Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus on Windows Vista: Stuck on Classic Theme, No Sound, No Internet Connection


  • This topic is locked This topic is locked
26 replies to this topic

#1 YommaSan

YommaSan

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 19 February 2014 - 05:35 PM

Hi, so a few days ago, I using my laptop until the battery ran out. After I turned it back on, I noticed that the theme was changed to Windows Classic. I also noticed that my laptop would not connect to the internet at all (wired/wireless). After doing a little bit of research, I found out that this might have been caused by malware/a rootkit/TDSS. I did use the TDSSKiller, thinking that I was going to disable it, but even if I found the threats, it didn't show any change. *Note* I did delete the infected drivers, and now that I read some the instructions of what to do, I probably should have just posted a log here. I did do a scan again, and the TDSSKiller found no threats. I tried to use some other malware anti-virus (Malware Bytes), but it would not let me. For now, I'm not going to even touch the computer until I get some help. Here is my DDS Log. Please respond ASAP. 
 
DDS Log:
 
DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.19088  BrowserJavaVersion: 10.9.2
Run by Aaron Yom at 17:06:04 on 2014-02-19
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\Notepad.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn7\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn7\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahooo Search Protection: {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - 
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn7\yt.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - 
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {55F0958D-C5ED-49E6-8769-E238D4429F57} - hxxp://patch.clubnara.com/cinstall/ClubnaraCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 68.105.28.11 68.105.29.11
TCP: Interfaces\{3D727DAE-E9C3-493F-B8FE-222CE5289741} : DHCPNameServer = 68.105.28.11 68.105.29.11
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - 
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.107\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\aaron yom\appdata\roaming\mozilla\firefox\profiles\6rjp8t3h.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - 
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\aaron yom\appdata\roaming\mozilla\firefox\profiles\6rjp8t3h.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\17.1.3\npsitesafety.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\aaron yom\appdata\local\yahoo!\browserplus\2.9.2\plugins\npybrowserplus_2.9.2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2010-07-24 03:04; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2014-02-19 19:43:16 -------- d-----w- C:\TDSSKiller_Quarantine
2014-02-19 04:25:37 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-02-19 04:22:07 -------- d-----w- c:\users\aaron yom\appdata\roaming\Malwarebytes
2014-02-19 04:22:07 -------- d-----w- c:\programdata\Malwarebytes
2014-02-16 00:36:02 -------- d-----w- c:\windows\pss
2014-02-14 23:05:52 7760024 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{524ec110-e381-484f-9024-6fdf6ed17134}\mpengine.dll
2014-02-05 21:47:08 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
.
==================== Find3M  ====================
.
2014-02-05 00:24:31 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 00:24:31 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-11-22 00:49:58 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
.
============= FINISH: 17:07:29.81 ===============

Edited by Blade, 19 February 2014 - 09:16 PM.


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:15 PM

Posted 20 February 2014 - 08:44 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

You´ve removed files with TDSS-Killer.

Once complete, a log was produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 YommaSan

YommaSan
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 21 February 2014 - 06:47 PM

Thank you Marius. I am sorry for the late reply. I have been attempting to post/attach the TDSSKiller log, but it's just too big. It's 782KB, and consists of 246 pages of code. Is there any way I can send it via email or something like that?



#4 YommaSan

YommaSan
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 23 February 2014 - 03:24 PM

I'm still here.... If you're wondering



#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:15 PM

Posted 24 February 2014 - 05:16 AM

Zip the file and attach it to your next reply using the "More Reply Options" button at the bottom right


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 YommaSan

YommaSan
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 24 February 2014 - 07:12 PM

Here is the TDSS Log. I appreciate the help Marius. 

Attached Files


Edited by YommaSan, 24 February 2014 - 07:13 PM.


#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:15 PM

Posted 25 February 2014 - 05:38 AM

You´ve deleted several harmless files with TDSS-Killer...

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 YommaSan

YommaSan
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 25 February 2014 - 03:47 PM

Here is the FRST text file log.

 

FRST Log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-02-2014 01

Ran by Aaron Yom (administrator) on AARONYOM-PC on 25-02-2014 15:41:56
Running from C:\Users\Aaron Yom\Desktop
Windows Vista ™ Home Basic Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(TOSHIBA) C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-234329832-1625283619-1638487238-1000\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\S-1-5-21-234329832-1625283619-1638487238-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-234329832-1625283619-1638487238-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-234329832-1625283619-1638487238-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-234329832-1625283619-1638487238-1000\...\MountPoints2: {57c7d630-23cc-11de-92a8-001e33a93679} - F:\LaunchU3.exe -a
GroupPolicyUsers\S-1-5-21-234329832-1625283619-1638487238-1002\User: Group Policy restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - {2381E4B7-5C04-459E-9D46-2F9AC1608B66} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp
SearchScopes: HKCU - DefaultScope {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=utf8kb_oem_dg
SearchScopes: HKCU - {2381E4B7-5C04-459E-9D46-2F9AC1608B66} URL = 
SearchScopes: HKCU - {5C072A34-D129-32BD-D2E0-69B2EBD20454} URL = http://www.bing.com/search?q={searchTerms}&pc=Z013&form=ZGAIDF
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Yahooo Search Protection - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\17.3.1.204\AVG SafeGuard toolbar_toolbar.dll No File
BHO: No Name - {9D425283-D487-4337-BAB6-AB8354A81457} -  No File
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - No Name - {9D425283-D487-4337-BAB6-AB8354A81457} -  No File
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\17.3.1.204\AVG SafeGuard toolbar_toolbar.dll No File
Toolbar: HKCU - No Name - {9D425283-D487-4337-BAB6-AB8354A81457} -  No File
Toolbar: HKCU - No Name - {B580CF65-E151-49C3-B73F-70B13FCA8E86} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {55F0958D-C5ED-49E6-8769-E238D4429F57} http://patch.clubnara.com/cinstall/ClubnaraCtrl.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11
 
