Quantcast
Channel: Tech Support Forum - Virus/Trojan/Spyware Help
Viewing all articles
Browse latest Browse all 2798

Malware Removal help for Grandparents laptop

February 23, 2014, 8:07 am
$
0
0
Hey Malware Team,

My Grandparents have had their laptop for several years and recently have been getting slowness issues as well as having ads keep popping up on popular websites such as Amazon (I've gotten them myself whilst using it).

Since I won't have the laptop to hand until I next go round (probably next week), I have ran the DDS scan as well as GMER (no rootkit warnings) and have also include the Combofix output.

Below are the logs and thanks in advance for your help :wave:
-Redeye-


LOGS [Also attached in a ZIP file]
=============================
>> DDS.txt
Code:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16533  BrowserJavaVersion: 10.45.2
Run by toshiba at 15:27:13 on 2014-02-23
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.44.1033.18.1915.567 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = www.bing.com
uSearch Bar = www.bing.com
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
dURLSearchHooks: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - <orphaned>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: TopArcadeHits Games: {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - c:\users\toshiba\appdata\local\toparcadehits\Toparcadehits.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - c:\program files\avast software\avast! ad blocker ie\Adblocker32.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
dRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {32E7B36C-7960-4A42-B83B-D8AFD0AAEF2B} - hxxp://dizun95pzobbc.cloudfront.net/INDBrowser.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{8CF94F9F-F938-4CBE-9644-216B336CEEF5} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.117\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\toshiba\appdata\roaming\mozilla\firefox\profiles\4ggay3zy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/webhp?hl=en&tab=ww
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\toshiba\appdata\local\roblox\versions\version-695ea9f5bdba4fec\NPRobloxProxy.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=7935ee6937d34f4fb6768bacd0264de8&tu=11JL0008D2B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&q={searchTerms}&gu=7935ee6937d34f4fb6768bacd0264de8&tu=11JL0008D2B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm_i.dnsErr - true
FF - user.js: extensions.zonealarm_i.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=en&gu=7935ee6937d34f4fb6768bacd0264de8&tu=11JL0008D2B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=7935ee6937d34f4fb6768bacd0264de8&tu=11JL0008D2B000s&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 04c9b3c5000000000000002163ce02d3
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15849
FF - user.js: extensions.zonealarm.vrsn - 1.8.3.16
FF - user.js: extensions.zonealarm.vrsni - 1.8.3.16
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.8.3.1618:04:34
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 5043
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN118191110130364-5043
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-8-19 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-8-19 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-8-19 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-8-19 410784]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-8-19 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-8-19 50344]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-7 7168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca19dc33077c0;Google Update Service (gupdate1ca19dc33077c0);c:\program files\google\update\GoogleUpdate.exe [2009-8-10 133104]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-11-16 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 BecHelperService;BecHelperService;c:\program files\3\3connect\BecHelperService.exe [2013-7-8 1737464]
S4 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-7-15 954368]
S4 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-8-19 4308320]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2013-8-27 93072]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
SUnknown AVG Bonjour Service;AVG Bonjour Service; [x]
SUnknown AVG Security Toolbar Service;AVG Security Toolbar Service; [x]
.
=============== Created Last 30 ================
.
2014-02-23 14:49:49        --------        d-----w-        c:\program files\CCleaner
2014-02-21 15:55:01        7947048        ----a-w-        c:\programdata\microsoft\windows defender\definition updates\{b93ae213-5b83-4d54-8d51-984b23315a44}\mpengine.dll
