Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DLL host exe process Making My Laptop Running extremely Slow


  • This topic is locked This topic is locked
17 replies to this topic

#1 bonaparte

bonaparte

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 20 August 2014 - 06:29 AM

I use windows 7 , right now my Laptop running extremely slow . From booting until running programs is verry slow. I found dllhost.exe in the task manager running, i think this program that make my computer running slow, anyone here can help me to solve my laptop problems thanks before guys



BC AdBot (Login to Remove)

 


m

#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 PM

Posted 20 August 2014 - 07:25 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 bonaparte

bonaparte
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 20 August 2014 - 08:17 AM

Hi thanks for the reply ok i will try the step you tell me, i have a question too about avast do i need to scan all my drive  or just some drive , because i have a large drive and it can take some time to do so, if there is another alternative beside avast please tell me if not i will try it also do i need to shutdown my internet connection while i do the scan? Thanks once again sir


Edited by bonaparte, 20 August 2014 - 08:18 AM.


#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 PM

Posted 20 August 2014 - 08:35 AM

aswMBR isn´t a normal antivirus programm but a rootkit scanner. It needs to download some antivirus definitons to check selected files for malicious modification.

It will not scan all files on your hard disk but several system files.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 bonaparte

bonaparte
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 20 August 2014 - 08:51 AM

Hi ok thanks i have scan using FRST here is the logfile result

 

This is the FRST,txt Result

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by BAGUS (administrator) on BAGUS-PC on 20-08-2014 20:20:31
Running from C:\Users\BAGUS\Desktop\farbar
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(HP) C:\Windows\System32\HPSIsvc.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
() C:\AppServ\MySQL\bin\mysqld-nt.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Wireless LAN Indicator\tosKillIndicator.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2RPK.EXE
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAB8SWK.EXE
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(AgataSoft) C:\Program Files (x86)\AgataSoft\Auto PingMaster\Ping_Master.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-26] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-16] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-15] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [CNAP2 Launcher] => C:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [406944 2007-09-05] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-02] (CANON INC.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218792 2010-08-18] (Toshiba)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-24] (Toshiba)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoFileUrl] 1
HKU\S-1-5-21-1746748307-931840243-3181375183-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [107000 2011-12-21] (Siber Systems)
HKU\S-1-5-21-1746748307-931840243-3181375183-1000\...\Run: [AgataSoft_Ping_Master] => C:\Program Files (x86)\AgataSoft\Auto PingMaster\Ping_Master.exe [721920 2011-09-03] (AgataSoft)
HKU\S-1-5-21-1746748307-931840243-3181375183-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3491264 2012-06-10] (Tonec Inc.)
HKU\S-1-5-21-1746748307-931840243-3181375183-1000\...\Run: [SecretFolder] => C:\Program Files (x86)\SecretFolder\SecretFolder.exe [4144640 2013-10-22] (oh!soft)
HKU\S-1-5-21-1746748307-931840243-3181375183-1000\...\Policies\Explorer: [NoFileMenu] 0
HKU\S-1-5-21-1746748307-931840243-3181375183-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1746748307-931840243-3181375183-1000\...\Policies\Explorer: [NoFileUrl] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Service Manager.lnk
ShortcutTarget: Service Manager.lnk -> C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
Startup: C:\Users\BAGUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: IDM Shell Extension -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.allgameshome.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=2937
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://home.allgameshome.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=2937
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://home.allgameshome.com/results.php?category=web&s={searchTerms}
SearchScopes: HKLM-x32 - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://home.allgameshome.com/results.php?category=web&s={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q={searchTerms}
SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://home.allgameshome.com/results.php?category=web&s={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} ->  No File
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: No Name -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM-x32 - &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Toolbar: HKCU - No Name - {405DFEAE-1D2F-4649-BE08-C92313C3E1CE} -  No File
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 8.26.56.26 8.20.247.20
Tcpip\..\Interfaces\{C7C150BE-CB0B-47A7-B9FB-46E714DD31F2}: [NameServer]8.26.56.26,8.20.247.20
Tcpip\..\Interfaces\{EB94779D-2A3C-46CF-A5F0-2EF01F32B89D}: [NameServer]8.26.56.26,8.20.247.20
 
FireFox:
========
FF ProfilePath: C:\Users\BAGUS\AppData\Roaming\Mozilla\Firefox\Profiles\4fxujzk0.default
FF NewTab: hxxp://newtab.certified-toolbar.com/nff?si=41460&tid=2937&new=true
FF SearchEngineOrder.1: Web Search
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF Homepage: hxxp://home.allgameshome.com/
FF Keyword.URL: hxxp://home.allgameshome.com/results.php?category=web&s=
FF NetworkProxy: "gopher", ""
FF NetworkProxy: "gopher_port", 0
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.11.2852 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1662 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF user.js: detected! => C:\Users\BAGUS\AppData\Roaming\Mozilla\Firefox\Profiles\4fxujzk0.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Users\BAGUS\AppData\Roaming\Mozilla\Firefox\Profiles\4fxujzk0.default\searchplugins\allgameshome-search.xml
FF SearchPlugin: C:\Users\BAGUS\AppData\Roaming\Mozilla\Firefox\Profiles\4fxujzk0.default\searchplugins\Web Search.xml
FF Extension: Yahoo! Toolbar - C:\Users\BAGUS\AppData\Roaming\Mozilla\Firefox\Profiles\4fxujzk0.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-06-09]
FF Extension: AllGamesHome Toolbar - C:\Users\BAGUS\AppData\Roaming\Mozilla\Firefox\Profiles\4fxujzk0.default\Extensions\{C178BB02-BFCF-4E69-AB7C-DED3BD0291BD} [2012-08-27]
FF Extension: DivX Web Player - C:\Users\BAGUS\AppData\Roaming\Mozilla\Firefox\Profiles\4fxujzk0.default\Extensions\DivXWebPlayer@divx.com.xpi [2012-02-02]
FF Extension: Imgur Uploader - C:\Users\BAGUS\AppData\Roaming\Mozilla\Firefox\Profiles\4fxujzk0.default\Extensions\giorgio@gilestro.tk.xpi [2011-12-21]
FF Extension: Google/Yandex search link fix - C:\Users\BAGUS\AppData\Roaming\Mozilla\Firefox\Profiles\4fxujzk0.default\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2012-01-21]
FF Extension: WhatFontis.com right-click shortcut - C:\Users\BAGUS\AppData\Roaming\Mozilla\Firefox\Profiles\4fxujzk0.default\Extensions\webmaster@WhatFONTis.com.xpi [2012-01-25]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\BAGUS\AppData\Roaming\Mozilla\Firefox\Profiles\4fxujzk0.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2014-06-14]
FF Extension: Screengrab  (fix version) - C:\Users\BAGUS\AppData\Roaming\Mozilla\Firefox\Profiles\4fxujzk0.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2014-03-21]
FF Extension: Rumola - C:\Users\BAGUS\AppData\Roaming\Mozilla\Firefox\Profiles\4fxujzk0.default\Extensions\{1BFCBDFC-41DB-11E1-9FC4-D3C94824019B}.xpi [2014-01-08]
FF Extension: RightToClick - C:\Users\BAGUS\AppData\Roaming\Mozilla\Firefox\Profiles\4fxujzk0.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2011-12-21]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-31]
FF Extension: savenosharE.  - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\hgmvtd@stbmtaikgbcco.com [2014-03-31]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: Roboform Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2011-12-21]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013-02-18]
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\BAGUS\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\BAGUS\AppData\Roaming\IDM\idmmzcc5 [2012-06-26]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\BAGUS\AppData\Roaming\IDM\idmmzcc5
 
