Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop-ups and links everywhere!


  • Please log in to reply
3 replies to this topic

#1 dhllim3

dhllim3

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 04 May 2016 - 01:22 PM

I ran malwarebytes, quarantined infected files, but the symptoms still exist. Texts turned into links, videos playing out of nowhere, and pop-ups slowing down my computer.... it's killing my computer! Please help.

 

 

 

 

 

 

 

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-05-2016
Ran by ChrisPark (administrator) on CHRISPARK-HP (04-05-2016 11:13:06)
Running from C:\Users\ChrisPark\Pictures\Downloads
Loaded Profiles: ChrisPark & QBDataServiceUser23 (Available Profiles: ChrisPark & QBDataServiceUser23)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
() C:\Program Files (x86)\Paragon Software\HFS+ for Windows  9.0\apmwinsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\Program Files (x86)\Get-a-Clip\MFLService2.exe
(Pandora.TV) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files (x86)\Get-a-Clip\mflstart.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(PandoraTV) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2013\QBDBMgrN.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [569200 2011-02-18] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Seagull Drivers] => ssdal_nc.exe startup
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2807608 2013-09-05] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2015-06-29] (Adobe Systems Inc.)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2014-05-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2014-05-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM-x32\...\Run: [mflstart] => C:\Program Files (x86)\Get-a-Clip\mflstart.exe [116208 2016-03-30] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2810796647-1154407487-236208718-1000\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2810796647-1154407487-236208718-1000\...\Run: [Google Update] => C:\Users\ChrisPark\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
HKU\S-1-5-21-2810796647-1154407487-236208718-1000\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [109480 2016-02-15] (SlySoft, Inc.)
HKU\S-1-5-21-2810796647-1154407487-236208718-1000\...\Run: [GoogleChromeAutoLaunch_229C2E6891714D0CE7C5958FD27ABF76] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [874136 2016-03-07] (Google Inc.)
HKU\S-1-5-21-2810796647-1154407487-236208718-1000\...\MountPoints2: {3787af12-7405-11e3-91fa-a0139cee0c09} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2810796647-1154407487-236208718-1000\...\MountPoints2: {a714d0f4-0dc7-11e5-9e74-b95bff9836b8} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2810796647-1154407487-236208718-1000\...\MountPoints2: {de95cc15-48ef-11e4-b5ff-ec8aec969b02} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2810796647-1154407487-236208718-1000\...\MountPoints2: {e62ff228-f864-11e2-b8d0-e68f12290ec0} - F:\Autorun.exe
AppInit_DLLs-x32: mfllib.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-09] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\ShellTools.dll [2016-03-16] (SmartSoft Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-05-12]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2013-05-03]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2013-05-03]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\ChrisPark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk [2016-05-02]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{329367C4-A6E1-4A08-9C14-28529ABBC917}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5D9D7576-EEF6-4409-84E1-0846B48959EB}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2810796647-1154407487-236208718-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2810796647-1154407487-236208718-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-2810796647-1154407487-236208718-1003\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPNOT/1
HKU\S-1-5-21-2810796647-1154407487-236208718-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> OldSearch URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {44159DE0-8C9E-4DDB-963F-2BFBA9563559} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {44159DE0-8C9E-4DDB-963F-2BFBA9563559} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = 
