[findgala.com <-- google searches redirect me to that site]

Hi

I've just purchase the Malwarebytes Anti-Malware Pro version and since been blocking access to potential malicious website.

It worries me seeing those and I fear my personal data are being stolen because of the malware "findgala".

Appreciate if someone could assist me on this. Thanks.

[findgala.com <-- google searches redirect me to that site]

DDS scan

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2

Run by JUNTING at 14:29:04 on 2012-12-30

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4077.982 [GMT 8:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe

C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Box Sync\BoxSyncHelper.exe

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Users\JUNTING\AppData\Local\Akamai\netsession_win.exe

C:\Users\JUNTING\AppData\Local\Akamai\netsession_win.exe

C:\Users\JUNTING\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

C:\Program Files\Box Sync\BoxSync.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Users\JUNTING\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\Evernote\Evernote\Evernote.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\wuauclt.exe

C:\Users\JUNTING\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\JUNTING\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\JUNTING\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\JUNTING\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\JUNTING\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\JUNTING\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\JUNTING\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\JUNTING\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\JUNTING\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\JUNTING\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

uRun: [Google Update] "C:\Users\JUNTING\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

uRun: [Akamai NetSession Interface] "C:\Users\JUNTING\AppData\Local\Akamai\netsession_win.exe"

uRun: [skyDrive] "C:\Users\JUNTING\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [CtaMon] Rundll32 CtaMon.dll,RunMonitor

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

StartupFolder: C:\Users\JUNTING\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\JUNTING\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\JUNTING\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

StartupFolder: C:\Users\JUNTING\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~2.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BOXSYN~1.LNK - C:\Program Files\Box Sync\BoxSync.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200

IE: Download All By FlashGet3 - C:\Users\JUNTING\AppData\Roaming\FlashGetBHO\GetAllUrl.htm

IE: Download By FlashGet3 - C:\Users\JUNTING\AppData\Roaming\FlashGetBHO\GetUrl.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{9985469B-FBE6-4EEB-8D67-16CD7FF06E86} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{9985469B-FBE6-4EEB-8D67-16CD7FF06E86}\6427565675966696 : DHCPNameServer = 192.168.43.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -

x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} -

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe

x64-Run: [boxSyncHelper] "C:\Program Files\Box Sync\BoxSyncHelper.exe"

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-STS: Deskscapes Class - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} -

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\JUNTING\AppData\Roaming\Mozilla\Firefox\Profiles\jbgb4uox.default\

FF - prefs.js: browser.startup.homepage - hxxp://sg.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb143/?loc=IB_DS&a=6PQwGIGn4x&&i=26&search=

FF - prefs.js: network.proxy.gopher -

FF - prefs.js: network.proxy.gopher_port - 0

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\JUNTING\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Users\JUNTING\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\JUNTING\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\System32\TVUAx\npTVUAx.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2012-11-04 21:08; translator@zoli.bod; C:\Users\JUNTING\AppData\Roaming\Mozilla\Firefox\Profiles\jbgb4uox.default\extensions\translator@zoli.bod.xpi

FF - ExtSQL: 2012-12-29 15:43; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQwGIGn4x&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - ea0e2712000000000000b0487a8c1681

FF - user.js: extensions.incredibar_i.instlDay - 15467

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.143:16:17

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6PQwGIGn4x

FF - user.js: extensions.incredibar_i.upn2n - 92542845367308709

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10643

FF - user.js: extensions.incredibar_i.ppd - 1355

.

FF - user.js: extensions.autoDisableScopes - 14

.

