Jump to content

elevation11

Members
 View Profile  See their activity

  • Posts

    7

  • Joined

  • Last visited

Reputation

0 Neutral
  1. elevation11
    Wow that did the trick. It's leading me to all the sites I want to go. Can't believe I overlooked something as simple as uninstalling the program. I've been clicking links like mad just to see if they'd redirect me to some other website. So far so good . I'll post back if the problems starts to come back again. But for the moment, thank you very much for helping me with my problem
  2. elevation11
    I've only been using Google chrome. I do have internet explorer but I've never used it. But, now that you mention it, my internet explorer's working just fine! All of the search results I click from google search brings me to the website I want to go. Could it be a problem with my Google Chrome?
  3. elevation11
    Hello, Not good =( I'm still being redirected to other sites. I'm almost always being redirected to this site: http://click.gethotresults.com/ads-clicktrack/click/jump1.do?sid=kXmrC67%2BWoyZ8i2xVjaozNH2%2Fijn1GWzCvj8kwrADQw%3D&affiliate=47759&subid=2877_1101&rc=0&terms=soniczonefo&stm=2012-09-08-10-07-17 I don't know if that's something that can help you but I thought I should share it with you just in case. I zipped up the Quarantine file and uploaded it on Rapid Share. Here's the download link: https://rapidshare.com/files/249593087/Quarantine.rar I've never used RapidShare before so bear with me!
  4. elevation11
    Hello. I did as you asked and ran ComboFix here is the log: ComboFix 12-09-08.02 - Asus 08/09/2012 10:53:55.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.60.1033.18.8169.6062 [GMT -5:00] Running from: c:\users\Asus\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\prefs.js c:\programdata\FullRemove.exe c:\users\Asus\AppData\Local\uninst.tmp c:\users\Asus\AppData\Roaming\mountvol6.dll c:\windows\msvcr71.dll . . ((((((((((((((((((((((((( Files Created from 2012-08-08 to 2012-09-08 ))))))))))))))))))))))))))))))) . . 2012-09-08 16:07 . 2012-09-08 16:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-08 02:10 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C8A51F8-8A0B-4EFF-9832-F100336CFE40}\mpengine.dll 2012-09-07 05:53 . 2012-05-17 22:36 2468520 ----a-w- c:\windows\SysWow64\BootMan.exe 2012-09-07 05:53 . 2012-05-15 16:13 3316736 ----a-w- c:\windows\system32\BootMan.exe 2012-09-07 05:53 . 2011-07-29 18:54 100232 ----a-w- c:\windows\system32\setupempdrvx64.exe 2012-09-07 05:53 . 2011-07-29 18:54 19840 ----a-w- c:\windows\SysWow64\EuEpmGdi.dll 2012-09-07 05:53 . 2011-07-29 18:54 16256 ----a-w- c:\windows\system32\EuEpmGdi.dll 2012-09-07 05:53 . 2011-07-29 18:54 9096 ----a-w- c:\windows\system32\EuGdiDrv.sys 2012-09-07 05:53 . 2011-07-29 18:54 86408 ----a-w- c:\windows\SysWow64\setupempdrv03.exe 2012-09-07 05:53 . 2011-07-29 18:54 8456 ----a-w- c:\windows\SysWow64\EuGdiDrv.sys 2012-09-07 05:53 . 2011-07-29 18:54 16776 ----a-w- c:\windows\system32\epmntdrv.sys 2012-09-07 05:53 . 2011-07-29 18:54 14216 ----a-w- c:\windows\SysWow64\epmntdrv.sys 2012-09-07 05:53 . 2012-09-07 05:53 -------- d-----w- c:\program files (x86)\EaseUS 2012-09-06 22:55 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-09-06 22:19 . 2012-09-06 22:19 -------- d-----w- c:\users\Asus\AppData\Roaming\Ad-Aware Antivirus 2012-08-21 03:40 . 2012-08-21 03:40 -------- d-----w- c:\programdata\hssff 2012-08-20 21:29 . 2012-09-08 04:13 -------- d-----w- c:\users\Asus\AppData\Local\Spotify 2012-08-20 21:29 . 2012-09-08 06:43 -------- d-----w- c:\users\Asus\AppData\Roaming\Spotify 2012-08-18 05:57 . 2012-08-18 06:18 -------- d-----w- C:\Nexon 2012-08-18 05:57 . 2012-08-18 05:57 -------- d-----w- c:\programdata\NexonUS 2012-08-18 05:44 . 2012-08-18 06:07 -------- d-----w- c:\users\Asus\AppData\Local\PMB Files 2012-08-18 05:44 . 2012-08-18 05:44 -------- d-----w- c:\programdata\PMB Files 2012-08-18 05:44 . 2012-08-18 05:44 -------- d-----w- c:\program files (x86)\Pando Networks 2012-08-17 21:56 . 2012-09-06 17:07 -------- d-----w- c:\users\UpdatusUser 2012-08-17 21:51 . 2012-08-17 21:51 -------- d-----w- C:\NVIDIA 2012-08-17 06:26 . 2012-08-17 06:26 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-08-17 06:25 . 2012-08-17 06:25 -------- d-----w- c:\program files (x86)\Oracle 2012-08-17 06:25 . 2012-07-06 03:06 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-08-17 06:25 . 2012-07-06 03:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-08-17 06:24 . 2012-08-17 06:24 -------- d-----w- c:\program files (x86)\Java 2012-08-17 06:24 . 