Jump to content

Recommended Posts

Hello,I was told to post log information here.Would appreciate the help.

Original thread is HERE.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.11.05.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
hungkeong :: HUNGKEONG-PC [administrator]
11/8/2013 8:32:29 PM
mbam-log-2013-11-08 (20-32-29).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215089
Time elapsed: 10 minute(s), 55 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 17
HKCRCLSID{5FA96DC4-5105-1832-7EF2-284DC394AE06} (PUP.Optional.Multiplug) -> Quarantined and deleted successfully.
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{5FA96DC4-5105-1832-7EF2-284DC394AE06} (PUP.Optional.Multiplug) -> Quarantined and deleted successfully.
HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtSettings{5FA96DC4-5105-1832-7EF2-284DC394AE06} (PUP.Optional.Multiplug) -> Quarantined and deleted successfully.
HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtStats{5FA96DC4-5105-1832-7EF2-284DC394AE06} (PUP.Optional.Multiplug) -> Quarantined and deleted successfully.
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{5FA96DC4-5105-1832-7EF2-284DC394AE06} (PUP.Optional.Multiplug) -> Quarantined and deleted successfully.
HKCRTypeLib{E2343056-CC08-46AC-B898-BFC7ACF4E755} (PUP.Optional.Multiplug) -> Quarantined and deleted successfully.
HKCRInterface{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} (PUP.Optional.Multiplug) -> Quarantined and deleted successfully.
HKCRCLSID{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCRCLSID{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCRTypeLib{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCRInterface{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCRUpdater.AmiUpd.1 (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCRUpdater.AmiUpd (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{1D2ABF6A-2B19-3E94-0991-5B5BDB7134DA} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
HKCUSOFTWAREMicrosoftWindowsCurrentVersionUninstallPriceFinder (PUP.Optional.PriceFinder.A) -> Quarantined and deleted successfully.
HKCUSoftwareAppDataLowSProtector (PUP.Optional.SProtector.A) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows|AppInit_DLLs (PUP.Optional.SProtect.A) -> Bad: (c:progra~2psupportpsupport.dll) Good: () -> Quarantined and repaired successfully.
Folders Detected: 1
C:ProgramDataShoppingChip (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
Files Detected: 9
C:Program Files (x86)PSupportpsupport.dll (PUP.Optional.SProtect.A) -> Quarantined and deleted successfully.
C:ProgramDataShoppingChipD.dll (PUP.Optional.Multiplug) -> Quarantined and deleted successfully.
C:UsershungkeongAppDataLocalSwvUpdaterUpdater.exe (PUP.Software.Updater) -> Quarantined and deleted successfully.
C:ProgramDataShoppingChipXB.exe (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:UsershungkeongAppDataRoamingPriceFinderPriceFinderUninstall.exe (PUP.Optional.PriceFinder.A) -> Quarantined and deleted successfully.
C:WindowsTasksAmiUpdXp.job (PUP.Software.Updater) -> Quarantined and deleted successfully.
C:ProgramDataShoppingChipD.dat (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:ProgramDataShoppingChipD.tlb (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:ProgramDataShoppingChipXB.dat (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
(end)
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720
Run by hungkeong at 21:15:24 on 2013-11-10
Microsoft Windows 7 Home Premium 6.1.7601.1.936.86.1033.18.1639.564 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition 2014 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:windowssystem32lsm.exe
C:windowssystem32svchost.exe -k DcomLaunch
C:Program Files (x86)IObitAdvanced SystemCare 6ASCService.exe
C:windowssystem32svchost.exe -k RPCSS
C:windowssystem32atiesrxx.exe
C:windowsSystem32svchost.exe -k LocalServiceNetworkRestricted
C:windowsSystem32svchost.exe -k LocalSystemNetworkRestricted
C:windowssystem32svchost.exe -k LocalService
C:windowssystem32svchost.exe -k netsvcs
C:windowssystem32svchost.exe -k NetworkService
C:windowssystem32atieclxx.exe
C:windowsSystem32spoolsv.exe
C:windowssystem32svchost.exe -k LocalServiceNoNetwork
C:Program Files (x86)AskPartnerNetworkToolbarapnmcp.exe
C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:windowssystem32svchost.exe -k LocalServiceAndNoImpersonation
C:Program Files (x86)Norton PC CheckupEngine2.0.10.26ccSvcHst.exe
C:windowssystem32svchost.exe -k imgsvc
C:windowssystem32TODDSrv.exe
C:Program FilesTOSHIBAPower SaverTosCoSrv.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe
C:windowssystem32taskhost.exe
C:Program Files (x86)Norton PC CheckupEngine2.0.10.26ccSvcHst.exe
C:windowssystem32Dwm.exe
C:windowsExplorer.EXE
C:windowssystem32taskeng.exe
C:Program Files (x86)ExpressFilesEFUpdater.exe
C:Program FilesElantechETDCtrl.exe
C:Program FilesTOSHIBAPower SaverTPwrMain.exe
C:Program FilesTOSHIBASmoothViewSmoothView.exe
C:Program FilesTOSHIBAFlashCardsTCrdMain.exe
C:Program FilesTOSHIBABulletinBoardTosNcCore.exe
C:Program FilesTOSHIBAReelTimeTosReelTimeMonitor.exe
C:Program Files (x86)Common FilesPPLiveNetworkPPAP.exe
C:Program Files (x86)ToshibaTOSHIBA Service StationToshibaServiceStation.exe
C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe
C:Program FilesElantechETDCtrlHelper.exe
C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe
C:windowssystem32SearchIndexer.exe
C:Program Files (x86)TOSHIBATOSHIBA Service StationTMachInfo.exe
C:windowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe
C:windowsSysWOW64svchost.exe -k PPTVServiceGroup
C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSmartSrv.exe
C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSENotify.exe
C:Program Files (x86)AVGAVG2014avgwdsvc.exe
C:Program Files (x86)AVGAVG2014avgrsa.exe
C:Program Files (x86)AVGAVG2014avgcsrva.exe
C:Program Files (x86)AVGAVG2014avgui.exe
C:Program Files (x86)AVGAVG2014avgcfgex.exe
C:windowssystem32svchost.exe -k SDRSVC
C:windowssystem32taskeng.exe
C:windowssystem32wbemwmiprvse.exe
C:windowsSystem32cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>;*.local
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll
BHO: MP3 Rocket Toolbar: {4D503352-5636-006A-76A7-7A786E7484D7} -
BHO: Price Finder: {6E89E1D3-C66F-41C4-A648-CD91544E99C3} - C:UsershungkeongAppDataRoamingPriceFinderPriceFinderHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:Program Files (x86)IObitAdvanced SystemCare 6BrowerProtectASCPlugin_Protection.dll
BHO: MP3 Rocket Downloader: {c5e9c0b3-8b18-4b1b-ad67-c1a063ab2b34} -
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll
TB: MP3 Rocket Toolbar: {4D503352-5636-006A-76A7-7A786E7484D7} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll
uRun: [PPAP] "C:Program Files (x86)Common FilesPPLiveNetworkPPAP.exe" -background
mRun: [startCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun
mRun: [ToshibaServiceStation] "C:Program Files (x86)TOSHIBATOSHIBA Service StationToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:Program Files (x86)ToshibaToshiba Online BackupActivationTOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:Program Files (x86)ToshibaToshiba App PlaceToshibaAppPlace.exe"
mRun: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"
mRun: [AVG_UI] "C:Program Files (x86)AVGAVG2014avgui.exe" /TRAYONLY
mRunOnce: [ (A0)] cmd /c "C:Program Files (x86)PCCleanupMalwareanirootmbarmbar.exe" /rdv /s
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll
IE: {95B3F550-91C4-4627-BCC4-521288C52977} - C:Program Files (x86)PPLivePPTVPPLive.exe
TCP: NameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces{57DF6F4C-67B2-4938-8EB0-895424294F74} : DHCPNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces{57DF6F4C-67B2-4938-8EB0-895424294F74}2375942554539393 : DHCPNameServer = 192.168.1.254
TCP: Interfaces{57DF6F4C-67B2-4938-8EB0-895424294F74}86D28405D275962756C6563737 : DHCPNameServer = 172.16.0.1
TCP: Interfaces{C4E1C05F-BDFC-418A-B6EE-16F0ED4E8EF0} : DHCPNameServer = 10.177.0.34 10.168.183.116
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Program Files (x86)Common FilesSkypeSkype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:Program Files (x86)GoogleChromeApplication30.0.1599.101Installerchrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: MP3 Rocket Toolbar: {4D503352-5636-006A-76A7-7A786E7484D7} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll
x64-TB: MP3 Rocket Toolbar: {4D503352-5636-006A-76A7-7A786E7484D7} -
x64-Run: [smartAudio] C:Program FilesCONEXANTSAIISAIICpl.exe /t
x64-Run: [ETDCtrl] C:Program Files (x86)ElantechETDCtrl.exe
x64-Run: [smartFaceVWatcher] C:Program Files (x86)ToshibaSmartFaceVSmartFaceVWatcher.exe
x64-Run: [TPwrMain] C:Program Files (x86)TOSHIBAPower SaverTPwrMain.EXE
x64-Run: [smoothView] C:Program Files (x86)ToshibaSmoothViewSmoothView.exe
x64-Run: [00TCrdMain] C:Program Files (x86)TOSHIBAFlashCardsTCrdMain.exe
x64-Run: [TosVolRegulator] C:Program FilesTOSHIBATosVolRegulatorTosVolRegulator.exe
x64-Run: [TosSENotify] C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosWaitSrv.exe
x64-Run: [TosNC] C:Program Files (x86)ToshibaBulletinBoardTosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:Program Files (x86)TOSHIBAReelTimeTosReelTimeMonitor.exe
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:windowsSystem32driversamd_sata.sys [2011-5-16 75904]
R0 amd_xata;amd_xata;C:windowsSystem32driversamd_xata.sys [2011-5-16 38016]
R0 AVGIDSHA;AVGIDSHA;C:windowsSystem32driversavgidsha.sys [2013-9-2 192824]
R0 Avgloga;AVG Logging Driver;C:windowsSystem32driversavgloga.sys [2013-9-2 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:windowsSystem32driversavgmfx64.sys [2013-8-20 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:windowsSystem32driversavgrkx64.sys [2013-9-8 31544]
R1 Avgdiska;AVG Disk Driver;C:windowsSystem32driversavgdiska.sys [2013-9-25 148792]
R1 AVGIDSDriver;AVGIDSDriver;C:windowsSystem32driversavgidsdrivera.sys [2013-9-2 241464]
R1 Avgldx64;AVG AVI Loader Driver;C:windowsSystem32driversavgldx64.sys [2013-9-2 212280]
R1 Avgtdia;AVG TDI Driver;C:windowsSystem32driversavgtdia.sys [2013-8-1 251192]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:Program Files (x86)IObitAdvanced SystemCare 6ASCService.exe [2013-11-7 574272]
R2 AMD External Events Utility;AMD External Events Utility;C:windowsSystem32atiesrxx.exe [2011-5-16 203776]
R2 APNMCP;Ask Update Service;C:Program Files (x86)AskPartnerNetworkToolbarapnmcp.exe [2013-10-16 166352]
R2 PCCUJobMgr;Common Client Job Manager Service;C:Program Files (x86)Norton PC CheckupEngine2.0.10.26ccSvcHst.exe [2012-6-14 126392]
R2 PPTVService;PPTVService;C:windowsSystem32svchost.exe -k PPTVServiceGroup [2009-7-13 27136]
R3 ETD;ELAN PS/2 Port Input Device;C:windowsSystem32driversETD.sys [2010-11-11 137512]
R3 FwLnk;FwLnk Driver;C:windowsSystem32driversFwLnk.sys [2011-5-16 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:windowsSystem32driversL1C62x64.sys [2010-9-27 76912]
R3 mbamchameleon;mbamchameleon;C:windowsSystem32driversmbamchameleon.sys [2013-11-8 91352]
R3 PGEffect;Pangu effect driver;C:windowsSystem32driversPGEffect.sys [2011-5-16 38096]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:windowsSystem32driversrtl8192ce.sys [2011-5-16 1109096]
R3 TMachInfo;TMachInfo;C:Program Files (x86)ToshibaTOSHIBA Service StationTMachInfo.exe [2011-5-16 51576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:Program Files (x86)SkypeUpdaterUpdater.exe [2013-9-5 171680]
S3 fssfltr;fssfltr;C:windowsSystem32driversfssfltr.sys [2012-11-20 57856]
S3 fsssvc;Windows Live Family Safety Service;C:Program Files (x86)Windows LiveFamily Safetyfsssvc.exe [2012-9-12 1512448]
S3 GamesAppService;GamesAppService;C:Program Files (x86)WildTangent GamesAppGamesAppService.exe [2010-10-12 206072]
S3 MEMSWEEP2;MEMSWEEP2;C:windowsSystem3219C8.tmp [2013-11-8 6144]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:windowsSystem32driversnetaapl64.sys [2011-8-2 22528]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:windowsSystem32driversRtsUStor.sys [2011-5-16 243712]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:windowsSystem32driversssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:windowsSystem32driversssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:windowsSystem32driversssadmdm.sys [2011-5-13 177640]
S3 TsUsbFlt;TsUsbFlt;C:windowsSystem32driversTsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:windowsSystem32driversTsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:windowsSystem32driversusbaapl64.sys [2012-12-13 54784]
.
=============== Created Last 30 ================
.
2013-11-09 23:25:44 -------- d-----w- C:UsershungkeongAppDataRoamingAVG2014
2013-11-09 23:23:53 -------- d-----w- C:UsershungkeongAppDataRoamingTuneUp Software
2013-11-09 23:20:56 -------- d--h--w- C:$AVG
2013-11-09 23:20:55 -------- d-----w- C:ProgramDataAVG2014
2013-11-09 23:19:04 -------- d-----w- C:Program Files (x86)AVG
2013-11-09 04:19:09 116440 ----a-w- C:windowsSystem32driversMBAMSwissArmy.sys
2013-11-09 04:19:09 -------- d-----w- C:ProgramDataMalwarebytes' Anti-Malware (portable)
2013-11-09 04:18:26 91352 ----a-w- C:windowsSystem32driversmbamchameleon.sys
2013-11-09 03:27:17 6144 ------w- C:windowsSystem3219C8.tmp
2013-11-09 03:23:03 6144 ------w- C:windowsSystem32385E.tmp
2013-11-07 08:36:26 -------- d-----w- C:ProgramData{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-11-07 08:36:19 -------- d-----w- C:ProgramDataIObit
2013-11-07 08:36:18 -------- d-----w- C:UsershungkeongAppDataRoamingIObit
2013-11-07 08:36:03 -------- d-----w- C:Program Files (x86)IObit
2013-11-07 08:31:22 -------- d-----w- C:UsershungkeongAppDataRoamingSUPERAntiSpyware.com
2013-11-07 08:31:22 -------- d-----w- C:ProgramDataSUPERAntiSpyware.com
2013-11-07 07:40:58 10280728 ----a-w- C:ProgramDataMicrosoftWindows DefenderDefinition Updates{AEBA6D42-91C5-4B4A-BEF9-BD1FD59A67F4}mpengine.dll
2013-11-07 07:14:54 -------- d--h--w- C:ProgramDataCommon Files
2013-11-07 07:14:54 -------- d-----w- C:UsershungkeongAppDataLocalMFAData
2013-11-07 07:14:54 -------- d-----w- C:UsershungkeongAppDataLocalAvg2014
2013-11-07 07:14:54 -------- d-----w- C:ProgramDataMFAData
2013-11-07 06:56:48 -------- d-----w- C:Program Files (x86)PCCleanup
2013-11-05 07:12:30 -------- d-----w- C:windowsSystem32MpEngineStore
2013-11-05 06:53:24 -------- d-----w- C:windowsSystem32MRT
2013-10-26 06:18:23 -------- d-----w- C:Program Files (x86)PSupport
2013-10-26 06:15:33 -------- d-----w- C:Program Files (x86)Kozaka
2013-10-26 06:15:08 -------- d-----w- C:UsershungkeongAppDataRoamingExpressFiles
2013-10-26 06:15:08 -------- d-----w- C:Program Files (x86)ExpressFiles
2013-10-26 06:15:07 -------- d-----w- C:UsershungkeongAppDataLocalSwvUpdater
.
==================== Find3M ====================
.
2013-10-09 03:39:26 71048 ----a-w- C:windowsSysWow64FlashPlayerCPLApp.cpl
2013-10-09 03:39:26 692616 ----a-w- C:windowsSysWow64FlashPlayerApp.exe
2013-09-26 03:07:30 148792 ----a-w- C:windowsSystem32driversavgdiska.sys
2013-09-22 23:28:06 1767936 ----a-w- C:windowsSysWow64wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:windowsSysWow64jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:windowsSysWow64iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:windowsSysWow64iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:windowsSystem32wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:windowsSystem32jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:windowsSystem32iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:windowsSystem32iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:windowsSystem32mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:windowsSysWow64mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:windowsSystem32RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:windowsSysWow64RegisterIEPKEYs.exe
2013-09-14 01:10:19 497152 ----a-w- C:windowsSystem32driversafd.sys
2013-09-09 04:11:42 31544 ----a-w- C:windowsSystem32driversavgrkx64.sys
2013-09-08 02:30:37 1903552 ----a-w- C:windowsSystem32driverstcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:windowsSystem32mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:windowsSysWow64mswsock.dll
2013-09-04 12:12:11 343040 ----a-w- C:windowsSystem32driversusbhub.sys
2013-09-04 12:11:51 325120 ----a-w- C:windowsSystem32driversusbport.sys
2013-09-04 12:11:49 99840 ----a-w- C:windowsSystem32driversusbccgp.sys
2013-09-04 12:11:43 52736 ----a-w- C:windowsSystem32driversusbehci.sys
2013-09-04 12:11:43 30720 ----a-w- C:windowsSystem32driversusbuhci.sys
2013-09-04 12:11:42 25600 ----a-w- C:windowsSystem32driversusbohci.sys
2013-09-04 12:11:40 7808 ----a-w- C:windowsSystem32driversusbd.sys
2013-09-03 19:35:10 278800 ------w- C:windowsSystem32MpSigStub.exe
2013-09-02 16:59:14 212280 ----a-w- C:windowsSystem32driversavgldx64.sys
2013-09-02 16:29:18 294712 ----a-w- C:windowsSystem32driversavgloga.sys
2013-09-02 16:26:50 192824 ----a-w- C:windowsSystem32driversavgidsha.sys
2013-09-02 16:26:42 241464 ----a-w- C:windowsSystem32driversavgidsdrivera.sys
2013-08-29 02:17:48 5549504 ----a-w- C:windowsSystem32ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:windowsSystem32ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:windowsSystem32wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:windowsSystem32tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:windowsSystem32advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:windowsSysWow64ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:windowsSysWow64ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:windowsSysWow64wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:windowsSysWow64ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:windowsSysWow64tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:windowsSysWow64advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:windowsapppatchacwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:windowsSysWow64setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:windowsSysWow64instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:windowsSysWow64ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:windowsSysWow64user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:windowsSystem32win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:windowsSystem32scavengeui.dll
2013-08-21 04:53:58 123704 ----a-w- C:windowsSystem32driversavgmfx64.sys
.
============= FINISH: 21:16:58.74 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: DeviceHarddiskVolume1
Install Date: 8/8/2011 12:53:15 AM
System Uptime: 11/9/2013 7:50:05 PM (26 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: AMD C-50 Processor | Socket FT1 | 1000/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 220 GiB total, 159.841 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: CD-ROM Drive
Device ID: SCSICDROM&VEN_TEAC&PROD_DV-W28S-VT4&354CA387&0&010000
Manufacturer: (Standard CD-ROM drives)
Name: TEAC DV-W28S-VT SATA CdRom Device
PNP Device ID: SCSICDROM&VEN_TEAC&PROD_DV-W28S-VT4&354CA387&0&010000
Service: cdrom
.
==== System Restore Points ===================
.
RP198: 10/15/2013 10:06:25 PM - Windows Update
RP199: 10/18/2013 10:39:36 PM - Windows Update
RP200: 10/22/2013 11:05:21 PM - Windows Update
RP201: 10/29/2013 10:39:12 PM - Windows Update
RP202: 11/5/2013 12:44:56 AM - Windows Update
RP203: 11/7/2013 1:42:02 AM - Installed AVG 2014
RP204: 11/7/2013 1:53:14 AM - Removed AVG 2014
RP205: 11/8/2013 10:43:26 PM - Malwarebytes Anti-Rootkit Restore Point
RP206: 11/9/2013 5:18:01 PM - Installed AVG 2014
RP207: 11/9/2013 5:19:23 PM - Installed AVG 2014
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X MUI
Advanced SystemCare 6
Amazon Links
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
ATI Catalyst Install Manager
AVG 2014
Bejeweled 3
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Conexant HD Audio
D3DX10
ETDWare PS/2-X64 8.0.8.0_R01
ExpressFiles
FATE - The Traitor Soul
fTalk
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
iCloud
iLivid
iTunes
Java Auto Updater
Java 6 Update 20
Jewel Quest: The Sleepless Star - Collector's Edition
Junk Mail filter update
Malwarebytes Anti-Malware °æ±¾ 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Movie Maker
MP3 Rocket
MP3 Rocket Toolbar
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
Penguins!
Photo Common
Photo Gallery
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Polar Bowler
PPTV V3.3.2.0070
Product Support 1.74.b1377
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Skype Click to Call
Skype Launcher
Skype 6.9
Sophos Anti-Rootkit 1.5.4
Tom Clancy's Splinter Cell
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update Installer for WildTangent Games App
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WMV9/VC-1 Video Playback
Zuma's Revenge
¦ÌTorrent
.
==== Event Viewer Messages From Past Week ========
.
11/10/2013 9:16:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
11/10/2013 9:13:20 PM, Error: mbamchameleon [61703] -
.
==== End Of File ===========================

 

Link to post
Share on other sites

Hi and welcome

 

download AdwCleaner by Xplode and save to your Desktop.

[*]Double click on AdwCleaner.exe to run the tool.

Vista/Windows 7/8 users right-click and select Run As Administrator

.

[*]Click on the Scan button.

[*]AdwCleaner will begin...be patient as the scan may take some time to complete.

[*]After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.

[*]The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.

[*]Copy and paste the contents of that logfile in your next reply.

[*]Using AdwCleaner v3: Scan & Clean:

Double click on AdwCleaner.exe to run the tool again.

[*]Click on the Scan button.

[*]AdwCleaner will begin to scan your computer like it did before.

[*]After the scan has finished...

[*]This time, click on the Clean button.

