Solved Help remove Linkey and Obrana bundle package infection

O

ohnovirus

New Member
Thread author
Verified
Jan 8, 2015
15
1/8/15 after I tried downloading a program or browser in what seemed like a legit site. The download came bundled with a virus called Linkey/default-search.net and another called Obrana. Computer began to slow down and I'm getting tons of random popups constantly.

I first got rid of the Linkey from Control Panel/uninstall, then I had to go to each individual browser (firefox, IE, chrome) and try to find and disable the default-search.net and if I couldn't find it, I had to reset to default settings (chrome which i ended up uninstalling after reset, and IE and Firefox, I think I found it and disabled/removed and reset it to default settings afterwards. I'm not sure if it was successful as my laptop is also infected with the Obrana virus, which I tried to remove through some guides on this site BUT it says my hitmanpro and malwarebytes free trial has expired so I don't know what to do anymore.
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:
  • At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
  • Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
  • If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
  • I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  • Please attach all report using
    fjqb1h.png
    button below. Doing this, you make it easier for me to analyze and fix your problem.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay for the repair.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.




warning.gif
Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.




FRST.gif
Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
 
O

ohnovirus

New Member
Thread author
Verified
Jan 8, 2015
15
Hello,
I tried downloading farbar but it says that the app can't run on my PC
'to find a version for your pc check with the publisher'

I tried running both 64 and 32 bit just in case
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
51a612a8b27e2-Zoek.png
Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on
    51a612a8b27e2-Zoek.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    Code: 
    createsrpoint;
gpt.ini;z 
C:\Windows\System32\GroupPolicy;v
C:\Windows\SysWOW64\GroupPolicy;v
process;
services-list;
systemspecs;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;
filesrcm;
installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.
 
O

ohnovirus

New Member
Thread author
Verified
Jan 8, 2015
15
Zoek.exe v5.0.0.0 Updated 08-January-2015
Tool run by Tae Youn on Thu 01/08/2015 at 14:06:00.55.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Tae Youn\Downloads\zoek(1).exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-01-08-215111.log 21035 bytes

==== System Restore Info ======================

1/8/2015 2:06:34 PM Zoek.exe System Restore Point Created Succesfully.

==== Installed Programs ======================

64 Bit HP CIO Components Installer
Adblock Plus for IE (32-bit and 64-bit)
Adobe Digital Editions 4.0
Adobe Reader XI (11.0.10)
Adobe Refresh Manager
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Quick Stream
AMD VISION Engine Control Center
Anki
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Avast Free Antivirus
Battlelog Web Plugins
Bejeweled 3
BufferChm
C4700
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
D3DX10
Destinations
DeviceDiscovery
Dropbox
ESN Sonar
FATE
FileHippo App Manager
Gardenscapes: Mansion Makeover
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
HP Solution Center 14.0
HP Update
HPPhotoGadget
HPProductAssistant
HPSSupply
Malwarebytes Anti-Malware version 2.0.4.1028
MarketResearch
Microsoft Application Error Reporting
Microsoft Office
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Mnemosyne 2.3.1
More Games - WildTangent
Movie Maker
Mozilla Firefox 35.0 (x86 en-US)
MSVCRT
MSVCRT110
MSVCRT110_amd64
Network64
Norton Anti-Theft
Norton Online Backup
Norton Online Backup ARA
Norton PC Checkup
Norton Security Dashboard
Origin
Penguins
Photo Common
Photo Gallery
PhotoScape
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
Polar Bowler
PS_AIO_06_C4700_SW_Min
QuickTransfer
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
REALTEK Wireless LAN Driver
Realtek WLAN Driver
Scan
Shop for HP Supplies
SolutionCenter
Status
Synaptics Pointing Device Driver
Toolbox
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Audio Enhancement
Toshiba Book Place
TOSHIBA Desktop Assist
TOSHIBA eco Utility
TOSHIBA Function Key
TOSHIBA HDD Accelerator
TOSHIBA Password Utility
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA System Driver
TOSHIBA System Settings
TOSHIBA User's Guide
TOSHIBA VIDEO PLAYER
TOSHIBARegistration
TrayApp
Update for Microsoft en-us Dictionary
Update Installer for WildTangent Games App
Vacation QuestT - Australia
Virtual Villagers 5 - New Believers
WebReg
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Youda Jewel Shop

==== Running Processes ======================

C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\WINDOWS\SysWOW64\svchost.exe
C:\Program Files (x86)\MpkingAcpoiscines\MpkingAcpoiscines.exe
C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
C:\Program Files (x86)\MpkingAcpoiscines\MpkingAcpoiscinesHelper.exe
C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Tae Youn\Downloads\zoek(1).exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe

==== Folders Found ======================


==== Files Found ======================


==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 3551 MB
CPU Info: AMD A6-4400M APU with Radeon(tm) HD Graphics
CPU Speed: 2747.4 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: AMD Radeon HD 7520G | AMD Radeon HD 7520G | AMD Radeon HD 7520G | AMD Radeon HD 7520G
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC | Qualcomm Atheros AR8162/8166/8168 PCI-E Fast Ethernet Controller (NDIS 6.30)
CD / DVD Drives: 1x (D: | ) D: TSSTcorpCDDVDW SN-208AB
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 453.8GB
Hard Disks - Free: C: 413.3GB
Manufacturer *: Insyde Corp.
BIOS Info: AT/AT COMPATIBLE | | TOSINV - 1
Time Zone: Pacific Standard Time
Motherboard *: TOSHIBA Portable PC
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Default Browser: Firefox 35.0
Internet Explorer Version: 11.0.9600.17498
Mozilla Firefox version: 35.0 (x86 en-US)
Adobe Reader version: 11.0.10.32