FireFox:
========
FF ProfilePath: C:\Users\Aaron Yom\AppData\Roaming\Mozilla\Firefox\Profiles\6rjp8t3h.default
FF user.js: detected! => C:\Users\Aaron Yom\AppData\Roaming\Mozilla\Firefox\Profiles\6rjp8t3h.default\user.js
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: user_pref("keyword.URL", "");
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=12.0.1.666 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.666 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.666 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.666 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.666 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.2 - C:\Users\Aaron Yom\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Users\Aaron Yom\AppData\Roaming\Mozilla\Firefox\Profiles\6rjp8t3h.default\searchplugins\bing-zugo.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Aaron Yom\AppData\Roaming\Mozilla\Firefox\Profiles\6rjp8t3h.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-03-05]
FF Extension: Yahoo! Toolbar - C:\Users\Aaron Yom\AppData\Roaming\Mozilla\Firefox\Profiles\6rjp8t3h.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-08-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [dealscout@deal-scout.net] - C:\Program Files\DealScout\FireFox
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-09-20]
FF HKLM\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files\PasswordBox\Firefox [2013-11-21]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 [2014-02-05]
 
Chrome: 
=======
CHR HomePage: 
CHR RestoreOnStartup: "translate_accepted_count": {
      "de": 2,
      "ja"
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Aaron Yom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-11-28]
CHR Extension: (Google Wallet) - C:\Users\Aaron Yom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-09-20]
 
========================== Services (Whitelisted) =================
 
S4 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [521600 2011-06-09] (SEIKO EPSON CORPORATION)
S4 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [164600 2008-05-28] (WildTangent, Inc.)
S4 MsMpSvc; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [17904 2010-03-25] (Microsoft Corporation)
S4 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [46392 2008-08-04] (TOSHIBA Corporation)
S4 vToolbarUpdater17.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544 2014-01-10] (AVG Secure Search)
S2 WebPlayer9; C:\WebPlayer9\WebPlayer9\WP9Service.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-11-21] (AVG Technologies)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-02-19] (Malwarebytes Corporation)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [151216 2010-03-25] (Microsoft Corporation)
S3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [42368 2010-03-25] (Microsoft Corporation)
S3 pendfu; C:\Windows\System32\Drivers\pendfu.sys [39008 2008-01-31] (Anoto AB)
S3 PTUMWBus; C:\Windows\System32\DRIVERS\PTUMWBus.sys [54416 2009-07-18] (DEVGURU Co., LTD.)
S3 PTUMWCSP; C:\Windows\System32\DRIVERS\PTUMWCSP.sys [160400 2009-07-18] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMWFLT; C:\Windows\System32\DRIVERS\PTUMWFLT.sys [12048 2009-07-18] (DEVGURU Co., LTD.)
S3 PTUMWMdm; C:\Windows\System32\DRIVERS\PTUMWMdm.sys [160400 2009-07-18] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMWNET; C:\Windows\System32\DRIVERS\PTUMWNET.sys [114192 2009-07-18] (DEVGURU Co., LTD.)
S3 PTUMWNSP; C:\Windows\System32\DRIVERS\PTUMWNSP.sys [160400 2009-07-18] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMWVsp; C:\Windows\System32\DRIVERS\PTUMWVsp.sys [160400 2009-07-18] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 IO_Memory; \??\C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-25 15:41 - 2014-02-25 15:42 - 00016225 _____ () C:\Users\Aaron Yom\Desktop\FRST.txt
2014-02-25 15:41 - 2014-02-25 15:41 - 00000000 ____D () C:\FRST
2014-02-25 15:41 - 2014-02-25 15:39 - 01144320 _____ (Farbar) C:\Users\Aaron Yom\Desktop\FRST.exe
2014-02-19 17:07 - 2014-02-19 17:07 - 00007441 _____ () C:\Users\Aaron Yom\Desktop\dds.txt
2014-02-19 17:07 - 2014-02-19 17:07 - 00006055 _____ () C:\Users\Aaron Yom\Desktop\attach.txt
2014-02-19 17:05 - 2014-02-19 17:02 - 00688992 ____R (Swearware) C:\Users\Aaron Yom\Desktop\dds.com
2014-02-19 16:54 - 2014-02-19 16:56 - 00004446 _____ () C:\Users\Aaron Yom\Desktop\Rkill.txt
2014-02-19 15:54 - 2014-02-19 15:54 - 00138680 _____ () C:\Windows\Minidump\Mini021914-01.dmp
2014-02-19 15:07 - 2014-02-19 15:07 - 00000000 ____D () C:\Users\Aaron Yom\Desktop\ClamWinPortable
2014-02-19 14:43 - 2014-02-19 14:56 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-02-18 23:25 - 2014-02-19 15:23 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-02-18 23:22 - 2014-02-18 23:22 - 00000000 ____D () C:\Users\Aaron Yom\AppData\Roaming\Malwarebytes
2014-02-18 23:22 - 2014-02-18 23:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-15 19:36 - 2014-02-15 19:36 - 00000000 ____D () C:\Windows\pss
2014-02-15 17:06 - 2014-02-15 17:06 - 00001149 _____ () C:\Users\Aaron Yom\Desktop\SPORE™.lnk
2014-02-11 18:27 - 2014-02-11 18:27 - 00574976 _____ () C:\Users\Aaron Yom\Downloads\chapter6_5rome_and_the_roots_of_western_civilization.ppt
2014-02-11 18:26 - 2014-02-11 18:26 - 01463808 _____ () C:\Users\Aaron Yom\Downloads\6_3_rome_republic_to_emperor_.ppt
2014-02-11 18:25 - 2014-02-11 18:25 - 00683520 _____ () C:\Users\Aaron Yom\Downloads\chapter6_2the_roman_empire_brings_change.ppt
2014-02-11 18:22 - 2014-02-11 18:22 - 00616960 _____ () C:\Users\Aaron Yom\Downloads\chapter6_1roman_republic.ppt
2014-02-11 18:21 - 2014-02-11 18:22 - 00294912 _____ () C:\Users\Aaron Yom\Downloads\chapter6_4the_decline_of_the_roman_empire.ppt
2014-02-05 16:47 - 2014-02-05 16:47 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
2014-02-04 18:55 - 2014-02-04 18:55 - 01338880 _____ () C:\Users\Aaron Yom\Downloads\6_5_rome_the_rise_of_christianity_.ppt
 