2014-02-17 07:53:16        --------        d-----w-        c:\windows\CheckSur
2014-02-14 12:15:43        1248768        ----a-w-        c:\windows\system32\msxml3.dll
.
==================== Find3M  ====================
.
2014-02-10 09:34:52        775952        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2014-02-10 09:34:52        67824        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2014-02-10 09:34:51        43152        ----a-w-        c:\windows\avastSS.scr
2014-02-05 08:56:17        1806848        ----a-w-        c:\windows\system32\jscript9.dll
2014-02-05 08:50:39        1129472        ----a-w-        c:\windows\system32\wininet.dll
2014-02-05 08:49:56        1427968        ----a-w-        c:\windows\system32\inetcpl.cpl
2014-02-05 08:48:40        142848        ----a-w-        c:\windows\system32\ieUnatt.exe
2014-02-05 08:48:27        421376        ----a-w-        c:\windows\system32\vbscript.dll
2014-02-05 08:47:16        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2014-01-02 18:02:32        180248        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2013-12-27 18:10:48        18776        ----a-w-        c:\windows\system32\roboot.exe
2013-12-18 06:13:56        231584        ------w-        c:\windows\system32\MpSigStub.exe
2013-12-10 21:23:16        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 21:23:16        692616        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-11-27 20:19:14        49944        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2006-10-30 09:09:42        2437120        ----a-w-        c:\program files\DigimaxMaster.exe
2006-10-16 09:21:34        491520        ----a-w-        c:\program files\pma_rt.rts
2005-06-29 14:54:24        50176        ----a-w-        c:\program files\MovieSource.ax
2005-01-21 15:25:50        73728        ----a-w-        c:\program files\Stwa2002.dll
2004-08-03 23:57:00        1712128        ----a-w-        c:\program files\GdiPlus.dll
2003-03-19 06:20:00        1060864        ----a-w-        c:\program files\MFC71.dll
2003-03-19 05:14:52        499712        ----a-w-        c:\program files\msvcp71.dll
2003-02-21 13:42:22        348160        ----a-w-        c:\program files\msvcr71.dll
2003-02-19 16:12:06        94208        ----a-w-        c:\program files\Stdth32.dll
2002-10-31 18:16:02        286720        ----a-w-        c:\program files\Stctl32c.dll
2002-09-06 15:34:10        49152        ----a-w-        c:\program files\Sttmb2002.dll
1998-07-09 18:41:12        217088        ----a-w-        c:\program files\skjpeg40.dll
1998-03-04 09:40:50        83968        ----a-w-        c:\program files\Skbase40.dll
.
============= FINISH: 15:28:19.32 ===============
>> Attach.txt
Code:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 15/07/2009 13:58:31
System Uptime: 23/02/2014 14:41:57 (1 hours ago)
.
Motherboard: TOSHIBA |  | Portable PC
Processor: Genuine Intel(R) CPU          T1600  @ 1.66GHz | CPU | 1662/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 14.33 GiB free.
D: is FIXED (NTFS) - 73 GiB total, 67.639 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP914: 11/02/2014 11:30:34 - Windows Update
RP916: 14/02/2014 10:51:16 - avast! antivirus system restore point
RP917: 14/02/2014 10:59:45 - Windows Update
RP918: 15/02/2014 09:02:27 - Windows Update
RP919: 16/02/2014 21:44:24 - Scheduled Checkpoint
RP920: 17/02/2014 07:52:25 - Windows Update
RP921: 21/02/2014 15:54:01 - Windows Update
.
==== Installed Programs ======================
.
3Connect
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
avast! Ad Blocker
avast! Free Antivirus
Bonjour
Canon MP Navigator EX 2.0
Canon MP630 series MP Drivers
Canon MP630 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
CD-LabelPrint
CD/DVD Drive Acoustic Silencer
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
D3DX10
Digimax Master
FUJIFILM MyFinePix Studio 1.0
Google Chrome
Google Earth
Google Update Helper
GoToAssist Corporate
Guitar Pro 5.1
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Huawei modem
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java 7 Update 45
Java Auto Updater
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Junk Mail filter update
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft XML Parser
Mozilla Firefox 27.0.1 (x86 en-GB)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
Picasa 3
Power Tab Editor 1.7
QuickTime
RAF
RAW FILE CONVERTER powered by SILKYPIX
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
ROBLOX Player for toshiba
ROBLOX Studio 2013 for toshiba
Samsung USB Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Segoe UI
Spelling Dictionaries Support For Adobe Reader 8
SUPERAntiSpyware
Synaptics Pointing Device Driver
TeamViewer 8
TomTom HOME
TomTom HOME Visual Studio Merge Modules
TopArcadeHits
TOSHIBA Supervisor Password
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinRAR 4.01 (32-bit)
Wizard101(UK)
ZoneAlarm LTD Toolbar
.
==== Event Viewer Messages From Past Week ========
.
23/02/2014 14:43:56, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  drqlmv
23/02/2014 14:42:28, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.1.2 for the Network Card with network address 002163CE02D3 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
18/02/2014 22:19:01, Error: EventLog [6008]  - The previous system shutdown at 22:14:26 on 18/02/2014 was unexpected.
18/02/2014 15:10:37, Error: EventLog [6008]  - The previous system shutdown at 15:08:56 on 18/02/2014 was unexpected.
.
==== End Of File ===========================
>> Combofix.txt
Code:
ComboFix 14-02-23.01 - toshiba 23/02/2014  15:46:26.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.44.1033.18.1915.597 [GMT 0:00]
Running from: c:\users\toshiba\Desktop\TSF Virus Troubleshooting\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\toshiba\AppData\Local\TopArcadeHits
c:\users\toshiba\AppData\Local\TopArcadeHits\tah.config
c:\users\toshiba\AppData\Local\TopArcadeHits\ToPArcadehits.dll
c:\users\toshiba\AppData\Local\TopArcadeHits\uninstaller.exe
c:\users\toshiba\AppData\Local\TopArcadeHits\updater.exe
c:\users\toshiba\AppData\Roaming\846011875.log
c:\windows\system32\pt
c:\windows\system32\pt\toscdspd.cpl.mui
.
.
(((((((((((((((((((((((((  Files Created from 2014-01-23 to 2014-02-23  )))))))))))))))))))))))))))))))
.
.
2014-02-23 15:55 . 2014-02-23 15:55        --------        d-----w-        c:\users\toshiba\AppData\Local\temp
2014-02-23 15:55 . 2014-02-23 15:55        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-02-23 14:49 . 2014-02-23 14:49        --------        d-----w-        c:\program files\CCleaner
2014-02-21 15:55 . 2014-02-06 07:08        7947048        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B93AE213-5B83-4D54-8D51-984B23315A44}\mpengine.dll
2014-02-17 07:53 . 2014-02-17 07:53        --------        d-----w-        c:\windows\CheckSur
2014-02-14 12:15 . 2013-12-05 02:12        1248768        ----a-w-        c:\windows\system32\msxml3.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-10 09:34 . 2013-08-19 16:33        410784        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2014-02-10 09:34 . 2013-08-19 16:33        54832        ----a-w-        c:\windows\system32\drivers\aswRdr.sys
2014-02-10 09:34 . 2013-08-19 16:33        57672        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2014-02-10 09:34 . 2013-08-19 16:33        775952        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2014-02-10 09:34 . 2013-08-19 16:33        67824        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2014-02-10 09:34 . 2013-08-19 16:33        270240        ----a-w-        c:\windows\system32\aswBoot.exe
2014-02-10 09:34 . 2013-08-19 16:31        43152        ----a-w-        c:\windows\avastSS.scr
2014-01-02 18:02 . 2013-08-19 16:33        180248        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2013-12-27 18:10 . 2014-01-13 12:48        18776        ----a-w-        c:\windows\system32\roboot.exe
2013-12-18 06:13 . 2009-10-05 15:04        231584        ------w-        c:\windows\system32\MpSigStub.exe
2013-12-10 21:23 . 2012-07-09 08:17        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 21:23 . 2012-07-09 08:17        692616        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-11-27 20:19 . 2013-08-19 16:33        49944        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2006-10-30 09:09 . 2009-10-13 20:18        2437120        ----a-w-        c:\program files\DigimaxMaster.exe
2006-10-16 09:21 . 2009-10-13 20:18        491520        ----a-w-        c:\program files\pma_rt.rts
2005-06-29 14:54 . 2009-10-13 20:18        50176        ----a-w-        c:\program files\MovieSource.ax
2005-01-21 15:25 . 2009-10-13 20:18        73728        ----a-w-        c:\program files\Stwa2002.dll
2004-08-03 23:57 . 2009-10-13 20:18        1712128        ----a-w-        c:\program files\GdiPlus.dll
2003-03-19 06:20 . 2009-10-13 20:18        1060864        ----a-w-        c:\program files\MFC71.dll
2003-03-19 05:14 . 2009-10-13 20:18        499712        ----a-w-        c:\program files\msvcp71.dll
2003-02-21 13:42 . 2009-10-13 20:18        348160        ----a-w-        c:\program files\msvcr71.dll
2003-02-19 16:12 . 2009-10-13 20:18        94208        ----a-w-        c:\program files\Stdth32.dll
2002-10-31 18:16 . 2009-10-13 20:18        286720        ----a-w-        c:\program files\Stctl32c.dll