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
====== C:\Users\TAEYOU~1\AppData\Local\Temp ====
2015-01-08 10:54:02 4447723C9263C249C25E9EB93A759E52 1153144 ----a-w- C:\Users\Tae Youn\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exe
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
====== C:\WINDOWS\Sysnative\drivers =====
2015-01-08 13:16:49 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\WINDOWS\Sysnative\drivers\MBAMSwissArmy.sys
2015-01-08 13:14:29 CA43F8904E24BBE49982E4C0B29E6579 25816 ----a-w- C:\WINDOWS\Sysnative\drivers\mbam.sys
2015-01-08 13:14:29 9D7BFFDB5FA62B600DF1FCB4919D9D79 64216 ----a-w- C:\WINDOWS\Sysnative\drivers\mwac.sys
2015-01-08 13:14:29 478CC94C937D235CB0A96AB8F2359D81 93400 ----a-w- C:\WINDOWS\Sysnative\drivers\mbamchameleon.sys
2014-12-10 00:50:23 B02118A776C368F7EE1A8CC81378D265 153920 -c--a-w- C:\WINDOWS\Sysnative\drivers\dumpsd.sys
2014-12-10 00:50:23 7B7C482CF48E6EE33664340D1A78E6FE 238912 -c--a-w- C:\WINDOWS\Sysnative\drivers\sdbus.sys
2014-12-10 00:50:23 24A8DFC07E4BAF29AEA26E383D4CC886 86336 ----a-w- C:\WINDOWS\Sysnative\drivers\pdc.sys
2014-12-10 00:50:22 A770340FC02B999EF0DE6C2A6BC8437C 39744 -c--a-w- C:\WINDOWS\Sysnative\drivers\intelpep.sys
====== C:\WINDOWS\Tasks ======
2015-01-08 13:11:22 B63AD96D5AB77552EFDB7D2277C3B0CB 3886 ----a-w- C:\WINDOWS\Sysnative\Tasks\Adobe Acrobat Update Task
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2015-01-08 16:44:51 -------- d-----w- C:\Program Files\HitmanPro
======= C:\PROGRA~2 =====
2015-01-08 12:11:42 -------- d-sh--w- C:\PROGRA~2\MpkingAcpoiscines
======= C: =====
====== C:\Users\Tae Youn\AppData\Roaming ======
2015-01-08 11:27:14 -------- d-----w- C:\Users\Tae Youn\AppData\Roaming\Google
====== C:\Users\Tae Youn ======
2015-01-08 21:28:33 5234F7CA5CA202CC4B7E59717E3F9FE6 182295 ----a-w- C:\Users\Tae Youn\Downloads\FRST64(2).exe
2015-01-08 21:14:54 05EE8B7DE7067EC38D232FE84B5BE9C1 1115648 ----a-w- C:\Users\Tae Youn\Downloads\FRST.exe
2015-01-08 21:12:44 31A10EBA3ADA65164B487635B1F7A42D 1613095 ----a-w- C:\Users\Tae Youn\Downloads\FRST64(1).exe
2015-01-08 21:04:35 D4B7755578C77AB576FDF45B26B19719 600 ----a-w- C:\Users\Tae Youn\PUTTY.RND
2015-01-08 17:47:25 13672E741CEAC976A55864659329EF4C 2765678 ----a-w- C:\Users\Tae Youn\Downloads\mbar-1.08.2.1001.exe
2015-01-08 17:30:16 1D52BA6FE6E435CE9E9C801D2B175936 2124288 ----a-w- C:\Users\Tae Youn\Downloads\FRST64.exe
2015-01-08 16:42:29 00FD7C6BEDEE9B24B0DB02B68B07AD54 11222744 ----a-w- C:\Users\Tae Youn\Downloads\HitmanPro_x64(2).exe
2015-01-08 16:39:37 BD6C3071F98A563989F99AC61BDDC925 10284408 ----a-w- C:\Users\Tae Youn\Downloads\HitmanPro.exe
2015-01-08 16:38:40 C6A1CCEDFC872EBAB73105F3290AF79F 8324532 ----a-w- C:\Users\Tae Youn\Downloads\HitmanPro_x64(1).exe
2015-01-08 13:13:01 3BD59D6C407AB1F6DDD7C5D9BD727469 20447072 ----a-w- C:\Users\Tae Youn\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-08 13:06:59 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp
2015-01-08 12:49:57 61CA40317EBF1254770BF8B495B3F8DA 2191360 ----a-w- C:\Users\Tae Youn\Downloads\adwcleaner_4.107.exe