2012-08-17 06:24 -------- d-----w- c:\programdata\McAfee 2012-08-17 06:20 . 2012-08-17 06:20 -------- d-----w- c:\users\Asus\AppData\Local\storage 2012-08-17 06:11 . 2012-08-17 06:12 -------- d-----w- c:\users\Asus\AppData\Local\Ubisoft Game Launcher 2012-08-17 06:11 . 2012-08-18 05:54 -------- d-----w- c:\programdata\Ubisoft 2012-08-17 06:07 . 2006-09-28 21:05 3977496 ----a-w- c:\windows\system32\d3dx9_31.dll 2012-08-17 06:06 . 2005-03-18 22:19 3823312 ----a-w- c:\windows\system32\d3dx9_25.dll 2012-08-17 06:06 . 2005-02-06 00:45 3544272 ----a-w- c:\windows\system32\d3dx9_24.dll 2012-08-17 05:55 . 2012-08-17 05:55 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2012-08-17 05:55 . 2012-08-17 05:55 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite 2012-08-10 04:06 . 2012-08-10 04:06 565616 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor14.dll 2012-08-10 04:04 . 2012-08-10 04:04 -------- d-----w- c:\programdata\Hotspot Shield 2012-08-10 04:04 . 2012-08-10 04:06 -------- d-----w- c:\program files (x86)\Hotspot Shield . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-08 15:34 . 2012-06-08 20:44 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-08-01 18:13 . 2012-08-01 18:13 41704 ----a-w- c:\windows\system32\drivers\hssdrv6.sys 2012-08-01 18:13 . 2012-08-01 18:13 38632 ----a-w- c:\windows\system32\drivers\taphss.sys 2012-07-20 17:13 . 2012-07-20 17:13 98304 ----a-w- c:\windows\SysWow64\CmdLineExt.dll 2012-07-16 02:55 . 2012-07-16 02:55 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{349997FA-D677-4FE1-BD57-EC769B6CED0F}\gapaengine.dll 2012-07-11 18:09 . 2012-06-12 17:59 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-07-04 14:45 . 2012-07-04 14:44 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll 2012-07-03 05:46 . 2012-06-13 13:16 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-25 08:04 . 2012-06-25 08:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll 2012-06-12 14:29 . 2010-06-24 19:33 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-06-12 11:01 . 2012-06-12 11:01 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-06-12 11:01 . 2012-06-12 11:01 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-06-12 11:01 . 2012-06-12 11:01 89088 ----a-w- c:\windows\system32\ie4uinit.exe 2012-06-12 11:01 . 2012-06-12 11:01 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-06-12 11:01 . 2012-06-12 11:01 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-06-12 11:01 . 2012-06-12 11:01 82432 ----a-w- c:\windows\system32\icardie.dll 2012-06-12 11:01 . 2012-06-12 11:01 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-06-12 11:01 . 2012-06-12 11:01 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-06-12 11:01 . 2012-06-12 11:01 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-06-12 11:01 . 2012-06-12 11:01 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-06-12 11:01 . 2012-06-12 11:01 697344 ----a-w- c:\windows\system32\msfeeds.dll 2012-06-12 11:01 . 2012-06-12 11:01 65024 ----a-w- c:\windows\system32\pngfilt.dll 2012-06-12 11:01 . 2012-06-12 11:01 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-06-12 11:01 . 2012-06-12 11:01 603648 ----a-w- c:\windows\system32\vbscript.dll 2012-06-12 11:01 . 2012-06-12 11:01 55296 ----a-w- c:\windows\system32\msfeedsbs.dll 2012-06-12 11:01 . 2012-06-12 11:01 534528 ----a-w- c:\windows\system32\ieapfltr.dll 2012-06-12 11:01 . 2012-06-12 11:01 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-06-12 11:01 . 2012-06-12 11:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-06-12 11:01 . 2012-06-12 11:01 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-06-12 11:01 . 2012-06-12 11:01 452608 ----a-w- c:\windows\system32\dxtmsft.dll 2012-06-12 11:01 . 2012-06-12 11:01 448512 ----a-w- c:\windows\system32\html.iec 2012-06-12 11:01 . 2012-06-12 11:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-06-12 11:01 . 2012-06-12 11:01 403248 ----a-w- c:\windows\system32\iedkcs32.dll 2012-06-12 11:01 . 2012-06-12 11:01 39936 ----a-w- c:\windows\system32\iernonce.dll 2012-06-12 11:01 . 2012-06-12 11:01 3695416 ----a-w- c:\windows\system32\ieapfltr.dat 2012-06-12 11:01 . 2012-06-12 11:01 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-06-12 11:01 . 2012-06-12 11:01 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-06-12 11:01 . 2012-06-12 11:01 30720 ----a-w- c:\windows\system32\licmgr10.dll 2012-06-12 11:01 . 2012-06-12 11:01 282112 ----a-w- c:\windows\system32\dxtrans.dll 2012-06-12 11:01 . 2012-06-12 11:01 267776 ----a-w- c:\windows\system32\ieaksie.dll 2012-06-12 11:01 . 