==================== One Month Modified Files and Folders =======
 
2014-02-25 15:42 - 2014-02-25 15:41 - 00016225 _____ () C:\Users\Aaron Yom\Desktop\FRST.txt
2014-02-25 15:41 - 2014-02-25 15:41 - 00000000 ____D () C:\FRST
2014-02-25 15:39 - 2014-02-25 15:41 - 01144320 _____ (Farbar) C:\Users\Aaron Yom\Desktop\FRST.exe
2014-02-25 15:35 - 2006-11-02 07:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-25 15:35 - 2006-11-02 07:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-19 17:07 - 2014-02-19 17:07 - 00007441 _____ () C:\Users\Aaron Yom\Desktop\dds.txt
2014-02-19 17:07 - 2014-02-19 17:07 - 00006055 _____ () C:\Users\Aaron Yom\Desktop\attach.txt
2014-02-19 17:02 - 2014-02-19 17:05 - 00688992 ____R (Swearware) C:\Users\Aaron Yom\Desktop\dds.com
2014-02-19 16:56 - 2014-02-19 16:54 - 00004446 _____ () C:\Users\Aaron Yom\Desktop\Rkill.txt
2014-02-19 16:17 - 2010-08-29 16:57 - 00001356 _____ () C:\Users\Aaron Yom\AppData\Local\d3d9caps.dat
2014-02-19 15:54 - 2014-02-19 15:54 - 00138680 _____ () C:\Windows\Minidump\Mini021914-01.dmp
2014-02-19 15:54 - 2012-02-14 22:18 - 187619064 _____ () C:\Windows\MEMORY.DMP
2014-02-19 15:54 - 2012-02-14 22:18 - 00000000 ____D () C:\Windows\Minidump
2014-02-19 15:23 - 2014-02-18 23:25 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-02-19 15:07 - 2014-02-19 15:07 - 00000000 ____D () C:\Users\Aaron Yom\Desktop\ClamWinPortable
2014-02-19 14:58 - 2013-11-21 19:50 - 00000000 ____D () C:\Program Files\PasswordBox
2014-02-19 14:56 - 2014-02-19 14:43 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-02-18 23:22 - 2014-02-18 23:22 - 00000000 ____D () C:\Users\Aaron Yom\AppData\Roaming\Malwarebytes
2014-02-18 23:22 - 2014-02-18 23:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-18 22:53 - 2009-03-06 10:51 - 01058450 _____ () C:\Windows\WindowsUpdate.log
2014-02-18 22:22 - 2008-01-20 22:02 - 00151784 _____ () C:\Windows\PFRO.log
2014-02-18 21:24 - 2012-11-11 19:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-18 21:01 - 2010-08-29 16:57 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-18 19:01 - 2010-08-29 16:57 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-18 17:40 - 2011-12-06 12:02 - 00000400 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{17709961-225C-42A2-A1DD-77AF241CC964}.job
2014-02-18 15:13 - 2006-11-02 05:33 - 00747142 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-15 19:36 - 2014-02-15 19:36 - 00000000 ____D () C:\Windows\pss
2014-02-15 17:06 - 2014-02-15 17:06 - 00001149 _____ () C:\Users\Aaron Yom\Desktop\SPORE™.lnk
2014-02-13 03:05 - 2013-08-22 02:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-13 03:02 - 2006-11-02 05:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-11 20:32 - 2006-11-02 07:49 - 00049318 _____ () C:\Windows\setupact.log
2014-02-11 18:27 - 2014-02-11 18:27 - 00574976 _____ () C:\Users\Aaron Yom\Downloads\chapter6_5rome_and_the_roots_of_western_civilization.ppt
2014-02-11 18:26 - 2014-02-11 18:26 - 01463808 _____ () C:\Users\Aaron Yom\Downloads\6_3_rome_republic_to_emperor_.ppt
2014-02-11 18:25 - 2014-02-11 18:25 - 00683520 _____ () C:\Users\Aaron Yom\Downloads\chapter6_2the_roman_empire_brings_change.ppt
2014-02-11 18:22 - 2014-02-11 18:22 - 00616960 _____ () C:\Users\Aaron Yom\Downloads\chapter6_1roman_republic.ppt
2014-02-11 18:22 - 2014-02-11 18:21 - 00294912 _____ () C:\Users\Aaron Yom\Downloads\chapter6_4the_decline_of_the_roman_empire.ppt
2014-02-05 17:07 - 2009-04-07 20:55 - 00000000 ____D () C:\Users\Aaron Yom\Documents\My Spore Creations
2014-02-05 17:05 - 2013-03-27 14:20 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-02-05 17:03 - 2011-05-15 01:52 - 00000000 ____D () C:\Program Files\QvodPlayer
2014-02-05 16:58 - 2013-03-27 14:18 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2014-02-05 16:56 - 2011-06-21 00:20 - 00000000 ____D () C:\Users\Aaron Yom\Documents\WORDsearch
2014-02-05 16:56 - 2011-06-21 00:20 - 00000000 ____D () C:\Users\Aaron Yom\AppData\Local\Bible Explorer 4
2014-02-05 16:56 - 2011-06-21 00:20 - 00000000 ____D () C:\ProgramData\WORDsearch
2014-02-05 16:51 - 2008-09-30 13:58 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-05 16:47 - 2014-02-05 16:47 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
2014-02-05 16:47 - 2013-07-07 02:02 - 00000000 ____D () C:\Windows\system32\cache
2014-02-04 19:24 - 2012-11-11 19:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-04 19:24 - 2011-07-06 18:00 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-04 19:01 - 2013-11-09 17:39 - 00001938 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-04 18:55 - 2014-02-04 18:55 - 01338880 _____ () C:\Users\Aaron Yom\Downloads\6_5_rome_the_rise_of_christianity_.ppt
 