Chrome: 
=======
CHR Extension: (Google Wallet) - C:\Users\BAGUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-18]
CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\BAGUS\AppData\Local\Torch\Plugins\TorchPlugin.crx [2014-08-18]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [69632 2013-02-07] (Adobe Systems) [File not signed]
S2 Apache2.2; C:\AppServ\Apache2.2\bin\httpd.exe [24635 2008-01-18] (Apache Software Foundation) [File not signed]
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [107912 2008-10-09] ()
R2 MSSQLSERVER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [7442493 2000-08-06] (Microsoft Corporation) [File not signed]
S3 MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [65602 2000-08-06] (Microsoft Corporation) [File not signed]
R2 mysql; C:\AppServ\MySQL\my.ini [9584 2014-03-11] () [File not signed]
S4 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [135608 2012-05-06] (Symantec Corporation)
S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [126392 2011-02-04] (Symantec Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-26] (CACE Technologies, Inc.)
S3 SQLSERVERAGENT; C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlagent.exe [303170 2000-08-06] (Microsoft Corporation) [File not signed]
S4 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-24] (StarWind Software) [File not signed]
R2 Thpsrv; C:\windows\system32\ThpSrv.exe [526848 2010-12-25] (TOSHIBA Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 CT_QUALCOMM_U_drv; C:\Windows\System32\DRIVERS\CT_QUALCOMM_U_drv.sys [118016 2009-04-27] (QUALCOMM Incorporated) [File not signed]
S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20552 2010-12-20] (Devguru Co., Ltd)
R3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.)
R2 hfFilter; C:\Windows\System32\drivers\hfFilter.sys [30600 2013-10-22] () [File not signed]
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-10-08] (Marvell Semiconductor, Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-26] (CACE Technologies, Inc.)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [120960 2011-07-26] (QUALCOMM Incorporated) [File not signed]
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [250984 2010-12-02] (Realtek Semiconductor Corp.) [File not signed]
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2012-01-30] () [File not signed]
S3 ssadbus; C:\Windows\System32\DRIVERS\ssadbus.sys [157672 2011-05-13] (MCCI Corporation) [File not signed]
S3 TosRfSnd; C:\Windows\System32\drivers\tosrfsnd.sys [63488 2010-04-27] (TOSHIBA Corporation) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-20 20:10 - 2014-08-20 20:20 - 00000000 ____D () C:\Users\BAGUS\Desktop\farbar
2014-08-19 23:02 - 2014-08-20 20:23 - 00000000 ____D () C:\FRST
2014-08-19 09:52 - 2014-08-19 09:52 - 00123208 _____ () C:\Users\BAGUS\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-17 22:03 - 2014-08-20 16:33 - 00000672 _____ () C:\windows\setupact.log
2014-08-17 22:03 - 2014-08-17 22:03 - 00000000 _____ () C:\windows\setuperr.log
2014-08-17 22:00 - 2014-08-17 22:10 - 00453144 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-17 21:35 - 2014-08-17 21:35 - 00022311 _____ () C:\ComboFix.txt
2014-08-17 12:49 - 2014-08-17 18:20 - 00003114 _____ () C:\Users\BAGUS\Desktop\Rkill.txt
2014-08-17 12:13 - 2014-08-17 12:13 - 00001082 _____ () C:\Users\BAGUS\Pictures - Shortcut.lnk
2014-08-14 20:02 - 2014-08-14 20:02 - 00000000 ____D () C:\Users\BAGUS\AppData\Roaming\Process Hacker 2
2014-08-14 19:32 - 2014-08-14 19:32 - 00001847 _____ () C:\Users\BAGUS\Desktop\Process Hacker 2.lnk
2014-08-14 19:32 - 2014-08-14 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2014-08-14 19:32 - 2014-08-14 19:32 - 00000000 ____D () C:\Program Files\Process Hacker 2
2014-08-14 18:56 - 2014-08-14 18:56 - 00000017 _____ () C:\Users\BAGUS\AppData\Local\resmon.resmoncfg
2014-08-07 21:55 - 2014-08-09 18:33 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\48230029.sys
2014-08-07 20:41 - 2014-08-07 20:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-05 10:36 - 2014-08-05 10:36 - 00001038 _____ () C:\Users\Public\Desktop\SMADΔV.lnk
2014-08-05 10:36 - 2014-08-05 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMADAV Antivirus
2014-08-04 10:45 - 2014-08-17 13:39 - 00000000 ____D () C:\ComboFix
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-20 20:23 - 2014-08-19 23:02 - 00000000 ____D () C:\FRST
2014-08-20 20:20 - 2014-08-20 20:10 - 00000000 ____D () C:\Users\BAGUS\Desktop\farbar
2014-08-20 20:20 - 2013-06-18 17:51 - 01491040 _____ () C:\windows\WindowsUpdate.log
2014-08-20 20:13 - 2012-06-22 10:24 - 00000000 ____D () C:\Users\BAGUS\AppData\Roaming\IDM
2014-08-20 19:47 - 2014-05-19 11:35 - 00001010 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-20 19:45 - 2013-07-29 10:22 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-20 18:38 - 2009-07-14 11:45 - 00024400 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-20 18:38 - 2009-07-14 11:45 - 00024400 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-20 17:15 - 2011-03-24 09:29 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-20 17:00 - 2009-07-14 12:13 - 00006730 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-20 16:47 - 2014-05-19 11:35 - 00001006 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-20 16:34 - 2009-07-14 12:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-20 16:33 - 2014-08-17 22:03 - 00000672 _____ () C:\windows\setupact.log
2014-08-20 13:14 - 2012-05-03 13:14 - 00000000 ____D () C:\Users\BAGUS\AppData\Roaming\DMCache
2014-08-19 22:27 - 2012-01-31 21:50 - 00000000 ____D () C:\Users\BAGUS\AppData\Roaming\Media Player Classic
2014-08-19 09:52 - 2014-08-19 09:52 - 00123208 _____ () C:\Users\BAGUS\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-18 17:25 - 2009-07-14 09:34 - 00000215 _____ () C:\windows\system.ini
2014-08-18 11:25 - 2011-12-21 17:44 - 00000000 ____D () C:\Users\BAGUS\AppData\Local\CrashDumps
2014-08-17 22:10 - 2014-08-17 22:00 - 00453144 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-17 22:03 - 2014-08-17 22:03 - 00000000 _____ () C:\windows\setuperr.log
2014-08-17 21:35 - 2014-08-17 21:35 - 00022311 _____ () C:\ComboFix.txt
2014-08-17 21:35 - 2013-02-07 18:45 - 00000000 ____D () C:\Qoobox
2014-08-17 20:49 - 2013-02-07 18:45 - 00000000 ____D () C:\windows\erdnt
2014-08-17 18:20 - 2014-08-17 12:49 - 00003114 _____ () C:\Users\BAGUS\Desktop\Rkill.txt
2014-08-17 15:13 - 2012-01-29 17:42 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-17 13:39 - 2014-08-04 10:45 - 00000000 ____D () C:\ComboFix
2014-08-17 12:13 - 2014-08-17 12:13 - 00001082 _____ () C:\Users\BAGUS\Pictures - Shortcut.lnk
2014-08-17 12:13 - 2011-12-15 11:48 - 00000000 ____D () C:\Users\BAGUS
2014-08-16 00:43 - 2014-05-09 16:11 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-08-15 19:43 - 2014-04-18 20:29 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-08-15 19:43 - 2012-05-13 20:47 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-08-15 19:41 - 2014-04-18 20:24 - 00000000 ____D () C:\Users\BAGUS\AppData\Roaming\Yahoo!
2014-08-15 19:39 - 2013-03-08 16:30 - 00000000 ____D () C:\Program Files (x86)\Xvid
2014-08-15 19:26 - 2012-02-28 18:46 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-08-15 00:06 - 2012-07-30 09:43 - 00000000 ____D () C:\Program Files (x86)\Fishing Craze
2014-08-15 00:05 - 2012-07-30 09:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fishing Craze
2014-08-14 20:02 - 2014-08-14 20:02 - 00000000 ____D () C:\Users\BAGUS\AppData\Roaming\Process Hacker 2
2014-08-14 19:32 - 2014-08-14 19:32 - 00001847 _____ () C:\Users\BAGUS\Desktop\Process Hacker 2.lnk
2014-08-14 19:32 - 2014-08-14 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2014-08-14 19:32 - 2014-08-14 19:32 - 00000000 ____D () C:\Program Files\Process Hacker 2
2014-08-14 19:27 - 2011-07-14 05:47 - 00000000 ____D () C:\Program Files (x86)\TOH Class Filter
2014-08-14 18:56 - 2014-08-14 18:56 - 00000017 _____ () C:\Users\BAGUS\AppData\Local\resmon.resmoncfg
2014-08-14 10:57 - 2014-05-19 11:38 - 00002058 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-10 04:48 - 2013-06-18 22:51 - 00000000 ____D () C:\ProgramData\saafe  saiVe
2014-08-09 18:33 - 2014-08-07 21:55 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\48230029.sys
2014-08-07 20:41 - 2014-08-07 20:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-06 01:02 - 2012-04-11 10:40 - 00000000 ____D () C:\Users\BAGUS\AppData\Local\Facebook
2014-08-05 23:46 - 2012-02-07 23:53 - 00000000 ____D () C:\Program Files (x86)\Yawcam
2014-08-05 23:34 - 2011-07-14 06:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-05 23:34 - 2011-07-14 06:22 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA Corporation
2014-08-05 23:34 - 2011-03-24 09:28 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA
2014-08-05 23:34 - 2011-03-24 09:27 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-05 23:34 - 2011-03-24 09:27 - 00000000 ____D () C:\Program Files\Toshiba
2014-08-05 23:32 - 2012-02-07 22:25 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-05 23:32 - 2012-02-07 22:25 - 00000000 ____D () C:\ProgramData\Skype
2014-08-05 23:25 - 2012-03-05 10:05 - 00000000 ____D () C:\Users\BAGUS\AppData\Roaming\Orbit
2014-08-05 23:25 - 2012-03-05 10:05 - 00000000 ____D () C:\Program Files (x86)\Orbitdownloader
2014-08-05 23:10 - 2013-02-12 15:06 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-08-05 23:10 - 2009-07-14 10:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-08-05 23:03 - 2014-05-18 15:05 - 00000000 ____D () C:\Program Files (x86)\Naver
2014-08-05 22:57 - 2011-07-14 06:24 - 00000000 ____D () C:\Program Files (x86)\Corel
2014-08-05 10:48 - 2011-12-20 09:40 - 00000000 ____D () C:\Program Files (x86)\Smadav
2014-08-05 10:36 - 2014-08-05 10:36 - 00001038 _____ () C:\Users\Public\Desktop\SMADΔV.lnk
2014-08-05 10:36 - 2014-08-05 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMADAV Antivirus
2014-08-01 10:10 - 2012-03-08 10:22 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-07-31 18:34 - 2013-02-20 16:43 - 00000000 ____D () C:\Program Files (x86)\Camfrog
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-28 21:46
 