====== C: exe-files ==
2015-01-08 21:28:33 5234F7CA5CA202CC4B7E59717E3F9FE6 182295 ----a-w- C:\Users\Tae Youn\Downloads\FRST64(2).exe
2015-01-08 21:14:54 05EE8B7DE7067EC38D232FE84B5BE9C1 1115648 ----a-w- C:\Users\Tae Youn\Downloads\FRST.exe
2015-01-08 21:12:44 31A10EBA3ADA65164B487635B1F7A42D 1613095 ----a-w- C:\Users\Tae Youn\Downloads\FRST64(1).exe
2015-01-08 17:47:25 13672E741CEAC976A55864659329EF4C 2765678 ----a-w- C:\Users\Tae Youn\Downloads\mbar-1.08.2.1001.exe
2015-01-08 17:30:16 1D52BA6FE6E435CE9E9C801D2B175936 2124288 ----a-w- C:\Users\Tae Youn\Downloads\FRST64.exe
2015-01-08 16:44:51 00FD7C6BEDEE9B24B0DB02B68B07AD54 11222744 ----a-w- C:\Program Files\HitmanPro\HitmanPro.exe
2015-01-08 16:42:29 00FD7C6BEDEE9B24B0DB02B68B07AD54 11222744 ----a-w- C:\Users\Tae Youn\Downloads\HitmanPro_x64(2).exe
2015-01-08 16:39:37 BD6C3071F98A563989F99AC61BDDC925 10284408 ----a-w- C:\Users\Tae Youn\Downloads\HitmanPro.exe
2015-01-08 16:38:40 C6A1CCEDFC872EBAB73105F3290AF79F 8324532 ----a-w- C:\Users\Tae Youn\Downloads\HitmanPro_x64(1).exe
2015-01-08 13:13:01 3BD59D6C407AB1F6DDD7C5D9BD727469 20447072 ----a-w- C:\Users\Tae Youn\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-08 13:11:01 516C021FEBEDE2962C9252DF85606C76 382168 ----a-w- C:\ProgramData\Adobe\ARM\S\25162\AdobeARMHelper.exe
2015-01-08 12:49:57 61CA40317EBF1254770BF8B495B3F8DA 2191360 ----a-w- C:\Users\Tae Youn\Downloads\adwcleaner_4.107.exe
2015-01-08 12:11:51 4322211DD95CA2D940E57D6D48B7908A 154112 ----a-r- C:\Program Files (x86)\MpkingAcpoiscines\MpkingAcpoiscinesHelper.exe
2015-01-08 12:11:49 4AEC96190CFCB442AEECB275D73A4470 110080 ----a-w- C:\Program Files (x86)\MpkingAcpoiscines\temp\certutil.exe
2015-01-08 12:11:47 CE41813E100762C5F7BFD809114E6C11 4316160 --sh--w- C:\Program Files (x86)\MpkingAcpoiscines\MpkingAcpoiscines.exe
2015-01-08 12:11:46 96B3771A6024C8F00E8AC29462220D64 7168 --sh--w- C:\Program Files (x86)\MpkingAcpoiscines\LoopbackForWin8.exe
2015-01-08 12:11:46 2764C3E30034E9469ADBDBBC99BD98E7 70992 --sh--w- C:\Program Files (x86)\MpkingAcpoiscines\CertMgr.exe
2015-01-08 10:54:02 4447723C9263C249C25E9EB93A759E52 1153144 ----a-w- C:\Users\Tae Youn\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exe
2015-01-06 11:30:42 B1B97114D180B5B1B05EB84F50441091 140464 ----a-w- C:\Windows\Temp\0117A78A-2F48-41D4-ABC7-39CBBD2BDC3F\DismHost.exe
2015-01-06 11:24:23 B1B97114D180B5B1B05EB84F50441091 140464 ----a-w- C:\Windows\Temp\B7010B8F-37CD-467A-A866-8348ADDEAFE6\DismHost.exe
2015-01-06 11:19:36 B1B97114D180B5B1B05EB84F50441091 140464 ----a-w- C:\Windows\Temp\8A41FB17-E15A-4B94-B1AD-7A9409CD9D25\DismHost.exe
2015-01-06 11:09:25 B1B97114D180B5B1B05EB84F50441091 140464 ----a-w- C:\Windows\Temp\DF34B8CA-314F-48B6-A048-E28A201A6833\DismHost.exe
2015-01-06 10:38:37 B1B97114D180B5B1B05EB84F50441091 140464 ----a-w- C:\Windows\Temp\85A7FDDE-EAD8-44B0-AEC3-C650CD3789DA\DismHost.exe
2015-01-06 10:33:48 B1B97114D180B5B1B05EB84F50441091 140464 ----a-w- C:\Windows\Temp\CED7003D-6979-48AC-9884-92C071D0CDD4\DismHost.exe
2015-01-06 10:28:39 B1B97114D180B5B1B05EB84F50441091 140464 ----a-w- C:\Windows\Temp\B51FEBCD-CEB4-4915-858D-61323BFD822B\DismHost.exe
=== C: other files ==
2015-01-08 16:50:23 A24624807D91E77E06EEB016D4C2D053 1443602 ----a-w- C:\Users\Tae Youn\AppData\Roaming\Mozilla\Firefox\Profiles\026mgjs4.default-1420720268969\extensions\firefox@ghostery.com.xpi
2015-01-08 16:48:47 A1B1BC6A14B437C82AC830116979E9F6 979699 ----a-w- C:\Users\Tae Youn\AppData\Roaming\Mozilla\Firefox\Profiles\026mgjs4.default-1420720268969\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
2015-01-08 13:16:49 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-01-08 13:14:29 CA43F8904E24BBE49982E4C0B29E6579 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-01-08 13:14:29 9D7BFFDB5FA62B600DF1FCB4919D9D79 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-01-08 13:14:29 478CC94C937D235CB0A96AB8F2359D81 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-01-08 10:54:02 026B5640E2613119DCA395EADB881425 2053640 ----a-w- C:\Users\Tae Youn\Desktop\u_14_04.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-575280890-2764862635-724835175-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe"
"ToshibaAppPlace"="C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe /background"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"TecoResident"="C:\Program Files\TOSHIBA\Teco\TecoResident.exe"
"TODDMain"="C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe"
"TosWaitSrv"="%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe "
"TCrdMain"="C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe"

==== Startup Folders ======================

2014-08-04 00:19:02 2130 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [07/14/2013 07:55 PM]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [07/14/2013 07:55 PM]

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\LaunchSignup" [C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe]
"C:\WINDOWS\SysNative\tasks\Synaptics TouchPad Enhancements" ["C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{0E750434-667E-464D-B455-06D74C555142}" [C:\WINDOWS\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\Norton Anti-Theft\Norton Error Analyzer" [C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe]
"C:\WINDOWS\SysNative\tasks\Norton Anti-Theft\Norton Error Processor" [C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe]
"C:\WINDOWS\SysNative\tasks\TOSHIBA\Service Station" ["C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe"]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [11/08/2014 01:12 AM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\TAEYOU~1\AppData\Roaming\Mozilla\Firefox\Profiles\026mgjs4.default-1420720268969
- Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- Undetermined - wrc@avast.com
- Ghostery - %ProfilePath%\extensions\firefox@ghostery.com.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[11/08/2014 01:12 AM]

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://msn.com/"
"Search Page"="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7"
{F917EF2A-9949-43A5-A95C-944EE71EA1F1} Unknown Url="Not_Found"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Thu 01/08/2015 at 14:14:45.30 ======================
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
51a612a8b27e2-Zoek.png
Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on
    51a612a8b27e2-Zoek.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    Code: 
    createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.




