My laptop has Intel Core i5 CPU M 460 @ 2.53GHz, 4.0GB RAM; and is using MS Windows 7 Home Premium 64-bit SP1.
I am using Avast! as my antivirus.
I was transferring some files to my computer via Flash Drive. Upon transferring it, there was no was no warning that says there is a virus found, so I continued transferring the files. Immediately after, I restarted my laptop.
Upon start up, I noticed that it was incredibly slow. So I suspected it was a hardware failure.
I immediately cleaned the air vents, rand a chkdsk and a memory diagnoser. Both were successful but to no avail, my laptop is still so slow. Even refreshing would take approx. 5 minutes. So I decided to run it on safe mode.
Safe mode was naturally fast. So I ran rkill, and my avast! antivirus. Both found no issues.
Since I already have MBAM on my computer, I updated it, and ran the software. Here is the log: (on safe mode since I cannot run it on normal mode)
---------------------------------------------------------------------------------------------------------------------------
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 432986
Time elapsed: 1 hour(s), 5 minute(s), 37 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 9
C:\Program Files\Adobe\Adobe After Effects CS6\Support Files\amtlib.dll (PUP.RiskwareTool.CK) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Adobe Media Encoder CS6\amtlib.dll (PUP.RiskwareTool.CK) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Adobe\Adobe InDesign CS6\amtlib.dll (PUP.RiskwareTool.CK) -> Quarantined and deleted successfully.
C:\ProgramData\BBrowsee2sAove\515162ba63ff4.dll (Adware.MultiPlug) -> Quarantined and deleted successfully.
C:\Users\Asus\Desktop\Adobe After Effects CS6 11.0.2.12 LS7 Multilanguage [ChingLiu]\Cracked dll\amtlib.dll (PUP.RiskwareTool.CK) -> Quarantined and deleted successfully.
C:\Users\Asus\Downloads\Sony Vegas Pro 9 Crack.rar (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\Users\Asus\Downloads\Sony Vegas Pro 9 Crack\Sony Vegas Pro 9\Keygen Vegas 9.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
D:\Users\Asus\Downloads\SONY VEGAS PRO 9 + PATCH & CRACK\crack vegas 9\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
D:\Users\Asus\Downloads\SONY VEGAS PRO 9 + PATCH & CRACK\crack vegas 9\Sony_VegasPro8_DVDArchitect45_SoundForge9_CRACK.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
(end)
---------------------------------------------------------------------------------------------------------------------------
Afterwards, I ran DDS (still on safe mode). This is the log:
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.17.2
Run by Asus at 15:02:20 on 2013-04-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.63.1033.18.3950.2173 [GMT 8:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: avast! antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\Asus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Users\Asus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Asus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\AVG\AVG2013\avgscana.exe
C:\Users\Asus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Asus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Asus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Asus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.delta-search.com/?affID=119776&tt=040413_9113&babsrc=HP_ss&mntrId=DE5500FF9A81D3CB
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uProxyServer = hxxp=192.168.0.101:80
uProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: HotSpot International Toolbar: {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Program Files (x86)\HotSpot_International\tbHotS.dll
uURLSearchHooks: {472734EA-242A-422b-ADF8-83D1E48CC825} - <orphaned>
mURLSearchHooks: HotSpot International Toolbar: {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Program Files (x86)\HotSpot_International\tbHotS.dll
mWinlogon: Userinit = userinit.exe,
BHO: HotSpot International Toolbar: {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Program Files (x86)\HotSpot_International\tbHotS.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: HotSpot International Toolbar: {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Program Files (x86)\HotSpot_International\tbHotS.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [AdobeBridge] <no file>