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-7-13 55856]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-12-29 984144]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-12-29 370288]

R1 BIOS;BIOS;C:\Windows\System32\drivers\BIOS64.sys [2009-7-15 14136]

R1 BS_I2cIo;BS_I2cIo;C:\Windows\System32\drivers\BS_I2c64.sys [2011-7-13 15408]

R1 BS_TPIO;BS_TPIO;C:\Windows\System32\drivers\BS_TPIO64.sys [2012-5-1 13360]

R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-28 239616]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-12-29 25232]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-12-29 71600]

R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-1-31 19232]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-12-29 44808]

R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2012-6-27 21992]

R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2012-7-10 385392]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-29 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-29 682344]

R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-7-13 113264]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-13 2655768]

R3 athur;Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2011-11-27 1918976]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]

R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-7-13 254528]

R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2012-8-4 87040]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-29 24176]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-27 83080]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-27 184968]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-13 406632]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-7-13 471408]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-10-30 36328]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-8-14 79360]

S3 Ctafiltv;Ctafiltv;C:\Windows\System32\drivers\Ctafiltv.sys [2011-8-14 24064]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-7-12 99384]

S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2012-8-4 117248]

S3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\Windows\System32\drivers\ewusbwwan.sys [2012-8-4 422400]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-9-29 1432400]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-10-30 157672]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-10-30 16872]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-10-30 177640]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-10-30 146920]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-7-12 203320]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-31 1255736]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

.

=============== File Associations ===============

.

FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"

.

=============== Created Last 30 ================

.

2012-12-30 05:29:27 -------- d-----w- C:\Program Files (x86)\VS Revo Group

2012-12-29 07:43:37 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2012-12-29 07:43:31 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2012-12-29 07:43:29 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2012-12-29 07:43:12 41224 ----a-w- C:\Windows\avastSS.scr

2012-12-29 07:19:03 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-12-29 07:19:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-12-29 03:45:09 -------- d-----w- C:\Users\JUNTING\AppData\Local\Line

2012-12-29 02:48:26 -------- d-----w- C:\Program Files (x86)\Naver

2012-12-24 15:52:38 -------- d-----w- C:\Users\JUNTING\AppData\Roaming\Anvisoft

2012-12-24 15:52:18 -------- d-----w- C:\ProgramData\Anvisoft

2012-12-24 15:52:17 -------- d-----w- C:\Program Files (x86)\Anvisoft

2012-12-24 15:00:17 -------- d-----w- C:\TDSSKiller_Quarantine

2012-12-16 05:40:09 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-12-13 06:30:28 5955856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

2012-12-04 03:50:58 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-12-04 03:50:58 -------- d-----w- C:\Program Files\iTunes

2012-12-04 03:50:58 -------- d-----w- C:\Program Files\iPod

2012-12-04 03:50:58 -------- d-----w- C:\Program Files (x86)\iTunes

2012-12-01 13:18:12 19424 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xpcom.dll

2012-11-30 08:51:51 -------- d--h--w- C:\SkyDriveTemp

.

==================== Find3M ====================

.

2012-12-12 13:01:20 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-12-12 13:01:19 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-13 20:29:04 354216 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl

2012-10-24 19:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2012-10-24 19:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys

.

============= FINISH: 14:30:42.94 ===============

[findgala.com <-- google searches redirect me to that site]

MBAM quick scan log.

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2012.12.29.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

JUNTING :: JUNTING-PC [administrator]

30/12/2012 14:17:44

mbam-log-2012-12-30 (14-17-44).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 251402

Time elapsed: 8 minute(s), 56 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[findgala.com <-- google searches redirect me to that site]

Hi and welcome to Malwarebytes.

In the future, please post all logs directly into your reply instead of attaching them unless otherwise indicated. With that said, please update MBAM, run a Quick Scan, and post its log.

Next, run DDS again and post DDS.txt directly in your reply.

Ok, will do it now thanks.

[findgala.com <-- google searches redirect me to that site]

Hi

Recently been down with this malware which keep redirect my google search to findgala.com

I've attached the two files which mentioned in the instruction topic.

attach.txt

dds.txt

Please help

attach.txt

dds.txt

[findgala.com <-- google searches redirect me to that site]

Hi

I've been trying several ways to remove that and all has failed. I've ran full scan with malwarebytes as well.

Please help.