Some content of TEMP:
====================
C:\Users\Aaron Yom\AppData\Local\Temp\BackupSetup.exe
C:\Users\Aaron Yom\AppData\Local\Temp\BingBarSetup-Partner.exe
C:\Users\Aaron Yom\AppData\Local\Temp\CDMenu.exe
C:\Users\Aaron Yom\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Aaron Yom\AppData\Local\Temp\ExPromo.exe
C:\Users\Aaron Yom\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Aaron Yom\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Aaron Yom\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\Aaron Yom\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Aaron Yom\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Aaron Yom\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Aaron Yom\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Aaron Yom\AppData\Local\Temp\lowproc.exe
C:\Users\Aaron Yom\AppData\Local\Temp\oi_{700553A6-BF3D-4315-9066-4DEC2CCC8BB9}.exe
C:\Users\Aaron Yom\AppData\Local\Temp\SCC.dll
C:\Users\Aaron Yom\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\Aaron Yom\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Aaron Yom\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Aaron Yom\AppData\Local\Temp\ytb.exe
C:\Users\Aaron Yom\AppData\Local\Temp\_isB02E.exe
C:\Users\Aaron Yom\AppData\Local\Temp\_isE83E.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-25 15:40
 
==================== End Of Log ============================

Edited by YommaSan, 25 February 2014 - 03:47 PM.


#9 YommaSan

YommaSan
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 25 February 2014 - 03:48 PM

And here is the Addition text log. 

 

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-02-2014 01
Ran by Aaron Yom at 2014-02-25 15:42:57
Running from C:\Users\Aaron Yom\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
 
==================== Installed Programs ======================
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.7.609 - Adobe Systems, Inc.)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Amazon Links (HKLM\...\{224821ED-CADA-4A8A-AC8D-3734CC0F0931}) (Version: 1.0 - TOSHIBA Corporation)
Apple Application Support (HKLM\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C23CD6DA-1958-43A5-ADD0-59396572E02E}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Bonjour (HKLM\...\{D03482C5-9AD8-496D-B388-692AE04C93AF}) (Version: 3.0.0.2 - Apple Inc.)
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.03 - TOSHIBA)
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
C-Pen 20 (HKLM\...\{ED10A1F7-C0D9-44F4-AA62-E6EACFE9188C}) (Version: 1.20.0000 - C Technologies, Anoto AB)
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)
Epson Connect (HKLM\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
EPSON NX430 Series Printer Uninstall (HKLM\...\EPSON NX430 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
GOM Player (HKLM\...\GOM Player) (Version: 2.1.49.5139 - Gretech Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 32.0.1700.107 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth (HKLM\...\{BE06114F-559D-11E0-B5A1-001D0926B1BF}) (Version: 6.0.2.2074 - Google)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{C73CA646-73B3-4AEF-A136-C37505745174}) (Version: 10.4.0.80 - Apple Inc.)
Java 7 Update 9 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 29 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.290 - Oracle)
Java™ 6 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160060}) (Version: 1.6.0.60 - Sun Microsystems, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Antimalware (Version: 2.1.6805.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Essentials) (Version: 1.0.2498.0 - Microsoft Corporation)
Microsoft Security Essentials (Version: 1.0.2498.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden
Mozilla Firefox 25.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 25.0.1 (x86 en-US)) (Version: 25.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 25.0.1 - Mozilla)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PANTECH USB Modem V2 (HKLM\...\{1C336D20-A089-4818-9C56-96AD81BF5A11}) (Version: 1.2.2793.719 - PANTECH CO.,LTD)
QuickBooks Financial Center (HKLM\...\{890EF3F8-742F-46BD-9E8E-084B3A1F4364}) (Version: 1.10.0000 - Intuit Inc.)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 12.0) (Version:  - RealNetworks)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5599 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Safari (HKLM\...\{EAFEF30E-3789-49C7-A6D9-77C12E005BAC}) (Version: 5.33.17.8 - Apple Inc.)
Skype™ 6.1 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.129 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SPORE™ (HKLM\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
Sticky-Notes (HKLM\...\{B4C89330-0416-4B4A-93C1-E577D208D803}) (Version: 1.110 -  )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.08 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}) (Version: 7.2.20 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.31.14 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.08 - )
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.2 - TOSHIBA Corporation)
Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 1.1.14 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version:  - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.04 - )
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.24 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.1.24 - TOSHIBA Corporation) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
WildTangent Games (HKLM\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.62 - WildTangent)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Anoto AB (CPen20) Input Pen  (09/28/2007 2.0.0.0) (HKLM\...\C9DD80933B241BFD10F90CDE6194E95F5BABB24B) (Version: 09/28/2007 2.0.0.0 - Anoto AB)
Windows Driver Package - Anoto AB (pendfu) Input Pen  (09/25/2007 1.0.1.1) (HKLM\...\B32F61FE6602E3817FE3DB7ED5C0DEECD506F2B8) (Version: 09/25/2007 1.0.1.1 - Anoto AB)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (Version: 9.00.3374 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Yahoo! BrowserPlus 2.9.2 (HKCU\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version:  - )
Yahoo! Search Protection (HKLM\...\Yahoo! Search Defender) (Version:  - )
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
 
==================== Restore Points  =========================
 
Could not list Restore Points. Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ==========================
 