[*]Press OK when asked to close all programs and follow the onscreen prompts.

[*]Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

[*]After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.

[*]Copy and paste the contents of that logfile in your next reply.

[*]A copy of that logfile will also be saved in the C:AdwCleaner folder.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~``

 

 

Posted Image

Please download Junkware Removal Tool to your desktop.

[*]Shut down your protection software now to avoid potential conflicts.

[*]Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

[*]The tool will open and start scanning your system.

[*]Please be patient as this can take a while to complete depending on your system's specifications.

[*]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

[*]Post the contents of JRT.txt into your next message.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will produce a log called FRST.txt in the same directory the tool is run from.

[*]Please copy and paste log back here.

[*]The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Copies of logs are saved at %systemdrive%:FRSTLogs (in most cases this will be C:FRSTLogs).

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

In your next reply post:

AdwCleaner

JRT.txt

FRSTLogs

 

You might need to make multiple post to copy and paste all the logs.

 

Also, give me an update on how the computer is at the moment.

Link to post
Share on other sites
# AdwCleaner v3.012 - Report created 11/11/2013 at 18:44:31
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : hungkeong - HUNGKEONG-PC
# Running from : C:Program Files (x86)PCCleanupAdwCleaner.exe
# Option : Scan
***** [ Services ] *****
Service Found : APNMCP
***** [ Files / Folders ] *****
File Found : C:UsershungkeongAppDataRoamingMozillaFirefoxProfilesextensionsuser.js
File Found : C:windowsSystem32TasksExpress FilesUpdate
Folder Found C:Program Files (x86)AskPartnerNetwork
Folder Found C:Program Files (x86)Common FilesTencent
Folder Found C:Program Files (x86)ExpressFiles
Folder Found C:Program Files (x86)Ilivid
Folder Found C:Program Files (x86)Moozy
Folder Found C:Program Files (x86)MyPC Backup
Folder Found C:Program Files (x86)Tencent
Folder Found C:ProgramDataapn
Folder Found C:ProgramDataAskPartnerNetwork
Folder Found C:ProgramDataMicrosoftWindowsStart MenuProgramsIlivid
Folder Found C:ProgramDataTencent
Folder Found C:UsershungkeongAppDataLocalIlivid Player
Folder Found C:UsershungkeongAppDataLocalPackageAware
Folder Found C:UsershungkeongAppDataLocalSwvUpdater
Folder Found C:UsershungkeongAppDataLocalLowiac
Folder Found C:UsershungkeongAppDataRoamingExpressFiles
Folder Found C:UsershungkeongAppDataRoamingpccustubinstaller
Folder Found C:UsershungkeongAppDataRoamingTencent
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCUSoftwareAPN PIP
Key Found : HKCUSoftwareAskPartnerNetwork
Key Found : HKCUSoftwareExpressFiles
Key Found : HKCUSoftwarefTalk
Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionUninstallExpressFiles
Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionUninstallfTalk
Key Found : HKCUSoftwareTENCENT
Key Found : HKCUSoftwareZugo
Key Found : [x64] HKCUSoftwareAPN PIP
Key Found : [x64] HKCUSoftwareAskPartnerNetwork
Key Found : [x64] HKCUSoftwareExpressFiles
Key Found : [x64] HKCUSoftwarefTalk
Key Found : [x64] HKCUSoftwareTENCENT
Key Found : [x64] HKCUSoftwareZugo
Key Found : HKLMSoftwareAskPartnerNetwork
Key Found : HKLMSOFTWAREClassesAppID{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLMSOFTWAREClassesApplicationsilividsetupv1.exe
Key Found : HKLMSOFTWAREClassesCLSID{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLMSOFTWAREClassesCLSID{44CBC005-6243-4502-8A02-3A096A282664}
Key Found : HKLMSOFTWAREClassesCLSID{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Found : HKLMSOFTWAREClassesCLSID{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLMSOFTWAREClassesCLSID{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Found : HKLMSOFTWAREClassesCLSID{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Found : HKLMSoftwareClassesInstallerFeatures2B1E51D87B2D71A44BB42DDD5E894160
Key Found : HKLMSoftwareClassesInstallerProducts2B1E51D87B2D71A44BB42DDD5E894160
Key Found : HKLMSOFTWAREClassesInterface{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Found : HKLMSOFTWAREClassesTypeLib{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Found : HKLMSoftwareExpressFiles
Key Found : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Found : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Found : HKLMSOFTWAREMicrosoftTracingApnSetup_RASAPI32
Key Found : HKLMSOFTWAREMicrosoftTracingApnSetup_RASMANCS
Key Found : HKLMSOFTWAREMicrosoftTracingapnstub_RASAPI32
Key Found : HKLMSOFTWAREMicrosoftTracingapnstub_RASMANCS
Key Found : HKLMSOFTWAREMicrosoftTracingaskpartnercobrandingtool_rasapi32
Key Found : HKLMSOFTWAREMicrosoftTracingaskpartnercobrandingtool_rasmancs
Key Found : HKLMSOFTWAREMicrosoftTracingAskSLib_RASAPI32
Key Found : HKLMSOFTWAREMicrosoftTracingAskSLib_RASMANCS
Key Found : HKLMSOFTWAREMicrosoftTracingiLividSetupV1_RASAPI32
Key Found : HKLMSOFTWAREMicrosoftTracingiLividSetupV1_RASMANCS
Key Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}
Key Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallSP_963508d2
Key Found : HKLMSoftwarePIP
Key Found : HKLMSoftwareSP Global
Key Found : HKLMSoftwareSProtector
Key Found : HKLMSoftwareTENCENT
Key Found : [x64] HKLMSOFTWAREAskPartnerNetwork
Key Found : [x64] HKLMSOFTWAREClassesInterface{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : [x64] HKLMSOFTWAREClassesInterface{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Found : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{D7949A66-D936-4028-9552-14F7DC50F38D}
Value Found : HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [ Browsers ] *****
- Internet Explorer v10.0.9200.16720
- Mozilla Firefox v
[ File : C:UsershungkeongAppDataRoamingMozillaFirefoxProfilesextensionsprefs.js ]
- Google Chrome v30.0.1599.101
[ File : C:UsershungkeongAppDataLocalGoogleChromeUser DataDefaultpreferences ]
*************************
AdwCleaner[R0].txt - [5735 octets] - [11/11/2013 18:44:31]
########## EOF - C:AdwCleanerAdwCleaner[R0].txt - [5795 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by hungkeong on 11/11/2013 Mon at 18:53:17.72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully stopped: [service] APNMCP
Successfully deleted: [service] APNMCP
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebBrowser{D4027C7F-154A-4066-A1AD-4243D8127440}
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwarezugo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesapplicationsilividsetupv1.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingapnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingapnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingaskpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingaskpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingilividsetupv1_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingilividsetupv1_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionUninstall{8d15e1b2-d2b7-4a17-b44b-d2dde5981406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareWow6432Nodesp global
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareWow6432Nodesprotector
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingAskInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingAskInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingAskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingAskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareWow6432NodeMicrosoftTracingAPNSetup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareWow6432NodeMicrosoftTracingAPNSetup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareWow6432NodeMicrosoftTracingAskInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareWow6432NodeMicrosoftTracingAskInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareWow6432NodeMicrosoftTracingAskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareWow6432NodeMicrosoftTracingAskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerSearchScopes{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6E89E1D3-C66F-41C4-A648-CD91544E99C3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTCLSID{6E89E1D3-C66F-41C4-A648-CD91544E99C3}
Successfully deleted: [Registry Key] "hkey_current_usersoftwareapn pip"
Successfully deleted: [Registry Key] "hkey_current_usersoftwareaskpartnernetwork"
Successfully deleted: [Registry Key] "hkey_local_machinesoftwareaskpartnernetwork"
Successfully deleted: [Registry Key] "hkey_local_machinesoftwareclassesclsid{44cbc005-6243-4502-8a02-3a096a282664}"
Successfully deleted: [Registry Key] "hkey_local_machinesoftwareclassesclsid{80703783-e415-4ee3-ab60-d36981c5a6f1}"
Successfully deleted: [Registry Key] "hkey_local_machinesoftwareclassesclsid{d8278076-bc68-4484-9233-6e7f1628b56c}"
Successfully deleted: [Registry Key] "hkey_local_machinesoftwareclassesclsid{f297534d-7b06-459d-bc19-2dd8ef69297b}"
Successfully deleted: [Registry Key] "hkey_local_machinesoftwareclassestypelib{9945959c-aad8-4312-8b57-2de11927e770}"
Successfully deleted: [Registry Key] "hkey_local_machinesoftwaremicrosoftinternet explorerlow rightselevationpolicy{6978f29a-3493-40b2-8cdc-9c13a02f85a4}"
Successfully deleted: [Registry Key] "hkey_local_machinesoftwaremicrosoftinternet explorerlow rightselevationpolicy{d7949a66-d936-4028-9552-14f7dc50f38d}"
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:ProgramDataapn"
Successfully deleted: [Folder] "C:ProgramDatatencent"
Successfully deleted: [Folder] "C:UsershungkeongAppDataRoamingpccustubinstaller"
Successfully deleted: [Folder] "C:UsershungkeongAppDataRoamingtencent"
Successfully deleted: [Folder] "C:Usershungkeongappdatalocalftalk"
Successfully deleted: [Folder] "C:Usershungkeongappdatalocalilivid player"
Successfully deleted: [Folder] "C:Usershungkeongappdatalocalswvupdater"
Successfully deleted: [Folder] "C:Usershungkeongappdatalocallowiac"
Successfully deleted: [Folder] "C:Program Files (x86)ilivid"
Successfully deleted: [Folder] "C:Program Files (x86)mypc backup"
Successfully deleted: [Folder] "C:Program Files (x86)tencent"
Successfully deleted: [Folder] "C:ProgramDataMicrosoftWindowsStart MenuProgramsilivid"
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{057E33A2-BA68-430D-B244-1905610FBD74}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{0D9CB02B-6863-425B-93CC-7312272E3C16}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{1EA01FE6-5BCC-4072-ACF4-68327D98F44D}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{22C340F9-A508-4F50-87ED-D14520D2704A}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{26746FEC-160E-41AD-BBBB-6CF21C1B5DA4}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{2E721B41-6067-415C-BB7E-170068B5CE67}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{2EA2D917-9507-47B2-9414-FED71580B79F}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{300D73A6-E80D-46B8-B5F7-DA1D678D8591}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{35A55996-1310-416D-835A-B9BF6CBFECF7}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{403E311F-1CFB-4340-8E7A-F23D73A78C01}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{412A486F-CC2D-45F2-9CEE-5D8CD578788C}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{4AA9E8F5-DACE-48C8-91D1-847130EB93BF}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{51C34600-460D-444C-A7ED-D2DF2D99253E}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{56A26305-FA64-4A36-904D-AF2DE6FB002F}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{58A5474C-0147-4A57-A745-D2019B9A619E}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{59950836-9FBD-4326-AA13-BFE66D3765C9}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{59DACA5C-BFC5-43C5-B131-F23FC8037163}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{5CF24175-2FD6-41A6-89C6-B2C3E6C45C56}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{60208508-40F0-43C6-B73E-04376DEBF0B9}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{64BEE92A-E168-425E-8680-678A44D11C0D}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{691939CE-0D7A-4C7F-9024-D26583C3ADB6}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{6D9BB607-2EB7-4D5D-8928-93394DF7F311}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{732A651B-2514-4547-B614-FF8B25F47B4C}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{84C82CE1-0690-4C23-A051-2DA73DD49FB7}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{85539FE6-3FAC-4D86-AC3E-D6AAE1F486C1}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{8F2C0186-0B96-4592-8B65-4876D07996B0}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{9363373F-515E-4511-847C-6170047297BB}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{A2F248F6-E97D-4553-9E1B-6044D6E34EE6}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{A6C85ED3-B423-4E31-897B-FD75FD0D4438}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{AEBB49F9-F7F9-46EA-994D-52D37EC6B8B6}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{AECC7963-B08A-4DCD-87F4-DC83F5ACD897}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{B02A268A-56D4-4D3C-9FA1-F2A827578094}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{B30A8128-D265-4102-A362-27053F929EF4}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{BDCDFBC5-3ABB-41FE-8ED9-622F2A28EF2F}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{BF8E800A-FA45-4D13-8655-435C6CABF341}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{D19D4315-0E5A-4D77-8AF8-A817D2FC17FF}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{D584F1A2-84AC-49F4-9AD5-EB78B649277E}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{DE3F089A-2A53-4C9B-AC30-312124FBB1FD}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{E8814788-3B5F-4E50-AAE4-59C4CFA2D4FD}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{ED875595-D9FE-4C9D-AAE4-1D915811EDB5}
Successfully deleted: [Empty Folder] C:Usershungkeongappdatalocal{F64B98D9-DC77-45B2-A9E5-ADA2109E9D30}
Successfully deleted: [Folder] "C:ProgramDataAskPartnerNetwork"
Successfully deleted: [Folder] "C:Program Files (x86)askpartnernetwork"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/11/2013 Mon at 19:21:28.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Link to post
Share on other sites
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2013 01
Ran by hungkeong at 2013-11-11 19:28:41
Running from C:Program Files (x86)PCCleanup
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: AVG AntiVirus Free Edition 2014 (Disabled - Out of date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Disabled - Out of date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
µTorrent (x32 Version: 3.3.0.29625)
Adobe AIR (x32 Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X MUI (x32 Version: 10.0.0)
Advanced SystemCare 6 (x32 Version: 6.3)
Amazon Links (x32 Version: 2.02)
Apple Application Support (x32 Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.36)
ATI Catalyst Install Manager (Version: 3.0.808.0)
AVG 2014 (Version: 14.0.3604)
AVG 2014 (Version: 14.0.4158)
AVG 2014 (Version: 2014.0.4158)
Bejeweled 3 (x32 Version: 2.2.0.97)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0216.726.13233)
Catalyst Control Center InstallProxy (x32 Version: 2011.0216.726.13233)
Catalyst Control Center Localization All (x32 Version: 2011.0216.726.13233)
CCC Help Chinese Standard (x32 Version: 2011.0216.0725.13233)
CCC Help Chinese Traditional (x32 Version: 2011.0216.0725.13233)
CCC Help Czech (x32 Version: 2011.0216.0725.13233)
CCC Help Danish (x32 Version: 2011.0216.0725.13233)
CCC Help Dutch (x32 Version: 2011.0216.0725.13233)
CCC Help English (x32 Version: 2011.0216.0725.13233)
CCC Help Finnish (x32 Version: 2011.0216.0725.13233)
CCC Help French (x32 Version: 2011.0216.0725.13233)
CCC Help German (x32 Version: 2011.0216.0725.13233)
CCC Help Greek (x32 Version: 2011.0216.0725.13233)
CCC Help Hungarian (x32 Version: 2011.0216.0725.13233)
CCC Help Italian (x32 Version: 2011.0216.0725.13233)
CCC Help Japanese (x32 Version: 2011.0216.0725.13233)
CCC Help Korean (x32 Version: 2011.0216.0725.13233)
CCC Help Norwegian (x32 Version: 2011.0216.0725.13233)
CCC Help Polish (x32 Version: 2011.0216.0725.13233)
CCC Help Portuguese (x32 Version: 2011.0216.0725.13233)
CCC Help Russian (x32 Version: 2011.0216.0725.13233)
CCC Help Spanish (x32 Version: 2011.0216.0725.13233)
CCC Help Swedish (x32 Version: 2011.0216.0725.13233)
CCC Help Thai (x32 Version: 2011.0216.0725.13233)
CCC Help Turkish (x32 Version: 2011.0216.0725.13233)
ccc-core-static (x32 Version: 2011.0216.726.13233)
ccc-utility64 (Version: 2011.0216.726.13233)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Conexant HD Audio (Version: 8.54.1.0)
D3DX10 (x32 Version: 15.4.2368.0902)
ETDWare PS/2-X64 8.0.8.0_R01 (Version: 8.0.8.0)
ExpressFiles (HKCU Version: 1.9.7)
FATE - The Traitor Soul (x32 Version: 2.2.0.95)
fTalk (HKCU Version: 3.0.0.3115)
Google Chrome (x32 Version: 30.0.1599.101)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.21.165)
iCloud (Version: 2.1.1.3)
iTunes (Version: 11.0.2.26)
Java Auto Updater (x32 Version: 2.0.2.1)
Java 6 Update 20 (x32 Version: 6.0.200)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 16.4.3505.0912)
[email protected] 1.0 (x32 Version: 1.0)
Malwarebytes Anti-Malware 版本 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Movie Maker (x32 Version: 16.4.3505.0912)
MP3 Rocket (x32 Version: 6.3.16)
MP3 Rocket Toolbar (x32 Version: 12.6.0.1688)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
Penguins! (x32 Version: 2.2.0.95)
Photo Gallery (x32 Version: 16.4.3505.0912)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
Polar Bowler (x32 Version: 2.2.0.95)
PPTV V3.3.2.0070 (x32 Version: 3.3.2)
Product Support 1.74.b1377 (x32)
QuickTime (x32 Version: 7.73.80.64)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealPlayer (x32 Version: 15.0.4)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30124)
Realtek WLAN Driver (x32 Version: 2.00.0016)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Skype Click to Call (x32 Version: 5.9.9216)
Skype Launcher (x32 Version: 2.01)
Skype 6.9 (x32 Version: 6.9.106)
Sophos Anti-Rootkit 1.5.4 (x32 Version: 1.5.4)
Tom Clancy's Splinter Cell (x32 Version: 2.2.0.97)
Toshiba App Place (x32 Version: 1.0.6.3)
TOSHIBA Application Installer (x32 Version: 9.0.1.1)
TOSHIBA Assist (x32 Version: 4.02.02)
Toshiba Book Place (x32 Version: 2.2.6775)
TOSHIBA Bulletin Board (Version: 1.6.08.64)
TOSHIBA Bulletin Board (x32 Version: 1.6.08.64)
TOSHIBA Disc Creator (Version: 2.1.0.4 for x64)
TOSHIBA Face Recognition (Version: 3.1.3.64)
TOSHIBA Face Recognition (x32 Version: 3.1.3.64)
TOSHIBA Hardware Setup (x32 Version: 2.00.14)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6)
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6)
Toshiba Laptop Checkup (x32 Version: 2.0.10.26)
TOSHIBA Media Controller (x32 Version: 1.0.80.8.64)
Toshiba Online Backup (x32 Version: 2.0.0.25)
TOSHIBA Quality Application (x32 Version: 1.0.3)
TOSHIBA Recovery Media Creator (x32 Version: 2.1.3.5109)
TOSHIBA ReelTime (Version: 1.7.16.64)
TOSHIBA ReelTime (x32 Version: 1.7.16.64)
TOSHIBA Service Station (x32 Version: 2.1.45)
TOSHIBA Supervisor Password (x32 Version: 2.00.07)
TOSHIBA Value Added Package (Version: 1.3.22.64)
TOSHIBA Value Added Package (x32 Version: 1.3.22.64)
TOSHIBA Web Camera Application (x32 Version: 2.0.1.1)
ToshibaRegistration (x32 Version: 1.0.4)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update Installer for WildTangent Games App (x32)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1)
WildTangent Games (x32 Version: 1.0.2.5)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.4.16)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live Family Safety (Version: 16.4.3505.0912)
Windows Live Family Safety (x32 Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Mail (x32 Version: 16.4.3505.0912)
Windows Live Messenger (x32 Version: 16.4.3505.0912)
Windows Live MIME IFilter (Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
Windows Live Writer (x32 Version: 16.4.3505.0912)
Windows Live Writer Resources (x32 Version: 16.4.3505.0912)
WMV9/VC-1 Video Playback (Version: 1.00.0000)
Zuma's Revenge (x32 Version: 2.2.0.97)
==================== Restore Points =========================
16-10-2013 03:06:25 Windows Update
19-10-2013 03:39:36 Windows Update
23-10-2013 04:05:21 Windows Update
30-10-2013 03:39:12 Windows Update
05-11-2013 06:44:56 Windows Update
07-11-2013 07:42:02 Installed AVG 2014
07-11-2013 07:53:14 Removed AVG 2014
09-11-2013 04:43:26 Malwarebytes Anti-Rootkit Restore Point
09-11-2013 23:18:01 Installed AVG 2014
09-11-2013 23:19:23 Installed AVG 2014
==================== Hosts content: ==========================
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:windowssystem32Driversetchosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1EEBB8DD-E186-4751-B028-0857DF6D68D5} - System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2011-05-16] (Google Inc.)
Task: {8C49296F-442C-4547-96E4-DAF7276646E8} - System32TasksRealUpgradeLogonTaskS-1-5-21-1641970090-1460547868-2588245608-1000 => C:Program Files (x86)RealRealUpgraderealupgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {BE868870-2037-4F6D-BDF8-E18EB3E4B4B7} - System32TasksAdobe Flash Player Updater => C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {E7E4CFD7-13DB-4964-B358-77A8E505C4B0} - System32TasksExpress FilesUpdate => C:Program Files (x86)ExpressFilesEFUpdater.exe [2013-10-26] ()
Task: {EE387048-44BA-4B62-B396-3EF7A88FE9E3} - System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2011-05-16] (Google Inc.)
Task: {FADE3FBD-C06F-4759-BE8C-0C263D021537} - System32TasksRealUpgradeScheduledTaskS-1-5-21-1641970090-1460547868-2588245608-1000 => C:Program Files (x86)RealRealUpgraderealupgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {FF9BBDAE-FE6A-4514-85DF-EC6D3A5B2C40} - System32TasksAppleAppleSoftwareUpdate => C:Program Files (x86)Apple Software UpdateSoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:windowsTasksAdobe Flash Player Updater.job => C:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
Task: C:windowsTasksGoogleUpdateTaskMachineCore.job => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
Task: C:windowsTasksGoogleUpdateTaskMachineUA.job => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-04-07 17:07 - 2010-04-07 17:07 - 09468728 _____ () C:Program FilesTOSHIBAFlashCardsBlackPng.dll
2009-11-03 14:26 - 2009-11-03 14:26 - 00053560 _____ () C:Program FilesTOSHIBAFlashCardsHotkeyFnZ.dll
2010-03-03 15:15 - 2010-03-03 15:15 - 00019256 _____ () C:Program FilesTOSHIBAFlashCardsHotkeyFnF10.dll
2010-03-03 15:15 - 2010-03-03 15:15 - 00019256 _____ () C:Program FilesTOSHIBAFlashCardsHotkeyFnF11.dll
2011-03-29 20:48 - 2009-06-22 16:40 - 00022328 _____ () C:Program FilesTOSHIBATOSHIBA AssistNotifyX.dll
2009-03-12 20:08 - 2009-03-12 20:08 - 00048640 _____ () C:Program Files (x86)ToshibaPCDiagNotifyPCD.dll
2009-07-25 18:38 - 2009-07-25 18:38 - 00017800 _____ () C:Program FilesTOSHIBATOSHIBA Disc CreatorNotifyTDC.dll
2011-02-16 08:25 - 2011-02-16 08:25 - 00243712 _____ () C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-10-19 15:15 - 2010-10-19 15:15 - 00016384 ____R () C:Program Files (x86)ATI TechnologiesATI.ACEBrandingBranding.dll
2010-02-05 18:44 - 2010-02-05 18:44 - 00079192 _____ () C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosIPCWraper.dll
2012-12-17 16:14 - 2012-12-17 16:14 - 00954848 _____ () C:Program FilesCommon FilesAppleInternet ServicesShellStreams64.dll
2013-01-31 00:51 - 2013-01-31 00:51 - 02584912 _____ () C:windowssystem32kindling.dll
2013-11-07 02:36 - 2013-01-15 18:59 - 00161088 _____ () C:Program Files (x86)IObitAdvanced SystemCare 6ASCExtMenu_64.dll
2013-11-07 02:36 - 2013-01-15 18:47 - 00517440 _____ () C:Program Files (x86)IObitAdvanced SystemCare 6sqlite3.dll
2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:Program Files (x86)Common FilesAppleApple Application Supportzlib1.dll
2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:Program Files (x86)Common FilesAppleApple Application Supportlibxml2.dll
2013-01-31 00:50 - 2013-01-31 00:50 - 00470352 _____ () C:Program Files (x86)Common FilesPPLiveNetwork1.0.1.3460MngModule.dll
2013-01-31 00:20 - 2013-10-30 20:57 - 00481680 _____ () C:Program Files (x86)Common FilesPPLiveNetwork1.0.1.3460tipsclient.dll
2013-02-20 02:45 - 2013-06-20 21:20 - 00108960 _____ () C:Program Files (x86)Common FilesPPLiveNetwork1.0.1.3460tipsdone.dll
2013-07-31 22:30 - 2013-07-31 22:30 - 00180560 _____ () C:Program Files (x86)Common FilesPPLiveNetwork1.0.1.3460tipsflash.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: TEAC DV-W28S-VT SATA CdRom Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (11/11/2013 07:28:37 PM) (Source: mbamchameleon) (User: )
Description: C0000022
Error: (11/11/2013 07:28:37 PM) (Source: mbamchameleon) (User: )
Description: C0000022
Error: (11/11/2013 07:28:37 PM) (Source: mbamchameleon) (User: )
Description: C0000022
Error: (11/11/2013 07:28:37 PM) (Source: mbamchameleon) (User: )
Description: C0000022
Error: (11/11/2013 07:28:37 PM) (Source: mbamchameleon) (User: )
Description: C0000022
Error: (11/11/2013 07:28:37 PM) (Source: mbamchameleon) (User: )
Description: C0000022
Error: (11/11/2013 07:28:37 PM) (Source: mbamchameleon) (User: )
Description: C0000022
Error: (11/11/2013 07:28:37 PM) (Source: mbamchameleon) (User: )
Description: C0000022
Error: (11/11/2013 07:28:37 PM) (Source: mbamchameleon) (User: )
Description: C0000022
Error: (11/11/2013 07:28:37 PM) (Source: mbamchameleon) (User: )
Description: C0000022
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2013-11-08 21:27:19.110
Description: Windows is unable to verify the image integrity of the file DeviceHarddiskVolume2WindowsSystem3219C8.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-11-08 21:27:18.517
Description: Windows is unable to verify the image integrity of the file DeviceHarddiskVolume2WindowsSystem3219C8.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-11-08 21:23:05.274
Description: Windows is unable to verify the image integrity of the file DeviceHarddiskVolume2WindowsSystem32385E.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-11-08 21:23:04.728
Description: Windows is unable to verify the image integrity of the file DeviceHarddiskVolume2WindowsSystem32385E.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Percentage of memory in use: 67%