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2810796647-1154407487-236208718-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = 
SearchScopes: HKU\S-1-5-21-2810796647-1154407487-236208718-1000 -> OldSearch URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2810796647-1154407487-236208718-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2810796647-1154407487-236208718-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-2810796647-1154407487-236208718-1000 -> {44159DE0-8C9E-4DDB-963F-2BFBA9563559} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2810796647-1154407487-236208718-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2810796647-1154407487-236208718-1000 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = 
SearchScopes: HKU\S-1-5-21-2810796647-1154407487-236208718-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2810796647-1154407487-236208718-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2810796647-1154407487-236208718-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2810796647-1154407487-236208718-1003 -> OldSearch URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2810796647-1154407487-236208718-1003 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-2810796647-1154407487-236208718-1003 -> {44159DE0-8C9E-4DDB-963F-2BFBA9563559} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2810796647-1154407487-236208718-1003 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2810796647-1154407487-236208718-1003 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2810796647-1154407487-236208718-1003 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-02-17] (HP)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-09] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-02-17] (HP)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-09] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: MFLHelper Class -> {B0932222-51E2-47D1-A4EF-CB10AE7DF086} -> C:\Program Files (x86)\Get-a-Clip\MFLPluginIE.dll [2016-03-30] (Get-a-Clip)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2810796647-1154407487-236208718-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2810796647-1154407487-236208718-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
DPF: HKLM {6CE20149-ABE3-462E-A1B4-5B549971AA38} 
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} hxxp://plugin.inicis.com/wallet61/INIwallet61_vista.cab
DPF: HKLM-x32 {3E086D34-0ED5-4A8E-BB6A-C4DF5AC4357B} hxxp://update.webbranch.co.kr/ibk/KiupXGrid.cab
DPF: HKLM-x32 {55F0958D-C5ED-49E6-8769-E238D4429F57} hxxp://patch.clubnara.com/cinstall/ClubnaraCtrl.cab
DPF: HKLM-x32 {6CE20149-ABE3-462E-A1B4-5B549971AA38} hxxp://mybank.ibk.co.kr/ibs/js/CKKeyPro/TouchEnkey3.1.0.19_32k.cab
DPF: HKLM-x32 {913B97A3-03C6-4B77-98AD-66BD4DE2E4D9} hxxp://program.webhard.co.kr/Plus/active_updownload/WebhardUpDownManager.cab
DPF: HKLM-x32 {C634DAF9-AC32-475C-9D66-81B7210E8EE4} hxxp://global.wedisk.co.kr/app/WeDiskUpdate.cab
DPF: HKLM-x32 {D0659405-AD2E-4195-B67E-8B3AC42D763E} hxxps://qbo.intuit.com/c30/v79.283/qboax11.cab
DPF: HKLM-x32 {F939FEB8-9518-4A4A-BE60-D10FFB9557F2} hxxp://update.nprotect.net/netizenv55/bank/kiup/81/npenkIEInstall5.cab
Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll [2012-11-26] (Intuit, Inc.)
Handler-x32: leaf - {3c4a8a13-029e-430d-b8c1-46e834d20b31} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_45\bin\new_plugin\npjp2.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-08] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\new_plugin\npjp2.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @softforum.com/npKeyPro -> C:\Windows\system32\npKeyPro.dll [No File]
FF Plugin-x32: @softforum.com/npxwebplugins -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll [2014-03-06] (SoftForum Co., Ltd.)
FF Plugin-x32: @softforum.com/npxwebplugins_file -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll [2014-03-06] (SoftForum Co., Ltd.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: itholic.co.kr/AAPlus4WebPlugin -> C:\Program Files (x86)\ITHolic\AAPlus4WebPlugin\npAAPlus4WebPlugin.dll [2013-10-25] (IT Holic Co., Ltd.)
FF Plugin HKU\S-1-5-21-2810796647-1154407487-236208718-1000: @softforum.com/npxwebplugins -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll [2014-03-06] (SoftForum Co., Ltd.)
FF Plugin HKU\S-1-5-21-2810796647-1154407487-236208718-1000: @softforum.com/npxwebplugins_file -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll [2014-03-06] (SoftForum Co., Ltd.)