2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1A88AD3E-C0FB-49F6-AD78-3A1CDB16F38D} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-234329832-1625283619-1638487238-1004 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-08-11] (RealNetworks, Inc.)
Task: {2162882A-7311-4F87-863C-892EAB3D5C1D} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-234329832-1625283619-1638487238-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-08-11] (RealNetworks, Inc.)
Task: {22307DD5-FD21-4B68-AF4B-E9837B8FF417} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-234329832-1625283619-1638487238-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-08-11] (RealNetworks, Inc.)
Task: {3872BDD2-BF73-4BD8-ABD1-64CBA1D937B0} - System32\Tasks\Microsoft\Windows\RestartManager\{CA9C4271-A0BE-438e-85A4-770002E934F8} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {487EAEB6-65A7-460D-894C-1654400CCE25} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {7C5A51E8-1AD7-48C6-8879-257A8A9609F5} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {8DC5DE0A-E7AF-4E65-9E61-C3EECF318156} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Aaron Yom => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {98C08FFE-9A59-44DC-9550-E0DA0CBD65B4} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-234329832-1625283619-1638487238-1004 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-08-11] (RealNetworks, Inc.)
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {C5001F2F-B971-4F1A-AF8F-80D014006A04} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-17] (Google Inc.)
Task: {D6BC0C7E-9CDE-4200-A979-548760712168} - System32\Tasks\SmartPCFix Task => C:\Program Files\SmartPCFix\SmartPCFix.exe <==== ATTENTION
Task: {DB87030A-DD1F-48C5-AC67-4A9E820D27D1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-04] (Adobe Systems Incorporated)
Task: {DF115399-1930-4C42-82AA-E7B40E8E0B8A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-17] (Google Inc.)
Task: {E4167175-0074-411E-B9C7-09CD9A46CD52} - System32\Tasks\RunAsStdUser Task => C:\Program Files\VooMuu\bin\1.0.34.0\VooMuuSA.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SmartPCFix Task.job => C:\Program Files\SmartPCFix\SmartPCFix.exe <==== ATTENTION
Task: C:\Windows\Tasks\User_Feed_Synchronization-{17709961-225C-42A2-A1DD-77AF241CC964}.job => C:\Windows\system32\msfeedssync.exe
 
==================== Loaded Modules (whitelisted) =============
 
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\36806097.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\88185303.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\36806097.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\88185303.sys => ""="Driver"
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AeLookupSvc => 2
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: aspnet_state => 3
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: Audiosrv => 2
MSCONFIG\Services: BFE => 2
MSCONFIG\Services: BITS => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Browser => 2
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: clr_optimization_v2.0.50727_32 => 3
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: ConfigFree Service => 2
MSCONFIG\Services: CryptSvc => 2
MSCONFIG\Services: DFSR => 3
MSCONFIG\Services: Dhcp => 2
MSCONFIG\Services: Dnscache => 2
MSCONFIG\Services: dot3svc => 3
MSCONFIG\Services: DPS => 2
MSCONFIG\Services: EapHost => 3
MSCONFIG\Services: EMDMgmt => 2
MSCONFIG\Services: EpsonBidirectionalService => 2
MSCONFIG\Services: EpsonCustomerParticipation => 2
MSCONFIG\Services: Eventlog => 2
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 2
MSCONFIG\Services: FontCache3.0.0.0 => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hidserv => 2
MSCONFIG\Services: hkmsvc => 3
MSCONFIG\Services: IAANTMON => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: IKEEXT => 2
MSCONFIG\Services: IPBusEnum => 3
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: KtmRm => 2
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: LanmanWorkstation => 2
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: lmhosts => 2
MSCONFIG\Services: MMCSS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: MSiSCSI => 3
MSCONFIG\Services: msiserver => 3
MSCONFIG\Services: MsMpSvc => 2
MSCONFIG\Services: napagent => 3
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: Netman => 3
MSCONFIG\Services: netprofm => 2
MSCONFIG\Services: NlaSvc => 2
MSCONFIG\Services: nsi => 2
MSCONFIG\Services: odserv => 3
MSCONFIG\Services: ose => 3
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PasswordBox => 2
MSCONFIG\Services: PcaSvc => 2
MSCONFIG\Services: pla => 3
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: PolicyAgent => 2
MSCONFIG\Services: ProtectedStorage => 3
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: RemoteRegistry => 3
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: seclogon => 2
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: SharedAccess => 3
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SLUINotify => 3
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: stisvc => 2
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: TabletInputService => 2
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TBS => 2
MSCONFIG\Services: TermService => 2
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: THREADORDER => 3
MSCONFIG\Services: TMachInfo => 2
MSCONFIG\Services: TNaviSrv => 2
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TosCoSrv => 2
MSCONFIG\Services: TOSHIBA SMART Log Service => 2
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: UleadBurningHelper => 2
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: UxSms => 2
MSCONFIG\Services: vds => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: vToolbarUpdater17.3.0 => 2
MSCONFIG\Services: W32Time => 2
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WcsPlugInService => 3
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WebClient => 2
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 2
MSCONFIG\Services: WinDefend => 2
MSCONFIG\Services: WinHttpAutoProxySvc => 3
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: Wlansvc => 2
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WPDBusEnum => 2
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\Services: wudfsvc => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^C-Pen 20.lnk => C:\Windows\pss\C-Pen 20.lnk.CommonStartup
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: cfFncEnabler.exe => cfFncEnabler.exe
MSCONFIG\startupreg: DW6 => "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
MSCONFIG\startupreg: EEventManager => "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: Epson Stylus NX430(Network) => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHBA.EXE /FU "C:\Users\AARONY~1\AppData\Local\Temp\E_SF896.tmp" /EF "HKCU"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MSSE => "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NDSTray.exe => NDSTray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: Search Protection => C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: Sticky-Notes => C:\Program Files\Sticky-Notes\stickynotes.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG SafeGuard toolbar\vprot.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: YSearchProtection => C:\Program Files\Yahoo!\Search Protection\YspService.exe
 
==================== Faulty Device Manager Devices =============
 
Could not list Devices. Check "winmgmt" service or repair WMI.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/18/2014 03:52:11 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422.
 
 
Operation:
   Instantiating VSS server
 
Error: (02/18/2014 03:52:11 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error:  The Volume Shadow Copy service (VSS) is disabled.  Please 
enable the service and try again.
 