==================== End Of Log ============================
 
 
This is the Addition.txt Log Resut
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by BAGUS at 2014-08-20 20:37:14
Running from C:\Users\BAGUS\Desktop\farbar
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat 7.0 Professional (HKLM-x32\...\Adobe Acrobat 7.0 Professional) (Version: 7.0.0 - Adobe Systems)
Adobe Acrobat 7.0 Professional (x32 Version: 7.0.0 - Adobe Systems) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
AgataSoft Auto PingMaster (HKLM-x32\...\AgataSoft Auto PingMaster_is1) (Version:  - AgataSoft)
Angry Birds Rio (HKLM-x32\...\{D7B3493D-766C-40AA-9AA9-053B896D76DE}) (Version: 1.1.0 - Rovio)
AppServ 2.5.10 (remove only) (HKLM-x32\...\AppServ) (Version:  - )
Artisteer 4 (HKLM-x32\...\Artisteer 4) (Version: 4.0 - Extensoft)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon iP2700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series) (Version:  - )
Canon LBP3010/LBP3018/LBP3050 (HKLM\...\Canon LBP3010/LBP3018/LBP3050) (Version:  - )
Canon MP Navigator EX 2.1 (HKLM-x32\...\MP Navigator EX 2.1) (Version:  - )
Canon MX320 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX320_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Common (x32 Version: 14.1.0.150 - Corel Corporation) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.1.0 - Conexant)
Contents (x32 Version: 14.1.0.150 - Corel Corporation) Hidden
Corel VideoStudio Pro X4 (HKLM-x32\...\_{AA902C31-B49D-4608-BCCF-2519EB77722D}) (Version: 14.1.0.150 - Corel Corporation)
CorelDRAW Graphics Suite X4 - Capture (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Content (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Draw (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Filters (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - FontNav (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics SUite X4 - ICA (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - IPM (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang EN (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - PP (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - VBA (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW® Graphics Suite X4 - Windows Shell Extension (HKLM-x32\...\_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}) (Version:  - Corel Corporation)
CorelDRAW® Graphics Suite X4 - Windows Shell Extension (x32 Version: 1.1 - Corel Corporation) Hidden
CorelDRAW® Graphics Suite X4 (HKLM-x32\...\_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}) (Version:  - Corel Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeviceIO (x32 Version: 14.1.0.150 - Corel Corporation) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)
Epson Easy Photo Print 2 (HKLM-x32\...\{4FB984CB-4CE4-4104-A554-D04CEFE3D690}) (Version: 2.2.3.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON TX121 Series Manual (HKLM-x32\...\EPSON TX121 Series Manual) (Version:  - )
EPSON TX121 Series Printer Uninstall (HKLM\...\EPSON TX121 Series) (Version:  - SEIKO EPSON Corporation)
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.1.50.5145 - Gretech Corporation)
GOM Video Converter (HKLM-x32\...\GOM Video Converter) (Version: 1.1.0.58 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
ICA (x32 Version: 14.1.0.150 - Corel Corporation) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - )
IPM_VS_Pro (x32 Version: 13.0 - Corel Corporation) Hidden
ISCOM (x32 Version: 14.1.0.150 - Corel Corporation) Hidden
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.9.5 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.5 - )
Macromedia Dreamweaver 8 (HKLM-x32\...\{0837A661-FEC3-48B3-876C-91E7D32048A9}) (Version: 8.0.0.2734 - Macromedia)
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
MagicCamera 7.2.1 (HKLM-x32\...\{70376A8D-C6E7-4A61-9E30-42AD268CD45D}_is1) (Version: 7.2.1 - ShiningMorning Inc.)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Beta (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50131 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Beta (Version: 4.5.50131 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Visio MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2000 (HKLM-x32\...\Microsoft SQL Server 2000) (Version: 8.00.194 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft XML Parser (x32 Version: 8.70.1104.04 - Microsoft Corporation) Hidden
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 11.302.09.01.539 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MySQL Server 5.1 (HKLM-x32\...\{31A49E0E-1989-4E2F-9085-D90A732193F4}) (Version: 5.1.51 - Oracle Corporation)
MySQL Server 5.5 (HKLM-x32\...\{DF3A1F25-DD98-4DCA-986D-BB7DC372A856}) (Version: 5.5.19 - Oracle Corporation)
MySQL Tools for 5.0 (HKLM-x32\...\{FCB10DE3-E190-4A7E-B06A-FAC61567ABFC}) (Version: 5.0.17 - MySQL AB, Sun Microsystems, Inc.)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9 - )
oCam version 13.0.0.0 (HKLM-x32\...\oCam_is1) (Version: 13.0.0.0 - http://ohsoft.net/)
PDF Password Remover v3.0 (HKLM-x32\...\PDF Password Remover v3.0_is1) (Version:  - VeryPDF.com Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 2.36 - NCH Software)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Process Hacker 2.33 (r5590) (HKLM\...\Process_Hacker2_is1) (Version: 2.33.0.5590 - wj32)
PureHD (x32 Version: 14.1.0.150 - Corel Corporation) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Real Alternative 1.8.0 (HKLM-x32\...\RealAlt_is1) (Version: 1.8.0 - )
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.12 - Realtek Semiconductor Corp.)
RoboForm 7-6-6 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-6-6 - Siber Systems)
SecretFolder version 2.5.0.0 (HKLM-x32\...\SecretFolder_is1) (Version: 2.5.0.0 - http://ohsoft.net/)
Setup (x32 Version: 14.1.0.150 - Corel Corporation) Hidden
Share (x32 Version: 14.1.0.150 - Corel Corporation) Hidden
Share64 (Version: 14.1.0.150 - Corel Corporation) Hidden
Sistem Inventarisasi Manajemen Barang Daerah (HKLM-x32\...\{21D6A5AF-A305-4B9C-A643-92A1EFEDAF61}) (Version: 4 - CV.Rajawali Cipta Mandiri)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Slice Audio File Splitter (HKLM-x32\...\Slice) (Version:  - NCH Software)
SMADAV versi 9.7.1 (HKLM-x32\...\{8B9FA5FF-3E61-4658-B0DA-E6DDB46D6BAD}_is1) (Version: 9.7.1 - SmadSoft)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.6 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.6 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.2.6 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (x32 Version: 3.0.2.6 - SmartSound Software Inc) Hidden
Swiff Chart 3.1 Pro Evaluation (HKLM-x32\...\Swiff Chart 3 Pro for Windows 2000/XP - Evaluation_is1) (Version: 3.1 - GlobFX Technologies)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
Tom Clancy's Splinter Cell (x32 Version: 2.2.0.97 - WildTangent) Hidden
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{92C7DC44-DAD3-49FE-B89B-F92C6BA9A331}) (Version: 2.2.6775 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.08.64 - TOSHIBA Corporation) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.8.64 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.08.06.00 - )
