HyperPhoenix Posted December 28, 2013 ID:769981 Share Posted December 28, 2013 I seen a thread similar to my problem in this forum but was not followed through so here goes: DDS:DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2Run by Eun at 11:47:27 on 2013-12-28Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.3974 [GMT -5:00].AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}.============== Running Processes ===============.C:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k netsvcsC:\Program Files\IDT\WDM\STacSV64.exeC:\windows\system32\svchost.exe -k GPSvcGroupC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\system32\Dwm.exeC:\windows\Explorer.EXEC:\windows\system32\WLANExt.exeC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\windows\System32\spoolsv.exeC:\windows\system32\taskhost.exeC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\WINDOWS\System32\hkcmd.exeC:\WINDOWS\System32\igfxpers.exeC:\Program Files\DellTPad\Apoint.exeC:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exeC:\Program Files\IDT\WDM\sttray64.exeC:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exeC:\WINDOWS\System32\rundll32.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeC:\windows\system32\taskeng.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\Program Files\Microsoft Mouse and Keyboard Center\itype.exec:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exeC:\Program Files\IDT\WDM\AESTSr64.exeC:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exeC:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exeC:\Program Files (x86)\USIM Editor\iconcs10970707.exeC:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\windows\system32\svchost.exe -k bthsvcsC:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exeC:\Program Files\Intel\WiFi\bin\EvtEng.exeC:\windows\SysWOW64\svchost.exe -k hpdevmgmtC:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exeC:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exeC:\Program Files (x86)\Hotspot Shield\bin\hsswd.exeC:\windows\System32\svchost.exe -k HPZ12C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exeC:\windows\System32\svchost.exe -k HPZ12C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEC:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exeC:\windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXEC:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exeC:\windows\System32\svchost.exe -k secsvcsC:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXEC:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\loggingserver.exeC:\Program Files (x86)\Intel\Bluetooth\obexsrv.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\windows\system32\wbem\unsecapp.exeC:\windows\system32\wbem\unsecapp.exeC:\Program Files (x86)\Intel\Bluetooth\mediasrv.exeC:\windows\system32\wbem\wmiprvse.exeC:\windows\system32\svchost.exe -k HPServiceC:\windows\system32\SearchIndexer.exeC:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\DellTPad\ApMsgFwd.exeC:\Program Files\DellTPad\Apntex.exeC:\Program Files\DellTPad\HidFind.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exeC:\windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Nero\Update\NASvc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files (x86)\Nero\SyncUP\SyncUP.exeC:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\windows\system32\SearchProtocolHost.exeC:\windows\system32\SearchFilterHost.exeC:\windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uProxyOverride = <-loopback>BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dllBHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.3.3\AVG SafeGuard toolbar_toolbar.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dllBHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllTB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllTB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dllTB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.3.3\AVG SafeGuard toolbar_toolbar.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dllmRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startupmRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun: [uSBestCR] C:\Program Files (x86)\USIM Editor\iconcs10970707.exe RunFromRegmRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\81715c85-37eb-4501-813a-5f414b81e7ac.exe /checkmRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /noguiStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exemPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Free YouTube Download - C:\Users\Eun\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htmIE: Free YouTube to MP3 Converter - C:\Users\Eun\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htmIE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllIE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllTCP: NameServer = 75.75.75.75 75.75.76.76TCP: Interfaces\{449196B0-206E-48E4-8F0C-43BC318E6299} : DHCPNameServer = 75.75.75.75 75.75.76.76TCP: Interfaces\{449196B0-206E-48E4-8F0C-43BC318E6299}\2656C6B696E6E2836623 : DHCPNameServer = 192.168.2.1TCP: Interfaces\{449196B0-206E-48E4-8F0C-43BC318E6299}\741435051425D27657563747 : DHCPNameServer = 192.168.3.1TCP: Interfaces\{449196B0-206E-48E4-8F0C-43BC318E6299}\C4F6B6964656D696 : DHCPNameServer = 192.168.43.1TCP: Interfaces\{449196B0-206E-48E4-8F0C-43BC318E6299}\C696E6B6379737 : DHCPNameServer = 167.206.245.129 167.206.245.130TCP: Interfaces\{97D92A2F-8128-48B4-A293-E5A90EEE204C} : DHCPNameServer = 75.75.75.75 75.75.76.76Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.3\ViProtocol.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllAppInit_DLLs= c:\progra~2\browse~1\sprote~1.dll c:\progra~2\websea~1\sprote~1.dllmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllx64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dllx64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-Run: [igfxTray] C:\windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exex64-Run: [Persistence] C:\windows\System32\igfxpers.exex64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exex64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Trayx64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startupx64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exex64-Run: [bLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exex64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayAppx64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dll.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Eun\AppData\Roaming\Mozilla\Firefox\Profiles\jawynhf6.default\FF - prefs.js: network.proxy.type - 0FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.3\npsitesafety.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dllFF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\ProgramData\Nexon\NGM\npNxGame.dllFF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dllFF - ExtSQL: 2013-11-05 02:02; avg@toolbar; C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.1.3.3FF - ExtSQL: 2013-11-21 08:39; firefox@passwordbox.com; C:\Program Files (x86)\PasswordBox\FirefoxFF - ExtSQL: !HIDDEN! 2012-05-14 22:00; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3.