Download
51a5f31352b88-icon_MBAR.png
Malwarebytes Anti-Rootkit to your desktop.
  • Double-click the icon to start the tool.
  • It will ask you where to extract it, then it will start.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"
 
O

ohnovirus

New Member
Thread author
Verified
Jan 8, 2015
15
Zoek.exe v5.0.0.0 Updated 09-January-2015
Tool run by Tae Youn on Fri 01/09/2015 at 21:25:27.09.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Tae Youn\Downloads \zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-01-08-215111.log 21035 bytes
C:\zoek-results2015-01-08-221445.log 20874 bytes

==== System Restore Info ======================

1/9/2015 9:26:27 PM Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Users\Tae Youn\AppData\Roaming\Google deleted successfully
C:\Users\Tae Youn\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-575280890-2764862635-724835175-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38B8D915-C213-4917-B240-45B4A61CC92B} deleted successfully
HKEY_USERS\S-1-5-21-575280890-2764862635-724835175-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{45CF2F88-B2B-4297-B2B3-43A464BBAB3} deleted successfully
HKEY_USERS\S-1-5-21-575280890-2764862635-724835175-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{48335F2D-53F6-407D-B731-CC8FEDB646B4} deleted successfully
HKEY_USERS\S-1-5-21-575280890-2764862635-724835175-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{51BBA0F1-9304-4316-9872-2BC437A238F3} deleted successfully
HKEY_USERS\S-1-5-21-575280890-2764862635-724835175-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D7AA62E-1DD0-436D-8E0-55D74D2CE4} deleted successfully
HKEY_USERS\S-1-5-21-575280890-2764862635-724835175-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97DCEEF4-CA3C-4F97-B0C9-C4CD2B8B43A} deleted successfully
HKEY_USERS\S-1-5-21-575280890-2764862635-724835175-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7B752B2-14D1-4FA6-ADE2-DD69375F78C4} deleted successfully
HKEY_USERS\S-1-5-21-575280890-2764862635-724835175-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3EB7BD7-CD63-4752-A2D9-46EC9793B9AD} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\Users\Tae Youn\AppData\Roaming\WB.CFG deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows \Start Menu\Programs\Search.lnk deleted
C:\windows\SysNative\Tasks\LaunchSignup deleted
C:\WINDOWS\SysNative\config\systemprofile\Searches deleted
"C:\windows\Installer \1a05b.msi" deleted
"C:\PROGRA~3\boost_interprocess\Nobu64AgentService" deleted
"C:\PROGRA~3\boost_interprocess\Nobu64TrayIcon" deleted
"C:\PROGRA~3\boost_interprocess" not deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla \Firefox\Extensions]
"wrc@avast .com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [01/09/2015 03:52 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\TAEYOU~1\AppData\Roaming\Mozilla\Firefox\Profiles\v3hqp7zi.default-1420776888072
- New Tab Data - %ProfilePath%\extensions\newtab-data-beta@experiments.mozilla.org.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[11/08/2014 01:12 AM]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://msn.com/"
"Search Page"="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://msn.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7"
{F917EF2A-9949-43A5-A95C-944EE71EA1F1} Unknown Url="Not_Found"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-575280890-2764862635-724835175-1001\Software\Microsoft\Internet Explorer\SearchScopes\{F917EF2A-9949-43A5-A95C-944EE71EA1F1} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyServer"="http=127.0.0.1:9880"
"ProxyOverride"="<local>"
"ProxyEnable"=dword:00000001

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E40670FF068C9E042A033EF74AF101A3 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{57278AEA-8F7F-7853-D251-578336B66BE1} deleted successfully
HKEY_CURRENT_USER\Software\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FF07604E-C860-40E9-A230-E37FA41F103A} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E40670FF068C9E042A033EF74AF101A3 deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Tae Youn\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Tae Youn\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Tae Youn\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Tae Youn\AppData\Local\Microsoft\Windows\INetCache\IE\4AG2075Q will be deleted at reboot
C:\Users\Tae Youn\AppData\Local\Microsoft\Windows\INetCache\IE\8Q3F3ZCT will be deleted at reboot
C:\Users\Tae Youn\AppData\Local\Microsoft\Windows\INetCache\IE\DEBKQZ9Z will be deleted at reboot
C:\Users\Tae Youn\AppData\Local\Microsoft\Windows\INetCache\IE\DFLVFI39 will be deleted at reboot
C:\Users\Tae Youn\AppData\Local\Microsoft\Windows\INetCache\IE\FJ4SPVWO will be deleted at reboot
C:\Users\Tae Youn\AppData\Local\Microsoft\Windows\INetCache\IE\GRG30JXG will be deleted at reboot
C:\Users\Tae Youn\AppData\Local\Microsoft\Windows\INetCache\IE\GUMFA2J1 will be deleted at reboot
C:\Users\Tae Youn\AppData\Local\Microsoft\Windows\INetCache\IE\JXYTWWJH will be deleted at reboot
C:\Users\Tae Youn\AppData\Local\Microsoft\Windows\INetCache\IE\M3Q66W5V will be deleted at reboot
C:\Users\Tae Youn\AppData\Local\Microsoft\Windows\INetCache\IE\T640UDNV will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Tae Youn\AppData\Local\Mozilla\Firefox\Profiles\026mgjs4.default-1420720268969\cache2 emptied successfully
C:\Users\Tae Youn\AppData\Local\Mozilla\Firefox\Profiles\v3hqp7zi.default-1420776888072\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=28 folders=20 22757271 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Tae Youn\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\TAEYOU~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~3\boost_interprocess" not deleted
"C:\Users\Tae Youn\AppData\Local\Microsoft\Windows\INetCache\IE\4AG2075Q" not found
"C:\Users\Tae Youn\AppData\Local\Microsoft\Windows\INetCache\IE\8Q3F3ZCT" not found
"C:\Users\Tae Youn\AppData\Local\Microsoft\Windows\INetCache\IE\DEBKQZ9Z" not found
"C:\Users\Tae Youn\AppData\Local\Microsoft\Windows\INetCache\IE\DFLVFI39" not found
"C:\Users\Tae Youn\AppData\Local\Microsoft\Windows\INetCache\IE\FJ4SPVWO" not found
"C:\Users\Tae Youn\AppData\Local\Microsoft\Windows\INetCache\IE\GRG30JXG" not found
"C:\Users\Tae Youn\AppData\Local\Microsoft\Windows\INetCache\IE\GUMFA2J1" not found
"C:\Users\Tae Youn\AppData\Local\Microsoft\Windows\INetCache\IE\JXYTWWJH" not found
"C:\Users\Tae Youn\AppData\Local\Microsoft\Windows\INetCache\IE\M3Q66W5V" not found
"C:\Users\Tae Youn\AppData\Local\Microsoft\Windows\INetCache\IE\T640UDNV" not found