Total physical RAM: 1638.87 MB
Available physical RAM: 532.77 MB
Total Pagefile: 3277.73 MB
Available Pagefile: 1280.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (TI106147W0C) (Fixed) (Total:220.08 GB) (Free:160.64 GB) NTFS ==>[system with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 21779C7B)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=220 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=17)
==================== End Of Log ============================
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2013 01
Ran by hungkeong (administrator) on HUNGKEONG-PC on 11-11-2013 19:25:20
Running from C:Program Files (x86)PCCleanup
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(IObit) C:Program Files (x86)IObitAdvanced SystemCare 6ASCService.exe
(AMD) C:windowssystem32atiesrxx.exe
(AMD) C:windowssystem32atieclxx.exe
(Apple Inc.) C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
(Apple Inc.) C:Program FilesBonjourmDNSResponder.exe
(Symantec Corporation) C:Program Files (x86)Norton PC CheckupEngine2.0.10.26ccSvcHst.exe
(TOSHIBA Corporation) C:windowssystem32TODDSrv.exe
(TOSHIBA Corporation) C:Program FilesTOSHIBAPower SaverTosCoSrv.exe
(Microsoft Corp.) C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE
(Microsoft Corp.) C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe
(Symantec Corporation) C:Program Files (x86)Norton PC CheckupEngine2.0.10.26ccSvcHst.exe
() C:Program Files (x86)ExpressFilesEFUpdater.exe
(ELAN Microelectronics Corp.) C:Program FilesElantechETDCtrl.exe
(TOSHIBA Corporation) C:Program FilesTOSHIBAPower SaverTPwrMain.exe
(TOSHIBA Corporation) C:Program FilesTOSHIBASmoothViewSmoothView.exe
(TOSHIBA Corporation) C:Program FilesTOSHIBAFlashCardsTCrdMain.exe
(TOSHIBA Corporation) C:Program FilesTOSHIBABulletinBoardTosNcCore.exe
(TOSHIBA Corporation) C:Program FilesTOSHIBAReelTimeTosReelTimeMonitor.exe
(PPLive Corporation) C:Program Files (x86)Common FilesPPLiveNetworkPPAP.exe
(TOSHIBA Corporation) C:Program Files (x86)ToshibaTOSHIBA Service StationToshibaServiceStation.exe
(Advanced Micro Devices Inc.) C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe
(ELAN Microelectronics Corp.) C:Program FilesElantechETDCtrlHelper.exe
(ATI Technologies Inc.) C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe
(TOSHIBA Corporation) C:Program Files (x86)TOSHIBATOSHIBA Service StationTMachInfo.exe
(Microsoft Corporation) C:windowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe
(Microsoft Corporation) C:windowsSysWOW64svchost.exe
(TOSHIBA Corporation) C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSmartSrv.exe
(TOSHIBA Corporation) C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSENotify.exe
(AVG Technologies CZ, s.r.o.) C:Program Files (x86)AVGAVG2014avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:Program Files (x86)AVGAVG2014avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:Program Files (x86)AVGAVG2014avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:Program Files (x86)AVGAVG2014avgui.exe
(AVG Technologies CZ, s.r.o.) C:Program Files (x86)AVGAVG2014avgcfgex.exe
(Apple Inc.) C:Program Files (x86)Common FilesAppleInternet ServicesApplePhotoStreams.exe
==================== Registry (Whitelisted) ==================
HKLM...Run: [] - [x]
HKLM...Run: [smartAudio] - C:Program FilesCONEXANTSAIISAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM...Run: [ETDCtrl] - C:Program FilesElantechETDCtrl.exe [2588456 2010-11-11] (ELAN Microelectronics Corp.)
HKLM...Run: [smartFaceVWatcher] - C:Program FilesTOSHIBASmartFaceVSmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM...Run: [TPwrMain] - C:Program FilesTOSHIBAPower SaverTPwrMain.exe [566184 2010-09-28] (TOSHIBA Corporation)
HKLM...Run: [smoothView] - C:Program FilesTOSHIBASmoothViewSmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM...Run: [00TCrdMain] - C:Program FilesTOSHIBAFlashCardsTCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM...Run: [TosVolRegulator] - C:Program FilesTOSHIBATosVolRegulatorTosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM...Run: [TosSENotify] - C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM...Run: [TosNC] - C:Program FilesTOSHIBABulletinBoardTosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM...Run: [TosReelTimeMonitor] - C:Program FilesTOSHIBAReelTimeTosReelTimeMonitor.exe [38304 2010-07-09] (TOSHIBA Corporation)
HKLM-x32...RunOnce: [ (A0)] - cmd /c "C:Program Files (x86)PCCleanupMalwareanirootmbarmbar.exe" /rdv /s [1170744 2013-10-07] (Malwarebytes Corporation)
HKCU...Run: [PPAP] - C:Program Files (x86)Common FilesPPLiveNetworkPPAP.exe [251744 2013-01-31] (PPLive Corporation)
HKCU...409d6c4515e9InprocServer32: [Default-shell32] ?globalrootDeviceHarddiskVolume2UsersHUNGKE~1AppDataLocalTempsbqvajbsqpmbmkwow.dll ATTENTION! ====> ZeroAccess?
MountPoints2: {924ccbff-1098-11e2-ab50-00266cbd4f55} - E:LaunchU3.exe -a
HKLM-x32...Run: [startCCC] - C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe [336384 2011-02-16] (Advanced Micro Devices, Inc.)
HKLM-x32...Run: [ToshibaServiceStation] - C:Program Files (x86)ToshibaTOSHIBA Service StationToshibaServiceStation.exe [1295224 2010-07-01] (TOSHIBA Corporation)
HKLM-x32...Run: [NortonOnlineBackupReminder] - C:Program Files (x86)ToshibaToshiba Online BackupActivationTobuActivation.exe [3218792 2010-08-17] (Toshiba)
HKLM-x32...Run: [ToshibaAppPlace] - C:Program Files (x86)ToshibaToshiba App PlaceToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32...Run: [APSDaemon] - C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32...Run: [AVG_UI] - C:Program Files (x86)AVGAVG2014avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
==================== Internet (Whitelisted) ====================
HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/
HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://start.toshiba.com/g/
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {A2F1556D-24AD-4BB5-B644-32388BD25852} URL =
BHO: MP3 Rocket Toolbar - {4D503352-5636-006A-76A7-7A786E7484D7} - "C:Program Files (x86)AskPartnerNetworkToolbarMP3RV6Passport_x64.dll" No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: MP3 Rocket Toolbar - {4D503352-5636-006A-76A7-7A786E7484D7} - "C:Program Files (x86)AskPartnerNetworkToolbarMP3RV6Passport.dll" No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common Filesmicrosoft sharedWindows LiveWindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:Program Files (x86)IObitAdvanced SystemCare 6BrowerProtectASCPlugin_Protection.dll (IObit)
BHO-x32: MP3 Rocket Downloader - {c5e9c0b3-8b18-4b1b-ad67-c1a063ab2b34} - C:WindowsSysWOW64mscoree.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - MP3 Rocket Toolbar - {4D503352-5636-006A-76A7-7A786E7484D7} - "C:Program Files (x86)AskPartnerNetworkToolbarMP3RV6Passport_x64.dll" No File
Toolbar: HKLM-x32 - MP3 Rocket Toolbar - {4D503352-5636-006A-76A7-7A786E7484D7} - "C:Program Files (x86)AskPartnerNetworkToolbarMP3RV6Passport.dll" No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Program Files (x86)Common FilesSkypeSkype4COM.dll (Skype Technologies)
TcpipParameters: [DhcpNameServer] 24.217.0.5 24.217.201.67 24.247.15.53
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:windowssystem32MacromedFlashNPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:Program FilesMicrosoft Silverlight5.1.20913.0npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:windowsSysWOW64MacromedFlashNPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:Program Files (x86)Microsoft Silverlight5.1.20913.0npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pptv.com/plugin - C:Program Files (x86)Internet ExplorerPPLiteplugin1.0.1.3460npplugin2.dll (PPLive Corporation)
FF Plugin-x32: @qq.com/QzoneMusic - C:Program Files (x86)TencentQQMusicnpQzoneMusic.dll No File
FF Plugin-x32: @qq.com/TXSSO - C:Program Files (x86)Common FilesTencentTXSSO1.2.1.87BinnpSSOAxCtrlForPTLogin.dll (Tencent)
FF Plugin-x32: @real.com/nppl3260;version=15.0.4.53 - c:program files (x86)realrealplayerNetscape6nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.4.53 - c:program files (x86)realrealplayerNetscape6nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.4.53 - c:program files (x86)realrealplayerNetscape6nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:Program Files (x86)GoogleUpdate1.3.21.165npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:Program Files (x86)GoogleUpdate1.3.21.165npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:Program Files (x86)WildTangent GamesAppBrowserIntegrationRegistered0NP_wtapp.dll ()
FF Extension: No Name - C:UsershungkeongAppDataRoamingMozillaFirefoxprofilesextensionsextensions
FF Extension: mp3rocketdownloader - C:UsershungkeongAp[email protected]mp3rocket.me.xpi
FF Extension: No Name - C:UsershungkeongAppDataRoamingMozillaFirefoxprofilesextensionsprefs.js
FF Extension: No Name - C:UsershungkeongAppDataRoamingMozillaFirefoxprofilesextensionsuser.js
FF HKLM-x32...FirefoxExtensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:ProgramDataRealRealPlayerBrowserRecordPluginFirefoxExt
FF Extension: RealPlayer Browser Record Plugin - C:ProgramDataRealRealPlayerBrowserRecordPluginFirefoxExt
FF HKLM-x32...FirefoxExtensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:ProgramDataRealRealPlayerBrowserRecordPluginFirefoxExt
FF Extension: RealPlayer Browser Record Plugin - C:ProgramDataRealRealPlayerBrowserRecordPluginFirefoxExt
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:Program Files (x86)GoogleChromeApplication30.0.1599.101PepperFlashpepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:Program Files (x86)GoogleChromeApplication30.0.1599.101ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:Program Files (x86)GoogleChromeApplication30.0.1599.101pdf.dll ()
CHR Plugin: (ChromeUtilPlugin) - C:UsershungkeongAppDataLocalGoogleChromeUser DataDefaultExtensionsaaaalfcdpfagiijfjeapclohpegmcpml11.39725_0background/ChromeUtilPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:Program Files (x86)AdobeReader 10.0ReaderBrowsernppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:Program Files (x86)Javajre6binnew_pluginnpdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U20) - C:Program Files (x86)Javajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:Program Files (x86)QuickTimepluginsnpqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:Program Files (x86)QuickTimepluginsnpqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:Program Files (x86)QuickTimepluginsnpqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:Program Files (x86)QuickTimepluginsnpqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:Program Files (x86)QuickTimepluginsnpqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:Program Files (x86)QuickTimepluginsnpqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:Program Files (x86)QuickTimepluginsnpqtplugin7.dll (Apple Inc.)
CHR Plugin: (Tencent SSO Platform) - C:Program Files (x86)Common FilesTencentTXSSO1.2.1.87BinnpSSOAxCtrlForPTLogin.dll (Tencent)
CHR Plugin: (Google Update) - C:Program Files (x86)GoogleUpdate1.3.21.135npGoogleUpdate3.dll No File
CHR Plugin: (PPLive PPTV Plugin) - C:Program Files (x86)Internet ExplorerPPLiteplugin1.0.1.3460npplugin2.dll (PPLive Corporation)
CHR Plugin: (QQMusic) - C:Program Files (x86)TencentQQMusicnpQzoneMusic.dll No File
CHR Plugin: (Photo Gallery) - C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll ()
CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Shockwave Flash) - C:windowsSysWOW64MacromedFlashNPSWF32_11_6_602_180.dll No File
CHR Plugin: (Silverlight Plug-In) - c:Program Files (x86)Microsoft Silverlight5.1.20125.0npctrl.dll No File
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:program files (x86)realrealplayerNetscape6nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - c:program files (x86)realrealplayerNetscape6nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:program files (x86)realrealplayerNetscape6nprpplugin.dll (RealPlayer)
CHR Extension: (MP3 Rocket Toolbar) - C:UsersHUNGKE~1AppDataLocalGoogleChromeUser DataDefaultExtensionsaaaalfcdpfagiijfjeapclohpegmcpml25.61001_1
CHR Extension: (Google Docs) - C:UsersHUNGKE~1AppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake0.5_0
CHR Extension: (Google Drive) - C:UsersHUNGKE~1AppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf6.3_0
CHR Extension: (YouTube) - C:UsersHUNGKE~1AppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.6_0
CHR Extension: (ShoppingChip) - C:UsersHUNGKE~1AppDataLocalGoogleChromeUser DataDefaultExtensionscdlfekohkhfdbpmokgdkhemgjkdclabo1.1
CHR Extension: (Google Search) - C:UsersHUNGKE~1AppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.20_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:UsersHUNGKE~1AppDataLocalGoogleChromeUser DataDefaultExtensionsjfmjfhklogoienhpfnppmbcbjfjnkonk1.5_0
CHR Extension: (Skype Click to Call) - C:UsersHUNGKE~1AppDataLocalGoogleChromeUser DataDefaultExtensionslifbcibllhkdhoafpjfnlhfpfgnpldfl5.9.0.9216_0
CHR Extension: (Advanced SystemCare Surfing Protection) - C:UsersHUNGKE~1AppDataLocalGoogleChromeUser DataDefaultExtensionsnfengeggddojhakldhlpjdlddgkkjkdd1.0.0_1
CHR Extension: (Google Wallet) - C:UsersHUNGKE~1AppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda0.0.5.0_0
CHR Extension: (Gmail) - C:UsersHUNGKE~1AppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_1
CHR HKLM-x32...ChromeExtension: [aaaalfcdpfagiijfjeapclohpegmcpml] - C:ProgramDataAskPartnerNetworkToolbarMP3RV6CRXToolbarCR.crx
CHR HKLM-x32...ChromeExtension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:ProgramDataRealRealPlayerBrowserRecordPluginChromeExtrphtml5video.crx
CHR HKLM-x32...ChromeExtension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:Program Files (x86)SkypeToolbarsSkype for Chromiumskype_chrome_extension.crx
CHR HKLM-x32...ChromeExtension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:Program Files (x86)IObitAdvanced SystemCare 6BrowerProtectASC_GhromePlugin.crx
CHR HKLMSOFTWAREPoliciesGoogle: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 AdvancedSystemCareService6; C:Program Files (x86)IObitAdvanced SystemCare 6ASCService.exe [574272 2013-04-18] (IObit)
S2 AVGIDSAgent; C:Program Files (x86)AVGAVG2014avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:Program Files (x86)AVGAVG2014avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
R2 PCCUJobMgr; C:Program Files (x86)Norton PC CheckupEngine2.0.10.26ccSvcHst.exe [126392 2011-02-03] (Symantec Corporation)
R2 PPTVService; C:windowsSysWOW64PPTVSvc.dll [478032 2013-01-31] (PPTV)
==================== Drivers (Whitelisted) ====================
R1 Avgdiska; C:WindowsSystem32DRIVERSavgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:WindowsSystem32DRIVERSavgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:WindowsSystem32DRIVERSavgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:WindowsSystem32DRIVERSavgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:WindowsSystem32DRIVERSavgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:WindowsSystem32DRIVERSavgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:WindowsSystem32DRIVERSavgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:WindowsSystem32DRIVERSavgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R3 mbamchameleon; C:windowssystem32driversmbamchameleon.sys [91352 2013-11-08] (Malwarebytes Corporation)
S3 MEMSWEEP2; C:windowssystem3219C8.tmp [6144 2010-05-26] (Sophos Plc)
U5 GEARAspiWDM; C:WindowsSystem32DriversGEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-11 19:25 - 2013-11-11 19:25 - 00000000 ____D C:FRST
2013-11-11 18:52 - 2013-11-11 18:52 - 00000000 ____D C:windowsERUNT
2013-11-11 18:44 - 2013-11-11 18:46 - 00000000 ____D C:AdwCleaner
2013-11-11 18:40 - 2013-11-11 18:40 - 00001184 _____ C:UsershungkeongDesktopPCCleanup - Shortcut.lnk
2013-11-09 17:25 - 2013-11-09 17:25 - 00000000 ____D C:UsershungkeongAppDataRoamingAVG2014
2013-11-09 17:23 - 2013-11-09 17:23 - 00000000 ____D C:UsershungkeongAppDataRoamingTuneUp Software
2013-11-09 17:20 - 2013-11-09 17:24 - 00000000 ____D C:ProgramDataAVG2014
2013-11-09 17:20 - 2013-11-09 17:20 - 00000000 ___HD C:$AVG
2013-11-09 17:19 - 2013-11-09 17:19 - 00000000 ____D C:Program Files (x86)AVG
2013-11-08 22:19 - 2013-11-08 22:44 - 00000000 ____D C:ProgramDataMalwarebytes' Anti-Malware (portable)
2013-11-08 22:18 - 2013-11-08 22:18 - 00091352 _____ (Malwarebytes Corporation) C:windowssystem32Driversmbamchameleon.sys
2013-11-08 21:27 - 2010-05-26 10:39 - 00006144 ____N (Sophos Plc) C:windowssystem3219C8.tmp
2013-11-08 21:23 - 2010-05-26 10:39 - 00006144 ____N (Sophos Plc) C:windowssystem32385E.tmp
2013-11-07 02:52 - 2013-11-11 18:35 - 00000392 _____ C:windowssetupact.log
2013-11-07 02:52 - 2013-11-07 02:52 - 00000000 _____ C:windowssetuperr.log
2013-11-07 02:51 - 2013-11-08 20:49 - 00003374 _____ C:windowsPFRO.log
2013-11-07 02:36 - 2013-11-07 02:36 - 00001275 _____ C:UsershungkeongAppDataRoamingMicrosoftWindowsStart MenuUninstall Programs.lnk
2013-11-07 02:36 - 2013-11-07 02:36 - 00000000 ____D C:UsershungkeongAppDataRoamingIObit
2013-11-07 02:36 - 2013-11-07 02:36 - 00000000 ____D C:ProgramDataIObit
2013-11-07 02:36 - 2013-11-07 02:36 - 00000000 ____D C:ProgramData{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-11-07 02:36 - 2013-11-07 02:36 - 00000000 ____D C:Program Files (x86)IObit
2013-11-07 02:31 - 2013-11-07 02:31 - 00000000 ____D C:UsershungkeongAppDataRoamingSUPERAntiSpyware.com
2013-11-07 02:31 - 2013-11-07 02:31 - 00000000 ____D C:ProgramDataSUPERAntiSpyware.com
2013-11-07 02:30 - 2013-11-07 02:31 - 00216352 _____ C:UsershungkeongDocumentscc_20131107_BackUp.reg
2013-11-07 01:14 - 2013-11-10 09:58 - 00000000 ____D C:ProgramDataMFAData
2013-11-07 01:14 - 2013-11-09 17:27 - 00000000 ____D C:UsershungkeongAppDataLocalAvg2014
2013-11-07 01:14 - 2013-11-07 01:14 - 00000000 ____D C:UsershungkeongAppDataLocalMFAData
2013-11-07 00:56 - 2013-11-11 18:49 - 00000000 ____D C:Program Files (x86)PCCleanup
2013-11-05 01:12 - 2013-11-05 01:44 - 00000000 ____D C:windowssystem32MpEngineStore
2013-11-05 00:53 - 2013-11-05 00:53 - 00000000 ____D C:windowssystem32MRT
2013-11-05 00:51 - 2013-09-26 01:46 - 80541720 _____ (Microsoft Corporation) C:windowssystem32MRT.exe
2013-11-04 23:48 - 2013-11-04 23:48 - 00003230 _____ C:windowsSystem32TasksRealUpgradeLogonTaskS-1-5-21-1641970090-1460547868-2588245608-1000
2013-11-04 23:47 - 2013-11-04 23:47 - 00003356 _____ C:windowsSystem32TasksRealUpgradeScheduledTaskS-1-5-21-1641970090-1460547868-2588245608-1000
2013-10-26 00:30 - 2013-10-26 00:58 - 725141504 _____ C:UsershungkeongSquirting Orgasms (How To) - Step By Step Detailed Technique.avi
2013-10-26 00:21 - 2013-10-26 00:32 - 73143702 _____ C:UsershungkeongHow Make Squirting Orgasms By Woman - Training Vid.avi
2013-10-26 00:18 - 2013-11-08 20:46 - 00000000 ____D C:Program Files (x86)PSupport
2013-10-26 00:18 - 2013-10-26 00:24 - 00000000 ____D C:UsershungkeongShesGonnaSquirt - Gaia - Squirting Like a Showerhead mp4s
2013-10-26 00:18 - 2013-10-26 00:18 - 00003992 _____ C:UsershungkeongDesktop{1D2ABF6A-2B19-3E94-0991-5B5BDB7134DA}
2013-10-26 00:15 - 2013-10-28 23:21 - 00000000 ____D C:Program Files (x86)Kozaka
2013-10-26 00:15 - 2013-10-26 00:18 - 00000000 ____D C:UsershungkeongAppDataRoamingExpressFiles
2013-10-26 00:15 - 2013-10-26 00:15 - 00003098 _____ C:windowsSystem32TasksExpress FilesUpdate
2013-10-26 00:15 - 2013-10-26 00:15 - 00001964 _____ C:UsersPublicDesktopExpress Files.lnk
2013-10-26 00:15 - 2013-10-26 00:15 - 00000000 ____D C:Program Files (x86)ExpressFiles
==================== One Month Modified Files and Folders =======
2013-11-11 19:25 - 2013-11-11 19:25 - 00000000 ____D C:FRST
2013-11-11 19:12 - 2011-05-16 09:16 - 00000912 _____ C:windowsTasksGoogleUpdateTaskMachineUA.job
2013-11-11 18:52 - 2013-11-11 18:52 - 00000000 ____D C:windowsERUNT
2013-11-11 18:49 - 2013-11-07 00:56 - 00000000 ____D C:Program Files (x86)PCCleanup
2013-11-11 18:46 - 2013-11-11 18:44 - 00000000 ____D C:AdwCleaner
2013-11-11 18:44 - 2011-05-16 08:24 - 01632703 _____ C:windowsWindowsUpdate.log
2013-11-11 18:42 - 2011-05-16 09:16 - 00000908 _____ C:windowsTasksGoogleUpdateTaskMachineCore.job
2013-11-11 18:41 - 2009-07-13 23:13 - 00726444 _____ C:windowssystem32PerfStringBackup.INI
2013-11-11 18:40 - 2013-11-11 18:40 - 00001184 _____ C:UsershungkeongDesktopPCCleanup - Shortcut.lnk
2013-11-11 18:39 - 2012-07-24 21:31 - 00000830 _____ C:windowsTasksAdobe Flash Player Updater.job
2013-11-11 18:35 - 2013-11-07 02:52 - 00000392 _____ C:windowssetupact.log
2013-11-10 09:58 - 2013-11-07 01:14 - 00000000 ____D C:ProgramDataMFAData
2013-11-09 19:09 - 2011-08-07 23:56 - 00000000 ____D C:UsershungkeongAppDataLocalVirtualStore
2013-11-09 17:27 - 2013-11-07 01:14 - 00000000 ____D C:UsershungkeongAppDataLocalAvg2014
2013-11-09 17:25 - 2013-11-09 17:25 - 00000000 ____D C:UsershungkeongAppDataRoamingAVG2014
2013-11-09 17:24 - 2013-11-09 17:20 - 00000000 ____D C:ProgramDataAVG2014
2013-11-09 17:23 - 2013-11-09 17:23 - 00000000 ____D C:UsershungkeongAppDataRoamingTuneUp Software
2013-11-09 17:20 - 2013-11-09 17:20 - 00000000 ___HD C:$AVG
2013-11-09 17:19 - 2013-11-09 17:19 - 00000000 ____D C:Program Files (x86)AVG
2013-11-09 01:13 - 2009-07-13 22:45 - 00024608 ____H C:windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-09 01:13 - 2009-07-13 22:45 - 00024608 ____H C:windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-08 22:44 - 2013-11-08 22:19 - 00000000 ____D C:ProgramDataMalwarebytes' Anti-Malware (portable)
2013-11-08 22:18 - 2013-11-08 22:18 - 00091352 _____ (Malwarebytes Corporation) C:windowssystem32Driversmbamchameleon.sys
2013-11-08 20:49 - 2013-11-07 02:51 - 00003374 _____ C:windowsPFRO.log
2013-11-08 20:49 - 2013-02-20 02:44 - 00000000 ____D C:FavoriteVideo
2013-11-08 20:49 - 2009-07-13 23:08 - 00000006 ____H C:windowsTasksSA.DAT
2013-11-08 20:46 - 2013-10-26 00:18 - 00000000 ____D C:Program Files (x86)PSupport
2013-11-07 03:23 - 2011-11-29 22:17 - 00000000 ____D C:UsershungkeongAppDataLocalCrashDumps
2013-11-07 02:52 - 2013-11-07 02:52 - 00000000 _____ C:windowssetuperr.log
2013-11-07 02:36 - 2013-11-07 02:36 - 00001275 _____ C:UsershungkeongAppDataRoamingMicrosoftWindowsStart MenuUninstall Programs.lnk
2013-11-07 02:36 - 2013-11-07 02:36 - 00000000 ____D C:UsershungkeongAppDataRoamingIObit
2013-11-07 02:36 - 2013-11-07 02:36 - 00000000 ____D C:ProgramDataIObit
2013-11-07 02:36 - 2013-11-07 02:36 - 00000000 ____D C:ProgramData{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-11-07 02:36 - 2013-11-07 02:36 - 00000000 ____D C:Program Files (x86)IObit
2013-11-07 02:36 - 2011-10-12 22:34 - 00000000 ____D C:UsershungkeongAppDataRoamingApple Computer
2013-11-07 02:31 - 2013-11-07 02:31 - 00000000 ____D C:UsershungkeongAppDataRoamingSUPERAntiSpyware.com
2013-11-07 02:31 - 2013-11-07 02:31 - 00000000 ____D C:ProgramDataSUPERAntiSpyware.com
2013-11-07 02:31 - 2013-11-07 02:30 - 00216352 _____ C:UsershungkeongDocumentscc_20131107_BackUp.reg
2013-11-07 01:58 - 2013-05-06 20:35 - 00000000 ____D C:UsershungkeongAppDataRoaminguTorrent
2013-11-07 01:58 - 2011-08-18 00:12 - 00000000 ____D C:UsershungkeongTracing
2013-11-07 01:58 - 2011-08-10 23:42 - 00000000 ____D C:UsershungkeongAppDataRoamingSkype
2013-11-07 01:58 - 2011-03-29 21:11 - 00000000 ____D C:windowsPanther
2013-11-07 01:14 - 2013-11-07 01:14 - 00000000 ____D C:UsershungkeongAppDataLocalMFAData
2013-11-06 22:39 - 2011-08-08 00:00 - 00000000 ____D C:UsershungkeongAppDataRoamingToshiba
2013-11-05 01:44 - 2013-11-05 01:12 - 00000000 ____D C:windowssystem32MpEngineStore
2013-11-05 00:53 - 2013-11-05 00:53 - 00000000 ____D C:windowssystem32MRT
2013-11-04 23:48 - 2013-11-04 23:48 - 00003230 _____ C:windowsSystem32TasksRealUpgradeLogonTaskS-1-5-21-1641970090-1460547868-2588245608-1000
2013-11-04 23:47 - 2013-11-04 23:47 - 00003356 _____ C:windowsSystem32TasksRealUpgradeScheduledTaskS-1-5-21-1641970090-1460547868-2588245608-1000
2013-10-28 23:21 - 2013-10-26 00:15 - 00000000 ____D C:Program Files (x86)Kozaka
2013-10-26 00:58 - 2013-10-26 00:30 - 725141504 _____ C:UsershungkeongSquirting Orgasms (How To) - Step By Step Detailed Technique.avi
2013-10-26 00:32 - 2013-10-26 00:21 - 73143702 _____ C:UsershungkeongHow Make Squirting Orgasms By Woman - Training Vid.avi
2013-10-26 00:30 - 2011-08-07 23:53 - 00000000 ____D C:Usershungkeong
2013-10-26 00:24 - 2013-10-26 00:18 - 00000000 ____D C:UsershungkeongShesGonnaSquirt - Gaia - Squirting Like a Showerhead mp4s
2013-10-26 00:18 - 2013-10-26 00:18 - 00003992 _____ C:UsershungkeongDesktop{1D2ABF6A-2B19-3E94-0991-5B5BDB7134DA}
2013-10-26 00:18 - 2013-10-26 00:15 - 00000000 ____D C:UsershungkeongAppDataRoamingExpressFiles
2013-10-26 00:15 - 2013-10-26 00:15 - 00003098 _____ C:windowsSystem32TasksExpress FilesUpdate
2013-10-26 00:15 - 2013-10-26 00:15 - 00001964 _____ C:UsersPublicDesktopExpress Files.lnk
2013-10-26 00:15 - 2013-10-26 00:15 - 00000000 ____D C:Program Files (x86)ExpressFiles
2013-10-18 20:54 - 2011-08-10 23:42 - 00000000 ____D C:ProgramDataSkype
2013-10-18 20:53 - 2011-08-10 23:42 - 00000000 ___RD C:Program Files (x86)Skype
2013-10-17 22:33 - 2011-09-05 22:41 - 00000000 ____D C:UsershungkeongIncomplete
2013-10-16 21:07 - 2011-05-16 09:16 - 00003908 _____ C:windowsSystem32TasksGoogleUpdateTaskMachineUA
2013-10-16 21:07 - 2011-05-16 09:16 - 00003656 _____ C:windowsSystem32TasksGoogleUpdateTaskMachineCore
2013-10-14 21:41 - 2009-07-13 21:20 - 00000000 ____D C:windowssystem32NDF
2013-10-13 13:55 - 2009-07-13 21:20 - 00000000 ____D C:windowsrescache
Alureon:
C:UsershungkeongAppDataLocalTempsbqvajbsqpmbmkwow.dll
==================== Bamital & volsnap Check =================
C:WindowsSystem32winlogon.exe => MD5 is legit
C:WindowsSystem32wininit.exe => MD5 is legit
C:WindowsSysWOW64wininit.exe => MD5 is legit
C:Windowsexplorer.exe => MD5 is legit
C:WindowsSysWOW64explorer.exe => MD5 is legit
C:WindowsSystem32svchost.exe => MD5 is legit
C:WindowsSysWOW64svchost.exe => MD5 is legit
C:WindowsSystem32services.exe => MD5 is legit
C:WindowsSystem32User32.dll => MD5 is legit
C:WindowsSysWOW64User32.dll => MD5 is legit
C:WindowsSystem32userinit.exe => MD5 is legit
C:WindowsSysWOW64userinit.exe => MD5 is legit
C:WindowsSystem32Driversvolsnap.sys => MD5 is legit
LastRegBack: 2013-11-10 00:51
==================== End Of Log ============================
  • [*]The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.