2012-06-12 11:01 249344 ----a-w- c:\windows\system32\webcheck.dll 2012-06-12 11:01 . 2012-06-12 11:01 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-06-12 11:01 . 2012-06-12 11:01 222208 ----a-w- c:\windows\system32\msls31.dll 2012-06-12 11:01 . 2012-06-12 11:01 197120 ----a-w- c:\windows\system32\msrating.dll 2012-06-12 11:01 . 2012-06-12 11:01 165888 ----a-w- c:\windows\system32\iexpress.exe 2012-06-12 11:01 . 2012-06-12 11:01 163840 ----a-w- c:\windows\system32\ieakui.dll 2012-06-12 11:01 . 2012-06-12 11:01 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-06-12 11:01 . 2012-06-12 11:01 160256 ----a-w- c:\windows\system32\wextract.exe 2012-06-12 11:01 . 2012-06-12 11:01 160256 ----a-w- c:\windows\system32\ieakeng.dll 2012-06-12 11:01 . 2012-06-12 11:01 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-06-12 11:01 . 2012-06-12 11:01 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-06-12 11:01 . 2012-06-12 11:01 149504 ----a-w- c:\windows\system32\occache.dll 2012-06-12 11:01 . 2012-06-12 11:01 145920 ----a-w- c:\windows\system32\iepeers.dll 2012-06-12 11:01 . 2012-06-12 11:01 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-06-12 11:01 . 2012-06-12 11:01 12288 ----a-w- c:\windows\system32\mshta.exe 2012-06-12 11:01 . 2012-06-12 11:01 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-06-12 11:01 . 2012-06-12 11:01 114176 ----a-w- c:\windows\system32\admparse.dll 2012-06-12 11:01 . 2012-06-12 11:01 111616 ----a-w- c:\windows\system32\iesysprep.dll 2012-06-12 11:01 . 2012-06-12 11:01 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-06-12 11:01 . 2012-06-12 11:01 10752 ----a-w- c:\windows\system32\msfeedssync.exe 2012-06-12 11:01 . 2012-06-12 11:01 103936 ----a-w- c:\windows\system32\inseng.dll 2012-06-12 11:01 . 2012-06-12 11:01 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-06-12 03:02 . 2012-07-11 18:11 3147264 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Asus\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Asus\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Asus\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872] "Spotify Web Helper"="c:\users\Asus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-20 1193176] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992] "SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536] "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-11 37232] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376] "ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-08-17 737104] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . c:\users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-1 227712] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-1-12 548528] FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2012-6-8 12862] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 135664] R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-11-26 36000] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-11-26 298144] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-11-26 201376] R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-11-26 55456] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-11-26 154272] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-11-26 275616] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-06-13 1038088] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 135664] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-21 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-17 283200] S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2012-08-01 41704] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-01-25 379520] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416] S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Atheros\Ath_CoexAgent.exe [2010-05-24 151552] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Atheros\Bluetooth Suite\adminservice.exe [2010-11-26 52896] S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-08-03 476016] S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-08-03 387440] S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832] S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-11-26 28832] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-12 142632] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-22 56344] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . Contents of the 'Scheduled Tasks' folder . 2012-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 17:19] . 2012-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 17:19] . 