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [USB Antivirus] C:\Program Files (x86)\USB Disk Security\USBGuard.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 192.168.1.1 192.168.0.1
TCP: Interfaces\{61A92580-36D5-4233-B361-227D8F3558A4} : DHCPNameServer = 192.168.1.1 192.168.0.1
TCP: Interfaces\{61A92580-36D5-4233-B361-227D8F3558A4}\05562756A70313 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{61A92580-36D5-4233-B361-227D8F3558A4}\142434 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{61A92580-36D5-4233-B361-227D8F3558A4}\34963736F60363239313 : DHCPNameServer = 124.106.7.2 124.106.5.2
TCP: Interfaces\{61A92580-36D5-4233-B361-227D8F3558A4}\7527F636B6C6564676560284F6473707F647 : DHCPNameServer = 10.10.175.1
TCP: Interfaces\{61A92580-36D5-4233-B361-227D8F3558A4}\951405D20534F5E4564777F627B6 : DHCPNameServer = 222.127.143.5 202.126.35.181
TCP: Interfaces\{82DCDF38-AAC2-4832-9FDB-F39E8ABCA5CC} : NameServer = 0.0.0.0
TCP: Interfaces\{9A81D3CB-1EE5-4F25-81C3-D299FFC71C0C} : NameServer = 10.47.48.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.1.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-4-29 14456]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-2-14 239416]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-4-28 40736]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-4-14 130048]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-4-14 56344]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\System32\drivers\JME.sys [2011-4-14 115312]
R3 lgbusenum;LG Bluetooth Bus Enumerator;C:\Windows\System32\drivers\lgbtbs64.sys [2009-9-29 14848]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-3-17 7680512]
S1 aswSP;avast! Self Protection;C:\Windows\System32\drivers\aswSP.sys [2011-4-14 89680]
S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-2-26 246072]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-6-30 203264]
S2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-4-14 22096]
S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-4-14 65616]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast4\ashServ.exe [2012-1-20 138680]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-2-27 4937264]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-2-19 282624]
S2 Change Modem Device Service;Change Modem Device Service;C:\Windows\SysWOW64\ChgService.exe [2012-4-9 135168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DBSERVER;Arsenal Database Server;C:\Program Files (x86)\ADBServer\dbServer.exe [2012-10-27 3316736]
S2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-1-7 331608]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-27 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-27 701512]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2012-8-6 390632]
S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-8-6 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-4-14 2314240]
S2 vToolbarUpdater15.1.0;vToolbarUpdater15.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe [2013-4-28 1008816]
S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\System32\drivers\lgandbus64.sys [2012-3-2 19456]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\System32\drivers\lganddiag64.sys [2012-3-2 27648]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\System32\drivers\lgandgps64.sys [2012-3-2 27136]
S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\System32\drivers\lgandmodem64.sys [2012-3-2 34304]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-4-14 116240]
S3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2012-1-20 254040]
S3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2012-1-20 352920]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2011-4-14 52264]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-4-14 35104]
S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;C:\Windows\System32\drivers\cmnsusbser.sys [2010-10-21 126080]
S3 dblhost;Diginext DBL Hosting Service;"C:\Program Files (x86)\Nextel\ADN\dblhost.exe" --> C:\Program Files (x86)\Nextel\ADN\dblhost.exe [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2011-7-23 246224]
S3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\System32\drivers\ewusbdev.sys [2011-7-23 114304]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-10-26 151936]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-4-14 143472]