TOSHIBA Hardware Setup (Version: 4.08.06.00 - TOSHIBA) Hidden
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.1.12 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.7 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.7 - TOSHIBA Corporation) Hidden
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.10.26 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.6.1 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.25 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.4.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.17.64 - TOSHIBA Corporation) Hidden
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.08.06.00 - )
TOSHIBA Supervisor Password (Version: 4.08.06.00 - TOSHIBA) Hidden
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.5.4.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.5.4.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.0.19 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Ulead DVD DiskRecorder 2.1.1 (HKLM-x32\...\{31E1050B-F69F-4A16-8F5A-E44D31901250}) (Version:  - Ulead Systems, Inc.)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
VIO (x32 Version: 14.1.0.150 - Corel Corporation) Hidden
Visual Basic for Applications ® Core - English (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications ® Core (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden
VSClassic (x32 Version: 14.1.0.150 - Corel Corporation) Hidden
VSPro (x32 Version: 14.1.0.150 - Corel Corporation) Hidden
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version:  - NCH Software)
Wedding Salon (HKLM-x32\...\Wedding Salon_is1) (Version: 1.0 - MyPlayCity, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 09:34 - 2014-08-17 21:00 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0CF9F3D3-1BC0-48D9-98D9-8549E4348031} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1746748307-931840243-3181375183-1000UA => C:\Users\BAGUS\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {14EAE947-C7AE-42C8-9E25-28AD139D9B22} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {1E9A6DD1-D95F-436E-8B98-D8AC0AE4E99B} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2011-12-21] (Siber Systems)
Task: {5183E3B3-199E-4D8E-B2C9-5F57FC95A773} - System32\Tasks\{6B2AAE3C-A890-494F-AE9F-378DCB96F784} => E:\SOFTWARE\610_b038_multilanguage.exe [2012-04-30] ()
Task: {6DB85855-DCE6-4102-B04E-53322C2F3BAF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {8CC8C7FC-3D4E-4D09-9E2E-0DCB528389DC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {915C5CE7-F1CB-45B7-94ED-9D3DA2411014} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1746748307-931840243-3181375183-1000Core => C:\Users\BAGUS\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {C722A280-390D-44B8-9E69-CE25F9D87D5C} - System32\Tasks\{BB6BB58E-8334-4678-9AA7-D53BC1AE594A} => E:\SOFTWARE\610_b038_multilanguage.exe [2012-04-30] ()
Task: {D399AC5B-A88D-430E-B66A-CE56F64D7E70} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-19] (Google Inc.)
Task: {ED5E52D5-34F1-48D1-BD1C-BCC91FFD6BF9} - System32\Tasks\{1E0DED69-5F84-4275-B9F9-50A5905320E5} => E:\SOFTWARE\master laserjet 1020\lj1020_1022-HB-pnp-win32-en.exe [2010-09-30] ()
Task: {ED69C4A4-E3B5-4897-B87F-B83E0C8FE082} - System32\Tasks\{EAAAE67F-050C-4912-9B35-EBEBD4643FE3} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.8.0.154.196&amp;LastError=404
Task: {F750DC49-67BF-45F9-A3CD-CB6EDBB27D22} - System32\Tasks\{FA701C37-501F-4F02-9324-242C9EED48F3} => E:\SOFTWARE\610_b038_multilanguage.exe [2012-04-30] ()
Task: {FDB41FFF-725A-4A52-8C93-C2D71CF1CB1E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-19] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-02-18 10:54 - 2011-04-02 16:05 - 00290304 _____ () C:\windows\System32\HP1100LM.DLL
2011-12-22 09:03 - 2010-05-13 23:48 - 00192512 _____ () C:\windows\System32\zlhp1020.dll
2011-12-22 09:03 - 2010-05-13 23:48 - 00065024 _____ () C:\windows\system32\spool\PRTPROCS\x64\pphp1020.dll
2013-02-18 10:56 - 2011-04-02 16:04 - 00074240 _____ () C:\windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2011-12-22 09:03 - 2010-05-13 23:48 - 03152384 _____ () C:\windows\system32\spool\DRIVERS\x64\3\suhp1020.dll
2011-12-22 09:03 - 2010-05-13 23:48 - 01236992 _____ () C:\windows\system32\spool\DRIVERS\x64\3\gchp1020.dll
2012-03-08 10:22 - 2008-10-09 21:07 - 00107912 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2008-04-17 19:13 - 2008-04-17 19:13 - 05750784 _____ () C:\AppServ\MySQL\bin\mysqld-nt.exe
2011-12-21 21:24 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2011-02-09 07:56 - 2011-02-09 07:56 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll
2011-04-05 09:18 - 2011-04-05 09:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-19 07:18 - 2010-11-19 07:18 - 11190784 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2010-03-04 04:15 - 2010-03-04 04:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-04 04:15 - 2010-03-04 04:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-12-16 05:19 - 2010-12-16 05:19 - 00124320 _____ () C:\Program Files\Toshiba\TECO\MUIHelp.dll
2014-07-09 17:48 - 2009-07-13 09:34 - 00114688 _____ () C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
2014-08-14 10:56 - 2014-08-07 10:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-14 10:56 - 2014-08-07 10:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-14 10:56 - 2014-08-07 10:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-14 10:57 - 2014-08-07 10:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-14 10:56 - 2014-08-07 10:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:41ADDB8A
AlternateDataStreams: C:\ProgramData\TEMP:A064CECC
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Adobe LM Service => 3
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: Norton PC Checkup Application Launcher => 2
MSCONFIG\Services: PSI_SVC_2 => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: StarWindServiceAE => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SecretFolder => "C:\Program Files (x86)\SecretFolder\SecretFolder.exe" /Startup
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: Xvid => C:\Program Files (x86)\Xvid\CheckUpdate.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/20/2014 05:00:50 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (08/20/2014 05:00:50 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (08/20/2014 04:59:31 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (08/20/2014 04:44:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (08/20/2014 04:44:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (08/20/2014 04:39:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/20/2014 11:44:46 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (08/20/2014 11:44:46 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (08/20/2014 09:41:17 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (08/20/2014 09:34:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (08/20/2014 04:50:27 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Management and Security Application User Notification Service service hung on starting.
 