2012-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3199379288-28890744-2802945993-1000Core.job - c:\users\Asus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22 05:08] . 2012-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3199379288-28890744-2802945993-1000UA.job - c:\users\Asus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22 05:08] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] 2012-08-01 18:13 287048 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Asus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Asus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Asus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Asus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-01 2189416] "AtherosBtStack"="c:\program files (x86)\Atheros\Bluetooth Suite\BtvStack.exe" [2010-11-26 613536] "AthBtTray"="c:\program files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe" [2010-11-26 379040] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://asus.msn.com mStart Page = hxxp://asus.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 97.64.168.12 97.64.183.165 192.168.1.1 TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC}: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC}\05162747970225F636B60214E6478656D6: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC}\34F6E6E6563647966697D2D656: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC}\4556374796E676021302230233: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC}\7416E67637471602354797C656: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC}\7416E676E616D602354797C656: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC}\C4F4C4F4C4: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC}\C65656368656E67666F6E6760457E6966696: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{EE79411C-A9C6-4EE7-BCCE-E2DB25A2D1E9}: NameServer = 10.19.56.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-ZRNGFM - c:\users\Asus\AppData\Roaming\mountvol6.dll Toolbar-Locked - (no file) HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3199379288-28890744-2802945993-1000\Software\SecuROM\License information*] @Allowed: (Read) (RestrictedCode) "datasecu"=hex:61,a6,d3,08,52,bd,ea,2e,db,70,89,09,07,da,ef,fc,d2,ff,8d,18,56, 08,9c,12,58,d6,63,a6,af,d4,3b,c1,89,f4,4a,2a,ef,f6,0b,a8,16,2b,0b,38,2c,65,\ "rkeysecu"=hex:c4,e5,d5,00,bf,32,76,c3,bd,9f,3c,8a,5e,19,f0,4a . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-09-08 11:30:18 ComboFix-quarantined-files.txt 2012-09-08 16:30 . Pre-Run: 13,146,066,944 bytes free Post-Run: 14,004,314,112 bytes free . - - End Of File - - FD19A11404E6681666AFF17DF595042C
  5. elevation11
    Malware Log: Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.09.06.11 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Asus :: ASUS-PC [administrator] 7/9/2012 5:50:36 PM mbam-log-2012-09-07 (17-50-36).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 216774 Time elapsed: 4 minute(s), 38 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-09-07 18:03:40 ----------------------------- 18:03:40.362 OS Version: Windows x64 6.1.7600 18:03:40.362 Number of processors: 4 586 0x2A07 18:03:40.363 ComputerName: ASUS-PC UserName: Asus 18:03:41.610 Initialize success 18:03:49.881 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 18:03:49.884 Disk 0 Vendor: Hitachi_ JE3O Size: 476940MB BusType: 3 18:03:49.906 Disk 0 MBR read successfully 18:03:49.912 Disk 0 MBR scan 18:03:49.915 Disk 0 Windows 7 default MBR code 18:03:49.919 Disk 0 Partition 1 00 0C FAT32 LBA MSDOS5.0 25600 MB offset 2048 18:03:49.937 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 119235 MB offset 52430848 18:03:49.941 Disk 0 Partition - 00 0F Extended LBA 332103 MB offset 296624128 18:03:49.975 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 332101 MB offset 296626176 18:03:49.995 Disk 0 scanning C:\Windows\system32\drivers 18:03:56.584 Service scanning 18:04:20.732 Modules scanning 18:04:20.742 Disk 0 trace - called modules: 18:04:20.762 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 18:04:21.096 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007dec060] 18:04:21.108 3 CLASSPNP.SYS[fffff880013ca43f] -> nt!IofCallDriver -> [0xfffffa800772e8c0] 18:04:21.120 5 ACPI.sys[fffff88000f4a781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007732050] 18:04:21.137 Scan finished successfully 18:04:55.245 Disk 0 MBR has been saved successfully to "C:\Users\Asus\Desktop\MBR.dat" 18:04:55.333 The log file has been saved successfully to "C:\Users\Asus\Desktop\aswMBR.txt" . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1 Run by Asus at 18:05:47 on 2012-09-07 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.60.1033.18.8169.5655 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\FBAgent.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Atheros\Bluetooth Suite\adminservice.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe C:\Program Files\Intel\TurboBoost\TurboBoost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\P4G\BatteryLife.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe C:\Windows\SysWOW64\ACEngSvr.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe C:\Users\Asus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Windows\System32\rundll32.exe C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Elantech\ETDCtrlHelper.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\AsScrPro.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Asus\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Windows\sysWOW64\wbem\wmiprvse.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\splwow64.exe C:\Windows\notepad.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://asus.msn.com uDefault_Page_URL = hxxp://asus.msn.com mStart Page = hxxp://asus.msn.com mWinlogon: Userinit=userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll uRun: [Google Update] "C:\Users\Asus\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [spotify Web Helper] "C:\Users\Asus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRun: [ZRNGFM] rundll32 "C:\Users\Asus\AppData\Roaming\mountvol6.dll",Lsezulv mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" mRun: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" mRun: [<NO NAME>] mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\Asus\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll TCP: DhcpNameServer = 97.64.168.12 97.64.183.165 192.168.1.1 TCP: Interfaces\{40B6CF44-90A6-47A9-A7CF-62B3255C6E36} : DhcpNameServer = 10.1.21.1 TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC} : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC} : DhcpNameServer = 97.64.168.12 97.64.183.165 192.168.1.1 TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC}\05162747970225F636B60214E6478656D6 : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC}\05162747970225F636B60214E6478656D6 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC}\34F6E6E6563647966697D2D656 : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC}\4556374796E676021302230233 : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC}\4556374796E676021302230233 : DhcpNameServer = 192.168.137.1 TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC}\7416E67637471602354797C656 : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC}\7416E676E616D602354797C656 : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC}\C4F4C4F4C4 : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC}\C65656368656E67666F6E6760457E6966696 : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{DF9E0163-F2FA-4FBA-B6D0-FFF5CDF07DDC}\C65656368656E67666F6E6760457E6966696 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{EE79411C-A9C6-4EE7-BCCE-E2DB25A2D1E9} : NameServer = 10.19.56.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll BHO-X64: IESpeakDoc - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll BHO-X64: Google Dictionary Compression sdch - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll mRun-x64: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" mRun-x64: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" mRun-x64: [(Default)] mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" mRun-x64: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?] R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\system32\DRIVERS\hssdrv6.sys --> C:\Windows\system32\DRIVERS\hssdrv6.sys [?] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672] R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?] R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416] R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe [2012-6-8 151552] R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Atheros\Bluetooth Suite\AdminService.exe [2010-11-25 52896] R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-8-2 476016] R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2012-8-2 387440] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-8-17 1262400] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?] R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928] R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?] R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?] R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?] R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-12 