 
Operation:
   Instantiating VSS server
 
Error: (02/18/2014 03:00:31 AM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\svchost.exe -k netsvcs; Descripton = Windows Update; Hr = 0x8000ffff).
 
Error: (02/18/2014 03:00:31 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422.
 
 
Operation:
   Instantiating VSS server
 
Error: (02/18/2014 03:00:31 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error:  The Volume Shadow Copy service (VSS) is disabled.  Please 
enable the service and try again.
 
 
Operation:
   Instantiating VSS server
 
Error: (02/17/2014 05:43:57 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422.
 
 
Operation:
   Instantiating VSS server
 
Error: (02/17/2014 05:43:57 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error:  The Volume Shadow Copy service (VSS) is disabled.  Please 
enable the service and try again.
 
 
Operation:
   Instantiating VSS server
 
Error: (02/17/2014 03:00:26 AM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\svchost.exe -k netsvcs; Descripton = Windows Update; Hr = 0x8000ffff).
 
Error: (02/17/2014 03:00:26 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422.
 
 
Operation:
   Instantiating VSS server
 
Error: (02/17/2014 03:00:25 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error:  The Volume Shadow Copy service (VSS) is disabled.  Please 
enable the service and try again.
 
 
Operation:
   Instantiating VSS server
 
 
System errors:
=============
Error: (02/25/2014 03:43:01 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:55:36 PM on 2/18/2014 was unexpected.
 
Error: (02/18/2014 03:13:22 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x80070643Microsoft .NET Framework 1.1 Service Pack 1{6F5DC828-0F05-4577-9A8A-74AB1CBE00A9}106
 
Error: (02/17/2014 04:58:38 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x80070643Microsoft .NET Framework 1.1 Service Pack 1{6F5DC828-0F05-4577-9A8A-74AB1CBE00A9}106
 
Error: (02/17/2014 04:57:37 PM) (Source: Service Control Manager) (User: )
Description: 30000Netman
 
Error: (02/16/2014 01:18:11 PM) (Source: Service Control Manager) (User: )
Description: 30000Wlansvc
 
Error: (02/16/2014 03:02:32 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x80070643Microsoft .NET Framework 1.1 Service Pack 1{6F5DC828-0F05-4577-9A8A-74AB1CBE00A9}106
 
Error: (02/15/2014 05:17:12 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer ANDREWYOM-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3D727DAE-E9C3-493F-B8FE-222CE.
The master browser is stopping or an election is being forced.
 
Error: (02/15/2014 05:06:33 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x80070643Microsoft .NET Framework 1.1 Service Pack 1{6F5DC828-0F05-4577-9A8A-74AB1CBE00A9}106
 
Error: (02/14/2014 05:49:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x80070643Microsoft .NET Framework 1.1 Service Pack 1{6F5DC828-0F05-4577-9A8A-74AB1CBE00A9}106
 
Error: (02/14/2014 05:48:01 PM) (Source: Service Control Manager) (User: )
Description: 30000Netman
 
 
Microsoft Office Sessions:
=========================
Error: (10/01/2010 05:25:41 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (04/30/2010 01:58:17 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 52 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (04/26/2010 06:25:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 12 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (04/26/2010 06:25:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 183 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error: (04/23/2010 02:04:30 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 61 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (04/04/2010 09:27:37 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (04/04/2010 09:26:58 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 17 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (11/17/2009 08:23:46 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 240748 seconds with 25800 seconds of active time.  This session ended with a crash.
 
Error: (07/13/2009 09:19:57 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 229777 seconds with 8700 seconds of active time.  This session ended with a crash.
 
Error: (06/11/2009 06:55:04 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 20451 seconds with 9900 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-02-25 15:42:28.783
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-25 15:42:28.658
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-25 15:42:28.549
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-25 15:42:28.424
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-25 15:42:28.315
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-25 15:42:28.190
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-25 15:42:28.034
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-25 15:42:27.909
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-02-14 22:20:06.156
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-02-14 22:20:06.031
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 25%
Total physical RAM: 1915.25 MB
Available physical RAM: 1424.27 MB
Total Pagefile: 4071.79 MB
Available Pagefile: 3740.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1919.16 MB
 
==================== Drives ================================
 
Drive c: (SQ004890V03) (Fixed) (Total:224.2 GB) (Free:145.84 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Feb 19 2014) (CDROM) (Total:0.69 GB) (Free:0.57 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: DA922A78)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:15 PM

Posted 26 February 2014 - 06:55 AM

Fix with FRST (normal mode)

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.

    GroupPolicyUsers\S-1-5-21-234329832-1625283619-1638487238-1002\User: Group Policy restriction detected <======= ATTENTION
    SearchScopes: HKCU - DefaultScope {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=utf8kb_oem_dg
    SearchScopes: HKCU - {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=utf8kb_oem_dg
    BHO: No Name - {9D425283-D487-4337-BAB6-AB8354A81457} -  No File
    Toolbar: HKLM - No Name - {9D425283-D487-4337-BAB6-AB8354A81457} -  No File
    Toolbar: HKCU - No Name - {9D425283-D487-4337-BAB6-AB8354A81457} -  No File
    Toolbar: HKCU - No Name - {B580CF65-E151-49C3-B73F-70B13FCA8E86} -  No File
    FF SearchPlugin: C:\Users\Aaron Yom\AppData\Roaming\Mozilla\Firefox\Profiles\6rjp8t3h.default\searchplugins\bing-zugo.xml
    FF HKLM\...\Firefox\Extensions: [dealscout@deal-scout.net] - C:\Program Files\DealScout\FireFox
    
    Task: {D6BC0C7E-9CDE-4200-A979-548760712168} - System32\Tasks\SmartPCFix Task => C:\Program Files\SmartPCFix\SmartPCFix.exe <==== ATTENTION
    Task: {E4167175-0074-411E-B9C7-09CD9A46CD52} - System32\Tasks\RunAsStdUser Task => C:\Program Files\VooMuu\bin\1.0.34.0\VooMuuSA.exe
    Task: C:\Windows\Tasks\SmartPCFix Task.job => C:\Program Files\SmartPCFix\SmartPCFix.exe <==== ATTENTION
    
    C:\Program Files\DealScout
    C:\Program Files\MyPC Backup
    C:\Program Files\QvodPlayer
    C:\Program Files\SmartPCFix
    C:\Program Files\VooMuu
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 YommaSan

YommaSan
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 26 February 2014 - 05:38 PM

Here is the Fixlog.txt. 

 

Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-02-2014 01
Ran by Aaron Yom at 2014-02-26 17:35:41 Run:1
Running from C:\Users\Aaron Yom\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
GroupPolicyUsers\S-1-5-21-234329832-1625283619-1638487238-1002\User: Group Policy restriction detected <======= ATTENTION
SearchScopes: HKCU - DefaultScope {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=utf8kb_oem_dg
BHO: No Name - {9D425283-D487-4337-BAB6-AB8354A81457} -  No File
Toolbar: HKLM - No Name - {9D425283-D487-4337-BAB6-AB8354A81457} -  No File
Toolbar: HKCU - No Name - {9D425283-D487-4337-BAB6-AB8354A81457} -  No File
Toolbar: HKCU - No Name - {B580CF65-E151-49C3-B73F-70B13FCA8E86} -  No File
FF SearchPlugin: C:\Users\Aaron Yom\AppData\Roaming\Mozilla\Firefox\Profiles\6rjp8t3h.default\searchplugins\bing-zugo.xml
FF HKLM\...\Firefox\Extensions: [dealscout@deal-scout.net] - C:\Program Files\DealScout\FireFox
 
Task: {D6BC0C7E-9CDE-4200-A979-548760712168} - System32\Tasks\SmartPCFix Task => C:\Program Files\SmartPCFix\SmartPCFix.exe <==== ATTENTION
Task: {E4167175-0074-411E-B9C7-09CD9A46CD52} - System32\Tasks\RunAsStdUser Task => C:\Program Files\VooMuu\bin\1.0.34.0\VooMuuSA.exe
Task: C:\Windows\Tasks\SmartPCFix Task.job => C:\Program Files\SmartPCFix\SmartPCFix.exe <==== ATTENTION
 
C:\Program Files\DealScout
C:\Program Files\MyPC Backup
C:\Program Files\QvodPlayer
C:\Program Files\SmartPCFix
C:\Program Files\VooMuu
*****************
 
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-234329832-1625283619-1638487238-1002\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457} => Key deleted successfully.
HKCR\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} => Value deleted successfully.
HKCR\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} => Value deleted successfully.
HKCR\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B580CF65-E151-49C3-B73F-70B13FCA8E86} => Value deleted successfully.
HKCR\CLSID\{B580CF65-E151-49C3-B73F-70B13FCA8E86} => Key not found.
C:\Users\Aaron Yom\AppData\Roaming\Mozilla\Firefox\Profiles\6rjp8t3h.default\searchplugins\bing-zugo.xml => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\dealscout@deal-scout.net => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D6BC0C7E-9CDE-4200-A979-548760712168} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6BC0C7E-9CDE-4200-A979-548760712168} => Key deleted successfully.
C:\Windows\System32\Tasks\SmartPCFix Task => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartPCFix Task => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4167175-0074-411E-B9C7-09CD9A46CD52} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4167175-0074-411E-B9C7-09CD9A46CD52} => Key deleted successfully.
C:\Windows\System32\Tasks\RunAsStdUser Task => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task => Key deleted successfully.
C:\Windows\Tasks\SmartPCFix Task.job => Moved successfully.
"C:\Program Files\DealScout" => File/Directory not found.
C:\Program Files\MyPC Backup => Moved successfully.
C:\Program Files\QvodPlayer => Moved successfully.
"C:\Program Files\SmartPCFix" => File/Directory not found.
"C:\Program Files\VooMuu" => File/Directory not found.
 
 
The system needs a manual reboot. 
 
==== End of Fixlog ====


#12 YommaSan

YommaSan
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 26 February 2014 - 05:52 PM

Also, it is still not allowing me to use MalwareBytes Anti-Malware. It keeps saying "MalwareBytes Anti-Malware has stopped working" whenever I try to start the scan.


Edited by YommaSan, 26 February 2014 - 06:00 PM.


#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:15 PM

Posted 28 February 2014 - 06:29 AM

Reboot.

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 YommaSan

YommaSan
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 28 February 2014 - 04:50 PM

Here is the ComboFix Log.
 
ComboFix 14-02-24.02 - Aaron Yom 02/28/2014  16:28:56.1.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6001.1.1252.1.1033.18.1915.1332 [GMT -5:00]
Running from: c:\users\Aaron Yom\Desktop\ComboFix.exe
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Aaron Yom\Desktop\Internet Explorer.lnk
c:\users\Aaron Yom\GoToAssistDownloadHelper.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\Cache
c:\windows\system32\Cache\05d04d51e4b7fda2.fb
c:\windows\system32\Cache\075884af680ff6dc.fb
c:\windows\system32\Cache\077e7625f7e1c839.fb
c:\windows\system32\Cache\227113dfa1ca894d.fb
c:\windows\system32\Cache\326f4fceaf854abf.fb
c:\windows\system32\Cache\49fbbc5a8678d502.fb
c:\windows\system32\Cache\5634b30fce997db8.fb
c:\windows\system32\Cache\5c54eb1a1655b076.fb
c:\windows\system32\Cache\613e8ce7ab7106af.fb
c:\windows\system32\Cache\629775f975bf845a.fb
c:\windows\system32\Cache\633a76311867bd11.fb
c:\windows\system32\Cache\691f14230153a9e1.fb
c:\windows\system32\Cache\6cb409d7ac73d9f1.fb
c:\windows\system32\Cache\7614bd6cfa99e546.fb
c:\windows\system32\Cache\77664b6ccc36be9f.fb
c:\windows\system32\Cache\84c1308ee90dfb30.fb
c:\windows\system32\Cache\881b3593316772f0.fb
c:\windows\system32\Cache\98657d0579ae1930.fb
c:\windows\system32\Cache\b299fb0331a88589.fb
c:\windows\system32\Cache\be5f33ef10ab715b.fb
c:\windows\system32\Cache\d4006255775df612.fb
c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\system32\Cache\d9ca663388d21ec0.fb
c:\windows\system32\Cache\f2cda51fd108941f.fb
c:\windows\system32\Cache\f34d8db84131d925.fb
c:\windows\system32\pt
c:\windows\system32\pt\toscdspd.cpl.mui
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-28 to 2014-02-28  )))))))))))))))))))))))))))))))
.
.
2014-02-28 21:38 . 2014-02-28 21:40 -------- d-----w- c:\users\Aaron Yom\AppData\Local\temp
2014-02-28 21:38 . 2014-02-28 21:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-28 21:38 . 2014-02-28 21:38 -------- d-----w- c:\users\ANDREW~1\AppData\Local\temp
2014-02-25 20:41 . 2014-02-26 22:54 -------- d-----w- C:\FRST
2014-02-19 19:43 . 2014-02-19 19:56 -------- d-----w- C:\TDSSKiller_Quarantine
2014-02-19 04:25 . 2014-02-26 22:52 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-02-19 04:22 . 2014-02-19 04:22 -------- d-----w- c:\users\Aaron Yom\AppData\Roaming\Malwarebytes
2014-02-19 04:22 . 2014-02-19 04:22 -------- d-----w- c:\programdata\Malwarebytes
2014-02-14 23:05 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{524EC110-E381-484F-9024-6FDF6ED17134}\mpengine.dll
2014-02-05 21:47 . 2014-02-05 21:47 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-05 00:24 . 2012-11-12 00:44 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-05 00:24 . 2011-07-06 23:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-19 07:32 . 2009-10-03 05:56 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-04 02:57 . 2010-07-24 03:51 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn7\yt.dll" [2013-08-07 1561880]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^C-Pen 20.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\C-Pen 20.lnk
backup=c:\windows\pss\C-Pen 20.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2008-05-09 19:49 716800 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2010-10-12 17:56 979328 ----a-w- c:\program files\Epson Software\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Epson Stylus NX430(Network)]
2011-01-20 18:01 212480 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIHBA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-06-25 23:05 170520 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-04-16 01:54 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-06-25 23:06 150040 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-07-19 22:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-09-15 08:34 1094224 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-06-25 23:06 145944 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-04-08 23:14 6037504 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-01-08 17:59 18705664 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2008-06-02 21:26 505720 ----a-w- c:\program files\Toshiba\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sticky-Notes]
2011-11-21 19:53 611328 ----a-w- c:\program files\Sticky-Notes\stickynotes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 14:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-12-07 02:12 1029416 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-09-21 02:18 273528 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2008-08-04 21:46 1242424 ----a-w- c:\program files\Toshiba\TOSHIBA Service Station\TSS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2008-02-06 21:52 431456 ----a-w- c:\program files\Toshiba\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2010-04-01 03:34 243000 ----a-w- c:\program files\Yahoo!\Search Protection\YspService.exe
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ   PLA DPS BFE mpssvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 23:54 1211720 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-12 00:24]
.
2014-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 19:03]
.
2014-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 19:03]
.
2014-02-28 c:\windows\Tasks\User_Feed_Synchronization-{17709961-225C-42A2-A1DD-77AF241CC964}.job
- c:\windows\system32\msfeedssync.exe [2011-12-07 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - 
DPF: {55F0958D-C5ED-49E6-8769-E238D4429F57} - hxxp://patch.clubnara.com/cinstall/ClubnaraCtrl.cab
FF - ProfilePath - c:\users\Aaron Yom\AppData\Roaming\Mozilla\Firefox\Profiles\6rjp8t3h.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - 
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2010-07-24 03:04; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG SafeGuard toolbar\17.3.1.204\AVG SafeGuard toolbar_toolbar.dll
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG SafeGuard toolbar\17.3.1.204\AVG SafeGuard toolbar_toolbar.dll
SafeBoot-36806097.sys
SafeBoot-88185303.sys
MSConfigStartUp-cfFncEnabler - cfFncEnabler.exe
MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
MSConfigStartUp-NDSTray - NDSTray.exe
MSConfigStartUp-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
MSConfigStartUp-vProt - c:\program files\AVG SafeGuard toolbar\vprot.exe
AddRemove-B32F61FE6602E3817FE3DB7ED5C0DEECD506F2B8 - c:\progra~1\DIFX\270581355A767BF1\DPInst_x86.exe
AddRemove-C9DD80933B241BFD10F90CDE6194E95F5BABB24B - c:\progra~1\DIFX\270581355A767BF1\DPInst_x86.exe
.
.
.
**************************************************************************
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????g?R,$??h????????????????? 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\conime.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\system32\vssvc.exe
.
**************************************************************************
.
Completion time: 2014-02-28  16:45:04 - machine was rebooted
ComboFix-quarantined-files.txt  2014-02-28 21:45
.
Pre-Run: 156,476,350,464 bytes free
Post-Run: 158,069,710,848 bytes free
.
- - End Of File - - DE38F55A3C8A5E7DE0E8C2E1B146DEA2
5B5E648D12FCADC244C1EC30318E1EB9


#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:15 PM

Posted 02 March 2014 - 09:00 AM

No Antivirus Porgram installed!/color]

I don't see an Anti Virus Program running on your machine.

Download and install an antivirus program, and make sure that you keep it updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.

Two good antivirus programs free for non-commercial home use are
Avast!
or
Microsoft Security Essentials

[color=red]Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users