S3 LgBttPort;LGE Bluetooth TransPort;C:\Windows\System32\drivers\lgbtpt64.sys [2009-9-29 16384]
S3 LGVMODEM;LGE Virtual Modem;C:\Windows\System32\drivers\lgvmdm64.sys [2009-9-29 17408]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-27 25928]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 qcusbser;Mobile Connector;C:\Windows\System32\drivers\qcusbser.sys [2011-8-18 113792]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-8-22 59392]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-6 118672]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-1 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2013-04-29 06:16:29--------d-----w-C:\57ddf9f5bb1b1844f7f90117ef99c6a0
2013-04-28 17:50:18--------d-----w-C:\Users\Asus\AppData\Local\adawarebp
2013-04-28 17:25:47--------d-----w-C:\Users\Asus\AppData\Roaming\LavasoftStatistics
2013-04-28 17:25:20--------d-----w-C:\ProgramData\Downloaded Installations
2013-04-28 17:25:14--------d-----w-C:\ProgramData\blekko toolbars
2013-04-28 17:25:10--------d-----w-C:\ProgramData\Ad-Aware Browsing Protection
2013-04-28 17:25:00--------d-----w-C:\Program Files (x86)\adawaretb
2013-04-28 17:24:57--------d-----w-C:\Program Files (x86)\Toolbar Cleaner
2013-04-28 17:14:5747496----a-w-C:\Windows\System32\sbbd.exe
2013-04-28 17:14:5714456----a-w-C:\Windows\System32\drivers\gfibto.sys
2013-04-28 17:14:56--------d-----w-C:\Users\Asus\AppData\Roaming\Ad-Aware Antivirus
2013-04-28 15:50:55--------d-----w-C:\Users\Asus\Doctor Web
2013-04-28 15:14:42--------d-----w-C:\Users\Asus\AppData\Local\AVG Secure Search
2013-04-28 14:42:49--------d-----w-C:\Users\Asus\AppData\Roaming\AVG2013
2013-04-28 14:42:19--------d-----w-C:\Users\Asus\AppData\Roaming\TuneUp Software
2013-04-28 14:42:17--------d-----w-C:\ProgramData\AVG Secure Search
2013-04-28 14:42:1040736----a-w-C:\Windows\System32\drivers\avgtpx64.sys
2013-04-28 14:42:07--------d-----w-C:\Program Files (x86)\Common Files\AVG Secure Search
2013-04-28 14:42:07--------d-----w-C:\Program Files (x86)\AVG Secure Search
2013-04-28 14:39:10--------d--h--w-C:\$AVG
2013-04-28 14:39:04--------d-----w-C:\ProgramData\AVG2013
2013-04-28 14:37:18--------d-----w-C:\Program Files (x86)\AVG
2013-04-28 14:25:54--------d--h--w-C:\ProgramData\Common Files
2013-04-28 14:25:54--------d-----w-C:\Users\Asus\AppData\Local\MFAData
2013-04-28 14:25:54--------d-----w-C:\Users\Asus\AppData\Local\Avg2013
2013-04-28 14:25:54--------d-----w-C:\ProgramData\MFAData
2013-04-28 12:43:46--------d-----w-C:\Users\Asus\AppData\Roaming\SUPERAntiSpyware.com
2013-04-28 12:43:32--------d-----w-C:\ProgramData\SUPERAntiSpyware.com
2013-04-28 08:25:18--------d-----w-C:\Users\Asus\AppData\Local\ElevatedDiagnostics
2013-04-27 15:04:10--------d-----w-C:\Users\Asus\AppData\Roaming\Malwarebytes
2013-04-27 15:04:0725928----a-w-C:\Windows\System32\drivers\mbam.sys
2013-04-27 15:04:07--------d-----w-C:\ProgramData\Malwarebytes
2013-04-27 15:04:07--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-27 15:03:52--------d-----w-C:\Users\Asus\AppData\Local\Programs
2013-04-23 16:26:319317456----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CAF81D2C-9CF9-4005-A8E8-7B124C3DB9E1}\mpengine.dll
2013-04-20 16:10:45--------d-sh--w-C:\found.000
2013-04-18 05:57:17--------d-----w-C:\Windows\SysWow64\spool
2013-04-18 05:56:55--------d-----w-C:\Program Files (x86)\Sony
2013-04-18 02:48:33--------d-----w-C:\Program Files (x86)\TornTV.com
2013-04-17 07:44:01--------d-----w-C:\Users\Asus\AppData\Local\Sony
2013-04-16 08:32:38--------d-----w-C:\Program Files\DivX
2013-04-16 08:27:41--------d-----w-C:\Users\Asus\AppData\Roaming\Uniblue
2013-04-16 08:27:41--------d-----w-C:\Program Files (x86)\Uniblue
2013-04-14 12:13:463717632----a-w-C:\Windows\System32\mstscax.dll
2013-04-05 06:27:31--------d-----w-C:\Windows\SysWow64\searchplugins
2013-04-05 06:27:31--------d-----w-C:\Windows\SysWow64\Extensions
2013-04-05 06:23:16--------d-----w-C:\ProgramData\Babylon
2013-04-05 06:23:15--------d-----w-C:\Users\Asus\AppData\Roaming\Babylon
2013-04-05 06:23:05--------d-----w-C:\Program Files (x86)\Movie2KDownloader.com
2013-04-05 06:23:01--------d-----w-C:\Program Files (x86)\hdvidcodec.com
2013-04-04 05:50:48--------d-----w-C:\Users\Asus\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2013-04-04 05:42:10--------d-----w-C:\ProgramData\regid.1986-12.com.adobe
2013-04-02 14:09:524550656----a-w-C:\Windows\SysWow64\GPhotos.scr
.