==== EOF on Fri 01/09/2015 at 21:59:50.99 ======================
 
O

ohnovirus

New Member
Thread author
Verified
Jan 8, 2015
15
I can't download Malwarebytes. It says:

'Please, enter the extraction path'

and when I press 'ok' it says: Non 7z archive
 
O

ohnovirus

New Member
Thread author
Verified
Jan 8, 2015
15
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Tae Youn (administrator) on TAE on 10-01-2015 01:31:08
Running from C:\Users\Tae Youn\Downloads
Loaded Profile: Tae Youn (Available profiles: Tae Youn)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast \AvastSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\MpkingAcpoiscines\MpkingAcpoiscines.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup \NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
() C:\Program Files (x86)\MpkingAcpoiscines\MpkingAcpoiscinesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
() C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast \avastui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update \hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\HDD Accelerator\THAccelSvc.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update ] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-575280890-2764862635-724835175-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [1435136 2014-10-03] ()
HKU\S-1-5-21-575280890-2764862635-724835175-1001\...\Run: [BitTorrent] => C:\Users\Tae Youn\AppData\Roaming\BitTorrent\BitTorrent.exe [1381208 2014-12-15] (BitTorrent Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-575280890-2764862635-724835175-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-575280890-2764862635-724835175-1001] => http=127.0.0.1:9880
HKU\S-1-5-21-575280890-2764862635-724835175-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=100&itype=n&ver=14733&tm=586&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=100&itype=n&ver=14733&tm=586&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-575280890-2764862635-724835175-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-575280890-2764862635-724835175-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Tae Youn\AppData\Roaming\Mozilla\Firefox\Profiles\026mgjs4.default-1420720268969
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-08-14]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-08] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-08] (Avast Software)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 MpkingAcpoiscines; C:\Program Files (x86)\MpkingAcpoiscines\MpkingAcpoiscines.exe [4316160 2015-01-07] () [File not signed] <==== ATTENTION
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [214928 2013-10-17] (TOSHIBA CORPORATION)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-08] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-08] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-08] (AVAST Software)
S3 aswTap; C:\Windows\system32\DRIVERS\aswTap.sys [44640 2013-12-16] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-08] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-24] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-24] (Windows (R) Win 7 DDK provider)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corporation )
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [111488 2013-10-15] (TOSHIBA Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-08] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 01:31 - 2015-01-10 01:31 - 00013994 _____ () C:\Users\Tae Youn\Downloads\FRST.txt
2015-01-10 01:29 - 2015-01-10 01:29 - 02124288 _____ (Farbar) C:\Users\Tae Youn\Downloads\FRST64.exe
2015-01-10 01:23 - 2015-01-10 01:23 - 15782229 _____ (Malwarebytes Corp.) C:\Users\Tae Youn\Downloads\mbar-1.08.2.1001(3).exe
2015-01-10 01:20 - 2015-01-10 01:21 - 00000197 _____ () C:\WINDOWS\system32\2015-01-10-09-20-23.053-AvastVBoxSVC.exe-2764.log
2015-01-10 01:19 - 2015-01-10 01:19 - 00000000 ____D () C:\Users\Tae Youn\AppData\Local\VirtualStore
2015-01-10 01:19 - 2015-01-10 01:19 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-01-10 00:43 - 2015-01-10 00:02 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2015-01-10 00:03 - 2015-01-09 23:58 - 00017762 _____ () C:\zoek-results2015-01-10-075851.log
2015-01-10 00:02 - 2015-01-10 00:02 - 01295360 _____ () C:\Users\Tae Youn\Downloads\zoek(3).exe
2015-01-09 23:42 - 2015-01-09 21:59 - 00012123 _____ () C:\zoek-results2015-01-10-055950.log
2015-01-09 23:39 - 2015-01-09 23:40 - 01295360 _____ () C:\Users\Tae Youn\Downloads\zoek(2).exe
2015-01-09 23:37 - 2015-01-09 23:37 - 01295360 _____ () C:\Users\Tae Youn\Downloads\zoek(1).exe
2015-01-09 22:35 - 2015-01-09 22:35 - 00000247 _____ () C:\WINDOWS\system32\2015-01-10-06-35-18.071-aswFe.exe-180.log
2015-01-09 22:22 - 2015-01-09 22:35 - 00000247 _____ () C:\WINDOWS\system32\2015-01-10-06-22-41.047-aswFe.exe-5484.log
2015-01-09 22:22 - 2015-01-09 22:22 - 00000197 _____ () C:\WINDOWS\system32\2015-01-10-06-22-37.022-AvastVBoxSVC.exe-5340.log
2015-01-09 22:09 - 2015-01-09 22:09 - 01687760 _____ (Malwarebytes Corp.) C:\Users\Tae Youn\Downloads\mbar-1.08.2.1001(2).exe
2015-01-09 22:08 - 2015-01-09 22:08 - 00605900 _____ (Malwarebytes Corp.) C:\Users\Tae Youn\Downloads\mbar-1.08.2.1001(1).exe
2015-01-09 22:07 - 2015-01-09 22:07 - 00124100 _____ () C:\Users\Tae Youn\Downloads\mbar-1.08.2.1001.exe
2015-01-09 21:26 - 2015-01-08 14:14 - 00020874 _____ () C:\zoek-results2015-01-08-221445.log
2015-01-09 21:25 - 2015-01-09 21:25 - 01295360 _____ () C:\Users\Tae Youn\Downloads\zoek.exe
2015-01-09 15:55 - 2015-01-09 15:55 - 00000197 _____ () C:\WINDOWS\system32\2015-01-09-23-55-37.037-AvastVBoxSVC.exe-4168.log
2015-01-09 15:52 - 2014-11-08 01:12 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-01-08 14:06 - 2015-01-08 13:51 - 00021035 _____ () C:\zoek-results2015-01-08-215111.log
2015-01-08 13:43 - 2015-01-10 01:20 - 00006625 _____ () C:\zoek-results.log
2015-01-08 13:40 - 2015-01-09 21:49 - 00000000 ____D () C:\zoek_backup
2015-01-08 13:04 - 2015-01-08 13:05 - 00000600 _____ () C:\Users\Tae Youn\PUTTY.RND
2015-01-08 09:30 - 2015-01-10 01:31 - 00000000 ____D () C:\FRST
2015-01-08 09:25 - 2015-01-08 09:26 - 00000197 _____ () C:\WINDOWS\system32\2015-01-08-17-25-59.036-AvastVBoxSVC.exe-3756.log
2015-01-08 08:45 - 2015-01-08 08:45 - 00043664 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-01-08 08:44 - 2015-01-09 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-01-08 08:44 - 2015-01-09 15:47 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-08 08:44 - 2015-01-08 08:44 - 00001876 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-01-08 08:42 - 2015-01-08 08:43 - 11222744 _____ (SurfRight B.V.) C:\Users\Tae Youn\Downloads\HitmanPro_x64(2).exe
2015-01-08 08:39 - 2015-01-08 08:40 - 10284408 _____ (SurfRight B.V.) C:\Users\Tae Youn\Downloads\HitmanPro.exe
2015-01-08 08:38 - 2015-01-08 08:39 - 08324532 _____ (SurfRight B.V.) C:\Users\Tae Youn\Downloads\HitmanPro_x64(1).exe
2015-01-08 08:36 - 2015-01-08 08:37 - 00000197 _____ () C:\WINDOWS\system32\2015-01-08-16-36-42.094-AvastVBoxSVC.exe-1184.log
2015-01-08 05:48 - 2015-01-08 05:48 - 00000247 _____ () C:\WINDOWS\system32\2015-01-08-13-48-23.025-aswFe.exe-4812.log
2015-01-08 05:41 - 2015-01-08 05:48 - 00000247 _____ () C:\WINDOWS\system32\2015-01-08-13-41-13.077-aswFe.exe-3464.log
2015-01-08 05:41 - 2015-01-08 05:41 - 00000197 _____ () C:\WINDOWS\system32\2015-01-08-13-41-09.068-AvastVBoxSVC.exe-5988.log
2015-01-08 05:16 - 2015-01-08 05:16 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-08 05:14 - 2015-01-09 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-08 05:14 - 2015-01-09 15:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-08 05:14 - 2015-01-08 05:14 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-08 05:14 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-08 05:14 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-08 05:14 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-08 05:13 - 2015-01-08 05:13 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Tae Youn\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-08 05:11 - 2015-01-08 05:11 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-01-08 04:49 - 2015-01-08 04:50 - 02191360 _____ () C:\Users\Tae Youn\Downloads\adwcleaner_4.107.exe
2015-01-08 04:11 - 2015-01-08 04:11 - 00000000 __SHD () C:\Program Files (x86)\MpkingAcpoiscines
2015-01-08 02:54 - 2015-01-08 02:54 - 02053640 _____ () C:\Users\Tae Youn\Desktop\u_14_04.zip
2014-12-30 21:10 - 2015-01-09 23:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-17 19:09 - 2014-12-17 19:14 - 00000197 _____ () C:\WINDOWS\system32\2014-12-18-03-09-01.095-AvastVBoxSVC.exe-2124.log
2014-12-17 04:42 - 2014-12-17 04:43 - 00000197 _____ () C:\WINDOWS\system32\2014-12-17-12-42-24.004-AvastVBoxSVC.exe-4452.log
2014-12-12 22:05 - 2014-12-12 22:05 - 00000197 _____ () C:\WINDOWS\system32\2014-12-13-06-05-26.015-AvastVBoxSVC.exe-2840.log
2014-12-12 22:03 - 2014-11-26 13:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-12-12 22:03 - 2014-11-26 13:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-12 22:00 - 2014-12-12 22:00 - 00000000 ____D () C:\WINDOWS\system32\appraiser