FF Plugin HKU\S-1-5-21-2810796647-1154407487-236208718-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\ChrisPark\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2810796647-1154407487-236208718-1000: @talk.google.com/O1DPlugin -> C:\Users\ChrisPark\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2810796647-1154407487-236208718-1000: @tools.google.com/Google Update;version=3 -> C:\Users\ChrisPark\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-2810796647-1154407487-236208718-1000: @tools.google.com/Google Update;version=9 -> C:\Users\ChrisPark\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-2810796647-1154407487-236208718-1000: itholic.co.kr/AAPlus4WebPlugin -> C:\Program Files (x86)\ITHolic\AAPlus4WebPlugin\npAAPlus4WebPlugin.dll [2013-10-25] (IT Holic Co., Ltd.)
FF Plugin HKU\S-1-5-21-2810796647-1154407487-236208718-1003: @softforum.com/npxwebplugins -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll [2014-03-06] (SoftForum Co., Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Users\ChrisPark\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\ChrisPark\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-08-06] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.yahoo.com/
CHR DefaultSearchURL: Default -> hxxps://www.google.com/search?q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxps://www.google.com/complete/search?client=chrome&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => No File
CHR Profile: C:\Users\ChrisPark\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Website Logon) - C:\Users\ChrisPark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe [2015-05-09]
CHR Extension: (YouTube) - C:\Users\ChrisPark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]
CHR Extension: (Google Search) - C:\Users\ChrisPark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Tampermonkey) - C:\Users\ChrisPark\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-04-29]
CHR Extension: (Google Docs Offline) - C:\Users\ChrisPark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-22]
CHR Extension: (Avast Online Security) - C:\Users\ChrisPark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-29]
CHR Extension: (Gmail) - C:\Users\ChrisPark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03]
CHR Extension: (Get-a-Clip Shopping Assistant) - C:\Program Files (x86)\Get-a-Clip\Plugins\CH1 [2016-03-30]
CHR Profile: C:\Users\ChrisPark\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\ChrisPark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-13]
CHR Extension: (Website Logon) - C:\Users\ChrisPark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aepeildmfnnehghlknddebgjghlompfe [2016-04-13]
CHR Extension: (Google Docs) - C:\Users\ChrisPark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-13]
CHR Extension: (Google Drive) - C:\Users\ChrisPark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-13]
CHR Extension: (YouTube) - C:\Users\ChrisPark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-13]
CHR Extension: (Adobe Acrobat) - C:\Users\ChrisPark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-04-13]
CHR Extension: (Avast SafePrice) - C:\Users\ChrisPark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-04-13]
CHR Extension: (Google Sheets) - C:\Users\ChrisPark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-13]
CHR Extension: (Google Docs Offline) - C:\Users\ChrisPark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-13]
CHR Extension: (Avast Online Security) - C:\Users\ChrisPark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-13]
CHR Extension: (Skype) - C:\Users\ChrisPark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-04-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ChrisPark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-13]
CHR Extension: (Gmail) - C:\Users\ChrisPark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-13]
CHR HKLM-x32\...\Chrome\Extension: [aepeildmfnnehghlknddebgjghlompfe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-02-11]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-06-29]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-09]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 apmwinsrv; C:\Program Files (x86)\Paragon Software\HFS+ for Windows  9.0\apmwinsrv.exe [67376 2012-04-04] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-09] (Avast Software s.r.o.)