*As to this,I have no idea on what to keep as this is not my pc.If it's really needed I can have the owner read the logs and let me know if anything to keep.Thank you juliet for the help.

Edited by tminterlude
Link to post
Share on other sites

[iObit Security 360] "C:Program FilesIObitIObit Security 360IS360tray.exe
Related to IOBit Advanced SystemCare. ROGUE! program. Note: Located in %Program Files%iobitadvanced systemcare 3 Note: IOBit is stealing and incorporating proprietary databases and intellectual property into their software.Read about it
http://www.systemlookup.com/lists.php?list=2&type=filename&search=IS360tray.exe&s=

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

P2P software/programs are a major contributor to infections. Not passing judgment on file-sharing, However will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs can also be found
Here

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.



Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.


 

HKCU...409d6c4515e9InprocServer32: [Default-shell32] ?globalrootDeviceHarddiskVolume2UsersHUNGKE~1AppDataLocalTempsbqvajbsqpmbmkwow.dll ATTENTION! ====> ZeroAccess?
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {A2F1556D-24AD-4BB5-B644-32388BD25852} URL =
BHO: MP3 Rocket Toolbar - {4D503352-5636-006A-76A7-7A786E7484D7} - "C:Program Files (x86)AskPartnerNetworkToolbarMP3RV6Passport_x64.dll" No File
BHO-x32: MP3 Rocket Toolbar - {4D503352-5636-006A-76A7-7A786E7484D7} - "C:Program Files (x86)AskPartnerNetworkToolbarMP3RV6Passport.dll" No File
Toolbar: HKLM - MP3 Rocket Toolbar - {4D503352-5636-006A-76A7-7A786E7484D7} - "C:Program Files (x86)AskPartnerNetworkToolbarMP3RV6Passport_x64.dll" No File
Toolbar: HKLM-x32 - MP3 Rocket Toolbar - {4D503352-5636-006A-76A7-7A786E7484D7} - "C:Program Files (x86)AskPartnerNetworkToolbarMP3RV6Passport.dll" No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
FF Plugin-x32: @qq.com/QzoneMusic
- C:Program Files (x86)TencentQQMusicnpQzoneMusic.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:Program Files (x86)WildTangent GamesAppBrowserIntegrationRegistered0NP_wtapp.dll ()
FF Extension: No Name - C:UsershungkeongAppDataRoamingMozillaFirefoxprofilesextensionsprefs.js
FF Extension: No Name - C:UsershungkeongAppDataRoamingMozillaFirefoxprofilesextensionsuser.js
CHR HKLMSOFTWAREPoliciesGoogle: Policy restriction <======= ATTENTION
C:UsershungkeongAppDataLocalTempsbqvajbsqpmbmkwow.dll

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.



NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

  • [*]Download the latest version of
Java Runtime Environment (JRE) 7u45 and save it to your desktop. [*]Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7. The Java SE Runtime Environment (JRE) allows end-users to run Java applications." [*]Click the "Download" button to the right. [*]Select the Windows platform from the dropdown menu. [*]Read the License Agreement and then check the box that says: "Accept License Agreement". Click on Continue.The page will refresh. [*]Click on the link to download Windows Offline Installation and save the file to your desktop. [*]Close any programs you may have running - especially your web browser. [*]Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. [*]Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. [*]Click the Remove or Change/Remove button. [*]Repeat as many times as necessary to remove each Java versions. [*]Reboot your computer once all Java components are removed. [*]Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version. [*]After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) [*]On the General tab, under Temporary Internet Files, click the Settings button. [*]Next, click on the Delete Files button [*]There are two options in the window to clear the cache - Leave BOTH Checked
Applications and Applets
Trace and Log Files
[*]Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. [*]Click OK to leave the Temporary Files Window [*]Click OK to leave the Java Control Panel. [*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
[*]Download ComboFix from here:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* IMPORTANT !!! Place ComboFix.exe on your Desktop [*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


You can get help on disabling your protection programs here [*]Double click on ComboFix.exe & follow the prompts. [*]Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. [*]When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


--------------------------------------------------------------------------------------------- [*]Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.



In your next reply post:

new FRST log
combofix .txt

let me know what the computer is doing now. [*]