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 01:27 - 2014-11-12 07:29 - 00000000 ____D () C:\Users\Tae Youn\AppData\Roaming\BitTorrent
2015-01-10 01:26 - 2014-03-24 01:21 - 00003774 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0E750434-667E-464D-B455-06D74C555142}
2015-01-10 01:22 - 2014-03-24 01:06 - 01498611 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-10 01:21 - 2013-08-14 20:03 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-01-10 01:19 - 2013-08-22 06:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-10 01:19 - 2013-07-14 19:55 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-10 01:18 - 2013-11-13 23:20 - 00232672 _____ () C:\WINDOWS\PFRO.log
2015-01-10 01:00 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-10 00:50 - 2013-07-14 19:55 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-10 00:47 - 2013-07-14 19:58 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-575280890-2764862635-724835175-1001
2015-01-09 23:44 - 2013-07-16 11:39 - 00000000 ____D () C:\Users\Tae Youn\AppData\Local\CrashDumps
2015-01-09 21:57 - 2013-08-22 05:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-09 15:54 - 2013-08-22 05:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-09 15:53 - 2014-11-08 01:13 - 00001951 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-09 15:49 - 2014-03-24 00:52 - 00000000 ____D () C:\Users\Tae Youn
2015-01-09 15:47 - 2014-11-15 01:49 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2015-01-09 15:38 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\registration
2015-01-09 15:25 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-08 20:53 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-08 09:02 - 2014-03-26 00:21 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-08 08:32 - 2013-08-22 05:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI(44)
2015-01-08 05:15 - 2013-11-13 23:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-08 05:01 - 2014-08-06 02:22 - 00000000 ____D () C:\AdwCleaner
2015-01-08 05:01 - 2012-11-14 21:35 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-08 04:46 - 2013-07-14 19:55 - 00000000 ____D () C:\Users\Tae Youn\AppData\Local\Google
2015-01-08 04:46 - 2013-07-14 19:55 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-28 20:50 - 2013-08-22 06:46 - 00290240 _____ () C:\WINDOWS\setupact.log
2014-12-25 01:16 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\tracing
2014-12-19 08:47 - 2012-07-25 23:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-18 03:39 - 2014-04-17 22:23 - 00240640 ___SH () C:\Users\Tae Youn\Downloads\Thumbs.db
2014-12-14 00:19 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-12 22:00 - 2014-07-11 10:25 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-12-12 22:00 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-12 22:00 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-12 22:00 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-12 22:00 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2014-12-11 05:02 - 2013-07-18 02:01 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-11 04:57 - 2013-07-17 02:42 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-08 10:15