==================== Find3M ====================
.
2013-03-23 01:09:28354656----a-w-C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2013-03-20 05:21:2795648----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-20 05:21:23861088----a-w-C:\Windows\SysWow64\npdeployJava1.dll
2013-03-20 05:21:23782240----a-w-C:\Windows\SysWow64\deployJava1.dll
2013-03-19 06:04:065550424----a-w-C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:5643520----a-w-C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:133968856----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:103913560----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:506656----a-w-C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33112640----a-w-C:\Windows\System32\smss.exe
2013-03-13 14:02:2573432----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 14:02:25693976----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-13 14:02:2116486616----a-w-C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-03-11 17:10:56282744------w-C:\Windows\System32\MpSigStub.exe
2013-03-01 03:36:043153408----a-w-C:\Windows\System32\win32k.sys
2013-02-26 15:40:46246072----a-w-C:\Windows\System32\drivers\avgidsdrivera.sys
2013-02-22 06:27:492312704----a-w-C:\Windows\System32\jscript9.dll
2013-02-22 06:20:511392128----a-w-C:\Windows\System32\wininet.dll
2013-02-22 06:19:371494528----a-w-C:\Windows\System32\inetcpl.cpl
2013-02-22 06:15:48173056----a-w-C:\Windows\System32\ieUnatt.exe
2013-02-22 06:15:23599040----a-w-C:\Windows\System32\vbscript.dll
2013-02-22 06:12:412382848----a-w-C:\Windows\System32\mshtml.tlb
2013-02-22 03:46:001800704----a-w-C:\Windows\SysWow64\jscript9.dll
2013-02-22 03:38:001129472----a-w-C:\Windows\SysWow64\wininet.dll
2013-02-22 03:37:501427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2013-02-22 03:34:17142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2013-02-22 03:34:03420864----a-w-C:\Windows\SysWow64\vbscript.dll
2013-02-22 03:31:462382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2013-02-15 06:08:4044032----a-w-C:\Windows\System32\tsgqec.dll
2013-02-15 06:02:26158720----a-w-C:\Windows\System32\aaclient.dll
2013-02-15 04:37:103217408----a-w-C:\Windows\SysWow64\mstscax.dll
2013-02-15 04:34:10131584----a-w-C:\Windows\SysWow64\aaclient.dll
2013-02-15 03:25:5136864----a-w-C:\Windows\SysWow64\tsgqec.dll
2013-02-13 19:52:46239416----a-w-C:\Windows\System32\drivers\avgtdia.sys
2013-02-12 05:45:24135168----a-w-C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22350208----a-w-C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22308736----a-w-C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22111104----a-w-C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31474112----a-w-C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:262176512----a-w-C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:0519968----a-w-C:\Windows\System32\drivers\usb8023.sys
2013-02-07 20:37:56116536----a-w-C:\Windows\System32\drivers\avgmfx64.sys
2013-02-07 20:37:54311096----a-w-C:\Windows\System32\drivers\avgloga.sys
2013-02-07 20:37:5071480----a-w-C:\Windows\System32\drivers\avgidsha.sys
2013-02-07 20:37:42206136----a-w-C:\Windows\System32\drivers\avgldx64.sys
2013-02-07 20:37:4045880----a-w-C:\Windows\System32\drivers\avgrkx64.sys
.