Edited by Juliet
typo x 2
Link to post
Share on other sites
ComboFix 13-11-12.01 - hungkeong 2/2013 Tue 19:07:57.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.936.86.1033.18.1639.379 [GMT -6:00]
Ö´ÐÐλÖÃ: c:usershungkeongDesktopComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Enabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( ±»É¾³ýµÄµµ°¸ )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:usershungkeongAppDataLocalGoogleChromeUser DataDefaultLocal Storagechrome-extension_cdlfekohkhfdbpmokgdkhemgjkdclabo_0.localstorage
.
.
((((((((((((((((((((((((( 2013-10-13 ÖÁ 2013-11-13 µÄеĵµ°¸ )))))))))))))))))))))))))))))))
.
.
2013-11-13 01:26 . 2013-11-13 01:26 -------- d-----w- c:usersDefaultAppDataLocaltemp
2013-11-13 00:56 . 2013-11-13 00:56 -------- d-----w- c:programdataOracle
2013-11-13 00:56 . 2013-11-13 00:55 312744 ----a-w- c:windowssystem32javaws.exe
2013-11-13 00:56 . 2013-11-13 00:55 108968 ----a-w- c:windowssystem32WindowsAccessBridge-64.dll
2013-11-13 00:56 . 2013-11-13 00:55 189352 ----a-w- c:windowssystem32javaw.exe
2013-11-13 00:56 . 2013-11-13 00:55 189352 ----a-w- c:windowssystem32java.exe
2013-11-13 00:55 . 2013-11-13 00:55 -------- d-----w- c:program filesJava
2013-11-12 01:25 . 2013-11-12 01:25 -------- d-----w- C:FRST
2013-11-12 00:52 . 2013-11-12 00:52 -------- d-----w- c:windowsERUNT
2013-11-12 00:44 . 2013-11-12 00:46 -------- d-----w- C:AdwCleaner
2013-11-09 23:25 . 2013-11-09 23:25 -------- d-----w- c:usershungkeongAppDataRoamingAVG2014
2013-11-09 23:23 . 2013-11-09 23:23 -------- d-----w- c:usershungkeongAppDataRoamingTuneUp Software
2013-11-09 23:20 . 2013-11-09 23:20 -------- d-----w- C:$AVG
2013-11-09 23:20 . 2013-11-09 23:24 -------- d-----w- c:programdataAVG2014
2013-11-09 23:19 . 2013-11-09 23:19 -------- d-----w- c:program files (x86)AVG
2013-11-09 04:19 . 2013-11-09 04:44 -------- d-----w- c:programdataMalwarebytes' Anti-Malware (portable)
2013-11-09 04:18 . 2013-11-09 04:18 91352 ----a-w- c:windowssystem32driversmbamchameleon.sys
2013-11-09 03:27 . 2010-05-26 16:39 6144 ------w- c:windowssystem3219C8.tmp
2013-11-09 03:23 . 2010-05-26 16:39 6144 ------w- c:windowssystem32385E.tmp
2013-11-07 08:36 . 2013-11-07 08:36 -------- d-----w- c:programdata{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-11-07 08:36 . 2013-11-07 08:36 -------- d-----w- c:programdataIObit
2013-11-07 08:36 . 2013-11-07 08:36 -------- d-----w- c:usershungkeongAppDataRoamingIObit
2013-11-07 08:36 . 2013-11-07 08:36 -------- d-----w- c:program files (x86)IObit
2013-11-07 08:31 . 2013-11-07 08:31 -------- d-----w- c:usershungkeongAppDataRoamingSUPERAntiSpyware.com
2013-11-07 08:31 . 2013-11-07 08:31 -------- d-----w- c:programdataSUPERAntiSpyware.com
2013-11-07 07:40 . 2013-10-14 07:12 10280728 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{AEBA6D42-91C5-4B4A-BEF9-BD1FD59A67F4}mpengine.dll
2013-11-07 07:14 . 2013-11-13 00:45 -------- d-----w- c:programdataMFAData
2013-11-07 07:14 . 2013-11-09 23:27 -------- d-----w- c:usershungkeongAppDataLocalAvg2014
2013-11-07 07:14 . 2013-11-07 07:14 -------- d--h--w- c:programdataCommon Files
2013-11-07 07:14 . 2013-11-07 07:14 -------- d-----w- c:usershungkeongAppDataLocalMFAData
2013-11-07 06:56 . 2013-11-13 00:13 -------- d-----w- c:program files (x86)PCCleanup
2013-11-05 07:12 . 2013-11-05 07:44 -------- d-----w- c:windowssystem32MpEngineStore
2013-11-05 06:53 . 2013-11-05 06:53 -------- d-----w- c:windowssystem32MRT
2013-10-26 06:18 . 2013-10-26 06:24 -------- d-----w- c:usershungkeongShesGonnaSquirt - Gaia - Squirting Like a Showerhead mp4s
2013-10-26 06:18 . 2013-11-09 02:46 -------- d-----w- c:program files (x86)PSupport
2013-10-26 06:15 . 2013-10-29 05:21 -------- d-----w- c:program files (x86)Kozaka
2013-10-26 06:15 . 2013-10-26 06:18 -------- d-----w- c:usershungkeongAppDataRoamingExpressFiles
2013-10-26 06:15 . 2013-10-26 06:15 -------- d-----w- c:program files (x86)ExpressFiles
.
.
.
(((((((((((((((((((((((((((((((((((((((( ÔÚÈý¸öÔÂÄÚ±»Ð޸ĵĵµ°¸ ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 03:39 . 2012-07-25 03:31 692616 ----a-w- c:windowsSysWow64FlashPlayerApp.exe
2013-10-09 03:39 . 2011-12-18 06:37 71048 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl
2013-09-26 03:07 . 2013-09-26 03:07 148792 ----a-w- c:windowssystem32driversavgdiska.sys
2013-09-22 23:28 . 2013-10-10 05:56 1767936 ----a-w- c:windowsSysWow64wininet.dll
2013-09-22 23:27 . 2013-10-10 05:57 2876928 ----a-w- c:windowsSysWow64jscript9.dll
2013-09-22 23:27 . 2013-10-10 05:57 61440 ----a-w- c:windowsSysWow64iesetup.dll
2013-09-22 23:27 . 2013-10-10 05:57 109056 ----a-w- c:windowsSysWow64iesysprep.dll
2013-09-22 22:55 . 2013-10-10 05:57 51712 ----a-w- c:windowssystem32ie4uinit.exe
2013-09-22 22:55 . 2013-10-10 05:56 2241024 ----a-w- c:windowssystem32wininet.dll
2013-09-22 22:55 . 2013-10-10 05:57 1365504 ----a-w- c:windowssystem32urlmon.dll
2013-09-22 22:54 . 2013-10-10 05:57 603136 ----a-w- c:windowssystem32msfeeds.dll
2013-09-22 22:54 . 2013-10-10 05:56 19252224 ----a-w- c:windowssystem32mshtml.dll
2013-09-22 22:54 . 2013-10-10 05:57 855552 ----a-w- c:windowssystem32jscript.dll
2013-09-22 22:54 . 2013-10-10 05:57 3959296 ----a-w- c:windowssystem32jscript9.dll
2013-09-22 22:54 . 2013-10-10 05:56 53248 ----a-w- c:windowssystem32jsproxy.dll
2013-09-22 22:54 . 2013-10-10 05:57 526336 ----a-w- c:windowssystem32ieui.dll
2013-09-22 22:54 . 2013-10-10 05:57 67072 ----a-w- c:windowssystem32iesetup.dll
2013-09-22 22:54 . 2013-10-10 05:57 39936 ----a-w- c:windowssystem32iernonce.dll
2013-09-22 22:54 . 2013-10-10 05:57 136704 ----a-w- c:windowssystem32iesysprep.dll
2013-09-22 22:54 . 2013-10-10 05:57 2647552 ----a-w- c:windowssystem32iertutil.dll
2013-09-22 22:54 . 2013-10-10 05:56 15404544 ----a-w- c:windowssystem32ieframe.dll
2013-09-21 03:38 . 2013-10-10 05:57 2706432 ----a-w- c:windowssystem32mshtml.tlb
2013-09-21 03:30 . 2013-10-10 05:57 2706432 ----a-w- c:windowsSysWow64mshtml.tlb
2013-09-21 02:48 . 2013-10-10 05:57 89600 ----a-w- c:windowssystem32RegisterIEPKEYs.exe
2013-09-21 02:39 . 2013-10-10 05:57 71680 ----a-w- c:windowsSysWow64RegisterIEPKEYs.exe
2013-09-14 01:10 . 2013-10-10 04:29 497152 ----a-w- c:windowssystem32driversafd.sys
2013-09-09 04:11 . 2013-09-09 04:11 31544 ----a-w- c:windowssystem32driversavgrkx64.sys
2013-09-08 02:30 . 2013-10-10 04:29 1903552 ----a-w- c:windowssystem32driverstcpip.sys
2013-09-08 02:27 . 2013-10-10 04:29 327168 ----a-w- c:windowssystem32mswsock.dll
2013-09-08 02:03 . 2013-10-10 04:29 231424 ----a-w- c:windowsSysWow64mswsock.dll
2013-09-04 12:12 . 2013-10-10 04:25 343040 ----a-w- c:windowssystem32driversusbhub.sys
2013-09-04 12:11 . 2013-10-10 04:25 325120 ----a-w- c:windowssystem32driversusbport.sys
2013-09-04 12:11 . 2013-10-10 04:25 99840 ----a-w- c:windowssystem32driversusbccgp.sys
2013-09-04 12:11 . 2013-10-10 04:25 52736 ----a-w- c:windowssystem32driversusbehci.sys
2013-09-04 12:11 . 2013-10-10 04:25 30720 ----a-w- c:windowssystem32driversusbuhci.sys
2013-09-04 12:11 . 2013-10-10 04:25 25600 ----a-w- c:windowssystem32driversusbohci.sys
2013-09-04 12:11 . 2013-10-10 04:25 7808 ----a-w- c:windowssystem32driversusbd.sys
2013-09-03 19:35 . 2010-11-21 03:27 278800 ------w- c:windowssystem32MpSigStub.exe
2013-09-02 16:59 . 2013-09-02 16:59 212280 ----a-w- c:windowssystem32driversavgldx64.sys
2013-09-02 16:29 . 2013-09-02 16:29 294712 ----a-w- c:windowssystem32driversavgloga.sys
2013-09-02 16:26 . 2013-09-02 16:26 192824 ----a-w- c:windowssystem32driversavgidsha.sys
2013-09-02 16:26 . 2013-09-02 16:26 241464 ----a-w- c:windowssystem32driversavgidsdrivera.sys
2013-08-29 02:17 . 2013-10-10 04:26 5549504 ----a-w- c:windowssystem32ntoskrnl.exe
2013-08-29 02:16 . 2013-10-10 04:26 1732032 ----a-w- c:windowssystem32ntdll.dll
2013-08-29 02:16 . 2013-10-10 04:26 243712 ----a-w- c:windowssystem32wow64.dll
2013-08-29 02:16 . 2013-10-10 04:26 859648 ----a-w- c:windowssystem32tdh.dll
2013-08-29 02:13 . 2013-10-10 04:26 878080 ----a-w- c:windowssystem32advapi32.dll
2013-08-29 01:51 . 2013-10-10 04:26 3969472 ----a-w- c:windowsSysWow64ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-10 04:26 3914176 ----a-w- c:windowsSysWow64ntoskrnl.exe
2013-08-29 01:50 . 2013-10-10 04:26 5120 ----a-w- c:windowsSysWow64wow32.dll
2013-08-29 01:50 . 2013-10-10 04:26 1292192 ----a-w- c:windowsSysWow64ntdll.dll
2013-08-29 01:50 . 2013-10-10 04:26 619520 ----a-w- c:windowsSysWow64tdh.dll
2013-08-29 01:48 . 2013-10-10 04:26 640512 ----a-w- c:windowsSysWow64advapi32.dll
2013-08-29 01:48 . 2013-10-10 04:26 44032 ----a-w- c:windowsapppatchacwow64.dll
2013-08-29 00:49 . 2013-10-10 04:26 25600 ----a-w- c:windowsSysWow64setup16.exe
2013-08-29 00:49 . 2013-10-10 04:26 7680 ----a-w- c:windowsSysWow64instnm.exe
2013-08-29 00:49 . 2013-10-10 04:26 14336 ----a-w- c:windowsSysWow64ntvdm64.dll
2013-08-29 00:49 . 2013-10-10 04:26 2048 ----a-w- c:windowsSysWow64user.exe
2013-08-28 01:21 . 2013-10-10 04:26 3155968 ----a-w- c:windowssystem32win32k.sys
2013-08-28 01:12 . 2013-10-10 04:25 461312 ----a-w- c:windowssystem32scavengeui.dll
2013-08-21 04:53 . 2013-08-21 04:53 123704 ----a-w- c:windowssystem32driversavgmfx64.sys
.
.
((((((((((((((((((((((((((((((((((((( ÖØÒªµÇÈëµã ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*×¢Òâ* ¿Õ°×ÓëºÏ·¨È±Ê¡µÇ¼½«²»»á±»ÏÔʾ
REGEDIT4
.
[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOTCLSID{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-20 07:04 220632 ----a-w- c:usershungkeongAppDataLocalMicrosoftSkyDrive16.4.6013.0910SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOTCLSID{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-20 07:04 220632 ----a-w- c:usershungkeongAppDataLocalMicrosoftSkyDrive16.4.6013.0910SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOTCLSID{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-20 07:04 220632 ----a-w- c:usershungkeongAppDataLocalMicrosoftSkyDrive16.4.6013.0910SkyDriveShell.dll
.
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"PPAP"="c:program files (x86)Common FilesPPLiveNetworkPPAP.exe" [2013-01-31 251744]
"swg"="c:program files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2011-05-16 39408]
.
[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]
"StartCCC"="c:program files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" [2011-02-16 336384]
"ToshibaServiceStation"="c:program files (x86)TOSHIBATOSHIBA Service StationToshibaServiceStation.exe" [2010-07-01 1295224]
"NortonOnlineBackupReminder"="c:program files (x86)ToshibaToshiba Online BackupActivationTOBuActivation.exe" [2010-08-17 3218792]
"ToshibaAppPlace"="c:program files (x86)ToshibaToshiba App PlaceToshibaAppPlace.exe" [2010-09-23 552960]
"APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2013-01-28 59720]
"AVG_UI"="c:program files (x86)AVGAVG2014avgui.exe" [2013-10-08 4908592]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionwindows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversiondrivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [x]
R2 PPTVService;PPTVService;c:windowsSystem32svchost.exe;c:windowsSYSNATIVEsvchost.exe [x]
R2 SkypeUpdate;Skype Updater;c:program files (x86)SkypeUpdaterUpdater.exe;c:program files (x86)SkypeUpdaterUpdater.exe [x]
R3 GamesAppService;GamesAppService;c:program files (x86)WildTangent GamesAppGamesAppService.exe;c:program files (x86)WildTangent GamesAppGamesAppService.exe [x]
R3 MEMSWEEP2;MEMSWEEP2;c:windowssystem3219C8.tmp;c:windowsSYSNATIVE19C8.tmp [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:windowssystem32DRIVERSnetaapl64.sys;c:windowsSYSNATIVEDRIVERSnetaapl64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:windowssystem32DriversRtsUStor.sys;c:windowsSYSNATIVEDriversRtsUStor.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:windowssystem32DRIVERSssadbus.sys;c:windowsSYSNATIVEDRIVERSssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:windowssystem32DRIVERSssadmdfl.sys;c:windowsSYSNATIVEDRIVERSssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:windowssystem32DRIVERSssadmdm.sys;c:windowsSYSNATIVEDRIVERSssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys;c:windowsSYSNATIVEdriverstsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:windowssystem32driversTsUsbGD.sys;c:windowsSYSNATIVEdriversTsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:windowssystem32Driversusbaapl64.sys;c:windowsSYSNATIVEDriversusbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe;c:windowsSYSNATIVEWatWatAdminSvc.exe [x]
S0 amd_sata;amd_sata;c:windowssystem32DRIVERSamd_sata.sys;c:windowsSYSNATIVEDRIVERSamd_sata.sys [x]
S0 amd_xata;amd_xata;c:windowssystem32DRIVERSamd_xata.sys;c:windowsSYSNATIVEDRIVERSamd_xata.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:windowssystem32DRIVERSavgidsha.sys;c:windowsSYSNATIVEDRIVERSavgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:windowssystem32DRIVERSavgloga.sys;c:windowsSYSNATIVEDRIVERSavgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:windowssystem32DRIVERSavgmfx64.sys;c:windowsSYSNATIVEDRIVERSavgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:windowssystem32DRIVERSavgrkx64.sys;c:windowsSYSNATIVEDRIVERSavgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:windowssystem32DRIVERSavgdiska.sys;c:windowsSYSNATIVEDRIVERSavgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:windowssystem32DRIVERSavgidsdrivera.sys;c:windowsSYSNATIVEDRIVERSavgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:windowssystem32DRIVERSavgldx64.sys;c:windowsSYSNATIVEDRIVERSavgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:windowssystem32DRIVERSavgtdia.sys;c:windowsSYSNATIVEDRIVERSavgtdia.sys [x]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:program files (x86)IObitAdvanced SystemCare 6ASCService.exe;c:program files (x86)IObitAdvanced SystemCare 6ASCService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe;c:windowsSYSNATIVEatiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:program files (x86)AVGAVG2014avgidsagent.exe;c:program files (x86)AVGAVG2014avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:program files (x86)AVGAVG2014avgwdsvc.exe;c:program files (x86)AVGAVG2014avgwdsvc.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:program files (x86)Norton PC CheckupEngine2.0.10.26ccSvcHst.exe;c:program files (x86)Norton PC CheckupEngine2.0.10.26ccSvcHst.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:windowssystem32DRIVERSETD.sys;c:windowsSYSNATIVEDRIVERSETD.sys [x]
S3 FwLnk;FwLnk Driver;c:windowssystem32DRIVERSFwLnk.sys;c:windowsSYSNATIVEDRIVERSFwLnk.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:windowssystem32DRIVERSL1C62x64.sys;c:windowsSYSNATIVEDRIVERSL1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:windowssystem32DRIVERSpgeffect.sys;c:windowsSYSNATIVEDRIVERSpgeffect.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:windowssystem32DRIVERSrtl8192Ce.sys;c:windowsSYSNATIVEDRIVERSrtl8192Ce.sys [x]
S3 TMachInfo;TMachInfo;c:program files (x86)TOSHIBATOSHIBA Service StationTMachInfo.exe;c:program files (x86)TOSHIBATOSHIBA Service StationTMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:program filesTOSHIBATOSHIBA HDD SSD AlertTosSmartSrv.exe;c:program filesTOSHIBATOSHIBA HDD SSD AlertTosSmartSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionsvchost]
PPTVServiceGroup REG_MULTI_SZ PPTVService
.
[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftactive setupinstalled components{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-19 03:13 1185744 ----a-w- c:program files (x86)GoogleChromeApplication30.0.1599.101Installerchrmstp.exe
.
¡®¼Æ»®ÈÎÎñ¡¯ Îļþ¼Ð ÀïµÄÄÚÈÝ
.
2013-11-12 c:windowsTasksAdobe Flash Player Updater.job
- c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-07-25 03:39]
.
2013-11-13 c:windowsTasksGoogleUpdateTaskMachineCore.job
- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-05-16 15:16]
.
2013-11-13 c:windowsTasksGoogleUpdateTaskMachineUA.job
- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-05-16 15:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOTCLSID{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-20 07:04 244696 ----a-w- c:usershungkeongAppDataLocalMicrosoftSkyDrive16.4.6013.0910amd64SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOTCLSID{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-20 07:04 244696 ----a-w- c:usershungkeongAppDataLocalMicrosoftSkyDrive16.4.6013.0910amd64SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOTCLSID{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-20 07:04 244696 ----a-w- c:usershungkeongAppDataLocalMicrosoftSkyDrive16.4.6013.0910amd64SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"SmartAudio"="c:program filesCONEXANTSAIISAIICpl.exe" [2010-12-14 316032]
"TosVolRegulator"="c:program filesTOSHIBATosVolRegulatorTosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:program filesTOSHIBATOSHIBA HDD SSD AlertTosWaitSrv.exe" [2010-02-06 709976]
.
------- ¶øÍâµÄɨÃè -------
.
uLocal Page = c:windowssystem32blank.htm
mLocal Page = c:windowsSysWOW64blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:program files (x86)ElantechETDCtrl.exe
HKLM-Run-SmartFaceVWatcher - c:program files (x86)ToshibaSmartFaceVSmartFaceVWatcher.exe
HKLM-Run-TPwrMain - c:program files (x86)TOSHIBAPower SaverTPwrMain.EXE
HKLM-Run-SmoothView - c:program files (x86)ToshibaSmoothViewSmoothView.exe
HKLM-Run-00TCrdMain - c:program files (x86)TOSHIBAFlashCardsTCrdMain.exe
HKLM-Run-TosNC - c:program files (x86)ToshibaBulletinBoardTosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:program files (x86)TOSHIBAReelTimeTosReelTimeMonitor.exe
AddRemove-Sophos-AntiRootkit - c:program files (x86)PCCleanuphelper.exe
AddRemove-fTalk - c:usershungkeongAppDataLocalfTalkuninstall.exe
.
.
.
[HKEY_LOCAL_MACHINESYSTEMControlSet001servicesPCCUJobMgr]
"ImagePath"=""c:program files (x86)Norton PC CheckupEngine2.0.10.26ccSvcHst.exe" /s "PCCUJobMgr" /m "c:program files (x86)Norton PC CheckupEngine2.0.10.26diMaster.dll" /prefetch:1"
.
[HKEY_LOCAL_MACHINESYSTEMControlSet001servicesMEMSWEEP2]
"ImagePath"="??c:windowssystem3219C8.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:windowssystem32MacromedFlashFlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]
@="c:windowssystem32MacromedFlashFlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:windowsSysWOW64MacromedFlashFlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]
@="c:windowsSysWOW64MacromedFlashFlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]
@="c:windowsSysWOW64MacromedFlashFlash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]
@="c:windowsSysWOW64MacromedFlashFlash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]
@="1.0"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]
@="c:windowsSysWOW64MacromedFlashFlash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]
@="c:windowsSysWOW64MacromedFlashFlash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]
@="1.0"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]
@Denied: (Full) (Everyone)
.
Íê³Éʱ¼ä: 2013-11-12 19:34:42
ComboFix-quarantined-files.txt 2013-11-13 01:34
.
Pre-Run: 171,773,100,032 bytes free
Post-Run: 171,249,172,480 bytes free
.
- - End Of File - - FAF020DB868456741AC19C260515F5BE
5B5E648D12FCADC244C1EC30318E1EB9
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-11-2013 01
Ran by hungkeong at 2013-11-12 18:13:47 Run:1
Running from C:Program Files (x86)PCCleanup
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKCU...409d6c4515e9InprocServer32: [Default-shell32] ?globalrootDeviceHarddiskVolume2UsersHUNGKE~1AppDataLocalTempsbqvajbsqpmbmkwow.dll ATTENTION! ====> ZeroAccess?
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {A2F1556D-24AD-4BB5-B644-32388BD25852} URL =
BHO: MP3 Rocket Toolbar - {4D503352-5636-006A-76A7-7A786E7484D7} - "C:Program Files (x86)AskPartnerNetworkToolbarMP3RV6Passport_x64.dll" No File
BHO-x32: MP3 Rocket Toolbar - {4D503352-5636-006A-76A7-7A786E7484D7} - "C:Program Files (x86)AskPartnerNetworkToolbarMP3RV6Passport.dll" No File
Toolbar: HKLM - MP3 Rocket Toolbar - {4D503352-5636-006A-76A7-7A786E7484D7} - "C:Program Files (x86)AskPartnerNetworkToolbarMP3RV6Passport_x64.dll" No File
Toolbar: HKLM-x32 - MP3 Rocket Toolbar - {4D503352-5636-006A-76A7-7A786E7484D7} - "C:Program Files (x86)AskPartnerNetworkToolbarMP3RV6Passport.dll" No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
FF Plugin-x32: @qq.com/QzoneMusic
- C:Program Files (x86)TencentQQMusicnpQzoneMusic.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:Program Files (x86)WildTangent GamesAppBrowserIntegrationRegistered0NP_wtapp.dll ()
FF Extension: No Name - C:UsershungkeongAppDataRoamingMozillaFirefoxprofilesextensionsprefs.js
FF Extension: No Name - C:UsershungkeongAppDataRoamingMozillaFirefoxprofilesextensionsuser.js
CHR HKLMSOFTWAREPoliciesGoogle: Policy restriction <======= ATTENTION
C:UsershungkeongAppDataLocalTempsbqvajbsqpmbmkwow.dll
*****************
HKCUSoftwareClassesCLSID{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully. If the key returned, move the associated file, reboot and list the key for deletion.
HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCRCLSID{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerSearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCRWow6432NodeCLSID{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCUSOFTWAREMicrosoftInternet ExplorerSearchScopes{A2F1556D-24AD-4BB5-B644-32388BD25852} => Key deleted successfully.
HKCRCLSID{A2F1556D-24AD-4BB5-B644-32388BD25852} => Key not found.
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{4D503352-5636-006A-76A7-7A786E7484D7} => Key deleted successfully.
HKCRCLSID{4D503352-5636-006A-76A7-7A786E7484D7} => Key deleted successfully.
HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{4D503352-5636-006A-76A7-7A786E7484D7} => Key deleted successfully.
HKCRWow6432NodeCLSID{4D503352-5636-006A-76A7-7A786E7484D7} => Key deleted successfully.
HKLMSOFTWAREMicrosoftInternet ExplorerToolbar{4D503352-5636-006A-76A7-7A786E7484D7} => Value deleted successfully.
HKCRCLSID{4D503352-5636-006A-76A7-7A786E7484D7} => Key not found.
HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerToolbar{4D503352-5636-006A-76A7-7A786E7484D7} => Value deleted successfully.
HKCRWow6432NodeCLSID{4D503352-5636-006A-76A7-7A786E7484D7} => Key not found.
HKCRPROTOCOLSHandlerskype-ie-addon-data => Key deleted successfully.
HKCRCLSID{91774881-D725-4E58-B298-07617B9B86A8} => Key not found.
HKLMSoftwareWow6432NodeMozillaPluginsFF Plugin-x32: @qq.com/QzoneMusic => Key not found.
FF Plugin-x32: @qq.com/QzoneMusic not found.
[email protected]/GamesAppPresenceDetector,Version=1.0 => Key deleted successfully.
C:Program Files (x86)WildTangent GamesAppBrowserIntegrationRegistered0NP_wtapp.dll => Moved successfully.
C:UsershungkeongAppDataRoamingMozillaFirefoxprofilesextensionsprefs.js => Moved successfully.
C:UsershungkeongAppDataRoamingMozillaFirefoxprofilesextensionsuser.js => Moved successfully.
HKLMSOFTWAREPoliciesGoogle => Key deleted successfully.
C:UsershungkeongAppDataLocalTempsbqvajbsqpmbmkwow.dll => Moved successfully.
==== End of Fixlog ====
Link to post
Share on other sites

Well the 20 dllhost process's in task manager are gone now,so that's great news.

The laptop still feels sluggish to me though,like I click to open chrome and it takes about 20 seconds to open.

Im not sure what else we could clean up on this laptop so maybe its just old hardware.

Link to post
Share on other sites

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

 

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

[*]If you use Firefox browser

 

Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

[*]Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

 

 

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

 

Download HijackThis .

[*]Save HijackThis.exe to your desktop.

[*]Doubleclick on the HijackThis.exe icon on your desktop.

[*]By default it will install to C:Program FilesTrend MicroHijackThis .

[*]Click on Install.

[*]It will create a HijackThis icon on the desktop.

[*]Once installed, it will launch Hijackthis.

[*]Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.

[*]Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.

[*]DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.

[*]DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[*]ESET Online Scanner:

 

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

 

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

[*]Please go here to run the scan.

http://www.eset.com/us/online-scanner/run

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

[*]Select the option YES, I accept the Terms of Use then click on: Posted Image

[*]When prompted allow the Add-On/Active X to install.

[*]Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.

[*]Now click on Advanced Settings and select the following:

[*]

[*]Scan for potentially unwanted applications

[*]Scan for potentially unsafe applications

[*]Enable Anti-Stealth Technology

[*]Now click on: Posted Image

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: Posted Image

[*]Use notepad to open the logfile located at C:Program FilesESETEsetOnlineScannerlog.txt.

[*]Copy and paste that log as a reply to this topic.