135664] S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?] S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?] S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?] S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?] S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?] S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-9-7 14216] S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-9-7 8456] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-6-12 1038088] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-12 135664] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUVStor.sys --> C:\Windows\system32\Drivers\RtsUVStor.sys [?] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-09-07 05:53:49 3316736 ----a-w- C:\Windows\System32\BootMan.exe 2012-09-07 05:53:49 2468520 ----a-w- C:\Windows\SysWow64\BootMan.exe 2012-09-07 05:53:49 19840 ----a-w- C:\Windows\SysWow64\EuEpmGdi.dll 2012-09-07 05:53:49 16256 ----a-w- C:\Windows\System32\EuEpmGdi.dll 2012-09-07 05:53:49 100232 ----a-w- C:\Windows\System32\setupempdrvx64.exe 2012-09-07 05:53:48 9096 ----a-w- C:\Windows\System32\EuGdiDrv.sys 2012-09-07 05:53:48 86408 ----a-w- C:\Windows\SysWow64\setupempdrv03.exe 2012-09-07 05:53:48 8456 ----a-w- C:\Windows\SysWow64\EuGdiDrv.sys 2012-09-07 05:53:48 16776 ----a-w- C:\Windows\System32\epmntdrv.sys 2012-09-07 05:53:48 14216 ----a-w- C:\Windows\SysWow64\epmntdrv.sys 2012-09-07 05:53:41 -------- d-----w- C:\Program Files (x86)\EaseUS 2012-09-06 22:55:31 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3922CDC6-DA51-4242-9C38-D5271D5BB864}\mpengine.dll 2012-09-06 22:19:46 -------- d-----w- C:\Users\Asus\AppData\Roaming\Ad-Aware Antivirus 2012-09-06 19:38:52 114688 --sha-r- C:\Users\Asus\AppData\Roaming\mountvol6.dll 2012-09-05 22:21:44 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-08-21 03:40:33 -------- d-----w- C:\ProgramData\hssff 2012-08-20 21:29:56 -------- d-----w- C:\Users\Asus\AppData\Local\Spotify 2012-08-20 21:29:22 -------- d-----w- C:\Users\Asus\AppData\Roaming\Spotify 2012-08-18 05:57:25 -------- d-----w- C:\Nexon 2012-08-18 05:57:23 -------- d-----w- C:\ProgramData\NexonUS 2012-08-18 05:44:40 -------- d-----w- C:\Users\Asus\AppData\Local\PMB Files 2012-08-18 05:44:38 -------- d-----w- C:\ProgramData\PMB Files 2012-08-18 05:44:32 -------- d-----w- C:\Program Files (x86)\Pando Networks 2012-08-17 21:51:01 -------- d-----w- C:\NVIDIA 2012-08-17 06:25:53 -------- d-----w- C:\Program Files (x86)\Oracle 2012-08-17 06:25:03 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-08-17 06:25:01 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-08-17 06:20:09 -------- d-----w- C:\Users\Asus\AppData\Local\storage 2012-08-17 06:11:56 -------- d-----w- C:\Users\Asus\AppData\Local\Ubisoft Game Launcher 2012-08-17 06:07:59 3977496 ----a-w- C:\Windows\System32\d3dx9_31.dll 2012-08-17 05:55:25 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys 2012-08-17 05:55:19 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite 2012-08-10 04:06:43 565616 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor14.dll 2012-08-10 04:04:52 -------- d-----w- C:\ProgramData\Hotspot Shield 2012-08-10 04:04:22 -------- d-----w- C:\Program Files (x86)\Hotspot Shield . ==================== Find3M ==================== . 2012-09-07 22:44:32 45056 ----a-w- C:\Windows\System32\acovcnt.exe 2012-08-01 18:13:42 41704 ----a-w- C:\Windows\System32\drivers\hssdrv6.sys 2012-08-01 18:13:40 38632 ----a-w- C:\Windows\System32\drivers\taphss.sys 2012-07-20 17:13:57 98304 ----a-w- C:\Windows\SysWow64\CmdLineExt.dll 2012-07-04 14:45:00 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll 2012-07-03 05:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-25 08:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll 2012-06-12 03:02:52 3147264 ----a-w- C:\Windows\System32\win32k.sys . ============= FINISH: 18:06:44.94 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 7/6/2012 10:01:41 AM System Uptime: 7/9/2012 5:43:59 PM (1 hours ago) . Motherboard: ASUSTeK Computer Inc. | | K43SV Processor: Intel® Core i5-2430M CPU @ 2.40GHz | CPU 1 | 1584/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 116 GiB total, 11.649 GiB free. D: is FIXED (NTFS) - 324 GiB total, 324.174 GiB free. E: is CDROM () H: is CDROM () R: is FIXED (FAT32) - 25 GiB total, 11.487 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP84: 5/9/2012 5:20:35 PM - Windows Update . ==== Installed Programs ====================== . ???? ??? Windows Live ???