============= FINISH: 15:04:45.98 ===============
-cont on next post
I am using Avast! as my antivirus.
I was transferring some files to my computer via Flash Drive. Upon transferring it, there was no was no warning that says there is a virus found, so I continued transferring the files. Immediately after, I restarted my laptop.
Upon start up, I noticed that it was incredibly slow. So I suspected it was a hardware failure.
I immediately cleaned the air vents, rand a chkdsk and a memory diagnoser. Both were successful but to no avail, my laptop is still so slow. Even refreshing would take approx. 5 minutes. So I decided to run it on safe mode.
Safe mode was naturally fast. So I ran rkill, and my avast! antivirus. Both found no issues.
Since I already have MBAM on my computer, I updated it, and ran the software. Here is the log: (on safe mode since I cannot run it on normal mode)
---------------------------------------------------------------------------------------------------------------------------
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 432986
Time elapsed: 1 hour(s), 5 minute(s), 37 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 9
C:\Program Files\Adobe\Adobe After Effects CS6\Support Files\amtlib.dll (PUP.RiskwareTool.CK) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Adobe Media Encoder CS6\amtlib.dll (PUP.RiskwareTool.CK) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Adobe\Adobe InDesign CS6\amtlib.dll (PUP.RiskwareTool.CK) -> Quarantined and deleted successfully.
C:\ProgramData\BBrowsee2sAove\515162ba63ff4.dll (Adware.MultiPlug) -> Quarantined and deleted successfully.
C:\Users\Asus\Desktop\Adobe After Effects CS6 11.0.2.12 LS7 Multilanguage [ChingLiu]\Cracked dll\amtlib.dll (PUP.RiskwareTool.CK) -> Quarantined and deleted successfully.
C:\Users\Asus\Downloads\Sony Vegas Pro 9 Crack.rar (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\Users\Asus\Downloads\Sony Vegas Pro 9 Crack\Sony Vegas Pro 9\Keygen Vegas 9.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
D:\Users\Asus\Downloads\SONY VEGAS PRO 9 + PATCH & CRACK\crack vegas 9\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
D:\Users\Asus\Downloads\SONY VEGAS PRO 9 + PATCH & CRACK\crack vegas 9\Sony_VegasPro8_DVDArchitect45_SoundForge9_CRACK.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
(end)
---------------------------------------------------------------------------------------------------------------------------
Afterwards, I ran DDS (still on safe mode). This is the log:
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.17.2
Run by Asus at 15:02:20 on 2013-04-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.63.1033.18.3950.2173 [GMT 8:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: avast! antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\Asus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Users\Asus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Asus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\AVG\AVG2013\avgscana.exe
C:\Users\Asus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Asus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Asus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Asus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.delta-search.com/?affID=119776&tt=040413_9113&babsrc=HP_ss&mntrId=DE5500FF9A81D3CB
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uProxyServer = hxxp=192.168.0.101:80
uProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: HotSpot International Toolbar: {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Program Files (x86)\HotSpot_International\tbHotS.dll
uURLSearchHooks: {472734EA-242A-422b-ADF8-83D1E48CC825} - <orphaned>
mURLSearchHooks: HotSpot International Toolbar: {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Program Files (x86)\HotSpot_International\tbHotS.dll
mWinlogon: Userinit = userinit.exe,
BHO: HotSpot International Toolbar: {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Program Files (x86)\HotSpot_International\tbHotS.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: HotSpot International Toolbar: {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Program Files (x86)\HotSpot_International\tbHotS.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [AdobeBridge] <no file>