Error: (08/20/2014 04:48:21 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (08/20/2014 04:45:45 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Search service hung on starting.
 
Error: (08/20/2014 04:37:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Common Client Job Manager Service service failed to start due to the following error: 
%%1053
 
Error: (08/20/2014 04:37:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Common Client Job Manager Service service to connect.
 
Error: (08/20/2014 04:36:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Machine Debug Manager service failed to start due to the following error: 
%%1053
 
Error: (08/20/2014 04:36:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Machine Debug Manager service to connect.
 
Error: (08/20/2014 04:35:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apache2.2 service failed to start due to the following error: 
%%1053
 
Error: (08/20/2014 04:35:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Apache2.2 service to connect.
 
Error: (08/20/2014 04:31:56 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume C: encountered a non-retryable error and could not start.  The data contains the error code.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-04 12:49:11.851
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-08-04 12:49:11.820
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-25 13:47:28.783
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix_8\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-25 13:47:28.768
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix_8\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-04 09:56:57.479
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix_4\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-04 09:56:57.464
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix_4\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-02-07 18:50:48.134
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-02-07 18:50:48.119
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 45%
Total physical RAM: 6091.86 MB
Available physical RAM: 3320.82 MB
Total Pagefile: 12181.92 MB
Available Pagefile: 9240.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (SYSTEM) (Fixed) (Total:117.19 GB) (Free:73.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:231.89 GB) (Free:202.7 GB) NTFS
Drive e: (DATA) (Fixed) (Total:231.9 GB) (Free:154.65 GB) NTFS
Drive g: (Mobile Connect) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive i: (BLACKBERRY2) (Removable) (Total:0.92 GB) (Free:0.66 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 4E59E2AF)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=117.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=17)
Partition 4: (Not Active) - (Size=463.8 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (Size: 942.5 MB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
Now i will scan using aswMBR i will post the result when it has finished thanks


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 PM

Posted 20 August 2014 - 09:14 AM

Please post up the content of C:\combofix.txt... :rolleyes:


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 bonaparte

bonaparte
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 20 August 2014 - 09:28 AM

Here is the combofix.txt

 

ComboFix 14-08-15.01 - BAGUS 17/08/2014  18:29:42.8.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.62.1033.18.6092.4492 [GMT 7:00]
Running from: e:\downloads\Downloads\Programs\ComboFix_12.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-17 to 2014-08-17  )))))))))))))))))))))))))))))))
.
.
2014-08-17 13:49 . 2014-08-17 13:49 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-08-17 13:49 . 2014-08-17 13:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-08-17 13:49 . 2014-08-17 13:49 -------- d-----w- c:\users\piress\AppData\Local\temp
2014-08-17 13:49 . 2014-08-17 13:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-14 13:02 . 2014-08-14 13:02 -------- d-----w- c:\users\BAGUS\AppData\Roaming\Process Hacker 2
2014-08-14 12:32 . 2014-08-14 12:32 -------- d-----w- c:\program files\Process Hacker 2
2014-08-07 14:55 . 2014-08-09 11:33 122584 ----a-w- c:\windows\system32\drivers\48230029.sys
2014-08-07 13:41 . 2014-08-07 13:41 -------- d-----w- c:\programdata\Malwarebytes
2014-08-04 03:45 . 2014-08-17 06:39 -------- d-----w- C:\ComboFix
2014-07-19 14:07 . 2014-07-19 14:07 -------- d-----w- c:\users\BAGUS\AppData\Local\CrashRpt
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 12:47 . 2013-02-11 08:31 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-09 12:47 . 2011-12-28 10:15 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-12-21 107000]
"AgataSoft_Ping_Master"="c:\program files (x86)\AgataSoft\Auto PingMaster\Ping_Master.exe" [2011-09-03 721920]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-06-09 3491264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"Acrobat Assistant 7.0"="c:\program files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-13 483328]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"HPUsageTrackingLEDM"="c:\program files (x86)\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 30264]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2013-01-17 267792]
.
c:\users\BAGUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2013-2-7 25214]
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-12-21 113664]
Service Manager.lnk - c:\program files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe  /n [2012-8-1 69632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFileUrl"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFileUrl"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 CT_QUALCOMM_U_drv;Qualcomm EVDO USB Device for Serial Communication;c:\windows\system32\DRIVERS\CT_QUALCOMM_U_drv.sys;c:\windows\SYSNATIVE\DRIVERS\CT_QUALCOMM_U_drv.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbfake.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 qcusbser;Thinkwill USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys;c:\windows\SYSNATIVE\DRIVERS\qcusbser.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S2 Apache2.2;Apache2.2;c:\appserv\Apache2.2\bin\httpd.exe;c:\appserv\Apache2.2\bin\httpd.exe [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 hfFilter;hfFilter;c:\windows\system32\drivers\hfFilter.sys;c:\windows\SYSNATIVE\drivers\hfFilter.sys [x]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 Blackberry Device Manager;Blackberry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-14 03:49 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-11 12:47]
.
2014-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-19 04:35]
.
2014-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-19 04:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE" [2007-09-05 406944]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2710856]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://home.allgameshome.com/
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://home.allgameshome.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearchAssistant = 
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
TCP: DhcpNameServer = 8.26.56.26 8.20.247.20
TCP: Interfaces\{C7C150BE-CB0B-47A7-B9FB-46E714DD31F2}: NameServer = 8.26.56.26,8.20.247.20
TCP: Interfaces\{C7C150BE-CB0B-47A7-B9FB-46E714DD31F2}\3507565646970294E6374716E60477966696E29646: NameServer = 156.153.70.22,156.154.71.22
TCP: Interfaces\{C7C150BE-CB0B-47A7-B9FB-46E714DD31F2}\44943505542594E4441474: NameServer = 156.153.70.22,156.154.71.22
TCP: Interfaces\{C7C150BE-CB0B-47A7-B9FB-46E714DD31F2}\E454E47444144514: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{EB94779D-2A3C-46CF-A5F0-2EF01F32B89D}: NameServer = 8.26.56.26,8.20.247.20
FF - ProfilePath - c:\users\BAGUS\AppData\Roaming\Mozilla\Firefox\Profiles\4fxujzk0.default\
FF - prefs.js: Keyword.Enabled - true
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.startup.homepage - hxxp://home.allgameshome.com/
FF - prefs.js: keyword.URL - hxxp://home.allgameshome.com/results.php?category=web&s=
FF - prefs.js: network.proxy.gopher - 
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mysql]
"ImagePath"="c:\appserv\MySQL\bin\mysqld-nt --defaults-file=c:\appserv\MySQL\my.ini mysql"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e9,07,f1,d1,04,05,c3,47,a8,67,c2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e9,07,f1,d1,04,05,c3,47,a8,67,c2,\
.
[HKEY_USERS\S-1-5-21-1746748307-931840243-3181375183-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):ef,cb,21,78,49,d0,a7,dd,02,25,ba,d4,e4,3d,27,59,25,6a,df,0f,35,
   a7,e9,90,d9,a2,2b,b8,5b,61,f7,bd,c5,76,30,5f,d9,c3,ec,04,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1746748307-931840243-3181375183-1000_Classes\Wow6432Node\CLSID\{6bca5ce4-a73d-413a-a1a4-a75d3b53f7e0}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000012e
"Therad"=dword:0000001d
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-1746748307-931840243-3181375183-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):fa,01,5e,3a,e1,93,4c,3b,52,ae,1d,3b,28,d3,66,90,bf,9b,06,0d,07,
   c2,aa,fc,27,a4,2a,20,b4,54,c1,81,7c,e2,6e,a7,af,41,5f,49,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1746748307-931840243-3181375183-1000_Classes\Wow6432Node\CLSID\{f6f07f74-72a0-4cf6-883f-0be063004668}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000098
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,e1,b5,d7,d3,33,34,f9,30,13,bd,0b,36,72,b6,13,92,9f,d8,da,16,fd,5c,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\appserv\MySQL\bin\mysqld-nt.exe
c:\windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.EXE
c:\windows\system32\spool\DRIVERS\x64\3\CNAB8SWK.EXE
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
c:\program files (x86)\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 2014-08-17  21:35:06 - machine was rebooted
ComboFix-quarantined-files.txt  2014-08-17 14:35
ComboFix2.txt  2014-08-04 06:10
ComboFix3.txt  2014-03-25 07:07
ComboFix4.txt  2013-06-04 10:35
ComboFix5.txt  2014-08-17 06:41
.
Pre-Run: 78.338.363.392 bytes free
Post-Run: 78.383.525.888 bytes free
.
- - End Of File - - 8549DCE37519F1C2B181B010C1BC3B6E