============= SERVICES / DRIVERS ===============.R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2013-3-8 65776]R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2013-3-8 205320]R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-11-8 55856]R1 aswKbd;aswKbd;C:\windows\System32\drivers\aswKbd.sys [2012-11-19 21136]R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2012-2-3 1032416]R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2012-2-3 409832]R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2013-3-22 46368]R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\windows\System32\drivers\hssdrv6.sys [2013-4-24 46792]R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-2-3 89600]R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-8 1166848]R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2012-2-3 38984]R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2012-2-3 84328]R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-12-11 50344]R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-3-27 1014096]R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-3-27 1104208]R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2013-4-26 570664]R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2013-4-26 390440]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-8 13336]R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-11-8 1692480]R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2010-11-29 16120]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-8 2655768]R2 vToolbarUpdater17.1.3;vToolbarUpdater17.1.3;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe [2013-11-21 1643696]R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2011-8-8 299008]R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-3-27 1304912]R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2012-2-13 95232]R3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2012-2-13 747008]R3 iBtFltCoex;iBtFltCoex;C:\windows\System32\drivers\iBtFltCoex.sys [2012-3-21 60928]R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-11-8 317440]R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\drivers\iwdbus.sys [2011-6-21 25496]R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]R3 taphss6;Anchorfree HSS VPN Adapter;C:\windows\System32\drivers\taphss6.sys [2013-4-24 42184]S2 AfaService;Afa Card Reader Service;C:\windows\System32\afasrv64.exe --> C:\windows\System32\afasrv64.exe [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\windows\System32\drivers\AmpPal.sys [2011-8-8 299008]S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2011-11-8 176096]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2013-12-12 111616]S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\drivers\intelaud.sys [2011-6-21 34200]S3 MHIKEY10;MHIKEY10;C:\windows\System32\drivers\MHIKEY10x64.sys [2010-9-15 60288]S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]S3 npggsvc;nProtect GameGuard Service;C:\windows\System32\GameMon.des -service --> C:\windows\System32\GameMon.des -service [?]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-11-16 19456]S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-11-8 250984]S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-11-16 57856]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-11-16 30208]S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-2-4 1255736]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2013-12-28 16:36:59 29696 ----a-w- C:\windows\System32\drivers\scfilter.sys.bak2013-12-27 17:43:41 -------- d-----w- C:\Users\Eun\AppData\Roaming\Malwarebytes2013-12-27 17:43:31 -------- d-----w- C:\ProgramData\Malwarebytes2013-12-27 17:21:41 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{63E8847B-3E70-4496-BF69-8A6B39DC0891}\offreg.dll2013-12-27 16:54:30 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{63E8847B-3E70-4496-BF69-8A6B39DC0891}\mpengine.dll2013-12-27 02:34:15 -------- d-----w- C:\Users\Eun\AppData\Local\NPE2013-12-27 02:34:15 -------- d-----w- C:\ProgramData\Norton2013-12-17 03:24:51 -------- d-----w- C:\Program Files (x86)\Naver2013-12-13 02:29:57 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe2013-12-13 02:29:57 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe2013-12-13 02:29:56 12625920 ----a-w- C:\windows\System32\wmploc.DLL2013-12-13 02:29:56 12625408 ----a-w- C:\windows\SysWow64\wmploc.DLL2013-12-12 08:18:34 335360 ----a-w- C:\windows\System32\msieftp.dll2013-12-11 15:27:35 -------- d-----w- C:\Users\Eun\AppData\Roaming\AVAST Software2013-12-04 02:09:05 -------- d-----w- C:\Program Files\iPod2013-12-04 02:09:04 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-12-04 02:09:04 -------- d-----w- C:\Program Files\iTunes2013-12-04 02:09:04 -------- d-----w- C:\Program Files (x86)\iTunes.==================== Find3M ====================.2013-12-11 12:06:56 92544 ----a-w- C:\windows\System32\drivers\aswRdr2.sys2013-12-11 12:06:56 84328 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys2013-12-11 12:06:56 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys2013-12-11 12:06:56 205320 ----a-w- C:\windows\System32\drivers\aswVmm.sys2013-12-11 12:06:56 1032416 ----a-w- C:\windows\System32\drivers\aswSnx.sys2013-12-11 12:06:55 43152 ----a-w- C:\windows\avastSS.scr2013-12-11 00:18:18 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-12-11 00:18:18 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe2013-11-26 10:19:07 2724864 ----a-w- C:\windows\System32\mshtml.tlb2013-11-26 10:18:23 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll2013-11-26 09:48:07 66048 ----a-w- C:\windows\System32\iesetup.dll2013-11-26 09:46:25 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll2013-11-26 09:23:02 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb2013-11-26 09:18:39 139264 ----a-w- C:\windows\System32\ieUnatt.exe2013-11-26 09:18:09 111616 ----a-w- C:\windows\System32\ieetwcollector.exe2013-11-26 09:16:57 708608 ----a-w- C:\windows\System32\jscript9diag.dll2013-11-26 08:35:02 5769216 ----a-w- C:\windows\System32\jscript9.dll2013-11-26 08:28:16 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll2013-11-26 08:16:12 4243968 ----a-w- C:\windows\SysWow64\jscript9.dll2013-11-26 08:02:16 1995264 ----a-w- C:\windows\System32\inetcpl.cpl2013-11-26 07:32:06 1928192 ----a-w- C:\windows\SysWow64\inetcpl.cpl2013-11-26 07:07:57 2334208 ----a-w- C:\windows\System32\wininet.dll2013-11-26 06:33:33 1820160 ----a-w- C:\windows\SysWow64\wininet.dll2013-11-23 18:26:20 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll2013-11-23 17:47:34 465920 ----a-w- C:\windows\System32\WMPhoto.dll2013-11-22 14:36:01 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll2013-11-21 12:08:55 46368 ----a-w- C:\windows\System32\drivers\avgtpx64.sys2013-11-19 08:33:38 267936 ------w- C:\windows\System32\MpSigStub.exe2013-11-12 02:23:09 2048 ----a-w- C:\windows\System32\tzres.dll2013-11-12 02:07:29 2048 ----a-w- C:\windows\SysWow64\tzres.dll2013-10-30 02:19:52 301568 ----a-w- C:\windows\SysWow64\msieftp.dll2013-10-30 01:24:31 3155968 ----a-w- C:\windows\System32\win32k.sys2013-10-19 02:18:57 81408 ----a-w- C:\windows\System32\imagehlp.dll2013-10-19 01:36:59 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll2013-10-12 02:32:04 150016 ----a-w- C:\windows\System32\wshom.ocx2013-10-12 02:31:04 202752 ----a-w- C:\windows\System32\scrrun.dll2013-10-12 02:30:42 830464 ----a-w- C:\windows\System32\nshwfp.dll2013-10-12 02:29:21 859648 ----a-w- C:\windows\System32\IKEEXT.DLL2013-10-12 02:29:08 324096 ----a-w- C:\windows\System32\FWPUCLNT.DLL2013-10-12 02:04:36 121856 ----a-w- C:\windows\SysWow64\wshom.ocx2013-10-12 02:03:31 163840 ----a-w- C:\windows\SysWow64\scrrun.dll2013-10-12 02:03:08 656896 ----a-w- C:\windows\SysWow64\nshwfp.dll2013-10-12 