[*]Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

 

 

in your next reply post:

HJT log

Eset scan log

Tell me how the computer is at the moment.

Link to post
Share on other sites
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 4:46:10 PM, on 11/13/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16720)
Boot mode: Normal
Running processes:
C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program Files (x86)Common FilesPPLiveNetworkPPAP.exe
C:Program Files (x86)AVGAVG2014avgui.exe
C:Program Files (x86)Common FilesJavaJava Updatejusched.exe
C:Program Files (x86)PCCleanupHijackThis.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre7binssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:PROGRA~2IObitADVANC~1BROWER~1ASCPLU~1.DLL
O2 - BHO: MP3 Rocket Downloader - {c5e9c0b3-8b18-4b1b-ad67-c1a063ab2b34} - mscoree.dll (file missing)
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre7binjp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll
O4 - HKLM..Run: [startCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun
O4 - HKLM..Run: [ToshibaServiceStation] "C:Program Files (x86)TOSHIBATOSHIBA Service StationToshibaServiceStation.exe" /hide:60
O4 - HKLM..Run: [NortonOnlineBackupReminder] "C:Program Files (x86)ToshibaToshiba Online BackupActivationTOBuActivation.exe" UNATTENDED
O4 - HKLM..Run: [ToshibaAppPlace] "C:Program Files (x86)ToshibaToshiba App PlaceToshibaAppPlace.exe"
O4 - HKLM..Run: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"
O4 - HKLM..Run: [AVG_UI] "C:Program Files (x86)AVGAVG2014avgui.exe" /TRAYONLY
O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"
O4 - HKCU..Run: [PPAP] "C:Program Files (x86)Common FilesPPLiveNetworkPPAP.exe" -background
O4 - HKCU..Run: [swg] "C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe"
O9 - Extra button: @C:Program Files (x86)Windows LiveWriterWindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:Program Files (x86)Windows LiveWriterWindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:Program Files (x86)PPLivePPTVPPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:Program Files (x86)PPLivePPTVPPLive.exe
O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll
O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/pcpitstop.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~2COMMON~1SkypeSKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:Program Files (x86)IObitAdvanced SystemCare 6ASCService.exe
O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:windowsSystem32alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:windowssystem32atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:Program Files (x86)AVGAVG2014avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:Program Files (x86)AVGAVG2014avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner - C:windowsSystem32lsass.exe (file missing)
O23 - Service: @%systemroot%system32fxsresm.dll,-118 (Fax) - Unknown owner - C:windowssystem32fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:Program Files (x86)WildTangent GamesAppGamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program Files (x86)GoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:windowssystem32lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:windowsSystem32msdtc.exe (file missing)
O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:windowssystem32lsass.exe (file missing)
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:Program Files (x86)Norton PC CheckupEngine2.0.10.26ccSvcHst.exe
O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:windowssystem32lsass.exe (file missing)
O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:windowssystem32locator.exe (file missing)
O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:windowssystem32lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:Program Files (x86)SkypeUpdaterUpdater.exe
O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:windowsSystem32snmptrap.exe (file missing)
O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:windowsSystem32spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:windowssystem32sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:Program Files (x86)TOSHIBATOSHIBA Service StationTMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:windowssystem32TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:Program FilesTOSHIBAPower SaverTosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSmartSrv.exe
O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:windowssystem32UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:windowssystem32lsass.exe (file missing)
O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:windowsSystem32vds.exe (file missing)
O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:windowssystem32vssvc.exe (file missing)
O23 - Service: @%SystemRoot%system32WatWatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:windowssystem32WatWatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:windowssystem32wbengine.exe (file missing)
O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:windowssystem32wbemWmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)
--
End of file - 9861 bytes
I can't get eset online scanner to download the definitions database,Im not sure why but it gets stuck at %52.I have restarted several times and tried a few different browsers.
The laptop is running better than it did before we started so we made progress,thank you.Still just seems sluggish though.
Like I will open a browser or go to my computer and takes roughly 20 seconds or so and all the icons on desktop will go away then come back,that just seems weird.
*EDIT*I totally skipped the ATFcleaner,will do that now,some how I missed that step.OoOps
Edited by tminterlude
Link to post
Share on other sites

We need to move HJT to it's own folder.

 

Right click desktop> choose "new"> then New folder.

Call that folder Hijack or similar.

Right click Hijackthis.exe ( where you have it downloaded)> choose "cut".

Open your new Hijack folder, right click in blank spot then click "paste"

 

this will save backups to the right location.

 

 

Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

 

O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:PROGRA~2IObitADVANC~1BROWER~1ASCPLU~1.DLL

O2 - BHO: MP3 Rocket Downloader - {c5e9c0b3-8b18-4b1b-ad67-c1a063ab2b34} - mscoree.dll (file missing)

O4 - HKLM..Run: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"

O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"

O4 - HKCU..Run: [PPAP] "C:Program Files (x86)Common FilesPPLiveNetworkPPAP.exe" -background

O4 - HKCU..Run: [swg] "C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe"

 

 

reboot the computer to set the registry.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~``

 

I think the antivirus is causing a problem with the Eset scan.

 

Go to the web site to start over then disable AVG to see if the data base will load.

Link to post
Share on other sites

I did as instructed on highjackthis,everything seemed to work just fine.However I still cant get eset online scanner to work,

I'm getting unexpected error 2002 when downloading virus signature database.I have avg disable and have restarted the pc.

Link to post
Share on other sites

In that case just run a full scan with AVG. Let me know if anything was found.

 

Don't be alarmed if you see things in quarantine folders.

Edited by Juliet
typo
Link to post
Share on other sites

AVg full scan found 4 threats,3 corrupt executable's and 1 trojan horse crypt2.btvr virus.

 

I had scanned the computer with avg shortly after getting it and it found nothing.I guess we did something for avg to uncover those threats.I can't figure out how to get a log from avg to post.

 

What else can I do to ensure this pc is fully clean.

Link to post
Share on other sites

did you allow it to quarantine?

Eset is the online scanner I trust the most, wish we could had gotten that to run.

 

 

Post a new FRST log and we'll check for left overs.

 

How's the computer now?

Link to post
Share on other sites

A friend suggested we try this one:

 

Do an online scan with BitDefender QuickScan.

Please be patient as scanning may take some time. If you have problem running the scan, you might want to disable any real time protection that you have.

[*]Click here to go to BitDefender QuickScan page.

[*]For Firefox users:

[*]Click on Free Scan Now. You will be prompted to install a plug-in. Please Allow. In case you get stuck, please refresh the page to try again.

[*]A Software Installation window will appear. Click Install Now and the plugin will be installed as an Add-on.

[*]Restart Firefox when done. Go back to the BitDefender QuickScan page again and click on Free Scan Now and proceed accordingly.

[*]For Internet Explorer users:

[*]Click on Free Scan Now. You will be prompted to install an ActiveX control. Please install.

[*]The page will refresh. Click on Free Scan Now again and proceed accordingly.

[*]When scan has completed, click on View report and a Notepad log shall open.

[*]If there are any infections found, you will get a warning and the link to the report will be displayed as the number of infections. Click on it.

[*]Post back the contents of this report. It can also be found at C:Documents and Settings<username>Application DataQuickScan, <username> is the Windows log-in name.

Link to post
Share on other sites

Well I think it quarantined them automatically.The computer seems better so far,internet browswers and windows seem to be

opening up with in seconds now.It does lag loading a web page though,

 