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [901184 2011-01-24] (Intel Corporation) [File not signed]
S3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2011-01-24] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [991296 2011-01-24] (Intel Corporation) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-03-12] (Macrovision Europe Ltd.) [File not signed]
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-04] (Realsil Microelectronics Inc.) [File not signed]
R2 MFLService2; C:\Program Files (x86)\Get-a-Clip\MFLService2.exe [1983640 2016-03-30] () [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-02-04] ()
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2012-11-26] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-11-26] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-11-26] (Intuit Inc.) [File not signed]
R3 QuickBooksDB23; C:\Program Files (x86)\Intuit\QuickBooks 2013\QBDBMgrN.exe [679936 2012-11-26] (Intuit, Inc.) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc.)
R0 apmwin; C:\Windows\System32\DRIVERS\apmwin.sys [51504 2012-04-04] (Paragon Software Group)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-09] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-09] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-09] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-26] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-09] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-09] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 Fwleaf; C:\Windows\System32\DRIVERS\fwleaf.sys [27872 2013-02-04] (NETGEAR)
R0 gpt_loader; C:\Windows\System32\DRIVERS\gpt_loader.sys [61232 2012-04-04] (Paragon Software Group)
S3 HabuFltr; C:\Windows\System32\drivers\habu.sys [28800 2006-08-14] (Razer (Asia-Pacific) Pte Ltd)
S3 Hfsplus; C:\Windows\System32\DRIVERS\hfsplus.sys [201008 2012-04-04] (Paragon Software Group)
R2 HfsplusRec; C:\Windows\System32\DRIVERS\hfsplusrec.sys [16176 2012-04-04] (Paragon Software Group)
S3 kcrtx64; C:\Windows\system32\kcrtx64.sys [141848 2015-02-19] (Kings Information & Network)
R3 leafnets; C:\Windows\System32\DRIVERS\leafnets.sys [29696 2013-02-04] (Leaf Networks)
R0 mounthlp; C:\Windows\System32\DRIVERS\mounthlp.sys [46384 2012-04-04] (Paragon Software Group)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-08-21] (Marvell Semiconductor, Inc.)
S3 NPFW; C:\Windows\system32\NPFWVT64.sys [154312 2014-04-02] (INCA Internet Co.,Ltd.)
S3 NPFW; C:\Windows\SysWOW64\NPFWVT64.sys [154312 2014-04-02] (INCA Internet Co.,Ltd.)
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 JRSKD24; \??\C:\Windows\system32\JRSKD24.SYS [X]
S3 WPRO_41_1742; system32\drivers\WPRO_41_1742.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-04 11:12 - 2016-05-04 11:13 - 00000000 ____D C:\FRST
2016-05-02 17:21 - 2016-05-02 17:25 - 00000000 ____D C:\Users\ChrisPark\Desktop\Lotte Sales contract
2016-05-02 14:37 - 2016-05-02 14:37 - 00101523 _____ C:\Windows\SysWOW64\cmd.zip
2016-05-02 10:06 - 2016-05-02 17:08 - 00000000 ____D C:\Users\ChrisPark\Desktop\SummitHill Catalog
2016-04-29 14:16 - 2016-05-02 10:28 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-04-28 16:44 - 2016-04-28 16:50 - 00000000 ____D C:\Users\ChrisPark\Desktop\Lotte Contract
2016-04-28 15:46 - 2016-04-28 15:46 - 00364393 _____ C:\Users\ChrisPark\Documents\StmtofAbandonment.pdf
2016-04-28 12:07 - 2016-04-28 12:07 - 01781764 _____ C:\Users\ChrisPark\Desktop\TransactionBook.pdf
2016-04-28 11:53 - 2016-04-28 12:05 - 00941905 _____ C:\Users\ChrisPark\Desktop\TransactionBook.xlsx
2016-04-27 18:12 - 2016-04-27 18:12 - 00981406 _____ C:\Users\ChrisPark\Desktop\Book.xlsx
2016-04-27 15:52 - 2016-04-27 15:53 - 00000000 ____D C:\Users\ChrisPark\Desktop\Report
2016-04-27 15:19 - 2016-04-27 15:20 - 00045216 _____ C:\Users\ChrisPark\Desktop\203.pdf
2016-04-27 12:13 - 2016-04-28 12:03 - 00589824 ____R C:\Users\ChrisPark\Desktop\CYR INTERNATIONAL, INC. 20130516.QBW.TLG
2016-04-27 12:12 - 2016-04-28 12:03 - 00000407 _____ C:\Users\ChrisPark\Desktop\CYR INTERNATIONAL, INC. 20130516.QBW.ND
2016-04-27 12:12 - 2016-04-27 15:43 - 00000389 _____ C:\Users\ChrisPark\Desktop\CYR INTERNATIONAL, INC. 20130516.QBW.DSN
2016-04-18 12:20 - 2016-04-18 12:20 - 02466986 _____ C:\Users\ChrisPark\Desktop\Roasted_Garlic.pdf
2016-04-18 12:18 - 2016-04-18 12:18 - 02578851 _____ C:\Users\ChrisPark\Desktop\Original_Tomato.pdf