02:01:25 216576 ----a-w- C:\windows\SysWow64\FWPUCLNT.DLL2013-10-12 01:33:39 156160 ----a-w- C:\windows\System32\cscript.exe2013-10-12 01:33:26 168960 ----a-w- C:\windows\System32\wscript.exe2013-10-12 01:15:48 141824 ----a-w- C:\windows\SysWow64\wscript.exe2013-10-12 01:15:48 126976 ----a-w- C:\windows\SysWow64\cscript.exe2013-10-05 20:25:35 1474048 ----a-w- C:\windows\System32\crypt32.dll2013-10-05 19:57:25 1168384 ----a-w- C:\windows\SysWow64\crypt32.dll2013-10-04 02:28:31 190464 ----a-w- C:\windows\System32\SmartcardCredentialProvider.dll2013-10-04 02:25:17 197120 ----a-w- C:\windows\System32\credui.dll2013-10-04 02:24:49 1930752 ----a-w- C:\windows\System32\authui.dll2013-10-04 02:16:30 116736 ----a-w- C:\windows\System32\drivers\drmk.sys2013-10-04 01:58:50 152576 ----a-w- C:\windows\SysWow64\SmartcardCredentialProvider.dll2013-10-04 01:56:25 168960 ----a-w- C:\windows\SysWow64\credui.dll2013-10-04 01:56:00 1796096 ----a-w- C:\windows\SysWow64\authui.dll2013-10-04 01:36:04 230400 ----a-w- C:\windows\System32\drivers\portcls.sys2013-10-03 02:23:48 404480 ----a-w- C:\windows\System32\gdi32.dll2013-10-03 02:00:44 311808 ----a-w- C:\windows\SysWow64\gdi32.dll.============= FINISH: 11:47:38.84 =============== -- Attach: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume2Install Date: 2/3/2012 5:36:00 PMSystem Uptime: 12/28/2013 8:54:56 AM (3 hours ago).Motherboard: Dell Inc. | | 0Y0RMGProcessor: Intel® Core i5-2430M CPU @ 2.40GHz | CPU 1 | 2401/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 581 GiB total, 431.203 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}Description: USB Video DeviceDevice ID: USB\VID_1BCF&PID_2880&MI_00\7&B2FCF74&0&0000Manufacturer: MicrosoftName: Integrated WebcamPNP Device ID: USB\VID_1BCF&PID_2880&MI_00\7&B2FCF74&0&0000Service: usbvideo.Class GUID:Description: hp LaserJet 9050Device ID: ROOT\MULTIFUNCTION\0001Manufacturer:Name: hp LaserJet 9050PNP Device ID: ROOT\MULTIFUNCTION\0001Service:.==== System Restore Points ===================.RP237: 12/17/2013 8:59:17 AM - Windows UpdateRP238: 12/24/2013 3:29:53 AM - Windows UpdateRP239: 12/27/2013 11:53:43 AM - Windows Update.==== Installed Programs ======================.????????64 Bit HP CIO Components InstallerAccidental Damage Services AgreementAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.8)Advanced Audio FX EngineApple Application SupportApple Mobile Device SupportApple Software Updateavast! Free AntivirusAVG SafeGuard toolbarBanctec Service AgreementBandicamBandisoft MPEG-1 DecoderBejeweled 2 DeluxeBing Rewards Client InstallerBlackhawk Striker 2BonjourBounce SymphonyBufferChmBuild-a-lot 2C&C 3: The ForgottenC4700Cake ManiaCCleanerChuzzle DeluxeCommand & Conquer 3Command & Conquer™ 4 Tiberian TwilightCommand & Conquer™ Red Alert™ 3 UprisingComplete Care Business Service AgreementConsumer In-Home Service AgreementD3DX10Defcon v1.43Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDell DataSafe Local BackupDell DataSafe Local Backup - Support SoftwareDell DataSafe OnlineDell Edoc ViewerDell Getting Started GuideDell Home Systems Service AgreementDell MusicStageDell PhotoStageDell Resource CDDell StageDell TouchpadDell VideoStageDell Webcam CentralDestinationsDeviceDiscoveryDiner Dash 2 Restaurant RescueDirectX 9 RuntimeDora's World AdventureeBayElsword version v3.1106.5.1Escape Whisper Valley Farm FrenzyFATEFiddlerFinal Drive FuryFinal Drive NitroFree YouTube Download version 3.2.12.827Free YouTube to MP3 Converter version 3.12.12.827Google ChromeGoogle Update HelperGPBaseService2HeroesGoHewlett-Packard ACLM.NET v1.1.0.0Hotspot Shield 2.93HP Customer Participation Program 14.0HP Imaging Device Functions 14.0HP Photo CreationsHP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6HP Product DetectionHP Smart Web Printing 4.60HP Solution Center 14.0HP UpdateHPDiagnosticAlertHPPhotoGadgetHPProductAssistantHPSSupplyiCloudIDT AudioIntel PROSet WirelessIntel® Control CenterIntel® Management Engine ComponentsIntel® Processor GraphicsIntel® PROSet/Wireless Software for Bluetooth® TechnologyIntel® PROSet/Wireless WiFi SoftwareIntel® Rapid Storage TechnologyIntel® Turbo Boost Technology Monitor 2.0Intel® WiDiIntel® Wireless DisplayiTunesJava 7 Update 17 (64-bit)Java 7 Update 45Java Auto UpdaterJava SE Development Kit 7 Update 11 (64-bit)Java 6 Update 31Java 6 Update 39 (64-bit)JavaFX 2.1.1Jewel QuestJewel Quest Solitaire 2Juniper Networks, Inc. Setup ClientJuniper Networks, Inc. Setup Client Activex ControlJunk Mail filter updateLuniaLuxorMarketResearchMesh RuntimeMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Games for Windows - LIVE RedistributableMicrosoft Games for Windows MarketplaceMicrosoft Mouse and Keyboard CenterMicrosoft Office 2010Microsoft Office Access database engine 2007 (English)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Home and Student 2010Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Single Image 2010Microsoft Office Word MUI (English) 2010Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319Mozilla Firefox 26.0 (x86 en-US)Mozilla Maintenance ServiceMSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP2 Parser and SDKMy DellMyTomTom 3.2.0.700Namco All-Stars PAC-MANNCLEX-RN 4000 - Individual VersionNero 10 Movie ThemePack BasicNero Blu-ray PlayerNero Control Center 10Nero ControlCenter 10 Help (CHM)Nero Core Components 10Nero UpdateNetwork64Nexon Game ManagerPando Media BoosterPenguins!PhotoShowExpressPlants vs. Zombies - Game of the YearPlayReady PC Runtime x86Poker Superstars IIIPolar BowlerPolar GolferPowerISOPremium Service AgreementPS_AIO_06_C4700_SW_MinQualxServ Service AgreementQuickset64QuickTimeQuickTransferRBVirtualFolder64InstRealtek Ethernet Controller DriverRealtek USB 2.0 Card ReaderRenesas Electronics USB 3.0 Host Controller DriverRoxio Activation ModuleRoxio BackOnTrackRoxio BurnRoxio Creator StarterRoxio Express Labeler 3Roxio File BackupSamantha SwiftScanSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553284) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687423) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826023) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826035) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2850016) 32-Bit EditionSecurity Update for Microsoft Outlook 2010 (KB2837597) 32-Bit EditionService Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit EditionShop for HP SuppliesSkype Click to CallSkype™ 6.11SmartWebPrintingSolutionCenterSonic CinePlayer Decoder PackStatusSyncUPToolboxTrayAppTrustedIDTrustedID IDMonitor Identity ProtectionUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2836939)Update for Microsoft .NET Framework 4 Extended (KB2836939v3)Update for Microsoft Access 2010 (KB2553446) 32-Bit EditionUpdate for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589298) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589352) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589375) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2597087) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760598) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2794737) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2826026) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2850079) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2810072) 32-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2553145) 32-Bit EditionUpdate for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit EditionUpdate for Microsoft Word 2010 (KB2837593) 32-Bit EditionUpdate Installer for WildTangent Games AppUSIM Editor 1.0.35.0Virtual Villagers 4 - The Tree of LifeVisual Studio C++ 10.0 RuntimeWebRegWedding Dash - Ready, Aim, Love!WildTangent GamesWildTangent Games App (Dell Games)Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWindSlayer 2WinRAR 4.10 (64-bit)Yahoo! ToolbarZinio Reader 4Zuma Deluxe.