Bitdefender found no infections.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2013 01
Ran by hungkeong (administrator) on HUNGKEONG-PC on 14-11-2013 20:50:16
Running from C:Program Files (x86)PCCleanupDONOTRUNExpertsOnly
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:PROGRA~2AVGAVG2014avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:Program Files (x86)AVGAVG2014avgcsrva.exe
(IObit) C:Program Files (x86)IObitAdvanced SystemCare 6ASCService.exe
(AMD) C:windowssystem32atiesrxx.exe
(AMD) C:windowssystem32atieclxx.exe
(Apple Inc.) C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:Program Files (x86)AVGAVG2014avgwdsvc.exe
(Apple Inc.) C:Program FilesBonjourmDNSResponder.exe
(Symantec Corporation) C:Program Files (x86)Norton PC CheckupEngine2.0.10.26ccSvcHst.exe
(TOSHIBA Corporation) C:windowssystem32TODDSrv.exe
(TOSHIBA Corporation) C:Program FilesTOSHIBAPower SaverTosCoSrv.exe
(Microsoft Corp.) C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE
(Microsoft Corp.) C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe
(Symantec Corporation) C:Program Files (x86)Norton PC CheckupEngine2.0.10.26ccSvcHst.exe
(ELAN Microelectronics Corp.) C:Program FilesElantechETDCtrl.exe
(TOSHIBA Corporation) C:Program FilesTOSHIBAPower SaverTPwrMain.exe
(TOSHIBA Corporation) C:Program FilesTOSHIBASmoothViewSmoothView.exe
(TOSHIBA Corporation) C:Program FilesTOSHIBAFlashCardsTCrdMain.exe
(TOSHIBA Corporation) C:Program FilesTOSHIBABulletinBoardTosNcCore.exe
(TOSHIBA Corporation) C:Program FilesTOSHIBAReelTimeTosReelTimeMonitor.exe
(TOSHIBA Corporation) C:Program Files (x86)ToshibaTOSHIBA Service StationToshibaServiceStation.exe
(Advanced Micro Devices Inc.) C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe
(AVG Technologies CZ, s.r.o.) C:Program Files (x86)AVGAVG2014avgui.exe
(ELAN Microelectronics Corp.) C:Program FilesElantechETDCtrlHelper.exe
(ATI Technologies Inc.) C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe
(Microsoft Corporation) C:windowsSysWOW64svchost.exe
(TOSHIBA Corporation) C:Program Files (x86)TOSHIBATOSHIBA Service StationTMachInfo.exe
(TOSHIBA Corporation) C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSmartSrv.exe
(TOSHIBA Corporation) C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSENotify.exe
(Microsoft Corporation) C:windowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe
(AVG Technologies CZ, s.r.o.) C:Program Files (x86)AVGAVG2014avgcfgex.exe
(PPLive Corporation) C:Program Files (x86)Common FilesPPLiveNetworkPPAP.exe
(AVG Technologies CZ, s.r.o.) C:Program Files (x86)AVGAVG2014avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:Program Files (x86)AVGAVG2014avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:Program Files (x86)AVGAVG2014avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:Program Files (x86)AVGAVG2014avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:Program Files (x86)AVGAVG2014avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:Program Files (x86)AVGAVG2014avgcsrva.exe
==================== Registry (Whitelisted) ==================
HKLM...Run: [smartAudio] - C:Program FilesCONEXANTSAIISAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM...Run: [ETDCtrl] - C:Program FilesElantechETDCtrl.exe [2588456 2010-11-11] (ELAN Microelectronics Corp.)
HKLM...Run: [smartFaceVWatcher] - C:Program FilesTOSHIBASmartFaceVSmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM...Run: [TPwrMain] - C:Program FilesTOSHIBAPower SaverTPwrMain.exe [566184 2010-09-28] (TOSHIBA Corporation)
HKLM...Run: [smoothView] - C:Program FilesTOSHIBASmoothViewSmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM...Run: [00TCrdMain] - C:Program FilesTOSHIBAFlashCardsTCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM...Run: [TosVolRegulator] - C:Program FilesTOSHIBATosVolRegulatorTosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM...Run: [TosSENotify] - C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM...Run: [TosNC] - C:Program FilesTOSHIBABulletinBoardTosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM...Run: [TosReelTimeMonitor] - C:Program FilesTOSHIBAReelTimeTosReelTimeMonitor.exe [38304 2010-07-09] (TOSHIBA Corporation)
HKLM-x32...Run: [startCCC] - C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe [336384 2011-02-16] (Advanced Micro Devices, Inc.)
HKLM-x32...Run: [ToshibaServiceStation] - C:Program Files (x86)ToshibaTOSHIBA Service StationToshibaServiceStation.exe [1295224 2010-07-01] (TOSHIBA Corporation)
HKLM-x32...Run: [NortonOnlineBackupReminder] - C:Program Files (x86)ToshibaToshiba Online BackupActivationTobuActivation.exe [3218792 2010-08-17] (Toshiba)
HKLM-x32...Run: [ToshibaAppPlace] - C:Program Files (x86)ToshibaToshiba App PlaceToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32...Run: [AVG_UI] - C:Program Files (x86)AVGAVG2014avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
==================== Internet (Whitelisted) ====================
HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://msn.com/
StartMenuInternet: IEXPLORE.EXE - C:Program Files (x86)Internet Exploreriexplore.exe
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre7binssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre7binjp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre7binssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common Filesmicrosoft sharedWindows LiveWindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre7binjp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/pcpitstop/pcpitstop.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Program Files (x86)Common FilesSkypeSkype4COM.dll (Skype Technologies)
TcpipParameters: [DhcpNameServer] 24.217.0.5 24.217.201.67 24.247.15.53
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:windowssystem32MacromedFlashNPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:Program FilesJavajre7bindtpluginnpDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:Program FilesJavajre7binplugin2npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:Program FilesMicrosoft Silverlight5.1.20913.0npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:windowsSysWOW64MacromedFlashNPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:Program Files (x86)Javajre7bindtpluginnpDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:Program Files (x86)Javajre7binplugin2npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:Program Files (x86)Microsoft Silverlight5.1.20913.0npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pptv.com/plugin - C:Program Files (x86)Internet ExplorerPPLiteplugin1.0.1.3460npplugin2.dll (PPLive Corporation)
FF Plugin-x32: @qq.com/QzoneMusic - C:Program Files (x86)TencentQQMusicnpQzoneMusic.dll No File
FF Plugin-x32: @qq.com/TXSSO - C:Program Files (x86)Common FilesTencentTXSSO1.2.1.87BinnpSSOAxCtrlForPTLogin.dll (Tencent)
FF Plugin-x32: @real.com/nppl3260;version=15.0.4.53 - c:program files (x86)realrealplayerNetscape6nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.4.53 - c:program files (x86)realrealplayerNetscape6nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.4.53 - c:program files (x86)realrealplayerNetscape6nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:Program Files (x86)GoogleUpdate1.3.21.165npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:Program Files (x86)GoogleUpdate1.3.21.165npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:UsershungkeongAppDataRoamingMozillaFirefoxprofilesextensionsextensions
FF Extension: mp3rocketdownloader - C:UsershungkeongAp[email protected]mp3rocket.me.xpi
FF HKLM-x32...FirefoxExtensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:ProgramDataRealRealPlayerBrowserRecordPluginFirefoxExt
FF Extension: RealPlayer Browser Record Plugin - C:ProgramDataRealRealPlayerBrowserRecordPluginFirefoxExt
FF HKLM-x32...FirefoxExtensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:ProgramDataRealRealPlayerBrowserRecordPluginFirefoxExt
FF Extension: RealPlayer Browser Record Plugin - C:ProgramDataRealRealPlayerBrowserRecordPluginFirefoxExt
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:Program Files (x86)GoogleChromeApplication30.0.1599.101PepperFlashpepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:Program Files (x86)GoogleChromeApplication30.0.1599.101ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:Program Files (x86)GoogleChromeApplication30.0.1599.101pdf.dll ()
CHR Plugin: (ChromeUtilPlugin) - C:UsershungkeongAppDataLocalGoogleChromeUser DataDefaultExtensionsaaaalfcdpfagiijfjeapclohpegmcpml11.39725_0background/ChromeUtilPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:Program Files (x86)AdobeReader 10.0ReaderBrowsernppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:Program Files (x86)Javajre6binnew_pluginnpdeployJava1.dll No File
CHR Plugin: (Java Platform SE 6 U20) - C:Program Files (x86)Javajre6binnew_pluginnpjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:Program Files (x86)QuickTimepluginsnpqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:Program Files (x86)QuickTimepluginsnpqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:Program Files (x86)QuickTimepluginsnpqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:Program Files (x86)QuickTimepluginsnpqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:Program Files (x86)QuickTimepluginsnpqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:Program Files (x86)QuickTimepluginsnpqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:Program Files (x86)QuickTimepluginsnpqtplugin7.dll (Apple Inc.)
CHR Plugin: (Tencent SSO Platform) - C:Program Files (x86)Common FilesTencentTXSSO1.2.1.87BinnpSSOAxCtrlForPTLogin.dll (Tencent)
CHR Plugin: (Google Update) - C:Program Files (x86)GoogleUpdate1.3.21.135npGoogleUpdate3.dll No File
CHR Plugin: (PPLive PPTV Plugin) - C:Program Files (x86)Internet ExplorerPPLiteplugin1.0.1.3460npplugin2.dll (PPLive Corporation)
CHR Plugin: (QQMusic) - C:Program Files (x86)TencentQQMusicnpQzoneMusic.dll No File
CHR Plugin: (Photo Gallery) - C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll ()
CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Shockwave Flash) - C:windowsSysWOW64MacromedFlashNPSWF32_11_6_602_180.dll No File
CHR Plugin: (Silverlight Plug-In) - c:Program Files (x86)Microsoft Silverlight5.1.20125.0npctrl.dll No File
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:program files (x86)realrealplayerNetscape6nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - c:program files (x86)realrealplayerNetscape6nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:program files (x86)realrealplayerNetscape6nprpplugin.dll (RealPlayer)
CHR Extension: (Google Docs) - C:UsersHUNGKE~1AppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake0.5_0
CHR Extension: (Google Drive) - C:UsersHUNGKE~1AppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf6.3_0
CHR Extension: (YouTube) - C:UsersHUNGKE~1AppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.6_0
CHR Extension: (ShoppingChip) - C:UsersHUNGKE~1AppDataLocalGoogleChromeUser DataDefaultExtensionscdlfekohkhfdbpmokgdkhemgjkdclabo1.1
CHR Extension: (Google Search) - C:UsersHUNGKE~1AppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.20_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:UsersHUNGKE~1AppDataLocalGoogleChromeUser DataDefaultExtensionsjfmjfhklogoienhpfnppmbcbjfjnkonk1.5_0
CHR Extension: (Skype Click to Call) - C:UsersHUNGKE~1AppDataLocalGoogleChromeUser DataDefaultExtensionslifbcibllhkdhoafpjfnlhfpfgnpldfl5.9.0.9216_0
CHR Extension: (Advanced SystemCare Surfing Protection) - C:UsersHUNGKE~1AppDataLocalGoogleChromeUser DataDefaultExtensionsnfengeggddojhakldhlpjdlddgkkjkdd1.0.0_1
CHR Extension: (Google Wallet) - C:UsersHUNGKE~1AppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda0.0.5.0_0
CHR Extension: (Gmail) - C:UsersHUNGKE~1AppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_1
CHR HKLM-x32...ChromeExtension: [aaaalfcdpfagiijfjeapclohpegmcpml] - C:ProgramDataAskPartnerNetworkToolbarMP3RV6CRXToolbarCR.crx
CHR HKLM-x32...ChromeExtension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:ProgramDataRealRealPlayerBrowserRecordPluginChromeExtrphtml5video.crx
CHR HKLM-x32...ChromeExtension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:Program Files (x86)SkypeToolbarsSkype for Chromiumskype_chrome_extension.crx
CHR HKLM-x32...ChromeExtension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:Program Files (x86)IObitAdvanced SystemCare 6BrowerProtectASC_GhromePlugin.crx
==================== Services (Whitelisted) =================
R2 AdvancedSystemCareService6; C:Program Files (x86)IObitAdvanced SystemCare 6ASCService.exe [574272 2013-04-18] (IObit)
R2 AVGIDSAgent; C:Program Files (x86)AVGAVG2014avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:Program Files (x86)AVGAVG2014avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
R2 PCCUJobMgr; C:Program Files (x86)Norton PC CheckupEngine2.0.10.26ccSvcHst.exe [126392 2011-02-03] (Symantec Corporation)
R2 PPTVService; C:windowsSysWOW64PPTVSvc.dll [478032 2013-01-31] (PPTV)
==================== Drivers (Whitelisted) ====================
R1 Avgdiska; C:WindowsSystem32DRIVERSavgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:WindowsSystem32DRIVERSavgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:WindowsSystem32DRIVERSavgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:WindowsSystem32DRIVERSavgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:WindowsSystem32DRIVERSavgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:WindowsSystem32DRIVERSavgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:WindowsSystem32DRIVERSavgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:WindowsSystem32DRIVERSavgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 MEMSWEEP2; C:windowssystem3219C8.tmp [6144 2010-05-26] (Sophos Plc)
U5 AppMgmt; C:Windowssystem32svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; ??C:ComboFixcatchme.sys [x]
U5 GEARAspiWDM; C:WindowsSystem32DriversGEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-14 16:55 - 2013-11-14 17:00 - 00000000 ____D C:UsershungkeongDesktopHiJack
2013-11-13 23:05 - 2013-10-12 02:45 - 00051712 _____ (Microsoft Corporation) C:windowssystem32ie4uinit.exe
2013-11-13 23:05 - 2013-10-12 02:43 - 00526336 _____ (Microsoft Corporation) C:windowssystem32ieui.dll
2013-11-13 23:05 - 2013-10-12 02:43 - 00136704 _____ (Microsoft Corporation) C:windowssystem32iesysprep.dll
2013-11-13 23:05 - 2013-10-12 02:43 - 00067072 _____ (Microsoft Corporation) C:windowssystem32iesetup.dll
2013-11-13 23:05 - 2013-10-12 02:43 - 00039936 _____ (Microsoft Corporation) C:windowssystem32iernonce.dll
2013-11-13 23:05 - 2013-10-12 01:02 - 02049024 _____ (Microsoft Corporation) C:windowsSysWOW64iertutil.dll
2013-11-13 23:05 - 2013-10-12 01:02 - 00391168 _____ (Microsoft Corporation) C:windowsSysWOW64ieui.dll
2013-11-13 23:05 - 2013-10-12 01:02 - 00109056 _____ (Microsoft Corporation) C:windowsSysWOW64iesysprep.dll
2013-11-13 23:05 - 2013-10-12 01:02 - 00061440 _____ (Microsoft Corporation) C:windowsSysWOW64iesetup.dll
2013-11-13 23:05 - 2013-10-12 01:02 - 00033280 _____ (Microsoft Corporation) C:windowsSysWOW64iernonce.dll
2013-11-13 23:05 - 2013-10-12 00:35 - 02706432 _____ (Microsoft Corporation) C:windowssystem32mshtml.tlb
2013-11-13 23:05 - 2013-10-12 00:08 - 02706432 _____ (Microsoft Corporation) C:windowsSysWOW64mshtml.tlb
2013-11-13 23:05 - 2013-10-11 23:44 - 00089600 _____ (Microsoft Corporation) C:windowssystem32RegisterIEPKEYs.exe
2013-11-13 23:05 - 2013-10-11 23:15 - 00071680 _____ (Microsoft Corporation) C:windowsSysWOW64RegisterIEPKEYs.exe
2013-11-13 23:04 - 2013-10-12 02:45 - 02241536 _____ (Microsoft Corporation) C:windowssystem32wininet.dll
2013-11-13 23:04 - 2013-10-12 02:45 - 01364992 _____ (Microsoft Corporation) C:windowssystem32urlmon.dll
2013-11-13 23:04 - 2013-10-12 02:43 - 19269632 _____ (Microsoft Corporation) C:windowssystem32mshtml.dll
2013-11-13 23:04 - 2013-10-12 02:43 - 15404544 _____ (Microsoft Corporation) C:windowssystem32ieframe.dll
2013-11-13 23:04 - 2013-10-12 02:43 - 03959808 _____ (Microsoft Corporation) C:windowssystem32jscript9.dll
2013-11-13 23:04 - 2013-10-12 02:43 - 02648576 _____ (Microsoft Corporation) C:windowssystem32iertutil.dll
2013-11-13 23:04 - 2013-10-12 02:43 - 00855552 _____ (Microsoft Corporation) C:windowssystem32jscript.dll
2013-11-13 23:04 - 2013-10-12 02:43 - 00603136 _____ (Microsoft Corporation) C:windowssystem32msfeeds.dll
2013-11-13 23:04 - 2013-10-12 02:43 - 00053248 _____ (Microsoft Corporation) C:windowssystem32jsproxy.dll
2013-11-13 23:04 - 2013-10-12 01:03 - 01767936 _____ (Microsoft Corporation) C:windowsSysWOW64wininet.dll
2013-11-13 23:04 - 2013-10-12 01:03 - 01138176 _____ (Microsoft Corporation) C:windowsSysWOW64urlmon.dll
2013-11-13 23:04 - 2013-10-12 01:02 - 14355968 _____ (Microsoft Corporation) C:windowsSysWOW64mshtml.dll
2013-11-13 23:04 - 2013-10-12 01:02 - 13761024 _____ (Microsoft Corporation) C:windowsSysWOW64ieframe.dll
2013-11-13 23:04 - 2013-10-12 01:02 - 02877952 _____ (Microsoft Corporation) C:windowsSysWOW64jscript9.dll
2013-11-13 23:04 - 2013-10-12 01:02 - 00690688 _____ (Microsoft Corporation) C:windowsSysWOW64jscript.dll
2013-11-13 23:04 - 2013-10-12 01:02 - 00493056 _____ (Microsoft Corporation) C:windowsSysWOW64msfeeds.dll
2013-11-13 23:04 - 2013-10-12 01:02 - 00039424 _____ (Microsoft Corporation) C:windowsSysWOW64jsproxy.dll
2013-11-13 21:22 - 2013-11-13 21:22 - 02347384 _____ (ESET) C:UsershungkeongDownloadsesetsmartinstaller_enu.exe
2013-11-13 17:00 - 2013-11-13 17:00 - 00000017 _____ C:UsershungkeongAppDataLocalresmon.resmoncfg
2013-11-13 17:00 - 2013-10-05 14:25 - 01474048 _____ (Microsoft Corporation) C:windowssystem32crypt32.dll
2013-11-13 17:00 - 2013-10-05 13:57 - 01168384 _____ (Microsoft Corporation) C:windowsSysWOW64crypt32.dll
2013-11-13 17:00 - 2013-10-03 20:28 - 00190464 _____ (Microsoft Corporation) C:windowssystem32SmartcardCredentialProvider.dll
2013-11-13 17:00 - 2013-10-03 20:25 - 00197120 _____ (Microsoft Corporation) C:windowssystem32credui.dll
2013-11-13 17:00 - 2013-10-03 20:24 - 01930752 _____ (Microsoft Corporation) C:windowssystem32authui.dll
2013-11-13 17:00 - 2013-10-03 19:58 - 00152576 _____ (Microsoft Corporation) C:windowsSysWOW64SmartcardCredentialProvider.dll
2013-11-13 17:00 - 2013-10-03 19:56 - 01796096 _____ (Microsoft Corporation) C:windowsSysWOW64authui.dll
2013-11-13 17:00 - 2013-10-03 19:56 - 00168960 _____ (Microsoft Corporation) C:windowsSysWOW64credui.dll
2013-11-13 17:00 - 2013-09-27 19:09 - 00497152 _____ (Microsoft Corporation) C:windowssystem32Driversafd.sys
2013-11-13 16:59 - 2013-10-11 20:30 - 00830464 _____ (Microsoft Corporation) C:windowssystem32nshwfp.dll
2013-11-13 16:59 - 2013-10-11 20:29 - 00859648 _____ (Microsoft Corporation) C:windowssystem32IKEEXT.DLL
2013-11-13 16:59 - 2013-10-11 20:29 - 00324096 _____ (Microsoft Corporation) C:windowssystem32FWPUCLNT.DLL
2013-11-13 16:59 - 2013-10-11 20:03 - 00656896 _____ (Microsoft Corporation) C:windowsSysWOW64nshwfp.dll
2013-11-13 16:59 - 2013-10-11 20:01 - 00216576 _____ (Microsoft Corporation) C:windowsSysWOW64FWPUCLNT.DLL
2013-11-13 16:59 - 2013-10-02 20:23 - 00404480 _____ (Microsoft Corporation) C:windowssystem32gdi32.dll
2013-11-13 16:59 - 2013-10-02 20:00 - 00311808 _____ (Microsoft Corporation) C:windowsSysWOW64gdi32.dll
2013-11-13 16:59 - 2013-09-24 20:26 - 00154560 _____ (Microsoft Corporation) C:windowssystem32Driversksecpkg.sys
2013-11-13 16:59 - 2013-09-24 20:26 - 00095680 _____ (Microsoft Corporation) C:windowssystem32Driversksecdd.sys
2013-11-13 16:59 - 2013-09-24 20:23 - 00135680 _____ (Microsoft Corporation) C:windowssystem32sspicli.dll
2013-11-13 16:59 - 2013-09-24 20:23 - 00028672 _____ (Microsoft Corporation) C:windowssystem32sspisrv.dll
2013-11-13 16:59 - 2013-09-24 20:23 - 00028160 _____ (Microsoft Corporation) C:windowssystem32secur32.dll
2013-11-13 16:59 - 2013-09-24 20:22 - 00340992 _____ (Microsoft Corporation) C:windowssystem32schannel.dll
2013-11-13 16:59 - 2013-09-24 20:21 - 01447936 _____ (Microsoft Corporation) C:windowssystem32lsasrv.dll
2013-11-13 16:59 - 2013-09-24 20:21 - 00307200 _____ (Microsoft Corporation) C:windowssystem32ncrypt.dll
2013-11-13 16:59 - 2013-09-24 19:58 - 00096768 _____ (Microsoft Corporation) C:windowsSysWOW64sspicli.dll
2013-11-13 16:59 - 2013-09-24 19:57 - 00247808 _____ (Microsoft Corporation) C:windowsSysWOW64schannel.dll
2013-11-13 16:59 - 2013-09-24 19:57 - 00022016 _____ (Microsoft Corporation) C:windowsSysWOW64secur32.dll
2013-11-13 16:59 - 2013-09-24 19:56 - 00220160 _____ (Microsoft Corporation) C:windowsSysWOW64ncrypt.dll
2013-11-13 16:59 - 2013-09-24 19:03 - 00030720 _____ (Microsoft Corporation) C:windowssystem32lsass.exe
2013-11-13 16:59 - 2013-07-04 06:18 - 00458712 _____ (Microsoft Corporation) C:windowssystem32Driverscng.sys
2013-11-13 16:54 - 2013-11-13 16:54 - 00000000 ____D C:Program Files (x86)ESET
2013-11-12 20:21 - 2013-11-12 20:21 - 00000000 ____D C:UsershungkeongAppDataRoamingOracle
2013-11-12 20:18 - 2013-11-12 20:17 - 00264616 _____ (Oracle Corporation) C:windowsSysWOW64javaws.exe
2013-11-12 20:18 - 2013-11-12 20:17 - 00175016 _____ (Oracle Corporation) C:windowsSysWOW64javaw.exe
2013-11-12 20:18 - 2013-11-12 20:17 - 00174504 _____ (Oracle Corporation) C:windowsSysWOW64java.exe
2013-11-12 20:18 - 2013-11-12 20:17 - 00096168 _____ (Oracle Corporation) C:windowsSysWOW64WindowsAccessBridge-32.dll
2013-11-12 20:13 - 2013-11-12 20:13 - 00915368 _____ (Oracle Corporation) C:UsershungkeongDownloadschromeinstall-7u45.exe
2013-11-12 19:34 - 2013-11-12 19:34 - 00026498 _____ C:ComboFix.txt
2013-11-12 19:02 - 2011-06-26 00:45 - 00256000 _____ C:windowsPEV.exe
2013-11-12 19:02 - 2010-11-07 11:20 - 00208896 _____ C:windowsMBR.exe
2013-11-12 19:02 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:windowsNIRCMD.exe
2013-11-12 19:02 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:windowsSWREG.exe
2013-11-12 19:02 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:windowsSWSC.exe
2013-11-12 19:02 - 2000-08-30 18:00 - 00098816 _____ C:windowssed.exe
2013-11-12 19:02 - 2000-08-30 18:00 - 00080412 _____ C:windowsgrep.exe
2013-11-12 19:02 - 2000-08-30 18:00 - 00068096 _____ C:windowszip.exe
2013-11-12 19:01 - 2013-11-12 19:34 - 00000000 ____D C:Qoobox
2013-11-12 19:00 - 2013-11-12 19:28 - 00000000 ____D C:windowserdnt
2013-11-12 18:56 - 2013-11-12 20:20 - 00000000 ____D C:ProgramDataOracle
2013-11-12 18:56 - 2013-11-12 18:55 - 00312744 _____ (Oracle Corporation) C:windowssystem32javaws.exe
2013-11-12 18:56 - 2013-11-12 18:55 - 00189352 _____ (Oracle Corporation) C:windowssystem32javaw.exe
2013-11-12 18:56 - 2013-11-12 18:55 - 00189352 _____ (Oracle Corporation) C:windowssystem32java.exe
2013-11-12 18:56 - 2013-11-12 18:55 - 00108968 _____ (Oracle Corporation) C:windowssystem32WindowsAccessBridge-64.dll
2013-11-12 18:55 - 2013-11-12 18:55 - 00000000 ____D C:Program FilesJava
2013-11-12 18:16 - 2013-11-12 18:16 - 00025357 _____ C:JavaRa.log
2013-11-11 19:25 - 2013-11-11 19:25 - 00000000 ____D C:FRST
2013-11-11 18:52 - 2013-11-11 18:52 - 00000000 ____D C:windowsERUNT
2013-11-11 18:44 - 2013-11-11 18:46 - 00000000 ____D C:AdwCleaner
2013-11-11 18:40 - 2013-11-11 18:40 - 00001184 _____ C:UsershungkeongDesktopPCCleanup - Shortcut.lnk
2013-11-09 17:25 - 2013-11-09 17:25 - 00000000 ____D C:UsershungkeongAppDataRoamingAVG2014
2013-11-09 17:23 - 2013-11-09 17:23 - 00000000 ____D C:UsershungkeongAppDataRoamingTuneUp Software
2013-11-09 17:20 - 2013-11-09 17:24 - 00000000 ____D C:ProgramDataAVG2014
2013-11-09 17:20 - 2013-11-09 17:20 - 00000000 ____D C:$AVG
2013-11-09 17:19 - 2013-11-09 17:19 - 00000000 ____D C:Program Files (x86)AVG
2013-11-08 22:19 - 2013-11-08 22:44 - 00000000 ____D C:ProgramDataMalwarebytes' Anti-Malware (portable)
2013-11-08 22:18 - 2013-11-08 22:18 - 00091352 _____ (Malwarebytes Corporation) C:windowssystem32Driversmbamchameleon.sys
2013-11-08 21:27 - 2010-05-26 10:39 - 00006144 ____N (Sophos Plc) C:windowssystem3219C8.tmp
2013-11-08 21:23 - 2010-05-26 10:39 - 00006144 ____N (Sophos Plc) C:windowssystem32385E.tmp
2013-11-07 02:52 - 2013-11-14 17:03 - 00000728 _____ C:windowssetupact.log
2013-11-07 02:52 - 2013-11-07 02:52 - 00000000 _____ C:windowssetuperr.log
2013-11-07 02:51 - 2013-11-14 16:47 - 00004308 _____ C:windowsPFRO.log
2013-11-07 02:36 - 2013-11-12 20:39 - 00000000 ____D C:ProgramDataIObit
2013-11-07 02:36 - 2013-11-07 02:36 - 00001275 _____ C:UsershungkeongAppDataRoamingMicrosoftWindowsStart MenuUninstall Programs.lnk
2013-11-07 02:36 - 2013-11-07 02:36 - 00000000 ____D C:UsershungkeongAppDataRoamingIObit
2013-11-07 02:36 - 2013-11-07 02:36 - 00000000 ____D C:ProgramData{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-11-07 02:36 - 2013-11-07 02:36 - 00000000 ____D C:Program Files (x86)IObit
2013-11-07 02:31 - 2013-11-07 02:31 - 00000000 ____D C:UsershungkeongAppDataRoamingSUPERAntiSpyware.com
2013-11-07 02:31 - 2013-11-07 02:31 - 00000000 ____D C:ProgramDataSUPERAntiSpyware.com
2013-11-07 02:30 - 2013-11-07 02:31 - 00216352 _____ C:UsershungkeongDocumentscc_20131107_BackUp.reg
2013-11-07 01:14 - 2013-11-14 18:46 - 00000000 ____D C:ProgramDataMFAData
2013-11-07 01:14 - 2013-11-09 17:27 - 00000000 ____D C:UsershungkeongAppDataLocalAvg2014
2013-11-07 01:14 - 2013-11-07 01:14 - 00000000 ____D C:UsershungkeongAppDataLocalMFAData
2013-11-07 00:56 - 2013-11-13 22:54 - 00000000 ____D C:Program Files (x86)PCCleanup
2013-11-05 01:12 - 2013-11-05 01:44 - 00000000 ____D C:windowssystem32MpEngineStore
2013-11-05 00:53 - 2013-11-13 23:02 - 00000000 ____D C:windowssystem32MRT
2013-11-05 00:51 - 2013-11-13 22:56 - 82896128 _____ (Microsoft Corporation) C:windowssystem32MRT.exe
2013-11-04 23:48 - 2013-11-04 23:48 - 00003230 _____ C:windowsSystem32TasksRealUpgradeLogonTaskS-1-5-21-1641970090-1460547868-2588245608-1000
2013-11-04 23:47 - 2013-11-04 23:47 - 00003356 _____ C:windowsSystem32TasksRealUpgradeScheduledTaskS-1-5-21-1641970090-1460547868-2588245608-1000
2013-10-26 00:30 - 2013-10-26 00:58 - 725141504 _____ C:UsershungkeongSquirting Orgasms (How To) - Step By Step Detailed Technique.avi
2013-10-26 00:21 - 2013-10-26 00:32 - 73143702 _____ C:UsershungkeongHow Make Squirting Orgasms By Woman - Training Vid.avi
2013-10-26 00:18 - 2013-11-08 20:46 - 00000000 ____D C:Program Files (x86)PSupport
2013-10-26 00:18 - 2013-10-26 00:24 - 00000000 ____D C:UsershungkeongShesGonnaSquirt - Gaia - Squirting Like a Showerhead mp4s
2013-10-26 00:18 - 2013-10-26 00:18 - 00003992 _____ C:UsershungkeongDesktop{1D2ABF6A-2B19-3E94-0991-5B5BDB7134DA}
2013-10-26 00:15 - 2013-10-28 23:21 - 00000000 ____D C:Program Files (x86)Kozaka
2013-10-26 00:15 - 2013-10-26 00:18 - 00000000 ____D C:UsershungkeongAppDataRoamingExpressFiles
2013-10-26 00:15 - 2013-10-26 00:15 - 00003098 _____ C:windowsSystem32TasksExpress FilesUpdate
2013-10-26 00:15 - 2013-10-26 00:15 - 00001964 _____ C:UsersPublicDesktopExpress Files.lnk
2013-10-26 00:15 - 2013-10-26 00:15 - 00000000 ____D C:Program Files (x86)ExpressFiles
==================== One Month Modified Files and Folders =======
2013-11-14 20:39 - 2012-07-24 21:31 - 00000830 _____ C:windowsTasksAdobe Flash Player Updater.job
2013-11-14 20:12 - 2011-05-16 09:16 - 00000912 _____ C:windowsTasksGoogleUpdateTaskMachineUA.job
2013-11-14 18:46 - 2013-11-07 01:14 - 00000000 ____D C:ProgramDataMFAData
2013-11-14 17:18 - 2013-02-20 02:44 - 00000000 ____D C:FavoriteVideo
2013-11-14 17:10 - 2011-05-16 08:24 - 01232088 _____ C:windowsWindowsUpdate.log
2013-11-14 17:10 - 2009-07-13 22:45 - 00024608 ____H C:windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-14 17:10 - 2009-07-13 22:45 - 00024608 ____H C:windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-14 17:04 - 2011-05-16 09:16 - 00000908 _____ C:windowsTasksGoogleUpdateTaskMachineCore.job
2013-11-14 17:03 - 2013-11-07 02:52 - 00000728 _____ C:windowssetupact.log
2013-11-14 17:03 - 2009-07-13 23:08 - 00000006 ____H C:windowsTasksSA.DAT
2013-11-14 17:00 - 2013-11-14 16:55 - 00000000 ____D C:UsershungkeongDesktopHiJack
2013-11-14 16:52 - 2011-03-29 21:11 - 00000000 ____D C:windowsPanther
2013-11-14 16:47 - 2013-11-07 02:51 - 00004308 _____ C:windowsPFRO.log
2013-11-13 23:02 - 2013-11-05 00:53 - 00000000 ____D C:windowssystem32MRT
2013-11-13 22:56 - 2013-11-05 00:51 - 82896128 _____ (Microsoft Corporation) C:windowssystem32MRT.exe
2013-11-13 22:54 - 2013-11-07 00:56 - 00000000 ____D C:Program Files (x86)PCCleanup
2013-11-13 22:51 - 2009-07-13 23:13 - 00726444 _____ C:windowssystem32PerfStringBackup.INI
2013-11-13 21:22 - 2013-11-13 21:22 - 02347384 _____ (ESET) C:UsershungkeongDownloadsesetsmartinstaller_enu.exe
2013-11-13 17:00 - 2013-11-13 17:00 - 00000017 _____ C:UsershungkeongAppDataLocalresmon.resmoncfg
2013-11-13 16:54 - 2013-11-13 16:54 - 00000000 ____D C:Program Files (x86)ESET
2013-11-12 20:39 - 2013-11-07 02:36 - 00000000 ____D C:ProgramDataIObit
2013-11-12 20:21 - 2013-11-12 20:21 - 00000000 ____D C:UsershungkeongAppDataRoamingOracle
2013-11-12 20:20 - 2013-11-12 18:56 - 00000000 ____D C:ProgramDataOracle
2013-11-12 20:17 - 2013-11-12 20:18 - 00264616 _____ (Oracle Corporation) C:windowsSysWOW64javaws.exe
2013-11-12 20:17 - 2013-11-12 20:18 - 00175016 _____ (Oracle Corporation) C:windowsSysWOW64javaw.exe
2013-11-12 20:17 - 2013-11-12 20:18 - 00174504 _____ (Oracle Corporation) C:windowsSysWOW64java.exe
2013-11-12 20:17 - 2013-11-12 20:18 - 00096168 _____ (Oracle Corporation) C:windowsSysWOW64WindowsAccessBridge-32.dll
2013-11-12 20:17 - 2011-03-29 20:48 - 00000000 ____D C:Program Files (x86)Java
2013-11-12 20:13 - 2013-11-12 20:13 - 00915368 _____ (Oracle Corporation) C:UsershungkeongDownloadschromeinstall-7u45.exe
2013-11-12 19:34 - 2013-11-12 19:34 - 00026498 _____ C:ComboFix.txt
2013-11-12 19:34 - 2013-11-12 19:01 - 00000000 ____D C:Qoobox
2013-11-12 19:34 - 2009-07-13 21:20 - 00000000 __RHD C:UsersDefault
2013-11-12 19:28 - 2013-11-12 19:00 - 00000000 ____D C:windowserdnt
2013-11-12 19:26 - 2009-07-13 20:34 - 00000215 _____ C:windowssystem.ini
2013-11-12 18:55 - 2013-11-12 18:56 - 00312744 _____ (Oracle Corporation) C:windowssystem32javaws.exe
2013-11-12 18:55 - 2013-11-12 18:56 - 00189352 _____ (Oracle Corporation) C:windowssystem32javaw.exe
2013-11-12 18:55 - 2013-11-12 18:56 - 00189352 _____ (Oracle Corporation) C:windowssystem32java.exe
2013-11-12 18:55 - 2013-11-12 18:56 - 00108968 _____ (Oracle Corporation) C:windowssystem32WindowsAccessBridge-64.dll
2013-11-12 18:55 - 2013-11-12 18:55 - 00000000 ____D C:Program FilesJava
2013-11-12 18:25 - 2011-11-29 22:17 - 00000000 ____D C:UsershungkeongAppDataLocalCrashDumps
2013-11-12 18:16 - 2013-11-12 18:16 - 00025357 _____ C:JavaRa.log
2013-11-11 19:25 - 2013-11-11 19:25 - 00000000 ____D C:FRST
2013-11-11 18:52 - 2013-11-11 18:52 - 00000000 ____D C:windowsERUNT
2013-11-11 18:46 - 2013-11-11 18:44 - 00000000 ____D C:AdwCleaner
2013-11-11 18:40 - 2013-11-11 18:40 - 00001184 _____ C:UsershungkeongDesktopPCCleanup - Shortcut.lnk
2013-11-09 19:09 - 2011-08-07 23:56 - 00000000 ____D C:UsershungkeongAppDataLocalVirtualStore
2013-11-09 17:27 - 2013-11-07 01:14 - 00000000 ____D C:UsershungkeongAppDataLocalAvg2014
2013-11-09 17:25 - 2013-11-09 17:25 - 00000000 ____D C:UsershungkeongAppDataRoamingAVG2014
2013-11-09 17:24 - 2013-11-09 17:20 - 00000000 ____D C:ProgramDataAVG2014
2013-11-09 17:23 - 2013-11-09 17:23 - 00000000 ____D C:UsershungkeongAppDataRoamingTuneUp Software
2013-11-09 17:20 - 2013-11-09 17:20 - 00000000 ____D C:$AVG
2013-11-09 17:19 - 2013-11-09 17:19 - 00000000 ____D C:Program Files (x86)AVG
2013-11-08 22:44 - 2013-11-08 22:19 - 00000000 ____D C:ProgramDataMalwarebytes' Anti-Malware (portable)
2013-11-08 22:18 - 2013-11-08 22:18 - 00091352 _____ (Malwarebytes Corporation) C:windowssystem32Driversmbamchameleon.sys
2013-11-08 20:46 - 2013-10-26 00:18 - 00000000 ____D C:Program Files (x86)PSupport
2013-11-07 02:52 - 2013-11-07 02:52 - 00000000 _____ C:windowssetuperr.log
2013-11-07 02:36 - 2013-11-07 02:36 - 00001275 _____ C:UsershungkeongAppDataRoamingMicrosoftWindowsStart MenuUninstall Programs.lnk
2013-11-07 02:36 - 2013-11-07 02:36 - 00000000 ____D C:UsershungkeongAppDataRoamingIObit
2013-11-07 02:36 - 2013-11-07 02:36 - 00000000 ____D C:ProgramData{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-11-07 02:36 - 2013-11-07 02:36 - 00000000 ____D C:Program Files (x86)IObit
2013-11-07 02:36 - 2011-10-12 22:34 - 00000000 ____D C:UsershungkeongAppDataRoamingApple Computer
2013-11-07 02:31 - 2013-11-07 02:31 - 00000000 ____D C:UsershungkeongAppDataRoamingSUPERAntiSpyware.com
2013-11-07 02:31 - 2013-11-07 02:31 - 00000000 ____D C:ProgramDataSUPERAntiSpyware.com
2013-11-07 02:31 - 2013-11-07 02:30 - 00216352 _____ C:UsershungkeongDocumentscc_20131107_BackUp.reg
2013-11-07 01:58 - 2013-05-06 20:35 - 00000000 ____D C:UsershungkeongAppDataRoaminguTorrent
2013-11-07 01:58 - 2011-08-18 00:12 - 00000000 ____D C:UsershungkeongTracing
2013-11-07 01:58 - 2011-08-10 23:42 - 00000000 ____D C:UsershungkeongAppDataRoamingSkype
2013-11-07 01:14 - 2013-11-07 01:14 - 00000000 ____D C:UsershungkeongAppDataLocalMFAData
2013-11-06 22:39 - 2011-08-08 00:00 - 00000000 ____D C:UsershungkeongAppDataRoamingToshiba
2013-11-05 01:44 - 2013-11-05 01:12 - 00000000 ____D C:windowssystem32MpEngineStore
2013-11-04 23:48 - 2013-11-04 23:48 - 00003230 _____ C:windowsSystem32TasksRealUpgradeLogonTaskS-1-5-21-1641970090-1460547868-2588245608-1000
2013-11-04 23:47 - 2013-11-04 23:47 - 00003356 _____ C:windowsSystem32TasksRealUpgradeScheduledTaskS-1-5-21-1641970090-1460547868-2588245608-1000
2013-10-28 23:21 - 2013-10-26 00:15 - 00000000 ____D C:Program Files (x86)Kozaka
2013-10-26 00:58 - 2013-10-26 00:30 - 725141504 _____ C:UsershungkeongSquirting Orgasms (How To) - Step By Step Detailed Technique.avi
2013-10-26 00:32 - 2013-10-26 00:21 - 73143702 _____ C:UsershungkeongHow Make Squirting Orgasms By Woman - Training Vid.avi
2013-10-26 00:30 - 2011-08-07 23:53 - 00000000 ____D C:Usershungkeong
2013-10-26 00:24 - 2013-10-26 00:18 - 00000000 ____D C:UsershungkeongShesGonnaSquirt - Gaia - Squirting Like a Showerhead mp4s
2013-10-26 00:18 - 2013-10-26 00:18 - 00003992 _____ C:UsershungkeongDesktop{1D2ABF6A-2B19-3E94-0991-5B5BDB7134DA}
2013-10-26 00:18 - 2013-10-26 00:15 - 00000000 ____D C:UsershungkeongAppDataRoamingExpressFiles
2013-10-26 00:15 - 2013-10-26 00:15 - 00003098 _____ C:windowsSystem32TasksExpress FilesUpdate
2013-10-26 00:15 - 2013-10-26 00:15 - 00001964 _____ C:UsersPublicDesktopExpress Files.lnk
2013-10-26 00:15 - 2013-10-26 00:15 - 00000000 ____D C:Program Files (x86)ExpressFiles
2013-10-18 20:54 - 2011-08-10 23:42 - 00000000 ____D C:ProgramDataSkype
2013-10-18 20:53 - 2011-08-10 23:42 - 00000000 ___RD C:Program Files (x86)Skype
2013-10-17 22:33 - 2011-09-05 22:41 - 00000000 ____D C:UsershungkeongIncomplete
2013-10-16 21:07 - 2011-05-16 09:16 - 00003908 _____ C:windowsSystem32TasksGoogleUpdateTaskMachineUA
2013-10-16 21:07 - 2011-05-16 09:16 - 00003656 _____ C:windowsSystem32TasksGoogleUpdateTaskMachineCore
Some content of TEMP:
====================
C:UsershungkeongAppDataLocalTemp{57AA69C7-68B5-4458-9E04-9048913FBA93}-31.0.1650.48_30.0.1599.101_chrome_updater.exe
==================== Bamital & volsnap Check =================
C:WindowsSystem32winlogon.exe => MD5 is legit
C:WindowsSystem32wininit.exe => MD5 is legit
C:WindowsSysWOW64wininit.exe => MD5 is legit
C:Windowsexplorer.exe => MD5 is legit
C:WindowsSysWOW64explorer.exe => MD5 is legit
C:WindowsSystem32svchost.exe => MD5 is legit
C:WindowsSysWOW64svchost.exe => MD5 is legit
C:WindowsSystem32services.exe => MD5 is legit
C:WindowsSystem32User32.dll => MD5 is legit
C:WindowsSysWOW64User32.dll => MD5 is legit
C:WindowsSystem32userinit.exe => MD5 is legit
C:WindowsSysWOW64userinit.exe => MD5 is legit
C:WindowsSystem32Driversvolsnap.sys => MD5 is legit
LastRegBack: 2013-11-10 00:51
==================== End Of Log ============================
QuickScan 32-bit v0.9.9.118
---------------------------
Scan date: Thu Nov 14 21:02:43 2013
Machine ID: 4EB5EF08
No infection found.
-------------------
Processes
---------
Advanced SystemCare 924 C:Program Files (x86)IObitAdvanced SystemCare 6ASCService.exe
AVG Internet Security 4268 C:Program Files (x86)AVGAVG2014avgcfgex.exe
AVG Internet Security 1360 C:Program Files (x86)AVGAVG2014avgidsagent.exe
AVG Internet Security 3848 C:Program Files (x86)AVGAVG2014avgui.exe
AVG Internet Security 1712 C:Program Files (x86)AVGAVG2014avgwdsvc.exe
MobileDeviceService 1652 C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
PPTV网络电视 4820 C:Program Files (x86)Common FilesPPLiveNetworkPPAP.exe
Symantec Security Technologies 1868 C:Program Files (x86)Norton PC CheckupEngine2.0.10.26ccSvcHst.exe
Symantec Security Technologies 3024 C:Program Files (x86)Norton PC CheckupEngine2.0.10.26ccSvcHst.exe
Windows® Internet Explorer 4308 C:Program Files (x86)Internet Exploreriexplore.exe
(verified) Microsoft® Windows® Operating System 2304 C:WindowsSysWOW64svchost.exe
Network activity
----------------
Process iexplore.exe (4308) connected on port 80 (HTTP) --> 131.253.13.140
Process iexplore.exe (4308) connected on port 80 (HTTP) --> 23.204.170.156
Process iexplore.exe (4308) connected on port 80 (HTTP) --> 23.67.218.156
Process iexplore.exe (4308) connected on port 80 (HTTP) --> 23.67.234.73
Process iexplore.exe (4308) connected on port 80 (HTTP) --> 65.55.5.231
Process iexplore.exe (4308) connected on port 80 (HTTP) --> 23.204.170.156
Process iexplore.exe (4308) connected on port 80 (HTTP) --> 23.204.170.156
Process iexplore.exe (4308) connected on port 80 (HTTP) --> 23.204.170.156
Process iexplore.exe (4308) connected on port 80 (HTTP) --> 23.204.170.156
Process iexplore.exe (4308) connected on port 80 (HTTP) --> 23.204.170.156
Process iexplore.exe (4308) connected on port 80 (HTTP) --> 23.204.170.156
Process iexplore.exe (4308) connected on port 80 (HTTP) --> 23.204.170.156
Process iexplore.exe (4308) connected on port 80 (HTTP) --> 131.253.40.50
Process iexplore.exe (4308) connected on port 80 (HTTP) --> 23.2.17.25
Process iexplore.exe (4308) connected on port 80 (HTTP) --> 70.37.130.35
Process iexplore.exe (4308) connected on port 80 (HTTP) --> 23.62.97.50
Process iexplore.exe (4308) connected on port 80 (HTTP) --> 74.125.225.27
Process iexplore.exe (4308) connected on port 80 (HTTP) --> 173.194.46.92
Process iexplore.exe (4308) connected on port 80 (HTTP) --> 65.55.5.231
Process iexplore.exe (4308) connected on port 443 (HTTP over SSL) --> 131.253.40.12
Process iexplore.exe (4308) connected on port 80 (HTTP) --> 216.38.172.159
Process iexplore.exe (4308) connected on port 443 (HTTP over SSL) --> 31.13.70.81
Process iexplore.exe (4308) connected on port 443 (HTTP over SSL) --> 93.184.216.139
Process iexplore.exe (4308) connected on port 80 (HTTP) --> 23.67.225.224
Process iexplore.exe (4308) connected on port 80 (HTTP) --> 31.13.70.81
Process iexplore.exe (4308) connected on port 80 (HTTP) --> 173.194.46.34
Process iexplore.exe (4308) connected on port 80 (HTTP) --> 74.125.225.90
Process iexplore.exe (4308) connected on port 80 (HTTP) --> 74.125.225.154
Process iexplore.exe (4308) connected on port 80 (HTTP) --> 173.194.46.80
Process PPAP.exe (4820) listens on ports: 843, 16000, 49289
Autoruns and critical files
---------------------------
Toshiba Volume Regulator C:Program FilesTOSHIBATosVolRegulatorTosVolRegulator.exe
Adobe® Flash® Player Update Service C:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
AVG Internet Security C:Program Files (x86)AVGAVG2014avgui.exe
Catalyst® Control Center C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe
ELAN Smart-Pad C:Program FilesElantechETDCtrl.exe
Message Center C:Program FilesToshibaBulletinBoardTosNcCore.exe
Microsoft® Windows® Operating System c:windowssystem32userinit.exe
SmartAudio Control Panel application C:Program FilesCONEXANTSAIISAIICpl.exe
SmartFaceVWatcher C:Program FilesToshibaSmartFaceVSmartFaceVWatcher.exe
Toshiba App Place C:Program Files (x86)ToshibaToshiba App PlaceToshibaAppPlace.exe
TOSHIBA Flash Cards C:Program FilesTOSHIBAFlashCardsTCrdMain.exe
TOSHIBA HDD SSD Alert C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosWaitSrv.exe
Toshiba Online Backup C:Program Files (x86)ToshibaToshiba Online BackupActivationTOBuActivation.exe
TOSHIBA Power Saver C:Program FilesTOSHIBAPower SaverTPwrMain.EXE
TOSHIBA ReelTime C:Program FilesTOSHIBAReelTimeTosReelTimeMonitor.exe
TOSHIBA Service Station C:Program Files (x86)TOSHIBATOSHIBA Service StationToshibaServiceStation.exe
TOSHIBA Zooming Utility C:Program FilesToshibaSmoothViewSmoothView.exe
(verified) Google Update C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
Browser plugins
---------------
AcroIEHelperShim Library c:program files (x86)common filesadobeacrobatactivexacroiehelpershim.dll
Advanced SystemCare 6 C:UsershungkeongAppDataLocalGoogleChromeUser DataDefaultExtensionsnfengeggddojhakldhlpjdlddgkkjkdd1.0.0_1PluginASCPlugin_Protect.dll
Bitdefender QuickScan C:WindowsDownloaded Program Filesqsax.dll
Bonjour C:Program Files (x86)BonjourmdnsNSP.dll
Bonjour C:Program FilesBonjourmdnsNSP.dll
Google Toolbar for Internet Explorer c:program files (x86)googlegoogle toolbargoogletoolbar_32.dll
Google Update C:Program Files (x86)GoogleUpdate1.3.21.165npGoogleUpdate3.dll
Java Deployment Toolkit 7.0.450.18 C:Program Files (x86)Javajre7bindtpluginnpDeployJava1.dll
Java Platform SE 7 U45 C:Program Files (x86)Javajre7binjp2ssv.dll
Java Platform SE 7 U45 C:Program Files (x86)Javajre7binplugin2npjp2.dll
Java Platform SE 7 U45 C:Program Files (x86)Javajre7binssv.dll
mhLbl Module C:windowsDownloaded Program FilesmhLbl.dll
Microsoft® CoReXT c:program files (x86)common filesmicrosoft sharedwindows livewindowslivelogin.dll
Microsoft® CoReXT C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWLIDNSP.DLL
Microsoft® CoReXT C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDNSP.DLL
Microsoft® Windows® Operating System C:windowssystem32mswsock.dll
Microsoft® Windows® Operating System C:windowsSystem32nlaapi.dll
npitunes.dll C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll
NPSWF32_11_9_900_117.dll C:windowsSysWOW64MacromedFlashNPSWF32_11_9_900_117.dll
PC Pitstop C:windowsDownloaded Program FilesPCPitstop.dll
PC Pitstop C:windowsDownloaded Program FilesPCPitstop3D.dll
Photo Gallery C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll
PPLive PPTV Plugin C:Program Files (x86)Internet ExplorerPPLiteplugin1.0.1.3460npplugin2.dll
PPTV网络电视 C:Program Files (x86)PPLivePPTVPPLive.exe
RealJukebox NS Plugin c:program files (x86)realrealplayerNetscape6nprjplug.dll
RealNetworks Chrome Background Exte C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll
RealPlayer Download and Record Plugin c:programdatarealrealplayerbrowserrecordpluginierpbrowserrecordplugin.dll
RealPlayer Download Plugin c:program files (x86)realrealplayerNetscape6nprpplugin.dll
RealPlayer G2 LiveConnect-Enabled P c:program files (x86)realrealplayerNetscape6nppl3260.dll
RealPlayer HTML5VideoShim Plug-In ( C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll
Silverlight Plug-In c:Program Files (x86)Microsoft Silverlight5.1.20913.0npctrl.dll
Skype Toolbars c:program files (x86)skypetoolbarsinternet explorerskypeieplugin.dll
Skype Toolbars C:UsershungkeongAppDataLocalGoogleChromeUser DataDefaultExtensionslifbcibllhkdhoafpjfnlhfpfgnpldfl5.9.0.9216_0npSkypeChromePlugin.dll
Tencent SSO Platform C:Program Files (x86)Common FilesTencentTXSSO1.2.1.87BinnpSSOAxCtrlForPTLogin.dll
Windows® Internet Explorer C:WindowsSysWOW64ieframe.dll
(verified) Microsoft® Windows® Operating System C:windowssystem32napinsp.dll
(verified) Microsoft® Windows® Operating System C:windowssystem32pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:windowsSystem32winrnr.dll
Scan
----
MD5: 7439665c5cb70b452568bf68e059475a
Link to post
Share on other sites