2016-04-18 12:12 - 2016-04-18 12:12 - 00451685 _____ C:\Users\ChrisPark\Desktop\Tomato_Original.pdf
2016-04-12 14:32 - 2016-04-12 14:32 - 00569714 _____ C:\Users\ChrisPark\Desktop\lsat_blog_s_premium_logic_games,_logical_reasoning,_and_reading_comprehension_cheat_sheets.pdf
2016-04-06 15:32 - 2016-04-06 15:26 - 00251930 _____ C:\Users\ChrisPark\Desktop\Formal_Offer_OH_General.pdf
2016-04-04 16:54 - 2016-04-04 17:30 - 00019891 _____ C:\Users\ChrisPark\Desktop\outsourcing list.xlsx
2016-04-04 12:27 - 2016-04-08 14:17 - 00000000 ____D C:\Users\ChrisPark\Desktop\Product Profile
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-04 11:13 - 2013-03-07 12:58 - 00000000 ____D C:\Users\ChrisPark
2016-05-04 11:13 - 2009-07-13 21:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-04 11:13 - 2009-07-13 21:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-04 10:57 - 2013-10-19 13:19 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2810796647-1154407487-236208718-1000UA.job
2016-05-04 10:38 - 2013-05-03 09:35 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-04 10:34 - 2015-04-19 02:34 - 00000911 _____ C:\Windows\Tasks\EPSON WF-2650 Series Update {D87017D6-59AB-4486-8039-8A21A153A762}.job
2016-05-04 10:28 - 2013-03-13 16:02 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-04 10:28 - 2013-03-13 16:02 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-04 10:28 - 2013-03-07 12:59 - 00000000 ____D C:\Users\ChrisPark\AppData\LocalLow\AuthenTec
2016-05-03 15:57 - 2013-10-19 13:19 - 00000872 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2810796647-1154407487-236208718-1000Core.job
2016-05-03 15:34 - 2013-03-07 13:01 - 00003958 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F9DB1A97-A38E-4EEC-AF0E-EDFE15506E89}
2016-05-03 10:39 - 2015-05-09 08:26 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-05-02 14:49 - 2016-03-30 15:06 - 00000040 ___SH C:\ProgramData\.zreglib
2016-05-02 14:48 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-02 14:38 - 2014-04-09 09:45 - 00546304 ___SH C:\Users\ChrisPark\Thumbs.db
2016-05-02 11:19 - 2013-09-17 14:33 - 05853696 ___SH C:\Users\ChrisPark\Desktop\Thumbs.db
2016-05-02 10:34 - 2009-07-13 22:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-02 10:34 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-05-02 10:26 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-05-02 10:24 - 2016-03-30 14:45 - 00000000 ____D C:\Users\ChrisPark\Desktop\SetupImgBurn_2.5.8.0
2016-05-02 10:13 - 2014-05-16 11:08 - 00000000 ____D C:\Users\ChrisPark\AppData\Roaming\HpUpdate
2016-05-02 09:25 - 2015-05-08 22:44 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-02 09:23 - 2015-05-08 22:43 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-02 09:23 - 2015-05-08 22:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-02 09:23 - 2015-05-08 22:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-29 14:40 - 2015-07-15 15:48 - 00000000 ____D C:\Users\ChrisPark\Tor Browser
2016-04-29 14:13 - 2016-03-30 14:51 - 00000000 ____D C:\Program Files (x86)\System Optimizer Pro
2016-04-28 12:03 - 2014-09-18 07:26 - 69869568 ____R C:\Users\ChrisPark\Desktop\CYR INTERNATIONAL, INC. 20130516.QBW
2016-04-28 11:53 - 2015-10-29 09:46 - 00000000 ____D C:\Users\ChrisPark\Desktop\CYR1
2016-04-28 11:14 - 2014-09-18 07:30 - 00000000 ____D C:\Users\ChrisPark\Desktop\QuickBooksAutoDataRecovery
2016-04-21 15:05 - 2010-11-20 20:27 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-20 12:57 - 2016-01-29 17:56 - 00834741 _____ C:\Users\ChrisPark\Desktop\Pacific_Arena_Naturals_Presentation.pdf
2016-04-08 14:17 - 2016-03-03 18:14 - 00015636 _____ C:\Users\ChrisPark\Desktop\cream_cheese_offer_table.xlsx
2016-04-08 13:41 - 2016-03-28 12:43 - 00000000 ____D C:\Users\ChrisPark\Desktop\Cream Cheese
2016-04-07 16:19 - 2016-03-30 11:13 - 00536307 _____ C:\Users\ChrisPark\Desktop\f4868.pdf
2016-04-07 13:38 - 2013-05-03 09:35 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-07 13:38 - 2013-05-03 09:35 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-07 13:38 - 2013-05-03 09:35 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-06 17:48 - 2016-01-18 11:27 - 00067162 _____ C:\Users\ChrisPark\Desktop\Product Profile Chart .xlsx
2016-04-04 16:42 - 2016-03-28 14:42 - 00000000 ____D C:\Users\ChrisPark\Desktop\Core Bev
2016-04-04 16:01 - 2016-03-31 13:23 - 00000000 ____D C:\Users\ChrisPark\AppData\Roaming\ImgBurn
 