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ??????? ???? Windows Live ??????? Windows Live Mesh ActiveX ??(????) ??????? Windows Live Mesh ActiveX ??? ????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???) Acrobat.com Ad-Aware Browsing Protection Adobe Acrobat 9 Pro - English, Français, Deutsch Adobe AIR Adobe Anchor Service CS4 Adobe Bridge CS4 Adobe CMaps CS4 Adobe Color - Photoshop Specific CS4 Adobe Color EU Recommended Settings CS4 Adobe Color JA Extra Settings CS4 Adobe Color NA Extra Settings CS4 Adobe Color Video Profiles CS CS4 Adobe Creative Suite 4 Web Premium Adobe CSI CS4 Adobe Default Language CS4 Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Fonts All Adobe Illustrator CS4 Adobe Linguistics CS4 Adobe Media Encoder CS4 Importer Adobe Output Module Adobe PDF Library Files CS4 Adobe Photoshop CS4 Adobe Photoshop CS4 Support Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe Soundbooth CS4 Codecs Adobe Type Support CS4 Adobe Update Manager CS4 Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS4 AdobeColorCommonSetCMYK AdobeColorCommonSetRGB Asmedia ASM104x USB 3.0 Host Controller Driver ASUS AI Recovery ASUS FancyStart ASUS LifeFrame3 ASUS Live Update ASUS SmartLogon ASUS Splendid Video Enhancement Technology ASUS Virtual Camera ASUS WebStorage AsusVibe2.0 Atheros WLAN and Bluetooth Client Installation Program ATK Package BioShock 2 Bookworm Deluxe Complément Messenger Connect Contrôle ActiveX Windows Live Mesh pour connexions à distance Control ActiveX de Windows Live Mesh para conexiones remotas Controle ActiveX do Windows Live Mesh para Conexões Remotas Cooking Dash CyberLink LabelPrint CyberLink Power2Go D3DX10 DAEMON Tools Lite Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dropbox EaseUS Partition Master 9.1.1 Home Edition Galactic Civilizations II: Ultimate Edition Galerie de photos Windows Live Galería fotográfica de Windows Live Game Park Console Google Chrome Google Talk Plugin Google Toolbar for Internet Explorer Google Update Helper Governor of Poker Hotel Dash Suite Success Hotspot Shield 2.67 Java Auto Updater Java 7 Update 5 JavaFX 2.1.1 Jewel Quest 3 Junk Mail filter update kuler Luxor 3 Mafia II Mahjongg dimensions Malwarebytes Anti-Malware version 1.62.0.1300 MapleStory Mesh Runtime Messenger ???? Messenger ????? Messenger Companion Microsoft Games for Windows - LIVE Microsoft Games for Windows - LIVE Redistributable Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSVCRT MSVCRT_amd64 MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB973685) Nexon Game Manager Nuance PDF Reader NVIDIA PhysX NVIDIA Stereoscopic 3D Driver Pando Media Booster PDF Settings CS4 Photoshop Camera Raw Plants vs Zombies Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Realtek USB 2.0 Reader Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition Sonic Focus Spec Ops: The Line Spotify Steam Suite Shared Configuration CS4 syncables desktop SE Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition VLC media player 2.0.1 Windows Live Windows Live ??? Windows Live ???? Windows Live Communications Platform Windows Live Essentials Windows Live Fotograf Galerisi Windows Live Galeria de Fotos Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Temel Parçalar Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinFlash Wireless Console 3 World of Goo . ==== Event Viewer Messages From Past Week ======== . 4/9/2012 6:45:38 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 3/9/2012 6:07:09 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. . ==== End Of File =========================== My bad
  6. elevation11
    Hello! Thank you for your reply and warm welcome! I've removed ad-aware tool bar and attached are the logs that you wanted mbam-log-2012-09-07 (17-50-36).txt DDS.txt Attach.txt aswMBR.txt
  7. elevation11
    Hi, I'm running Windows 7 x64. I downloaded a file earlier today and when I ran it nothing happened. Now, everytime I click on a google search link, it redirects me to some other website instead of the intended website. I tried running malware bytes but nothing was found on the computer, I also ran superantispyware and it managed to find cookies which I promptly deleted but the problem still persisted. I tried opening Windows Security Essentials but it closes everytime i try to run it. Attached are the two logs that were outlined in the instructions. I appreciate if you could get back to me on this matter. Thank you very much. Attach.txt DDS.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.