==== Event Viewer Messages From Past Week ========.12/28/2013 8:56:10 AM, Error: Service Control Manager [7000] - The Afa Card Reader Service service failed to start due to the following error: The system cannot find the file specified.12/26/2013 9:27:48 PM, Error: Service Control Manager [7023] - The HP Network Devices Support service terminated with the following error: %%-214746724312/26/2013 10:24:01 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.12/26/2013 10:21:08 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.12/26/2013 10:21:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}12/26/2013 10:21:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}12/26/2013 10:20:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}12/26/2013 10:20:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}12/26/2013 10:17:01 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\IWMSSvc.dll Error Code: 2112/26/2013 10:16:45 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswRvrt aswSnx aswSP aswTdi aswVmm discache SCDEmu spldr Wanarpv612/26/2013 10:16:11 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .12/26/2013 10:04:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}12/26/2013 10:03:25 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.12/26/2013 10:03:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}12/26/2013 10:02:45 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswRvrt aswSnx aswSP aswTdi aswVmm DfsC discache HssDRV6 NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl12/26/2013 10:02:42 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.12/26/2013 10:02:42 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.12/26/2013 10:02:42 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.12/26/2013 10:02:42 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.12/26/2013 10:02:42 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.12/26/2013 10:02:42 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.12/26/2013 10:02:42 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.12/26/2013 10:02:42 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.12/26/2013 10:02:42 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.12/26/2013 10:02:42 PM, Error: Service Control Manager [7001] - The Hotspot Shield Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.12/26/2013 10:02:42 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.12/26/2013 10:02:42 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.12/24/2013 4:43:21 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.12/24/2013 4:43:21 AM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.12/23/2013 9:39:52 PM, Error: Service Control Manager [7031] - The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.12/21/2013 10:52:35 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service service to connect.12/21/2013 10:52:35 AM, Error: Service Control Manager [7000] - The Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion..==== End Of File =========================== -- Finally I did a RougeKill but did NOT do any other action after the scan: RogueKiller V8.8.0 [Dec 27 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.comOperating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Eun [Admin rights]Mode : Scan -- Date : 12/28/2013 11:52:33| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 2 ¤¤¤[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 0 ¤¤¤¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Browser Addons : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤[ZeroAccess][File] @ : C:\Users\Eun\AppData\Local\{a47d8b6a-ff28-849b-8f6e-21831dfb042a}\@ [-] --> FOUND[ZeroAccess][Folder] U : C:\WINDOWS\Installer\{a47d8b6a-ff28-849b-8f6e-21831dfb042a}\U [-] --> FOUND[ZeroAccess][Folder] U : C:\Users\Eun\AppData\Local\{a47d8b6a-ff28-849b-8f6e-21831dfb042a}\U [-] --> FOUND[ZeroAccess][Folder] L : C:\WINDOWS\Installer\{a47d8b6a-ff28-849b-8f6e-21831dfb042a}\L [-] --> FOUND[ZeroAccess][Folder] L : C:\Users\Eun\AppData\Local\{a47d8b6a-ff28-849b-8f6e-21831dfb042a}\L [-] --> FOUND¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ZeroAccess ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hostsÿþ1¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD6400BPVT-75HXZT3 +++++--- User ---[MBR] 2ecb667720908531b739768c4b5ab7d6[bSP] f3e38db2d3b49d7610a8d76330b5a2d3 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 595378 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_S_12282013_115233.txt >>RKreport[0]_S_12282013_113724.txt Link to post Share on other sites More sharing options...
MrCharlie Posted December 28, 2013 ID:770023 Share Posted December 28, 2013 Please read the following information first. You're infected with Rootkit.ZeroAccess, a BackDoor Trojan. BACKDOOR WARNING ------------------------------ One or more of the identified infections is known to use a backdoor. This allows hackers to remotely control your computer, steal critical system information and download and execute files. I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451 When Should I Format, How Should I Reinstall http://www.dslreports.com/faq/10063 I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards. I would change all my passwords and keep a close eye on all your sensitive accounts. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps. ----------------------------------------- Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?) Please make sure you click download buttons that look similar to this, not "sponsored ad links": Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.If the logs are large, you can attach them: To attach a log: Bottom right corner of this page. New window that comes up. MrC Link to post Share on other sites More sharing options...
HyperPhoenix Posted December 28, 2013 Author ID:770090 Share Posted December 28, 2013 Will replacing my hard drive and loading the OS be another solution? Link to post Share on other sites More sharing options...
MrCharlie Posted December 28, 2013 ID:770092 Share Posted December 28, 2013 Yes it would, but you don't have to replace the hard drive. Formatting the hard drive and installing a new operating system will get rid of any virus on the system. MrC Link to post Share on other sites More sharing options...
HyperPhoenix Posted December 28, 2013 Author ID:770093 Share Posted December 28, 2013 And finally, backing up my vital files after post-exposure would be useless because transferring the files to the reformatted drive would carry the same Trojan as well? Link to post Share on other sites More sharing options...
MrCharlie Posted December 28, 2013 ID:770095 Share Posted December 28, 2013 It's possible, I suggest we clean the computer first, then you can do what ever you want. MrC Link to post Share on other sites More sharing options...
HyperPhoenix Posted December 29, 2013 Author ID:770153 Share Posted December 29, 2013 Ok files postedFRST.txtAddition.txt Link to post Share on other sites More sharing options...