==================== Files in the root of some directories =======
 
2015-05-07 19:24 - 2015-05-20 20:14 - 0000020 _____ () C:\Users\ChrisPark\AppData\Roaming\appdataFr3.bin
2015-04-02 18:45 - 2015-04-02 18:48 - 0000054 _____ () C:\Users\ChrisPark\AppData\Roaming\GodexStandardPageForm.XML
2013-12-20 15:59 - 2013-12-20 15:59 - 0021906 _____ () C:\Users\ChrisPark\AppData\Roaming\UserTile.png
2013-03-13 07:27 - 2013-03-13 09:42 - 0006539 _____ () C:\Users\ChrisPark\AppData\Local\dc307c7f-645c-49df-a2eb-15e4cf00e128.crx
2016-03-30 15:06 - 2016-05-02 14:49 - 0000040 ___SH () C:\ProgramData\.zreglib
2014-10-08 11:58 - 2014-10-08 11:58 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-02-26 09:54 - 2015-04-15 22:51 - 0000635 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-04-12 07:54 - 2013-04-29 07:23 - 0000260 _____ () C:\ProgramData\NCleanerInstAgentLog.log
2013-04-12 07:54 - 2013-04-29 07:23 - 0000260 _____ () C:\ProgramData\NVCInstAgentLog.log
 
Files to move or delete:
====================
C:\Users\ChrisPark\avast_free_antivirus_setup_online_cnet.exe
C:\Users\ChrisPark\Godex_7.3.6_M-0.exe
C:\Users\ChrisPark\iTunes6464Setup.exe
C:\Users\ChrisPark\mbam-setup-2.1.6.1022.exe
C:\Users\ChrisPark\spybot-2.4.exe
 
 
Some files in TEMP:
====================
C:\Users\ChrisPark\AppData\Local\Temp\1f0fb7c2d13cc0c07ff2ca40747bc03e_360tray.exe
C:\Users\ChrisPark\AppData\Local\Temp\5aghfjq1.dll
C:\Users\ChrisPark\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzanhav.dll
C:\Users\ChrisPark\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\ChrisPark\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\ChrisPark\AppData\Local\Temp\hmetnlhg.dll
C:\Users\ChrisPark\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\ChrisPark\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\ChrisPark\AppData\Local\Temp\ql-tusjl.dll
C:\Users\ChrisPark\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\ChrisPark\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\ChrisPark\AppData\Local\Temp\uninstall.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-30 04:30
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 04 May 2016 - 02:50 PM

Hello dhllim3 and Welcome to the BleepingComputer. :welcome:

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If you haven't answered within 5 days, I am assuming that you don't need help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all malware. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator the computer. How is open as administrator the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here

Thanks
 
Please do the following.

 

Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.

How is now ? Any pop-up issue still ?

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 dhllim3

dhllim3
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 05 May 2016 - 01:13 PM

Here is the report after running Zemana.

 

Zemana AntiMalware 2.20.2.613 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/5/5
Operating System       : Windows 7 64-bit
Processor              : 4X Intel® Core™ i5-2410M CPU @ 2.30GHz
BIOS Mode              : Legacy
CUID                   : 0071C45C42AA52426C3CA2
Scan Type              : Smart Scan
Duration               : 8m 38s
Scanned Objects        : 22697
Detected Objects       : 12
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : ON
Detect All Extensions  : OFF
Scan Documents         : OFF
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
Internet Explorer Search
Status             : Scanned
Object             : Ask.com - http://search.ask.com
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Internet Explorer Search
 
Internet Explorer Search
Status             : Scanned
Object             : Ask.com - http://search.ask.com
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Internet Explorer Search
 
Get-a-Clip Shopping Assistant
Status             : Scanned
Object             : %programfiles%\get-a-clip\plugins\ch1
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA.ChromeExt!Gr
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Get-a-Clip Shopping Assistant
 