AVG2014

Norton PC Checkup

Advanced SystemCare 6

These are on the machine probably all doing the same thing while a web page is trying to load.

This computer has come a long way.

 

Very little to do now.

 

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

 

CHR Plugin: (ChromeUtilPlugin) - C:UsershungkeongAppDataLocalGoogleChromeUser DataDefaultExtensionsaaaalfcdpfagiijfjeapclohpegmcpml11.39725_0background/ChromeUtilPlugin.dll No File

CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:Program Files (x86)Javajre6binnew_pluginnpdeployJava1.dll No File

CHR Plugin: (Java Platform SE 6 U20) - C:Program Files (x86)Javajre6binnew_pluginnpjp2.dll No File

CHR Plugin: (Shockwave Flash) - C:windowsSysWOW64MacromedFlashNPSWF32_11_6_602_180.dll No File

CHR Plugin: (Silverlight Plug-In) - c:Program Files (x86)Microsoft Silverlight5.1.20125.0npctrl.dll No File

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

 

please tell me now how the computer is at the moment.

Link to post
Share on other sites

I can not find norton pc checkup anywhere to unistall it.It's not under add or remove programs,I tried searching for it with no results either.

 

I disabled advanced system care web surfing protection.

 

So now it will just use AVG surfing protection.I would keep off for faster results but I don't know this guys surfing habits so he could benefit from it being kept on.

 

Your right it has came along way,thank you.The only lag I'm experiencing now is when opening a

web browser its just real laggy at first,not sure why.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-11-2013 01
Ran by hungkeong at 2013-11-15 21:44:52 Run:2
Running from C:Program Files (x86)PCCleanupDONOTRUNExpertsOnly
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
CHR Plugin: (ChromeUtilPlugin) - C:UsershungkeongAppDataLocalGoogleChromeUser DataDefaultExtensionsaaaalfcdpfagiijfjeapclohpegmcpml11.39725_0background/ChromeUtilPlugin.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:Program Files (x86)Javajre6binnew_pluginnpdeployJava1.dll No File
CHR Plugin: (Java Platform SE 6 U20) - C:Program Files (x86)Javajre6binnew_pluginnpjp2.dll No File
CHR Plugin: (Shockwave Flash) - C:windowsSysWOW64MacromedFlashNPSWF32_11_6_602_180.dll No File
CHR Plugin: (Silverlight Plug-In) - c:Program Files (x86)Microsoft Silverlight5.1.20125.0npctrl.dll No File
*****************
C:UsershungkeongAppDataLocalGoogleChromeUser DataDefaultExtensionsaaaalfcdpfagiijfjeapclohpegmcpml11.39725_0background/ChromeUtilPlugin.dll not found.
C:Program Files (x86)Javajre6binnew_pluginnpdeployJava1.dll not found.
C:Program Files (x86)Javajre6binnew_pluginnpjp2.dll not found.
C:windowsSysWOW64MacromedFlashNPSWF32_11_6_602_180.dll not found.
c:Program Files (x86)Microsoft Silverlight5.1.20125.0npctrl.dll not found.
==== End of Fixlog ====
Edited by tminterlude
Link to post
Share on other sites

C:Program Files (x86)Norton PC CheckupEngine2.0.10.26ccSvcHst.exe

This is the file related to Norton that can be removed.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Don't miss or skip this next step, this will remove malicious files from quarantine and set a clean restore point.

 

Go to Start > Run > copy and paste the full text path in the run box

 

ComboFix /Uninstall

 

Note the space between the x and the /U, it needs to be there.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

 

 

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

 

Run FRST/FRST64 and press the Fix button just once and wait.

no needed to post the log this time.

start

DeleteQuarantine:

end

Download and Run OTC

 

We will now remove the tools we used during this fix using OTC.

[*]Download OTC by OldTimer and save it to your desktop.

[*]Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator

[*]Then Click the big Posted Image button.

[*]You will get a prompt saying "Being Cleanup Process". Please select Yes.

[*]Restart your computer when prompted.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

 

If there are any other tools and folders we used to clean the computer left, manually delete those.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

We can save bookmarks then uninstall/reinstall Google Chrome.

 

 

reset Chrome back to defaults to see if this improves issues with lag.

Mind you it could be your antivirus protection scanning web site info instead.

 

 

We can keep the bookmarks by exporting them - Export Bookmarks

 

 

Then I need you to go Google Sync and sign into your account

 

scroll down untill you see the "Stop and Clear" button and click on button

 

At the prompt click on "Ok"

 

Now we need to uninstall chrome

 

I want you to uninstall Chrome and if asked about user data or settings then remove this also

 

restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

report back once more to let me know how the computer is now.

Edited by Juliet
added info
Link to post
Share on other sites

Thank you juliet.The computer has come along way.Windows and browsers seem to be opening alot faster now,still laggy compared to my pc's but I suppose this pc is just starting to show its hardware age.

 

I did backup the bookmarks and reinstalled chrome,but could not sign in to google sync as this not my pc.

The process's running all appear to be normal and not 20 of any.

Link to post
Share on other sites

Your good to go, good job!

 

 

Please take the time to read over a few of my preventive tips.

 

 

Computer Security

http://malwareremoval.com/forum/viewtopic.php?p=557960#p557960

 

Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows.

 

 

Firefox 3

The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

 

WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

[*]Green should be good to go

[*]Yellow for caution

[*]Red to stop

How to prevent Malware: Created by Miekiemoes

 

Here are some additional utilities that will further enhance your safety.

# http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

 

Scan your computer regularly for malware

Scan on a regular basis to keep your computer clean, free software such as Malwarebytes Anti-Malware (MBAM) and SUPERAntiSpyware-

Please note that these products can also be run as free without a licience as a scan on demand scanner.

 

Backup regularly

 

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.

 

Alternatively, you can use 3rd-party programs to back up your data. One example can be found at Bleeping Computer.

 

Avoid P2P

 

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs if you need to use one.

 

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

[*]FBI Cyber Education Letter

File sharing infects 500,000 computers

USAToday

infoworld

*********************************************

Please read the following safe computing articles..

 

Secure My Computer: A Layered Approach

 

Strong passwords: How to create and use them

Then consider a password keeper, to keep all your passwords safe.

 

Free Antivirus-AntiSpyware-Firewall Software

 

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

 

Slow Computer May Not Be Malware Related, Help! My computer is slow!

http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html

 

 

PC Safety and Security--What Do I Need?

http://www.techsupportforum.com/security-center/general-computer-security/525915-pc-safety-security-what-do-i-need.html

http://www.techsupportforum.com/security-center/general-computer-security/115548-pc-safety-security-what-do-i-need.html

 

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

This site offers people who have been (or are) victims of malware the opportunity to document their story.

 

How did I get infected in the first place? by TonyKlein

http://www.geekstogo.com/how-did-i-get-infected-in-the-first-place/

 

 

Extra note:

Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
×
×
  • Create New...