MrCharlie Posted December 29, 2013 ID:770253 Share Posted December 29, 2013 Download the attached fixlist.txt to the same folder as FRST. Run FRST.exe and click Fix only once and wait The tool will create a log (Fixlog.txt) in the folder, please post it to your reply. Then...... Download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txtTo attach a log if needed: Bottom right corner of this page. New window that comes up. MrC Link to post Share on other sites More sharing options...
HyperPhoenix Posted December 30, 2013 Author ID:770542 Share Posted December 30, 2013 Files posted:Fixlog.txtmbar-log-2013-12-30 (01-01-04).txtmbar-log-2013-12-30 (01-39-40).txtsystem-log.txt Link to post Share on other sites More sharing options...
MrCharlie Posted December 30, 2013 ID:770590 Share Posted December 30, 2013 OK...Next: Please download and run ComboFix. The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop. Please visit this webpage for download links, and instructions for running ComboFix http://www.bleepingcomputer.com/combofix/how-to-use-combofix Please make sure you click download buttons that look similar to this, not "sponsored ad links": Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Information on disabling your malware programs can be found Here. Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed. Please include the C:\ComboFix.txt in your next reply for further review. ---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed. MrC Link to post Share on other sites More sharing options...
HyperPhoenix Posted December 30, 2013 Author ID:770743 Share Posted December 30, 2013 ComboFix 13-12-29.01 - Eun 12/30/2013 14:43:31.2.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.4468 [GMT -5:00]Running from: c:\users\Eun\Desktop\ComboFix.exeAV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\ENDc:\programdata\PCDr\6422\AddOnDownloaded\1aff7cd0-71c5-4682-8a81-f3488d648a52.dllc:\programdata\PCDr\6422\AddOnDownloaded\4024761b-0217-45f9-98b3-a2cd8c309252.dllc:\programdata\PCDr\6422\AddOnDownloaded\5eb0ad41-431b-4bf8-b498-110b0b5cd0ab.dllc:\programdata\PCDr\6422\AddOnDownloaded\61c13bfc-28f4-44bc-beec-efa429fa40f0.dllc:\programdata\PCDr\6422\AddOnDownloaded\721f0e40-f9ae-403d-b919-f31f136f926d.dllc:\programdata\PCDr\6422\AddOnDownloaded\a42876a0-cd50-444f-b999-c31d0b73f57c.dllc:\programdata\PCDr\6422\AddOnDownloaded\b46fef86-eb4a-44db-ad48-0c00477a0097.dllc:\programdata\PCDr\6422\AddOnDownloaded\ec1edaed-f34f-4e3a-96eb-bbdad2af9a8a.dllc:\programdata\PCDr\6422\AddOnDownloaded\f63e05a5-1f40-4c42-b80a-d0995b6e38a7.dllc:\users\Eun\Documents\~WRL2733.tmpc:\windows\wininit.ini..((((((((((((((((((((((((( Files Created from 2013-11-28 to 2013-12-30 )))))))))))))))))))))))))))))))..2013-12-30 19:57 . 2013-12-30 19:57 -------- d-----w- c:\users\Public\AppData\Local\temp2013-12-30 19:57 . 2013-12-30 19:57 -------- d-----w- c:\users\fbwuser\AppData\Local\temp2013-12-30 19:57 . 2013-12-30 19:57 -------- d-----w- c:\users\Default\AppData\Local\temp2013-12-30 07:31 . 2013-12-30 19:49 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{63E8847B-3E70-4496-BF69-8A6B39DC0891}\offreg.dll2013-12-30 06:01 . 2013-12-30 06:39 117464 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2013-12-30 06:00 . 2013-12-30 06:38 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2013-12-29 13:55 . 2013-12-29 13:55 -------- d-----w- c:\users\Eun\AppData\Local\CrashDumps2013-12-29 05:58 . 2013-12-30 05:58 -------- d-----w- C:\FRST2013-12-28 16:36 . 2013-12-28 16:52 29696 ----a-w- c:\windows\system32\drivers\scfilter.sys.bak2013-12-27 17:43 . 2013-12-27 17:43 -------- d-----w- c:\users\Eun\AppData\Roaming\Malwarebytes2013-12-27 17:43 . 2013-12-27 17:43 -------- d-----w- c:\programdata\Malwarebytes2013-12-27 16:54 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{63E8847B-3E70-4496-BF69-8A6B39DC0891}\mpengine.dll2013-12-27 02:34 . 2013-12-27 03:25 -------- d-----w- c:\users\Eun\AppData\Local\NPE2013-12-27 02:34 . 2013-12-27 02:34 -------- d-----w- c:\programdata\Norton2013-12-27 02:32 . 2013-12-27 02:32 -------- d-----w- c:\users\norton2013-12-17 03:24 . 2013-12-17 03:45 -------- d-----w- c:\program files (x86)\Naver2013-12-13 02:29 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe2013-12-13 02:29 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe2013-12-13 02:29 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL2013-12-13 02:29 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL2013-12-13 02:29 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll2013-12-12 08:18 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll2013-12-11 15:27 . 2013-12-11 15:27 -------- d-----w- c:\users\Eun\AppData\Roaming\AVAST Software2013-12-04 02:09 . 2013-12-04 02:09 -------- d-----w- c:\program files\iPod2013-12-04 02:09 . 2013-12-04 02:09 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF692013-12-04 02:09 . 2013-12-04 02:09 -------- d-----w- c:\program files\iTunes2013-12-04 02:09 . 2013-12-04 02:09 -------- d-----w- c:\program files (x86)\iTunes...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-12-14 08:00 . 2012-02-05 18:37 90708896 ----a-w- c:\windows\system32\MRT.exe2013-12-11 12:06 . 2013-03-08 17:13 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys2013-12-11 12:06 . 2013-03-08 17:13 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys2013-12-11 12:06 . 2012-04-11 15:51 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys2013-12-11 12:06 . 2012-02-03 22:43 409832 ----a-w- c:\windows\system32\drivers\aswSP.sys2013-12-11 12:06 . 2012-02-03 22:43 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys2013-12-11 12:06 . 2012-02-03 22:43 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys2013-12-11 12:06 . 2012-02-03 22:43 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys2013-12-11 12:06 . 2012-02-03 22:43 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2013-12-11 12:06 . 2012-02-03 22:43 334648 ----a-w- c:\windows\system32\aswBoot.exe2013-12-11 12:06 . 2012-02-03 22:43 43152 ----a-w- c:\windows\avastSS.scr2013-12-11 00:18 . 2012-04-11 18:19 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-12-11 00:18 . 2012-02-08 21:07 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-11-26 07:15 . 