Itibiti.exe
Status             : Scanned
Object             : %programfiles%\itibiti soft phone\itibiti.exe
MD5                : D6A7ACCD374B979AA8F29F9898ADD669
Publisher          : -
Size               : 7342080
Version            : 2.0.1747.0
Detection          : Adware:Win32/Itibiti!Rg
Cleaning Action    : Quarantine
Related Objects    :
                File - %programfiles%\itibiti soft phone\itibiti.exe
                Reference - C:\Users\ChrisPark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\KNCTR.lnk
 
MFLService2.exe
Status             : Scanned
Object             : %programfiles%\get-a-clip\mflservice2.exe
MD5                : FEC564DE36B3BEAEE20F9EB57B3A6C90
Publisher          : Get a Clip
Size               : 1983640
Version            : -
Detection          : PUA:Win32/Quarand!Kece
Cleaning Action    : Quarantine
Related Objects    :
                File - %programfiles%\get-a-clip\mflservice2.exe
                Process - 3784 - C:\Program Files (x86)\Get-a-Clip\MFLService2.exe
                Registry Entry - HKLM\System\CurrentControlSet\Services\MFLService2\ImagePath = "C:\Program Files (x86)\Get-a-Clip\MFLService2.exe"
 
setup.exe
Status             : Scanned
Object             : %userprofile%\pictures\downloads\setup.exe
MD5                : 84DC01A504BB319A2D4860B1019AEC80
Publisher          : Network Downloads
Size               : 122696
Version            : -
Detection          : Malware:Win32/Zelion!Eaea
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\pictures\downloads\setup.exe
 
ImageEditorSetup.exe
Status             : Scanned
Object             : %userprofile%\pictures\downloads\imageeditorsetup.exe
MD5                : 49A2A33170305D4EE647879FAE19610E
Publisher          : Fried Cookie Ltd
Size               : 670312
Version            : 0.0.0.0
Detection          : Adware:Win32/FriedCookie!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\pictures\downloads\imageeditorsetup.exe
 
Installation.exe
Status             : Scanned
Object             : %userprofile%\pictures\downloads\installation.exe
MD5                : DA855B3E009CA75666DD6A80DA85A283
Publisher          : BEST APP
Size               : 583560
Version            : 1.65.40.0
Detection          : Adware:Win32/BulkHeur.f6cfff!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\pictures\downloads\installation.exe
 
Player-Chrome.exe
Status             : Scanned
Object             : %userprofile%\pictures\downloads\player-chrome.exe
MD5                : 1273BDE8E4727C28B32B8E0FADADE505
Publisher          : FUSION INSTALLER
Size               : 227112
Version            : 3.7.1.0
Detection          : Adware:Win32/BulkHeur2.b5efcd!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\pictures\downloads\player-chrome.exe
 
Player-Chrome (2).exe
Status             : Scanned
Object             : %userprofile%\pictures\downloads\player-chrome (2).exe
MD5                : C7200B78E9BA8F3AC393E01326FC8AA5
Publisher          : FUSION INSTALLER
Size               : 227112
Version            : 3.7.1.0
Detection          : Adware:Win32/BulkHeur2.b5efcd!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\pictures\downloads\player-chrome (2).exe
 
Player-Chrome (1).exe
Status             : Scanned
Object             : %userprofile%\pictures\downloads\player-chrome (1).exe
MD5                : C7200B78E9BA8F3AC393E01326FC8AA5
Publisher          : FUSION INSTALLER
Size               : 227112
Version            : 3.7.1.0
Detection          : Adware:Win32/BulkHeur2.b5efcd!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\pictures\downloads\player-chrome (1).exe
 
OffercastInstaller_AVR_U-0087-01-PlateauLines-0805-01-en_.exe
Status             : Scanned
Object             : %userprofile%\pictures\downloads\offercastinstaller_avr_u-0087-01-plateaulines-0805-01-en_.exe
MD5                : 302DD0119A39F3E726721BC6D82E29A4
Publisher          : Ask.com
Size               : 1035696
Version            : 2.8.1.0
Detection          : Adware:Win32/AskBrowserHijack!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\pictures\downloads\offercastinstaller_avr_u-0087-01-plateaulines-0805-01-en_.exe
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 12
Reported as safe      : 0
Failed                : 0


#4 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 05 May 2016 - 01:38 PM

How is now ? Any pop-up issue still ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users