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [USB Antivirus] C:\Program Files (x86)\USB Disk Security\USBGuard.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 192.168.1.1 192.168.0.1
TCP: Interfaces\{61A92580-36D5-4233-B361-227D8F3558A4} : DHCPNameServer = 192.168.1.1 192.168.0.1
TCP: Interfaces\{61A92580-36D5-4233-B361-227D8F3558A4}\05562756A70313 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{61A92580-36D5-4233-B361-227D8F3558A4}\142434 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{61A92580-36D5-4233-B361-227D8F3558A4}\34963736F60363239313 : DHCPNameServer = 124.106.7.2 124.106.5.2
TCP: Interfaces\{61A92580-36D5-4233-B361-227D8F3558A4}\7527F636B6C6564676560284F6473707F647 : DHCPNameServer = 10.10.175.1
TCP: Interfaces\{61A92580-36D5-4233-B361-227D8F3558A4}\951405D20534F5E4564777F627B6 : DHCPNameServer = 222.127.143.5 202.126.35.181
TCP: Interfaces\{82DCDF38-AAC2-4832-9FDB-F39E8ABCA5CC} : NameServer = 0.0.0.0
TCP: Interfaces\{9A81D3CB-1EE5-4F25-81C3-D299FFC71C0C} : NameServer = 10.47.48.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.1.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-4-29 14456]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-2-14 239416]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-4-28 40736]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-4-14 130048]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-4-14 56344]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\System32\drivers\JME.sys [2011-4-14 115312]
R3 lgbusenum;LG Bluetooth Bus Enumerator;C:\Windows\System32\drivers\lgbtbs64.sys [2009-9-29 14848]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-3-17 7680512]
S1 aswSP;avast! Self Protection;C:\Windows\System32\drivers\aswSP.sys [2011-4-14 89680]
S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-2-26 246072]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-6-30 203264]
S2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-4-14 22096]
S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-4-14 65616]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast4\ashServ.exe [2012-1-20 138680]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-2-27 4937264]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-2-19 282624]
S2 Change Modem Device Service;Change Modem Device Service;C:\Windows\SysWOW64\ChgService.exe [2012-4-9 135168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DBSERVER;Arsenal Database Server;C:\Program Files (x86)\ADBServer\dbServer.exe [2012-10-27 3316736]
S2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-1-7 331608]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-27 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-27 701512]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2012-8-6 390632]
S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-8-6 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-4-14 2314240]
S2 vToolbarUpdater15.1.0;vToolbarUpdater15.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe [2013-4-28 1008816]
S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\System32\drivers\lgandbus64.sys [2012-3-2 19456]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\System32\drivers\lganddiag64.sys [2012-3-2 27648]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\System32\drivers\lgandgps64.sys [2012-3-2 27136]
S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\System32\drivers\lgandmodem64.sys [2012-3-2 34304]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-4-14 116240]
S3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2012-1-20 254040]
S3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2012-1-20 352920]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2011-4-14 52264]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-4-14 35104]
S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;C:\Windows\System32\drivers\cmnsusbser.sys [2010-10-21 126080]
S3 dblhost;Diginext DBL Hosting Service;"C:\Program Files (x86)\Nextel\ADN\dblhost.exe" --> C:\Program Files (x86)\Nextel\ADN\dblhost.exe [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2011-7-23 246224]
S3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\System32\drivers\ewusbdev.sys [2011-7-23 114304]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-10-26 151936]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-4-14 143472]
S3 LgBttPort;LGE Bluetooth TransPort;C:\Windows\System32\drivers\lgbtpt64.sys [2009-9-29 16384]