#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 PM

Posted 20 August 2014 - 09:39 AM

Please delete your existing copy of Combofix and follow these isntructions exactly:

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 bonaparte

bonaparte
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 20 August 2014 - 10:00 AM

Here is the aswMBR

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-08-20 20:51:31
-----------------------------
20:51:31.396    OS Version: Windows x64 6.1.7601 Service Pack 1
20:51:31.396    Number of processors: 4 586 0x2A07
20:51:31.397    ComputerName: BAGUS-PC  UserName: BAGUS
20:52:08.110    Initialze error C000010E - driver not loaded
22:00:31.899    Service scanning
22:06:29.290    Service sptd C:\windows\System32\Drivers\sptd.sys **LOCKED** 32
22:07:57.474    Modules scanning
22:07:57.483    Disk 0 trace - called modules:
22:07:57.488    
22:07:57.494    Scan finished successfully
22:09:58.689    The log file has been saved successfully to "C:\Users\BAGUS\Desktop\aswMBR.txt"
 
 
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-08-20 22:11:44
-----------------------------
22:11:44.267    OS Version: Windows x64 6.1.7601 Service Pack 1
22:11:44.267    Number of processors: 4 586 0x2A07
22:11:44.268    ComputerName: BAGUS-PC  UserName: BAGUS
22:12:21.899    Initialize success
22:12:21.899    VM: initialized successfully
22:12:21.907    VM: Intel CPU supported 
22:12:43.590    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:12:43.596    Disk 0 Vendor: TOSHIBA_ GT00 Size: 610480MB BusType: 3
22:12:57.821    Disk 0 MBR read successfully
22:12:57.826    Disk 0 MBR scan
22:12:57.833    Disk 0 Windows VISTA default MBR code
22:13:00.839    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE              1500 MB offset 2048
22:13:00.986    Disk 0 default boot code
22:13:01.025    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       120006 MB offset 3074048
22:13:01.057    Disk 0 Partition 3 00     17 Hidd HPFS/NTFS NTFS        14058 MB offset 1221472256
22:13:01.060    Disk 0 Partition - 00     0F Extended LBA            474913 MB offset 248846850
22:13:01.098    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       237452 MB offset 248846913
22:13:01.101    Disk 0 Partition - 00     05     Extended            237460 MB offset 735150465
22:13:01.157    Disk 0 Partition 5 00     07    HPFS/NTFS NTFS       237460 MB offset 735150528
22:13:01.336    Disk 0 scanning C:\windows\system32\drivers
22:16:26.605    Service scanning
22:24:25.681    Disk 0 MBR has been saved successfully to "C:\Users\BAGUS\Desktop\MBR.dat"
22:24:25.686    The log file has been saved successfully to "C:\Users\BAGUS\Desktop\aswMBR2.txt"
22:25:16.051    Service sptd C:\windows\System32\Drivers\sptd.sys **LOCKED** 32
22:28:41.474    Modules scanning
22:28:41.480    Disk 0 trace - called modules:
22:28:41.505    ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys 
22:28:41.509    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80080c5060]
22:28:41.513    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa80080c4060]
22:28:41.518    Scan finished successfully
22:29:20.447    Disk 0 MBR has been saved successfully to "C:\Users\BAGUS\Desktop\MBR.dat"
22:29:20.450    The log file has been saved successfully to "C:\Users\BAGUS\Desktop\aswMBR.txt"

Edited by bonaparte, 20 August 2014 - 10:32 AM.


#10 bonaparte

bonaparte
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 20 August 2014 - 01:31 PM

Here is the combofix report

 

ComboFix 14-08-19.01 - BAGUS 20/08/2014  23:17:37.9.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.62.1033.18.6092.3821 [GMT 7:00]
Running from: e:\downloads\Downloads\ComboFix_1.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\windows\SysWow64\DEBUG.log
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-20 to 2014-08-20  )))))))))))))))))))))))))))))))
.
.
2014-08-20 18:07 . 2014-08-20 18:07 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-08-20 18:07 . 2014-08-20 18:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-20 18:06 . 2014-08-20 18:06 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-08-20 18:06 . 2014-08-20 18:06 -------- d-----w- c:\users\piress\AppData\Local\temp
2014-08-19 16:02 . 2014-08-20 13:40 -------- d-----w- C:\FRST
2014-08-14 13:02 . 2014-08-14 13:02 -------- d-----w- c:\users\BAGUS\AppData\Roaming\Process Hacker 2
2014-08-14 12:32 . 2014-08-14 12:32 -------- d-----w- c:\program files\Process Hacker 2
2014-08-07 14:55 . 2014-08-09 11:33 122584 ----a-w- c:\windows\system32\drivers\48230029.sys
2014-08-07 13:41 . 2014-08-07 13:41 -------- d-----w- c:\programdata\Malwarebytes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 12:47 . 2013-02-11 08:31 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-09 12:47 . 2011-12-28 10:15 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-12-21 107000]
"AgataSoft_Ping_Master"="c:\program files (x86)\AgataSoft\Auto PingMaster\Ping_Master.exe" [2011-09-03 721920]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-06-09 3491264]
"SecretFolder"="c:\program files (x86)\SecretFolder\SecretFolder.exe" [2013-10-22 4144640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"Acrobat Assistant 7.0"="c:\program files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-13 483328]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"HPUsageTrackingLEDM"="c:\program files (x86)\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 30264]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2013-01-17 267792]
.
c:\users\BAGUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2013-2-7 25214]
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-12-21 113664]
Service Manager.lnk - c:\program files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe  /n [2012-8-1 69632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFileUrl"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFileUrl"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
R2 Apache2.2;Apache2.2;c:\appserv\Apache2.2\bin\httpd.exe;c:\appserv\Apache2.2\bin\httpd.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [x]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 CT_QUALCOMM_U_drv;Qualcomm EVDO USB Device for Serial Communication;c:\windows\system32\DRIVERS\CT_QUALCOMM_U_drv.sys;c:\windows\SYSNATIVE\DRIVERS\CT_QUALCOMM_U_drv.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 qcusbser;Thinkwill USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys;c:\windows\SYSNATIVE\DRIVERS\qcusbser.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 hfFilter;hfFilter;c:\windows\system32\drivers\hfFilter.sys;c:\windows\SYSNATIVE\drivers\hfFilter.sys [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 Blackberry Device Manager;Blackberry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbfake.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - ASWVMM
*Deregistered* - aswMBR
*Deregistered* - aswVmm
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-14 03:49 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-11 12:47]
.
2014-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-19 04:35]
.
2014-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-19 04:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE" [2007-09-05 406944]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2710856]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://home.allgameshome.com/
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://home.allgameshome.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearchAssistant = 
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
TCP: Interfaces\{C7C150BE-CB0B-47A7-B9FB-46E714DD31F2}: NameServer = 8.26.56.26,8.20.247.20
TCP: Interfaces\{C7C150BE-CB0B-47A7-B9FB-46E714DD31F2}\3507565646970294E6374716E60477966696E29646: NameServer = 156.153.70.22,156.154.71.22
TCP: Interfaces\{C7C150BE-CB0B-47A7-B9FB-46E714DD31F2}\44943505542594E4441474: NameServer = 156.153.70.22,156.154.71.22
TCP: Interfaces\{C7C150BE-CB0B-47A7-B9FB-46E714DD31F2}\E454E47444144514: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{EB94779D-2A3C-46CF-A5F0-2EF01F32B89D}: NameServer = 8.26.56.26,8.20.247.20
FF - ProfilePath - c:\users\BAGUS\AppData\Roaming\Mozilla\Firefox\Profiles\4fxujzk0.default\
FF - prefs.js: Keyword.Enabled - true
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.startup.homepage - hxxp://home.allgameshome.com/
FF - prefs.js: keyword.URL - hxxp://home.allgameshome.com/results.php?category=web&s=
FF - prefs.js: network.proxy.gopher - 
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mysql]
"ImagePath"="c:\appserv\MySQL\bin\mysqld-nt --defaults-file=c:\appserv\MySQL\my.ini mysql"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e9,07,f1,d1,04,05,c3,47,a8,67,c2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e9,07,f1,d1,04,05,c3,47,a8,67,c2,\
.
[HKEY_USERS\S-1-5-21-1746748307-931840243-3181375183-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):ef,cb,21,78,49,d0,a7,dd,02,25,ba,d4,e4,3d,27,59,25,6a,df,0f,35,
   a7,e9,90,d9,a2,2b,b8,5b,61,f7,bd,c5,76,30,5f,d9,c3,ec,04,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1746748307-931840243-3181375183-1000_Classes\Wow6432Node\CLSID\{6bca5ce4-a73d-413a-a1a4-a75d3b53f7e0}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000012e
"Therad"=dword:0000001d
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-1746748307-931840243-3181375183-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):fa,01,5e,3a,e1,93,4c,3b,52,ae,1d,3b,28,d3,66,90,bf,9b,06,0d,07,
   c2,aa,fc,27,a4,2a,20,b4,54,c1,81,7c,e2,6e,a7,af,41,5f,49,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1746748307-931840243-3181375183-1000_Classes\Wow6432Node\CLSID\{f6f07f74-72a0-4cf6-883f-0be063004668}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000098
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,e1,b5,d7,d3,33,34,f9,30,13,bd,0b,36,72,b6,13,92,9f,d8,da,16,fd,5c,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-08-21  01:21:42
ComboFix-quarantined-files.txt  2014-08-20 18:21
ComboFix2.txt  2014-08-17 14:35
ComboFix3.txt  2014-08-04 06:10
ComboFix4.txt  2014-03-25 07:07
ComboFix5.txt  2014-08-20 16:15
.
Pre-Run: 78.950.993.920 bytes free
Post-Run: 78.947.975.168 bytes free
.
- - End Of File - - FC0373CA49060B093598603F81FEA567