2013-11-26 07:15 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe2013-11-26 07:15 . 2013-11-26 07:15 194048 ----a-w- c:\windows\SysWow64\elshyph.dll2013-11-26 07:15 . 2013-11-26 07:15 942592 ----a-w- c:\windows\system32\jsIntl.dll2013-11-26 07:15 . 2013-11-26 07:15 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll2013-11-26 07:15 . 2013-11-26 07:15 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2013-11-26 07:15 . 2013-11-26 07:15 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe2013-11-26 07:15 . 2013-11-26 07:15 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe2013-11-26 07:15 . 2013-11-26 07:15 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll2013-11-26 07:15 . 2013-11-26 07:15 62464 ----a-w- c:\windows\SysWow64\tdc.ocx2013-11-26 07:15 . 2013-11-26 07:15 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll2013-11-26 07:15 . 2013-11-26 07:15 61952 ----a-w- c:\windows\SysWow64\iesetup.dll2013-11-26 07:15 . 2013-11-26 07:15 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll2013-11-26 07:15 . 2013-11-26 07:15 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll2013-11-26 07:15 . 2013-11-26 07:15 454656 ----a-w- c:\windows\SysWow64\vbscript.dll2013-11-26 07:15 . 2013-11-26 07:15 36352 ----a-w- c:\windows\SysWow64\imgutil.dll2013-11-26 07:15 . 2013-11-26 07:15 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll2013-11-26 07:15 . 2013-11-26 07:15 337408 ----a-w- c:\windows\SysWow64\html.iec2013-11-26 07:15 . 2013-11-26 07:15 247808 ----a-w- c:\windows\system32\msls31.dll2013-11-26 07:15 . 2013-11-26 07:15 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll2013-11-26 07:15 . 2013-11-26 07:15 235008 ----a-w- c:\windows\system32\elshyph.dll2013-11-26 07:15 . 2013-11-26 07:15 195584 ----a-w- c:\windows\system32\msrating.dll2013-11-26 07:15 . 2013-11-26 07:15 182272 ----a-w- c:\windows\SysWow64\msls31.dll2013-11-26 07:15 . 2013-11-26 07:15 151552 ----a-w- c:\windows\SysWow64\iexpress.exe2013-11-26 07:15 . 2013-11-26 07:15 139264 ----a-w- c:\windows\SysWow64\wextract.exe2013-11-26 07:15 . 2013-11-26 07:15 13312 ----a-w- c:\windows\SysWow64\mshta.exe2013-11-26 07:15 . 2013-11-26 07:15 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe2013-11-26 07:15 . 2013-11-26 07:15 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll2013-11-26 07:15 . 2013-11-26 07:15 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll2013-11-26 07:15 . 2013-11-26 07:15 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2013-11-26 07:15 . 2013-11-26 07:15 84992 ----a-w- c:\windows\system32\mshtmled.dll2013-11-26 07:15 . 2013-11-26 07:15 83968 ----a-w- c:\windows\system32\MshtmlDac.dll2013-11-26 07:15 . 2013-11-26 07:15 81408 ----a-w- c:\windows\system32\icardie.dll2013-11-26 07:15 . 2013-11-26 07:15 774144 ----a-w- c:\windows\system32\jscript.dll2013-11-26 07:15 . 2013-11-26 07:15 77312 ----a-w- c:\windows\system32\tdc.ocx2013-11-26 07:15 . 2013-11-26 07:15 626176 ----a-w- c:\windows\system32\msfeeds.dll2013-11-26 07:15 . 2013-11-26 07:15 62464 ----a-w- c:\windows\system32\pngfilt.dll2013-11-26 07:15 . 2013-11-26 07:15 616104 ----a-w- c:\windows\system32\ieapfltr.dat2013-11-26 07:15 . 2013-11-26 07:15 548352 ----a-w- c:\windows\system32\vbscript.dll2013-11-26 07:15 . 2013-11-26 07:15 52224 ----a-w- c:\windows\system32\msfeedsbs.dll2013-11-26 07:15 . 2013-11-26 07:15 48640 ----a-w- c:\windows\system32\mshtmler.dll2013-11-26 07:15 . 2013-11-26 07:15 48128 ----a-w- c:\windows\system32\imgutil.dll2013-11-26 07:15 . 2013-11-26 07:15 453120 ----a-w- c:\windows\system32\dxtmsft.dll2013-11-26 07:15 . 2013-11-26 07:15 413696 ----a-w- c:\windows\system32\html.iec2013-11-26 07:15 . 2013-11-26 07:15 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll2013-11-26 07:15 . 2013-11-26 07:15 30208 ----a-w- c:\windows\system32\licmgr10.dll2013-11-26 07:15 . 2013-11-26 07:15 296960 ----a-w- c:\windows\system32\dxtrans.dll2013-11-26 07:15 . 2013-11-26 07:15 263376 ----a-w- c:\windows\system32\iedkcs32.dll2013-11-26 07:15 . 2013-11-26 07:15 243200 ----a-w- c:\windows\system32\webcheck.dll2013-11-26 07:15 . 2013-11-26 07:15 235520 ----a-w- c:\windows\system32\url.dll2013-11-26 07:15 . 2013-11-26 07:15 167424 ----a-w- c:\windows\system32\iexpress.exe2013-11-26 07:15 . 2013-11-26 07:15 147968 ----a-w- c:\windows\system32\occache.dll2013-11-26 07:15 . 2013-11-26 07:15 143872 ----a-w- c:\windows\system32\wextract.exe2013-11-26 07:15 . 2013-11-26 07:15 13824 ----a-w- c:\windows\system32\mshta.exe2013-11-26 07:15 . 2013-11-26 07:15 135680 ----a-w- c:\windows\system32\iepeers.dll2013-11-26 07:15 . 2013-11-26 07:15 13312 ----a-w- c:\windows\system32\msfeedssync.exe2013-11-26 07:15 . 2013-11-26 07:15 131072 ----a-w- c:\windows\system32\IEAdvpack.dll2013-11-26 07:15 . 2013-11-26 07:15 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll2013-11-26 07:15 . 2013-11-26 07:15 105984 ----a-w- c:\windows\system32\iesysprep.dll2013-11-26 07:15 . 2013-11-26 07:15 101376 ----a-w- c:\windows\system32\inseng.dll2013-11-22 14:36 . 2013-11-22 14:36 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-11-19 08:33 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe2013-10-14 23:00 . 2013-11-26 07:18 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE2013-10-12 02:30 . 2013-11-14 06:36 830464 ----a-w- c:\windows\system32\nshwfp.dll2013-10-12 02:29 . 2013-11-14 06:36 859648 ----a-w- c:\windows\system32\IKEEXT.DLL2013-10-12 02:29 . 2013-11-14 06:36 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL2013-10-12 02:03 . 2013-11-14 06:36 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll2013-10-12 02:01 . 2013-11-14 06:36 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL2013-10-05 20:25 . 2013-11-14 06:37 1474048 ----a-w- c:\windows\system32\crypt32.dll2013-10-05 19:57 . 2013-11-14 06:37 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll2013-10-04 02:28 . 2013-11-14 06:37 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll2013-10-04 02:25 . 2013-11-14 06:37 197120 ----a-w- c:\windows\system32\credui.dll2013-10-04 02:24 . 2013-11-14 06:37 1930752 ----a-w- c:\windows\system32\authui.dll2013-10-04 01:58 . 2013-11-14 06:37 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll2013-10-04 01:56 . 