S3 LGVMODEM;LGE Virtual Modem;C:\Windows\System32\drivers\lgvmdm64.sys [2009-9-29 17408]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-27 25928]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 qcusbser;Mobile Connector;C:\Windows\System32\drivers\qcusbser.sys [2011-8-18 113792]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-8-22 59392]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-6 118672]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-1 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2013-04-29 06:16:29--------d-----w-C:\57ddf9f5bb1b1844f7f90117ef99c6a0
2013-04-28 17:50:18--------d-----w-C:\Users\Asus\AppData\Local\adawarebp
2013-04-28 17:25:47--------d-----w-C:\Users\Asus\AppData\Roaming\LavasoftStatistics
2013-04-28 17:25:20--------d-----w-C:\ProgramData\Downloaded Installations
2013-04-28 17:25:14--------d-----w-C:\ProgramData\blekko toolbars
2013-04-28 17:25:10--------d-----w-C:\ProgramData\Ad-Aware Browsing Protection
2013-04-28 17:25:00--------d-----w-C:\Program Files (x86)\adawaretb
2013-04-28 17:24:57--------d-----w-C:\Program Files (x86)\Toolbar Cleaner
2013-04-28 17:14:5747496----a-w-C:\Windows\System32\sbbd.exe
2013-04-28 17:14:5714456----a-w-C:\Windows\System32\drivers\gfibto.sys
2013-04-28 17:14:56--------d-----w-C:\Users\Asus\AppData\Roaming\Ad-Aware Antivirus
2013-04-28 15:50:55--------d-----w-C:\Users\Asus\Doctor Web
2013-04-28 15:14:42--------d-----w-C:\Users\Asus\AppData\Local\AVG Secure Search
2013-04-28 14:42:49--------d-----w-C:\Users\Asus\AppData\Roaming\AVG2013
2013-04-28 14:42:19--------d-----w-C:\Users\Asus\AppData\Roaming\TuneUp Software
2013-04-28 14:42:17--------d-----w-C:\ProgramData\AVG Secure Search
2013-04-28 14:42:1040736----a-w-C:\Windows\System32\drivers\avgtpx64.sys
2013-04-28 14:42:07--------d-----w-C:\Program Files (x86)\Common Files\AVG Secure Search
2013-04-28 14:42:07--------d-----w-C:\Program Files (x86)\AVG Secure Search
2013-04-28 14:39:10--------d--h--w-C:\$AVG
2013-04-28 14:39:04--------d-----w-C:\ProgramData\AVG2013
2013-04-28 14:37:18--------d-----w-C:\Program Files (x86)\AVG
2013-04-28 14:25:54--------d--h--w-C:\ProgramData\Common Files
2013-04-28 14:25:54--------d-----w-C:\Users\Asus\AppData\Local\MFAData
2013-04-28 14:25:54--------d-----w-C:\Users\Asus\AppData\Local\Avg2013
2013-04-28 14:25:54--------d-----w-C:\ProgramData\MFAData
2013-04-28 12:43:46--------d-----w-C:\Users\Asus\AppData\Roaming\SUPERAntiSpyware.com
2013-04-28 12:43:32--------d-----w-C:\ProgramData\SUPERAntiSpyware.com
2013-04-28 08:25:18--------d-----w-C:\Users\Asus\AppData\Local\ElevatedDiagnostics
2013-04-27 15:04:10--------d-----w-C:\Users\Asus\AppData\Roaming\Malwarebytes
2013-04-27 15:04:0725928----a-w-C:\Windows\System32\drivers\mbam.sys
2013-04-27 15:04:07--------d-----w-C:\ProgramData\Malwarebytes
2013-04-27 15:04:07--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-27 15:03:52--------d-----w-C:\Users\Asus\AppData\Local\Programs
2013-04-23 16:26:319317456----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CAF81D2C-9CF9-4005-A8E8-7B124C3DB9E1}\mpengine.dll
2013-04-20 16:10:45--------d-sh--w-C:\found.000
2013-04-18 05:57:17--------d-----w-C:\Windows\SysWow64\spool
2013-04-18 05:56:55--------d-----w-C:\Program Files (x86)\Sony
2013-04-18 02:48:33--------d-----w-C:\Program Files (x86)\TornTV.com
2013-04-17 07:44:01--------d-----w-C:\Users\Asus\AppData\Local\Sony
2013-04-16 08:32:38--------d-----w-C:\Program Files\DivX
2013-04-16 08:27:41--------d-----w-C:\Users\Asus\AppData\Roaming\Uniblue
2013-04-16 08:27:41--------d-----w-C:\Program Files (x86)\Uniblue
2013-04-14 12:13:463717632----a-w-C:\Windows\System32\mstscax.dll
2013-04-05 06:27:31--------d-----w-C:\Windows\SysWow64\searchplugins
2013-04-05 06:27:31--------d-----w-C:\Windows\SysWow64\Extensions
2013-04-05 06:23:16--------d-----w-C:\ProgramData\Babylon
2013-04-05 06:23:15--------d-----w-C:\Users\Asus\AppData\Roaming\Babylon
2013-04-05 06:23:05--------d-----w-C:\Program Files (x86)\Movie2KDownloader.com
2013-04-05 06:23:01--------d-----w-C:\Program Files (x86)\hdvidcodec.com
2013-04-04 05:50:48--------d-----w-C:\Users\Asus\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2013-04-04 05:42:10--------d-----w-C:\ProgramData\regid.1986-12.com.adobe
2013-04-02 14:09:524550656----a-w-C:\Windows\SysWow64\GPhotos.scr
.