2002-09-06 15:34 . 2009-10-13 20:18        49152        ----a-w-        c:\program files\Sttmb2002.dll
1998-07-09 18:41 . 2009-10-13 20:18        217088        ----a-w-        c:\program files\skjpeg40.dll
1998-03-04 09:40 . 2009-10-13 20:18        83968        ----a-w-        c:\program files\Skbase40.dll
.
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-10 09:34        259464        ----a-w-        c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-01-06 5625624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-10 3767096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2008-03-17 16:06        1848648        ----a-w-        c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2008-03-10 16:20        689488        ----a-w-        c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25        125952        ----a-w-        c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-06-25 13:05        170520        ----a-w-        c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-06-25 13:06        150040        ----a-w-        c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-06-25 13:06        145944        ----a-w-        c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-20 16:15        1826816        ----a-w-        c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2013-08-27 15:57        248208        ----a-w-        c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2008-01-11 02:07        574864        ----a-w-        c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23        1008184        ----a-w-        c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 08:21        648072        ----a-w-        c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2008-01-21 02:23        215552        ----a-w-        c:\windows\WindowsMobile\wmdSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-10-10 120088]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AWLIRFOW
*Deregistered* - awlirfow
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
bthsvcs        REG_MULTI_SZ          BthServ
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-22 14:53        1150280        ----a-w-        c:\program files\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-09 21:23]
.
2014-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 16:59]
.
2014-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 16:59]
.
.
------- Supplementary Scan -------
.
uStart Page = www.bing.com
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {32E7B36C-7960-4A42-B83B-D8AFD0AAEF2B} - hxxp://dizun95pzobbc.cloudfront.net/INDBrowser.CAB
FF - ProfilePath - c:\users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\4ggay3zy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/webhp?hl=en&tab=ww
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=7935ee6937d34f4fb6768bacd0264de8&tu=11JL0008D2B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&q={searchTerms}&gu=7935ee6937d34f4fb6768bacd0264de8&tu=11JL0008D2B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm_i.dnsErr - true
FF - user.js: extensions.zonealarm_i.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=en&gu=7935ee6937d34f4fb6768bacd0264de8&tu=11JL0008D2B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=7935ee6937d34f4fb6768bacd0264de8&tu=11JL0008D2B000s&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 04c9b3c5000000000000002163ce02d3
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15849
FF - user.js: extensions.zonealarm.vrsn - 1.8.3.16
FF - user.js: extensions.zonealarm.vrsni - 1.8.3.16
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.8.3.1618:04
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 5043
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN118191110130364-5043
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKU-Default-RunOnce-AutoLaunch - c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-{C1C3E833-420E-4D78-9BA7-86AEBB272384} - c:\users\toshiba\AppData\Local\TopArcadeHits\uninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-23 15:55
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:61,ac,b0,72,ee,58,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,53,bf,82,4e,47,09,ea,4f,a7,30,7f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,53,bf,82,4e,47,09,ea,4f,a7,30,7f,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-02-23  15:57:21
ComboFix-quarantined-files.txt  2014-02-23 15:57
.
Pre-Run: 15,182,700,544 bytes free
Post-Run: 15,498,555,392 bytes free
.
- - End Of File - - 9313A81FB61F3E817729BDAD13E20CF4
5C616939100B85E558DA92B899A0FC36
=============================

Attached Files
File Type: zip Logs.zip (13.2 KB)
Search
Viewing all articles
Browse latest Browse all 2798
Search