2013-11-14 06:37 168960 ----a-w- c:\windows\SysWow64\credui.dll2013-10-04 01:56 . 2013-11-14 06:37 1796096 ----a-w- c:\windows\SysWow64\authui.dll2013-10-03 02:23 . 2013-11-14 06:36 404480 ----a-w- c:\windows\system32\gdi32.dll2013-10-03 02:00 . 2013-11-14 06:36 311808 ----a-w- c:\windows\SysWow64\gdi32.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-08-21 67496]"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-30 885760]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]"USBestCR"="c:\program files (x86)\USIM Editor\iconcs10970707.exe" [2010-07-02 7041024]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-11 3568312].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"RequireSignedAppInit_DLLs"=0 (0x0)"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"mixer"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver".R2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv64.exe;c:\windows\SYSNATIVE\afasrv64.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10x64.sys;c:\windows\SYSNATIVE\Drivers\MHIKEY10x64.sys [x]R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]R3 NTPASp50a64;NTPASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\NTPASp50a64.sys;c:\windows\SYSNATIVE\Drivers\NTPASp50a64.sys [x]R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 X6va005;X6va005;c:\users\Eun\AppData\Local\Temp\005B2AF.tmp;c:\users\Eun\AppData\Local\Temp\005B2AF.tmp [x]R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]R3 X6va010;X6va010;c:\windows\SysWOW64\Drivers\X6va010;c:\windows\SysWOW64\Drivers\X6va010 [x]R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]R3 X6va013;X6va013;c:\windows\SysWOW64\Drivers\X6va013;c:\windows\SysWOW64\Drivers\X6va013 [x]R3 X6va015;X6va015;c:\windows\SysWOW64\Drivers\X6va015;c:\windows\SysWOW64\Drivers\X6va015 [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]R4 X6va006;X6va006;c:\users\Eun\AppData\Local\Temp\00643D5.tmp;c:\users\Eun\AppData\Local\Temp\00643D5.tmp [x]S0 aswRvrt;avast! Revert; [x]S0 aswVmm;avast! VM Monitor; [x]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]S1 aswKbd;aswKbd; [x]S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [x]S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-12-06 01:51 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-12-30 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 00:18].2013-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-03 22:43].2013-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-03 22:43]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]2013-04-22 19:11 287048 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2013-12-11 12:06 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-30 2055016]"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-03-15 178960]"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-03-27 11407120].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = <-loopback>IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Free YouTube Download - c:\users\Eun\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htmIE: Free YouTube to MP3 Converter - c:\users\Eun\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htmIE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105TCP: DhcpNameServer = 192.168.2.1FF - ProfilePath - c:\users\Eun\AppData\Roaming\Mozilla\Firefox\Profiles\jawynhf6.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: network.proxy.type - 0FF - ExtSQL: 2013-11-21 08:39; firefox@passwordbox.com; c:\program files (x86)\PasswordBox\FirefoxFF - ExtSQL: !HIDDEN! 2012-05-14 22:00; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKLM-Run-<NO NAME> - (no file)HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startAddRemove-Bandicam - c:\program files (x86)\Bandicam\uninstall.exeAddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]"ImagePath"="c:\windows\system32\GameMon.des -service".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]"ImagePath"="\??\c:\users\Eun\AppData\Local\Temp\005B2AF.tmp".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]"ImagePath"="\??\c:\users\Eun\AppData\Local\Temp\00643D5.tmp".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va009]"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va010]"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va010".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va012]"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va013]"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va013".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va015]"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va015".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-12-30 15:10:51ComboFix-quarantined-files.txt 2013-12-30 20:10.Pre-Run: 469,176,524,800 bytes freePost-Run: 472,525,078,528 bytes free.- - End Of File - - A6D9DAD3B69C9D7BBFA38BB55CAD9B88 Link to post Share on other sites More sharing options...
MrCharlie Posted December 30, 2013 ID:770753 Share Posted December 30, 2013 Lets clean out any adware/spyware now: (this will require a reboot so save all your work) Please download AdwCleaner by Xplode and save to your Desktop. Make sure you click on download buttons that look similar to this, not "sponsored ad links": Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.When it's done you'll see: Pending: Please uncheck elements you don't want removed.Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.Look over the log especially under Files/Folders for any program you want to save.If there's a program you may want to save, just uncheck it from AdwCleaner.If you're not sure, post the log for review. (all items found are adware/spyware/foistware)If you're ready to clean it all up.....click the Clean button.After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder.Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\QuarantineTo restore an item that has been deleted:Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.Then.................. Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal. Please Update and run a FULL Scan with Malwarebytes Anti-Malware, post the report. Make sure that everything is checked, and click Remove Selected. Please let me know how computer is running now, MrC Link to post Share on other sites More sharing options...