#11 bonaparte

bonaparte
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 20 August 2014 - 11:16 PM

I have complete the guide you gave me sir , but still the computer running slow, nothing happen seems



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 PM

Posted 21 August 2014 - 02:38 AM

I know, but we´re not finished yet.

 

 

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is saved to.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 bonaparte

bonaparte
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 21 August 2014 - 08:38 AM

I have finished the combofix , next  i will use Malwarebyte thanks b4 sir

 

Combofix log :

 

ComboFix 14-08-19.01 - BAGUS 21/08/2014  17:46:36.10.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.62.1033.18.6092.4527 [GMT 7:00]
Running from: e:\downloads\Downloads\ComboFix_1.exe
Command switches used :: e:\downloads\Downloads\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-21 to 2014-08-21  )))))))))))))))))))))))))))))))
.
.
2014-08-21 12:39 . 2014-08-21 12:39 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-08-21 12:39 . 2014-08-21 12:39 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-08-21 12:39 . 2014-08-21 12:39 -------- d-----w- c:\users\piress\AppData\Local\temp
2014-08-21 12:39 . 2014-08-21 12:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-20 16:14 . 2014-08-20 18:23 -------- d-----w- C:\ComboFix_1
2014-08-19 16:02 . 2014-08-20 13:40 -------- d-----w- C:\FRST
2014-08-14 13:02 . 2014-08-14 13:02 -------- d-----w- c:\users\BAGUS\AppData\Roaming\Process Hacker 2
2014-08-14 12:32 . 2014-08-14 12:32 -------- d-----w- c:\program files\Process Hacker 2
2014-08-07 14:55 . 2014-08-09 11:33 122584 ----a-w- c:\windows\system32\drivers\48230029.sys
2014-08-07 13:41 . 2014-08-07 13:41 -------- d-----w- c:\programdata\Malwarebytes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 12:47 . 2013-02-11 08:31 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-09 12:47 . 2011-12-28 10:15 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-12-21 107000]
"AgataSoft_Ping_Master"="c:\program files (x86)\AgataSoft\Auto PingMaster\Ping_Master.exe" [2011-09-03 721920]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-06-09 3491264]
"SecretFolder"="c:\program files (x86)\SecretFolder\SecretFolder.exe" [2013-10-22 4144640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"Acrobat Assistant 7.0"="c:\program files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-13 483328]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"HPUsageTrackingLEDM"="c:\program files (x86)\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 30264]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2013-01-17 267792]
.
c:\users\BAGUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2013-2-7 25214]
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-12-21 113664]
Service Manager.lnk - c:\program files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe  /n [2012-8-1 69632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFileUrl"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFileUrl"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
R2 Apache2.2;Apache2.2;c:\appserv\Apache2.2\bin\httpd.exe;c:\appserv\Apache2.2\bin\httpd.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [x]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 CT_QUALCOMM_U_drv;Qualcomm EVDO USB Device for Serial Communication;c:\windows\system32\DRIVERS\CT_QUALCOMM_U_drv.sys;c:\windows\SYSNATIVE\DRIVERS\CT_QUALCOMM_U_drv.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 qcusbser;Thinkwill USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys;c:\windows\SYSNATIVE\DRIVERS\qcusbser.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 hfFilter;hfFilter;c:\windows\system32\drivers\hfFilter.sys;c:\windows\SYSNATIVE\drivers\hfFilter.sys [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 Blackberry Device Manager;Blackberry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbfake.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-14 03:49 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-11 12:47]
.
2014-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-19 04:35]
.
2014-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-19 04:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE" [2007-09-05 406944]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2710856]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://home.allgameshome.com/
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://home.allgameshome.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearchAssistant = 
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
TCP: DhcpNameServer = 8.26.56.26 8.20.247.20
TCP: Interfaces\{C7C150BE-CB0B-47A7-B9FB-46E714DD31F2}: NameServer = 8.26.56.26,8.20.247.20
TCP: Interfaces\{C7C150BE-CB0B-47A7-B9FB-46E714DD31F2}\3507565646970294E6374716E60477966696E29646: NameServer = 156.153.70.22,156.154.71.22
TCP: Interfaces\{C7C150BE-CB0B-47A7-B9FB-46E714DD31F2}\44943505542594E4441474: NameServer = 156.153.70.22,156.154.71.22
TCP: Interfaces\{C7C150BE-CB0B-47A7-B9FB-46E714DD31F2}\E454E47444144514: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{EB94779D-2A3C-46CF-A5F0-2EF01F32B89D}: NameServer = 8.26.56.26,8.20.247.20
FF - ProfilePath - c:\users\BAGUS\AppData\Roaming\Mozilla\Firefox\Profiles\4fxujzk0.default\
FF - prefs.js: Keyword.Enabled - true
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.startup.homepage - hxxp://home.allgameshome.com/
FF - prefs.js: keyword.URL - hxxp://home.allgameshome.com/results.php?category=web&s=
FF - prefs.js: network.proxy.gopher - 
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mysql]
"ImagePath"="c:\appserv\MySQL\bin\mysqld-nt --defaults-file=c:\appserv\MySQL\my.ini mysql"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-08-21  19:53:59
ComboFix-quarantined-files.txt  2014-08-21 12:53
ComboFix2.txt  2014-08-20 18:21
ComboFix3.txt  2014-08-17 14:35
ComboFix4.txt  2014-08-04 06:10
ComboFix5.txt  2014-08-21 10:41
.
Pre-Run: 79.043.248.128 bytes free
Post-Run: 78.895.648.768 bytes free
.
- - End Of File - - 73A3F59001E131B957805D4898DE421C


#14 bonaparte

bonaparte
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 22 August 2014 - 12:06 AM

Here is the scan result for Malwarebytes :

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 21/08/2014
Scan Time: 22:46:23
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.21.05
Rootkit Database: v2014.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: BAGUS
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 366442
Time Elapsed: 12 hr, 23 min, 12 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 4
PUP.Optional.BestToolbar.A, HKU\S-1-5-21-1746748307-931840243-3181375183-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [8faa67623b405fd708aaa7c921e18c74], 
PUP.Optional.BestToolbar.A, HKU\S-1-5-21-1746748307-931840243-3181375183-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [8faa67623b405fd708aaa7c921e18c74], 
PUP.Optional.BestToolbar.A, HKU\S-1-5-21-1746748307-931840243-3181375183-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [8faa67623b405fd708aaa7c921e18c74], 
PUP.Optional.BestToolbar.A, HKU\S-1-5-21-1746748307-931840243-3181375183-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [8faa67623b405fd708aaa7c921e18c74], 
 
Registry Values: 6
PUP.Optional.Softomate.A, HKU\S-1-5-21-1746748307-931840243-3181375183-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{CA3EB689-8F09-4026-AA10-B9534C691CE0}, Quarantined, [f44506c3bfbc9d995b41b4bbbc46758b], 
PUP.Optional.Softomate.A, HKU\S-1-5-21-1746748307-931840243-3181375183-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{CA3EB689-8F09-4026-AA10-B9534C691CE0}, Quarantined, [f44506c3bfbc9d995b41b4bbbc46758b], 
PUP.Optional.SearchCertified.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|Search Bar, http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=, Quarantined, [2c0d80493f3ced490a7f6c87af5332ce]
PUP.Optional.CertifiedToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURI|(Default), http://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q=%s, Quarantined, [1920725769122f070860f2005fa314ec]
PUP.Optional.CertifiedToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|(Default), http://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q=%s, Quarantined, [f54428a10378fc3a1653c230f80abc44]
PUP.Optional.SearchCertified.A, HKU\S-1-5-21-1746748307-931840243-3181375183-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Search Bar, http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=, Quarantined, [b18824a58af16bcb2d5a23d05aa8de22]
 
Registry Data: 8
PUP.Optional.CertifiedToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Default_Page_URL, http://search.certified-toolbar.com?si=41460&home=true&tid=2937, Good: (www.google.com), Bad: (http://search.certified-toolbar.com?si=41460&home=true&tid=2937),Replaced,[4fea4287eb90f145e850f9d708fcca36]
PUP.Optional.CertifiedToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|Start Page, http://search.certified-toolbar.com?si=41460&home=true&tid=2937, Good: (www.google.com), Bad: (http://search.certified-toolbar.com?si=41460&home=true&tid=2937),Replaced,[281188416417d660b884ab2535cf30d0]
PUP.Optional.CertifiedToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|Start Default_Page_URL, http://search.certified-toolbar.com?si=41460&home=true&tid=2937, Good: (www.google.com), Bad: (http://search.certified-toolbar.com?si=41460&home=true&tid=2937),Replaced,[0b2e08c143382412c47715bbe024d62a]
PUP.Optional.CertifiedToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|Search Page, http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=, Good: (www.google.com), Bad: (http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=),Replaced,[b88123a6651653e3c574dff11ee65da3]
PUP.Optional.CertifiedToolBar.A, HKU\S-1-5-21-1746748307-931840243-3181375183-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Default_Page_URL, http://search.certified-toolbar.com?si=41460&home=true&tid=2937, Good: (www.google.com), Bad: (http://search.certified-toolbar.com?si=41460&home=true&tid=2937),Replaced,[e950aa1fd3a8979fab89be1227ddab55]
PUP.Optional.CertifiedToolBar.A, HKU\S-1-5-21-1746748307-931840243-3181375183-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Start Page, http://search.certified-toolbar.com?si=41460&home=true&tid=2937, Good: (www.google.com), Bad: (http://search.certified-toolbar.com?si=41460&home=true&tid=2937),Replaced,[06330ebbe695b0862b0c58786c98f40c]
PUP.Optional.CertifiedToolBar.A, HKU\S-1-5-21-1746748307-931840243-3181375183-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Start Default_Page_URL, http://search.certified-toolbar.com?si=41460&home=true&tid=2937, Good: (www.google.com), Bad: (http://search.certified-toolbar.com?si=41460&home=true&tid=2937),Replaced,[a495389193e8ac8acd69e2ee9f65728e]
PUP.Optional.CertifiedToolBar.A, HKU\S-1-5-21-1746748307-931840243-3181375183-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Search Page, http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=, Good: (www.google.com), Bad: (http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=),Replaced,[2316bc0d6d0e8ea87eb7349c62a247b9]
 
Folders: 2
PUP.Optional.DownTango.A, C:\Program Files (x86)\Red Sky\DownTango, Quarantined, [5edb15b4eb9006300bb3a13d31d10ff1], 
PUP.Optional.DownTango.A, C:\Users\BAGUS\AppData\Local\DownTango, Quarantined, [d069f0d9a3d8cf673986726c3cc6dc24], 
 
Files: 9
PUP.Optional.WebSearch.A, C:\Users\BAGUS\AppData\Roaming\Mozilla\Firefox\Profiles\4fxujzk0.default\searchplugins\Web Search.xml, Quarantined, [55e4daef3843d561958ca06abc4724dc], 
PUP.Optional.WebSearch.A, C:\Users\piress\AppData\Roaming\Mozilla\Firefox\Profiles\37k5cv6o.default\searchplugins\Web Search.xml, Quarantined, [e257923783f856e02df4eb1f32d101ff], 
PUP.Optional.DownTango.A, C:\Program Files (x86)\Red Sky\DownTango\DownTangoFTToolbar.exe, Quarantined, [5edb15b4eb9006300bb3a13d31d10ff1], 
PUP.Optional.DownTango.A, C:\Program Files (x86)\Red Sky\DownTango\DownTangoSetupFiles-TlbrFree.7z, Quarantined, [5edb15b4eb9006300bb3a13d31d10ff1], 
PUP.Optional.DownTango.A, C:\Users\BAGUS\AppData\Local\DownTango\initial_links.txt, Quarantined, [d069f0d9a3d8cf673986726c3cc6dc24], 
PUP.Optional.Babylon.A, C:\Users\BAGUS\AppData\Roaming\Mozilla\Firefox\Profiles\4fxujzk0.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.prtkDS", 0);), Replaced,[21181dac91eaab8bc89367a5c63f9c64]
PUP.Optional.Babylon.A, C:\Users\BAGUS\AppData\Roaming\Mozilla\Firefox\Profiles\4fxujzk0.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.prtkHmpg", 0);), Replaced,[d3665178c7b4a096fc5f4ac211f40ef2]
PUP.Optional.CertifiedTB.A, C:\Users\piress\AppData\Roaming\Mozilla\Firefox\Profiles\37k5cv6o.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://search.certified-toolbar.com?si=41460&home=true&tid=2937");), Replaced,[dd5ce5e4106b1125313e54b8e0259769]
PUP.Optional.CertifiedTB.A, C:\Users\piress\AppData\Roaming\Mozilla\Firefox\Profiles\37k5cv6o.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=");), Replaced,[9e9b9633aecdce68cbdde626ac59f709]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 PM

Posted 22 August 2014 - 06:32 AM

Looks good!

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users