==================== End Of Log ============================
 
O

ohnovirus

New Member
Thread author
Verified
Jan 8, 2015
15
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Tae Youn at 2015-01-10 01:32:22
Running from C:\Users\Tae Youn\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{14718008-7D73-53AA-D0FF-88E805958D42}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Anki (HKLM-x32\...\Anki) (Version: - )
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.6 - Atheros Communications Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
BitTorrent (HKU\S-1-5-21-575280890-2764862635-724835175-1001\...\BitTorrent) (Version: 7.9.2.36804 - BitTorrent Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C4700 (x32 Version: 140.0.851.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-575280890-2764862635-724835175-1001\...\Dropbox) (Version: 2.10.46 - Dropbox, Inc.)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
Gardenscapes: Mansion Makeover (x32 Version: 3.0.2.32 - WildTangent) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{28981D56-C55A-4972-998F-823590FD43A2}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-575280890-2764862635-724835175-1001\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mnemosyne 2.3.1 (HKLM-x32\...\Mnemosyne_is1) (Version: - )
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.45 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.11 - Symantec Corporation) Hidden
Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.5.38.0 - Symantec Corporation)
Norton Security Dashboard (HKLM-x32\...\NortonSD) (Version: 1.1.1.9 - Symantec Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.15.60 - Electronic Arts, Inc.)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
PS_AIO_06_C4700_SW_Min (x32 Version: 140.0.863.000 - Hewlett-Packard) Hidden
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6743 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.2 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)
Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)
TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 1.2.0000 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.09.6400 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.8.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 3.0.2.32 - WildTangent) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-575280890-2764862635-724835175-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tae Youn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-575280890-2764862635-724835175-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Tae Youn\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-575280890-2764862635-724835175-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Tae Youn\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-575280890-2764862635-724835175-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Tae Youn\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-575280890-2764862635-724835175-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Tae Youn\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-575280890-2764862635-724835175-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tae Youn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-575280890-2764862635-724835175-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tae Youn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-575280890-2764862635-724835175-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tae Youn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-575280890-2764862635-724835175-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tae Youn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-575280890-2764862635-724835175-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tae Youn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-575280890-2764862635-724835175-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tae Youn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-575280890-2764862635-724835175-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tae Youn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-575280890-2764862635-724835175-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tae Youn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

19-12-2014 08:46:29 Windows Update
28-12-2014 23:14:46 Scheduled Checkpoint
06-01-2015 08:58:29 Scheduled Checkpoint
08-01-2015 09:02:58 Installed Adblock Plus for IE (32-bit and 64-bit)
09-01-2015 15:30:26 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 05:25 - 2013-08-22 05:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {253C1BD1-B60B-4F28-A302-22ED6B0631D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-14] (Google Inc.)
Task: {3739C601-EC5E-42F0-B77B-AF426AF81B5B} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {5ED23A88-62E5-4B5D-8064-097E197D2A60} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {61FEA8B5-17DA-4069-9BDA-40098B216A87} - \LaunchSignup No Task File <==== ATTENTION
Task: {62BBCC69-C4E3-4CF7-B82E-B3C83BA94790} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {63A257F1-7111-4EEF-80AA-468378003C3E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {72867436-1958-4995-AC72-587C08C02EE1} - System32\Tasks\{B84B7E9E-7B5C-4009-9384-3E55CAB8D2F1} => pcalua.exe -a C:\PROGRA~2\SearchProtect\Main\bin\uninstall.exe -c /S <==== ATTENTION
Task: {83805A5B-E3B3-4595-B60A-4524898903E7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-11] (Microsoft Corporation)
Task: {A01C60F6-5EEE-485C-B209-B55D0E606B67} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-14] (Google Inc.)
Task: {D11AF9DC-8164-4613-9FC8-B5D5A3CCC57E} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-20] (Synaptics Incorporated)
Task: {EE102A93-6073-45DA-AF8E-22C3CDBA8971} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-08] (AVAST Software)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2015-01-08 04:11 - 2015-01-07 10:27 - 04316160 ___SH () C:\Program Files (x86)\MpkingAcpoiscines\MpkingAcpoiscines.exe
2014-11-08 01:12 - 2014-11-08 01:12 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-08 01:12 - 2014-11-08 01:12 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2015-01-08 04:11 - 2015-01-08 04:11 - 00154112 ____R () C:\Program Files (x86)\MpkingAcpoiscines\MpkingAcpoiscinesHelper.exe
2012-07-18 17:38 - 2012-07-18 17:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2014-10-03 00:08 - 2014-10-03 00:08 - 01435136 _____ () C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
2014-11-08 01:12 - 2014-11-08 01:12 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-01-10 01:19 - 2015-01-10 01:19 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011000\algo.dll
2015-01-08 04:11 - 2015-01-07 10:27 - 00117262 ___SH () C:\Program Files (x86)\MpkingAcpoiscines\libgcc_s_dw2-1.dll
2015-01-08 04:11 - 2015-01-07 10:27 - 00970766 ___SH () C:\Program Files (x86)\MpkingAcpoiscines\libstdc++-6.dll
2014-11-08 01:12 - 2014-11-08 01:12 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-30 21:10 - 2015-01-09 23:59 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-575280890-2764862635-724835175-500 - Administrator - Disabled)
Guest (S-1-5-21-575280890-2764862635-724835175-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-575280890-2764862635-724835175-1003 - Limited - Enabled)
Tae Youn (S-1-5-21-575280890-2764862635-724835175-1001 - Administrator - Enabled) => C:\Users\Tae Youn

==================== Faulty Device Manager Devices =============

Name: Photosmart C4700 series
Description: Photosmart C4700 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C4700 series
Description: Photosmart C4700 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/10/2015 01:21:26 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (01/09/2015 11:44:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DaS_21.exe, version: 2.1.0.4, time stamp: 0x540c90b2
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eebf2e
Exception code: 0xe0434352
Fault offset: 0x000000000000606c
Faulting process id: 0x1170
Faulting application start time: 0xDaS_21.exe0
Faulting application path: DaS_21.exe1
Faulting module path: DaS_21.exe2
Report Id: DaS_21.exe3
Faulting package full name: DaS_21.exe4
Faulting package-relative application ID: DaS_21.exe5

Error: (01/09/2015 11:44:42 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DaS_21.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentOutOfRangeException
Stack:
at System.String.Substring(Int32, Int32)
at DriverAndServicesOut.GetProcess.GetPathName(System.String)
at DriverAndServicesOut.GetProcess.GetAllServices(System.String)
at DriverAndServicesOut.Program.Main(System.String[])

Error: (01/09/2015 10:04:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 35.0.0.5476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1570

Start Time: 01d02c9aec15e945

Termination Time: 130

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 96ef30f1-988e-11e4-bee2-008cfa428d18

Faulting package full name:

Faulting package-relative application ID:

Error: (01/09/2015 10:00:44 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (01/09/2015 04:00:00 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1692) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU01EB6.log.