HyperPhoenix Posted December 30, 2013 Author ID:770777 Share Posted December 30, 2013 AdwCleaner\AdwCleaner[R0].txt# AdwCleaner v3.016 - Report created 30/12/2013 at 16:37:07# Updated 23/12/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Eun - Eun-PC# Running from : C:\Users\Eun\Desktop\AdwCleaner.exe# Option : Scan***** [ Services ] *****Service Found : hshldService Found : HssSrvService Found : hsstrayserviceService Found : hsswd***** [ Files / Folders ] *****File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\safeguard-secure-search.xmlFile Found : C:\Users\Public\Desktop\eBay.lnkFile Found : C:\Users\Eun\AppData\Roaming\Mozilla\Firefox\Profiles\jawynhf6.default\searchplugins\safeguard-secure-search.xmlFile Found : C:\Users\Eun\AppData\Roaming\Mozilla\Firefox\Profiles\jawynhf6.default\searchplugins\WebSearch.xmlFolder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.comFolder Found : C:\Users\norton\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblofFolder Found C:\Program Files (x86)\BrowseToSaveFolder Found C:\Program Files (x86)\Common Files\DVDVideoSoft\TBFolder Found C:\Program Files (x86)\hotspot shieldFolder Found C:\Program Files (x86)\WebSearchFolder Found C:\ProgramData\apnFolder Found C:\ProgramData\hotspot shieldFolder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shieldFolder Found C:\ProgramData\SoftSafeFolder Found C:\Users\Eun\AppData\Roaming\dvdvideosoftiehelpersFolder Found C:\windows\SysWOW64\hotspot shield***** [ Shortcuts ] ********** [ Registry ] *****Key Found : HKCU\Software\anchorfreeKey Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}Key Found : HKCU\Software\SoftonicKey Found : [x64] HKCU\Software\anchorfreeKey Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}Key Found : [x64] HKCU\Software\SoftonicKey Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}Key Found : HKLM\Software\hotspotshieldKey Found : HKLM\Software\InstallIQKey Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_avidemux_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_avidemux_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_halo-combat-evolved_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_halo-combat-evolved_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\wsconduit__166_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wsconduit__166_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshieldKey Found : HKLM\Software\SP GlobalKey Found : HKLM\Software\SProtectorKey Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}***** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.16428-\\ Mozilla Firefox v26.0 (en-US)[ File : C:\Users\Eun\AppData\Roaming\Mozilla\Firefox\Profiles\jawynhf6.default\prefs.js ]Line Found : user_pref("aol_toolbar.default.homepage.check", false);Line Found : user_pref("aol_toolbar.default.search.check", false);Line Found : user_pref("browser.search.defaultenginename,S", "WebSearch");Line Found : user_pref("browser.search.order.1,S", "WebSearch");Line Found : user_pref("browser.search.selectedEngine,S", "WebSearch");Line Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);Line Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);Line Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");Line Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");Line Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");Line Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");Line Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");Line Found : user_pref("sweetim.toolbar.searchguard.enable", "");*************************AdwCleaner[R0].txt - [7364 octets] - [30/12/2013 16:37:07]########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7424 octets] ########## Link to post Share on other sites More sharing options...
HyperPhoenix Posted December 30, 2013 Author ID:770780 Share Posted December 30, 2013 AdwCleaner\AdwCleaner[s0].txt : # AdwCleaner v3.016 - Report created 30/12/2013 at 16:43:12# Updated 23/12/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Eun - Eun-PC# Running from : C:\Users\Eun\Desktop\AdwCleaner.exe# Option : Clean***** [ Services ] *****Service Deleted : hshldService Deleted : HssSrv[#] Service Deleted : hsstrayserviceService Deleted : hsswd***** [ Files / Folders ] *****Folder Deleted : C:\ProgramData\apnFolder Deleted : C:\ProgramData\hotspot shieldFolder Deleted : C:\ProgramData\SoftSafeFolder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shieldFolder Deleted : C:\Program Files (x86)\BrowseToSaveFolder Deleted : C:\Program Files (x86)\hotspot shieldFolder Deleted : C:\Program Files (x86)\WebSearchFolder Deleted : C:\Program Files (x86)\Common Files\DVDVideoSoft\TBFolder Deleted : C:\windows\SysWOW64\hotspot shieldFolder Deleted : C:\Users\Eun\AppData\Roaming\dvdvideosoftiehelpersFolder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.comFolder Deleted : C:\Users\norton\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblofFile Deleted : C:\Users\Public\Desktop\eBay.lnkFile Deleted : C:\Users\Eun\AppData\Roaming\Mozilla\Firefox\Profiles\jawynhf6.default\searchplugins\safeguard-secure-search.xmlFile Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\safeguard-secure-search.xmlFile Deleted : C:\Users\Eun\AppData\Roaming\Mozilla\Firefox\Profiles\jawynhf6.default\searchplugins\WebSearch.xml***** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wsconduit__166_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wsconduit__166_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_avidemux_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_avidemux_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_halo-combat-evolved_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_halo-combat-evolved_RASMANCSKey Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}Key Deleted : HKCU\Software\anchorfreeKey Deleted : HKCU\Software\SoftonicKey Deleted : HKLM\Software\hotspotshieldKey Deleted : HKLM\Software\InstallIQKey Deleted : HKLM\Software\SP GlobalKey Deleted : HKLM\Software\SProtectorKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield***** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.16428-\\ Mozilla Firefox v26.0 (en-US)[ File : C:\Users\Eun\AppData\Roaming\Mozilla\Firefox\Profiles\jawynhf6.default\prefs.js ]Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);Line Deleted : user_pref("aol_toolbar.default.search.check", false);Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");*************************AdwCleaner[R0].txt - [7533 octets] - [30/12/2013 16:37:07]AdwCleaner[s0].txt - [7428 octets] - [30/12/2013 16:43:12]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7488 octets] ########## Link to post Share on other sites More sharing options...
HyperPhoenix Posted December 30, 2013 Author ID:770781 Share Posted December 30, 2013 Then..................Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.Please Update and run a FULL Scan with Malwarebytes Anti-Malware, post the report.Make sure that everything is checked, and click Remove Selected.Please let me know how computer is running now, MrC Is this another program because I don't see this option in the Anti-root kit program you told me to download from earlier Link to post Share on other sites More sharing options...
MrCharlie Posted December 30, 2013 ID:770799 Share Posted December 30, 2013 I'm sorry, you don't have it installed: http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-malware-tutorial MrC Link to post Share on other sites More sharing options...
HyperPhoenix Posted December 30, 2013 Author ID:770811 Share Posted December 30, 2013 No worries: Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.12.30.08Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476Eun :: Eun-PC [administrator]Protection: Disabled12/30/2013 4:53:53 PMmbam-log-2013-12-30 (16-53-53).txtScan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 476667Time elapsed: 58 minute(s), 11 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
MrCharlie Posted December 31, 2013 ID:770834 Share Posted December 31, 2013 OK...update and run a scan with your Avast and you should be OK. MrC Link to post Share on other sites More sharing options...
HyperPhoenix Posted December 31, 2013 Author ID:770923 Share Posted December 31, 2013 Nothing picked up on the full scan. Experiencing random slowdowns but it's not frequent though it can be me installing and using Malwarebytes pro Link to post Share on other sites More sharing options...
MrCharlie Posted December 31, 2013 ID:771104 Share Posted December 31, 2013 Well are you going to re-install the OS or just use it like this?? MrC Link to post Share on other sites More sharing options...
MrCharlie Posted January 2, 2014 ID:772041 Share Posted January 2, 2014 How are we doing?? Do you still need help or can I close this post?? MrC Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 3, 2014 Root Admin ID:772853 Share Posted January 3, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts