefox v18.0.2 (en-US)
    File : C:\Users\Hungran\AppData\Roaming\Mozilla\Firefox\Profiles\cuxlo4ba.default\prefs.js
    C:\Users\Hungran\AppData\Roaming\Mozilla\Firefox\Profiles\cuxlo4ba.default\user.js ... Deleted !
    [OK] File is clean.
    -\\ Google Chrome v24.0.1312.57
    File : C:\Users\Hungran\AppData\Local\Google\Chrome\User Data\Default\Preferences
    [OK] File is clean.
    *************************
    AdwCleaner[R1].txt - [4567 octets] - [13/02/2013 00:10:25]
    AdwCleaner[S1].txt - [4543 octets] - [13/02/2013 13:37:50]
    ########## EOF - C:\AdwCleaner[S1].txt - [4603 octets] ##########
     
  11. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,903
    how is it now?
    what problems ( if any ) are you still having?
     
  12. Hungraninc

    Hungraninc Thread Starter

    Joined:
    Jan 21, 2013
    Messages:
    9
    I've only been on here for a few minutes in the last few days. But When I was on I couldn't find the problem again :)
     
  13. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,903
    *Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
    * Click START then RUN
    * Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    [​IMG]

    This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

    go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

    and scan here http://secunia.com/vulnerability_scanning/personal for out of date & vulnerable common applications on your computer and update whatever it suggests. Download & use the PSI version ( not the OSI, in your browser java version) as I no longer recommend having Java installed on the computer at all, unless it is absolutely necessary, because of the too high risk of malware infiltration

    Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us
     
  14. Hungraninc

    Hungraninc Thread Starter

    Joined:
    Jan 21, 2013
    Messages:
    9
    Sorry computer time has been zero for a little while - life :( Thanks for helping me get rid of that! I shall try and update my security more since it is very much lacking.
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1086319