==================== Find3M ====================
.
2013-03-23 01:09:28354656----a-w-C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2013-03-20 05:21:2795648----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-20 05:21:23861088----a-w-C:\Windows\SysWow64\npdeployJava1.dll
2013-03-20 05:21:23782240----a-w-C:\Windows\SysWow64\deployJava1.dll
2013-03-19 06:04:065550424----a-w-C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:5643520----a-w-C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:133968856----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:103913560----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:506656----a-w-C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33112640----a-w-C:\Windows\System32\smss.exe
2013-03-13 14:02:2573432----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 14:02:25693976----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-13 14:02:2116486616----a-w-C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-03-11 17:10:56282744------w-C:\Windows\System32\MpSigStub.exe
2013-03-01 03:36:043153408----a-w-C:\Windows\System32\win32k.sys
2013-02-26 15:40:46246072----a-w-C:\Windows\System32\drivers\avgidsdrivera.sys
2013-02-22 06:27:492312704----a-w-C:\Windows\System32\jscript9.dll
2013-02-22 06:20:511392128----a-w-C:\Windows\System32\wininet.dll
2013-02-22 06:19:371494528----a-w-C:\Windows\System32\inetcpl.cpl
2013-02-22 06:15:48173056----a-w-C:\Windows\System32\ieUnatt.exe
2013-02-22 06:15:23599040----a-w-C:\Windows\System32\vbscript.dll
2013-02-22 06:12:412382848----a-w-C:\Windows\System32\mshtml.tlb
2013-02-22 03:46:001800704----a-w-C:\Windows\SysWow64\jscript9.dll
2013-02-22 03:38:001129472----a-w-C:\Windows\SysWow64\wininet.dll
2013-02-22 03:37:501427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2013-02-22 03:34:17142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2013-02-22 03:34:03420864----a-w-C:\Windows\SysWow64\vbscript.dll
2013-02-22 03:31:462382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2013-02-15 06:08:4044032----a-w-C:\Windows\System32\tsgqec.dll
2013-02-15 06:02:26158720----a-w-C:\Windows\System32\aaclient.dll
2013-02-15 04:37:103217408----a-w-C:\Windows\SysWow64\mstscax.dll
2013-02-15 04:34:10131584----a-w-C:\Windows\SysWow64\aaclient.dll
2013-02-15 03:25:5136864----a-w-C:\Windows\SysWow64\tsgqec.dll
2013-02-13 19:52:46239416----a-w-C:\Windows\System32\drivers\avgtdia.sys
2013-02-12 05:45:24135168----a-w-C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22350208----a-w-C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22308736----a-w-C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22111104----a-w-C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31474112----a-w-C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:262176512----a-w-C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:0519968----a-w-C:\Windows\System32\drivers\usb8023.sys
2013-02-07 20:37:56116536----a-w-C:\Windows\System32\drivers\avgmfx64.sys
2013-02-07 20:37:54311096----a-w-C:\Windows\System32\drivers\avgloga.sys
2013-02-07 20:37:5071480----a-w-C:\Windows\System32\drivers\avgidsha.sys
2013-02-07 20:37:42206136----a-w-C:\Windows\System32\drivers\avgldx64.sys
2013-02-07 20:37:4045880----a-w-C:\Windows\System32\drivers\avgrkx64.sys
.
============= FINISH: 15:04:45.98 ===============
-cont on next post