Error: (01/09/2015 03:51:59 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (01/09/2015 03:51:29 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Installed Adblock Plus for IE (32-bit and 64-bit)). Additional information: 0x80070005.

Error: (01/09/2015 03:16:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_winethc.dll, version: 6.3.9600.16384, time stamp: 0x5215f00d
Faulting module name: USER32.dll, version: 6.3.9600.17278, time stamp: 0x53eebd22
Exception code: 0xc0000142
Fault offset: 0x00000000000ec0b4
Faulting process id: 0x3134
Faulting application start time: 0xrundll32.exe_winethc.dll0
Faulting application path: rundll32.exe_winethc.dll1
Faulting module path: rundll32.exe_winethc.dll2
Report Id: rundll32.exe_winethc.dll3
Faulting package full name: rundll32.exe_winethc.dll4
Faulting package-relative application ID: rundll32.exe_winethc.dll5

Error: (01/09/2015 03:02:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avastui.exe, version: 10.0.2208.726, time stamp: 0x547764ec
Faulting module name: avastui.exe, version: 10.0.2208.726, time stamp: 0x547764ec
Exception code: 0xc0000005
Fault offset: 0x0019fcf0
Faulting process id: 0x23d4
Faulting application start time: 0xavastui.exe0
Faulting application path: avastui.exe1
Faulting module path: avastui.exe2
Report Id: avastui.exe3
Faulting package full name: avastui.exe4
Faulting package-relative application ID: avastui.exe5


System errors:
=============
Error: (01/10/2015 01:20:13 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The MpkingAcpoiscines service hung on starting.

Error: (01/10/2015 01:19:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppEx Networks Accelerator LWF service failed to start due to the following error:
%%31

Error: (01/10/2015 01:19:06 AM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)

Error: (01/10/2015 00:36:19 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (01/10/2015 00:36:19 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (01/10/2015 00:36:18 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (01/10/2015 00:36:17 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (01/10/2015 00:36:17 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (01/09/2015 09:59:20 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The MpkingAcpoiscines service hung on starting.

Error: (01/09/2015 09:58:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppEx Networks Accelerator LWF service failed to start due to the following error:
%%31


Microsoft Office Sessions:
=========================
Error: (01/10/2015 01:21:26 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (01/09/2015 11:44:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DaS_21.exe2.1.0.4540c90b2KERNELBASE.dll6.3.9600.1727853eebf2ee0434352000000000000606c117001d02ca9484e2cd2C:\Users\TAEYOU~1\AppData\Local\Temp\DaS_21.exeC:\WINDOWS\system32\KERNELBASE.dll8a5d46f2-989c-11e4-bee2-008cfa428d18

Error: (01/09/2015 11:44:42 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DaS_21.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentOutOfRangeException
Stack:
at System.String.Substring(Int32, Int32)
at DriverAndServicesOut.GetProcess.GetPathName(System.String)
at DriverAndServicesOut.GetProcess.GetAllServices(System.String)
at DriverAndServicesOut.Program.Main(System.String[])

Error: (01/09/2015 10:04:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe35.0.0.5476157001d02c9aec15e945130C:\Program Files (x86)\Mozilla Firefox\firefox.exe96ef30f1-988e-11e4-bee2-008cfa428d18

Error: (01/09/2015 10:00:44 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (01/09/2015 04:00:00 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost1692SRUJet: C:\WINDOWS\system32\SRU\SRU01EB6.log-1811 (0xfffff8ed)

Error: (01/09/2015 03:51:59 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (01/09/2015 03:51:29 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Installed Adblock Plus for IE (32-bit and 64-bit)0x80070005

Error: (01/09/2015 03:16:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_winethc.dll6.3.9600.163845215f00dUSER32.dll6.3.9600.1727853eebd22c000014200000000000ec0b4313401d02c623b98c35bC:\WINDOWS\System32\rundll32.exeUSER32.dll79d92145-9855-11e4-bee0-008cfa428d18

Error: (01/09/2015 03:02:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avastui.exe10.0.2208.726547764ecavastui.exe10.0.2208.726547764ecc00000050019fcf023d401d02c6044ea2f38C:\Program Files\AVAST Software\Avast\avastui.exeC:\Program Files\AVAST Software\Avast\avastui.exea6c03dc6-9853-11e4-bee0-008cfa428d18


==================== Memory info ===========================

Processor: AMD A6-4400M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 50%
Total physical RAM: 3550.26 MB
Available physical RAM: 1757.3 MB
Total Pagefile: 5534.26 MB
Available Pagefile: 3102.45 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (TI10657600C) (Fixed) (Total:453.76 GB) (Free:412.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
 
O

ohnovirus

New Member
Thread author
Verified
Jan 8, 2015
15
oh okay, sorry about that. here it is:
 

Attachments

  • FRST.txt
    24.6 KB · Views: 40
  • Addition.txt
    32.9 KB · Views: 55
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

Attachments

  • fixlist.txt
    1.7 KB · Views: 36

Similar threads

P
  • Locked
No Reply yandex search
Replies
3
Views
454
Windows Malware Removal Help & Support
icotonev
icotonev
Shadowkitt10
  • Locked
Browser Keeps Changing to Bing or Yahoo Despite Default Browser Being Different
Replies
5
Views
895
Windows Malware Removal Help & Support
nasdaq
nasdaq
kai cenat
  • Locked
No Reply cannot remove CanisLupusHudsonicus
Replies
2
Views
367
Windows Malware Removal Help & Support
icotonev
icotonev

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top